vendor/roothirsch/core-bundle/EventSubscriber/UserReadSubscriber.php line 47

Open in your IDE?
  1. <?php
  2. namespace Roothirsch\CoreBundle\EventSubscriber;
  4. use ApiPlatform\Core\EventListener\EventPriorities;
  5. use ApiPlatform\Core\Exception\ItemNotFoundException;
  6. use Roothirsch\CoreBundle\Entity\User;
  7. use Roothirsch\CoreBundle\Security\UserManager;
  8. use Roothirsch\CoreBundle\Repository\UserRepository;
  9. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  10. use Symfony\Component\HttpKernel\KernelEvents;
  11. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  13. final class UserReadSubscriber implements EventSubscriberInterface
  14. {
  15.     /**
  16.      * @var UserRepository
  17.      */
  18.     private $userRepository;
  20.     /**
  21.      * @var UserManager
  22.      */
  23.     private $userManager;
  25.     /**
  26.      * @var TokenStorageInterface
  27.      */
  28.     private $tokenStorage;
  30.     public function __construct(
  31.         UserRepository $userRepository,
  32.         UserManager $userManager,
  33.         TokenStorageInterface $tokenStorage
  34.     ) {
  35.         $this->userRepository $userRepository;
  36.         $this->userManager $userManager;
  37.         $this->tokenStorage $tokenStorage;
  38.     }
  40.     public static function getSubscribedEvents()
  41.     {
  42.         return [
  43.             KernelEvents::REQUEST => ['load'EventPriorities::PRE_READ],
  44.         ];
  45.     }
  47.     public function load(\Symfony\Component\HttpKernel\Event\RequestEvent $event)
  48.     {
  49.         if (strpos($event->getRequest()->getPathInfo(), '/api/users') !== 0) {
  50.             return;
  51.         }
  53.         if ($event->getRequest()->attributes->get('_api_item_operation_name') === 'reset-password') {
  54.             $this->loadUserFromEmail($event);
  55.         }
  57.         if ($event->getRequest()->get('id') === 'current'
  58.             || $event->getRequest()->get('id') === 'me'
  59.             || $event->getRequest()->attributes->get('_route') === 'api_users_current_item') {
  60.             $this->loadUserFromSession($event);
  61.         } elseif (strlen($event->getRequest()->get('id')) > 10) {
  62.             $this->loadUserFromToken($event);
  63.         }
  64.     }
  66.     /**
  67.      * @param \Roothirsch\CoreBundle\EventSubscriber\Api\GetResponseEvent $event
  68.      */
  69.     private function loadUserFromEmail(\Symfony\Component\HttpKernel\Event\RequestEvent $event)
  70.     {
  71.         $payload json_decode($event->getRequest()->getContent(), true);
  72.         $user $this->userRepository->findOneBy(
  73.             [
  74.                 'email' => $payload['email'],
  75.             ]
  76.         );
  77.         $event->getRequest()->attributes->set('locale'$payload['language']);
  79.         if (!$user instanceof User) {
  80.             throw new ItemNotFoundException('Not found');
  81.         }
  83.         $event->getRequest()->attributes->set('id'$user->getId());
  84.     }
  86.     /**
  87.      * @param \Roothirsch\CoreBundle\EventSubscriber\Api\GetResponseEvent $event
  88.      */
  89.     private function loadUserFromSession(\Symfony\Component\HttpKernel\Event\RequestEvent $event)
  90.     {
  91.         $user $this->tokenStorage->getToken()->getUser();
  93.         if (!$user instanceof User) {
  94.             return;
  95.         }
  97.         $event->getRequest()->attributes->set('id'$user->getId());
  98.     }
  100.     /**
  101.      * @param \Roothirsch\CoreBundle\EventSubscriber\Api\GetResponseEvent $event
  102.      */
  103.     private function loadUserFromToken(\Symfony\Component\HttpKernel\Event\RequestEvent $event)
  104.     {
  105.         $user $this->userRepository->findOneBy(
  106.             [
  107.                 'registrationToken' => $event->getRequest()->get('id'),
  108.                 'active' => false,
  109.             ]
  110.         );
  112.         if (!$user instanceof User) {
  113.             $user $this->userRepository->findOneBy(
  114.                 [
  115.                     'securityToken' => $event->getRequest()->get('id'),
  116.                     'active' => true,
  117.                 ]
  118.             );
  119.         }
  121.         if (!$user instanceof User) {
  122.             throw new ItemNotFoundException('Not found');
  123.         }
  125.         if ($user->getUpdated() < (time() - 60 60 24)) {
  126.             $user->setRegistrationToken('');
  127.             $this->userManager->persist($user);
  129.             throw new ItemNotFoundException('token invalid');
  130.         }
  132.         if (!$user instanceof User) {
  133.             return;
  134.         }
  136.         $event->getRequest()->attributes->set('token'$event->getRequest()->get('id'));
  137.         $event->getRequest()->attributes->set('id'$user->getId());
  138.     }
  139. }