UserController.php

<?php
/**
 * Copyright (C) 2019 Leipzig University Library
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * @author   Gregor Gawol <gawol@ub.uni-leipzig.de>
 * @author   Sebastian Kehr <kehr@ub.uni-leipzig.de>
 * @license  http://opensource.org/licenses/gpl-2.0.php GNU GPLv2
 */

namespace fid\Controller;

use fid\FormModel\PasswordChangeModel;
use fid\FormModel\PasswordResetModel;
use fid\FormModel\UserCreateModel;
use fid\FormModel\UserInitModel;
use fid\FormModel\UserUpdateModel;
use fid\FormModel\UsernameChangeModel;
use fid\Service\Client;
use fid\Service\ClientException;
use fid\Service\DataTransferObject\Address;
use fid\Service\DataTransferObject\Library;
use fid\Service\DataTransferObject\User;
use fid\Service\UserNotAuthorizedException;
use Symfony\Component\Serializer\SerializerAwareTrait;
use VuFind\Auth\Manager as AuthManager;
use VuFind\Controller\AbstractBase;
use VuFind\Exception\Auth as AuthException;
use Zend\Form\Element\MultiCheckbox;
use Zend\Form\Element\Radio;
use Zend\Form\Element\Select;
use Zend\Form\Form;
use Zend\Http\PhpEnvironment\Request;
use Zend\Http\Response;
use Zend\Mvc\Plugin\FlashMessenger\FlashMessenger;
use Zend\ServiceManager\ServiceLocatorInterface;
use Zend\View\Model\ViewModel;

class UserController extends AbstractBase
{
    use SerializerAwareTrait;

    /**
     * @var AuthManager
     */
    protected $authManager;

    /**
     * @var Client
     */
    protected $client;

    /**
     * @var array
     */
    protected $config;

    /**
     * RegistrationController constructor.
     *
     * @param ServiceLocatorInterface $serviceLocator
     * @param AuthManager             $authManager
     * @param Client                  $client
     * @param array                   $config
     */
    public function __construct(
        ServiceLocatorInterface $serviceLocator,
        AuthManager $authManager,
        Client $client,
        array $config
    ) {
        parent::__construct($serviceLocator);
        $this->authManager = $authManager;
        $this->client = $client;
        $this->config = $config;
    }

    /**
     * @noinspection PhpUnused
     * @return ViewModel
     */
    public function initAction()
    {
        /** @var Request $request */
        $request = $this->getRequest();
        $form = $this->serviceLocator->get(UserInitModel::class);
        $forwarded = $this->params()->fromRoute('forwarded', false);

        if ($submitted = $this->formWasSubmitted()) {
            $form->setData($request->getPost());
            if (!$forwarded && $form->isValid()) {
                return $this->init($form);
            }
        }

        $view = $this->createViewModel();
        $view->setVariables(compact('form'));
        $view->setTemplate('fid/user/init');

        return $view;
    }

    /**
     * @noinspection PhpUnused
     * @return Response|ViewModel
     */
    public function createAction()
    {
        /** @var Request $request */
        $request = $this->getRequest();
        $query = $request->getQuery();
        $messenger = $this->getMessenger();

        if ($credentials = $query->get('logon')) {
            try {
                $this->client->logon($credentials);
            } catch (ClientException $exception) {
                $message = $exception->getCode() === 401
                    ? 'fid::user_create_error_expired'
                    : 'fid::user_create_error';
                $messenger->addErrorMessage($this->translate($message));
                return $this->redirect()->toRoute('fid/user/init');
            }

            $query->offsetUnset('logon');
            return $this->redirect()->toRoute('fid/user/create', [], [
                'query' => $query->toArray()
            ]);
        }

        try {
            $libraries = array_map(function (Library $libary) {
                return $libary->getLabel();
            }, $this->client->requestLibraryList());
        } catch (ClientException $exception) {
            $message = 'fid::user_create_error';
            $messenger->addErrorMessage($this->translate($message));
            return $this->redirect()->toRoute('fid/user/init');
        }

        /** @var Form $form */
        $form = $this->serviceLocator->get(UserCreateModel::class);

        /** @var Select $homeLibraryElement */
        $homeLibraryElement = $form->get('homeLibrary');
        $homeLibraryElement->setValueOptions($libraries);

        /** @var Radio $accessLevelElement */
        $accessLevelElement = $form->get('accessLevel');
        $accessLevels = $this->config['Security']['access_levels'];
        $accessLevelValueOptions = array_map(function ($accessLevel) {
            return "label_access_level_$accessLevel";
        }, array_combine($accessLevels, $accessLevels));
        $accessLevelElement->setValueOptions($accessLevelValueOptions);

        if ($this->formWasSubmitted()) {
            $form->setData($request->getPost());
            if ($form->isValid()) {
                return $this->create($form);
            }
        } else {
            $form->setData($query);
        }

        $view = $this->createViewModel();
        $view->setVariables(compact('form'));
        $view->setTemplate('fid/user/create');

        return $view;
    }


    /**
     * @noinspection PhpUnused
     * @return Response|ViewModel
     */
    public function updateAction()
    {
        /** @var Request $request */
        $request = $this->getRequest();

        try {
            $user = $this->client->requestUserDetails();
            $libraries = array_map(function (Library $libary) {
                return $libary->getLabel();
            }, $this->client->requestLibraryList());
        } catch (ClientException $exception) {
            $this->setFollowupUrlToReferer();
            $message = $exception->getCode() === 401
                ? 'fid::user_update_error_expired'
                : 'fid::user_update_error';
            $this->getMessenger()->addErrorMessage($this->translate($message));
            return $this->redirect()->toRoute('myresearch-home');
        }

        /** @var Form $form */
        $form = $this->serviceLocator->get(UserUpdateModel::class);

        /** @var Select $homeLibraryElement */
        $homeLibraryElement = $form->get('homeLibrary');
        $homeLibraryElement->setValueOptions($libraries);

        if ($this->formWasSubmitted()) {
            $form->setData($request->getPost());
            if ($form->isValid()) {
                return $this->update($form);
            }
        }

        $viewModel = $this->createViewModel();
        $viewModel->setVariables(compact('form', 'user'));
        $viewModel->setTemplate('fid/user/update');

        return $viewModel;
    }

    /**
     * @noinspection PhpUnused
     * @return ViewModel
     */
    public function changeUsernameAction()
    {
        /** @var Request $request */
        $request = $this->getRequest();
        $form = $this->serviceLocator->get(UsernameChangeModel::class);
        $forwarded = $this->params()->fromRoute('forwarded', false);

        if ($submitted = $this->formWasSubmitted()) {
            $form->setData($request->getPost());
            if (!$forwarded && $form->isValid()) {
                return $this->changeUsername($form);
            }
        }

        $view = $this->createViewModel();
        $view->setVariables(compact('form'));
        $view->setTemplate('fid/user/username-change');

        return $view;
    }

    /**
     * @noinspection PhpUnused
     * @return Response
     */
    public function updateUsernameAction()
    {
        /** @var Request $request */
        $request = $this->getRequest();
        $query = $request->getQuery();
        $messenger = $this->getMessenger();

        if ($credentials = $query->get('logon')) {
            try {
                $this->client->logon($credentials);
            } catch (ClientException $exception) {
                $message = $exception->getCode() === 401
                    ? 'fid::username_update_error_expired'
                    : 'fid::username_update_error';
                $messenger->addErrorMessage($this->translate($message));
                return $this->redirect()->toRoute('fid/user/change-username');
            }

            $query->offsetUnset('logon');
            return $this->redirect()->toRoute('fid/user/update-username', [], [
                'query' => $query->toArray()
            ]);
        }

        try {
            $user = $this->client->requestUserDetails();
            $user->setUsername($query->get('username'));
            $this->client->requestUserUsernameUpdate($user);
            $message = $this->translate('fid::username_update_success');
            $this->getMessenger()->addSuccessMessage($message);
        } catch (ClientException $exception) {
            $message = $this->translate('fid::username_update_error');
            $this->getMessenger()->addErrorMessage($message);
        }

        return $this->redirect()->toRoute('myresearch-home');
    }

    public function policyAction()
    {
        $viewModel = $this->createViewModel();
        $viewModel->setTemplate('fid/user/policy');

        if (isset($_REQUEST['lbreferer'])) {
            $viewModel->setVariable('backUrl', $_REQUEST['lbreferer']);
        }

        return $viewModel;
    }

    public function termsAction()
    {
        $viewModel = $this->createViewModel();
        $viewModel->setTemplate('fid/user/terms');

        if (isset($_REQUEST['lbreferer'])) {
            $viewModel->setVariable('backUrl', $_REQUEST['lbreferer']);
        }

        return $viewModel;
    }

    /**
     * Reset password action - Allows the reset password form to appear.
     *
     * @return ViewModel
     */
    public function resetPasswordAction()
    {
        /** @var Form $form */
        /** @var Request $request */
        $request = $this->getRequest();
        $form = $this->serviceLocator->get(PasswordResetModel::class);
        $forwarded = $this->params()->fromRoute('forwarded', false);

        if ($submitted = $this->formWasSubmitted()) {
            $form->setData($request->getPost());
            if (!$forwarded && $form->isValid()) {
                return $this->sendResetPassword($form);
            }
        }

        $view = $this->createViewModel();
        $view->setVariables(compact('form'));
        $view->setTemplate('fid/user/password-reset');

        return $view;
    }

    /**
     * Reset password action - Allows the change password form to appear.
     *
     * @return Response|ViewModel
     */
    public function changePasswordAction()
    {
        /** @var Request $request */
        $request = $this->getRequest();
        $query = $request->getQuery();
        $messenger = $this->getMessenger();

        if ($credentials = $query->get('logon')) {
            try {
                $this->client->logon($credentials);
            } catch (ClientException $exception) {
                $message = $exception->getCode() === 401
                    ? 'fid::password_change_error_expired'
                    : 'fid::password_change_error';
                $messenger->addErrorMessage($this->translate($message));
                return $this->redirect()->toRoute('fid/user/reset-password');
            }

            $query->offsetUnset('logon');
            return $this->redirect()->toRoute('fid/user/change-password', [], [
                'query' => $query->toArray()
            ]);
        }

        $form = $this->serviceLocator->get(PasswordChangeModel::class);

        if ($this->formWasSubmitted()) {
            $form->setData($request->getPost());
            if ($form->isValid()) {
                return $this->changePassword($form);
            }
        } else {
            $form->setData($query);
        }

        $view = $this->createViewModel();
        $view->setVariables(compact('form'));
        $view->setTemplate('fid/user/password-change');

        return $view;
    }

    /**
     * @param Form $form
     *
     * @return mixed|Response
     */
    protected function init(Form $form)
    {
        /** @var UserInitModel $model */
        $messenger = $this->getMessenger();
        $model = $form->getHydrator()
            ->hydrate($form->getData(), new UserInitModel());

        /** @noinspection PhpUndefinedFieldInspection */
        $query['lng'] = $this->layout()->userLang;
        $username = $query['username'] = $model->getUsername();
        $firstname = $query['firstname'] = $model->getFirstname();
        $lastname = $query['lastname'] = $model->getLastname();
        $baseUrl = $this->url()->fromRoute('fid/user/create',
            [], ['query' => $query, 'force_canonical' => true]);

        try {
            $this->client->requestRegistrationLink($baseUrl, $username,
                $firstname, $lastname);
        } catch (ClientException $exception) {
            $message = $exception->getCode() === 400
                ? 'fid::user_init_error_username'
                : 'fid::user_init_error';
            $messenger->addErrorMessage($this->translate($message));
            return $this->forward()->dispatch(self::class, [
                'action'    => 'init',
                'forwarded' => true
            ]);
        }

        $message = $this->translate('fid::user_init_success');
        $messenger->addSuccessMessage(sprintf($message, $username));
        return $this->redirect()->toRoute('myresearch-home');
    }

    protected function create(Form $form)
    {
        $messenger = $this->getMessenger();
        /** @var UserCreateModel $model */
        $model = $form->getHydrator()
            ->hydrate($form->getData(), new UserCreateModel());

        $user = new User();
        $user->setUsername($username = $model->getUsername());
        $user->setPassword($password = $model->getPassword());
        $user->setHomeLibrary($model->getHomeLibrary());
        $user->setPermissions([$model->getAccessLevel() => 'requested']);
        $user->setSalutation($model->getSalutation());
        $user->setAcademicTitle($model->getAcademicTitle());
        $user->setFirstname($model->getFirstname());
        $user->setLastname($model->getLastname());
        $user->setYearOfBirth($model->getYearOfBirth());
        $user->setCollege($model->getCollege());
        $user->setJobTitle($model->getJobTitle());

        if ($model->getAddressLine1()) {
            $address = new Address();
            $address->setLine1($model->getAddressLine1());
            $address->setLine2($model->getAddressLine2());
            $address->setZip($model->getAddressZip());
            $address->setCity($model->getAddressCity());
            $address->setCountry($model->getAddressCountry());
            $user->setAddresses([$address]);
        }

        try {
            $this->client->requestUserCreation($user);
            $message = $this->translate('fid::user_create_success');
            $messenger->addSuccessMessage($message);
            /** @noinspection PhpParamsInspection */
            $this->authManager->create($this->getRequest());
        } catch (ClientException $exception) {
            $message = $this->translate('fid::user_create_error');
            $messenger->addErrorMessage($message);
        } catch (AuthException $e) {
            $message = $this->translate('fid::user_create_error_autologon');
            $messenger->addWarningMessage($message);
        }

        return $this->redirect()->toRoute('myresearch-home', [], [
            'query' => ['redirect' => false]
        ]);
    }

    /**
     * @param Form $form
     *
     * @return Response
     */
    protected function update(Form $form,string $redirect = 'myresearch-home')
    {
        $messenger = $this->getMessenger();
        /** @var UserUpdateModel $model */
        $model = $form->getHydrator()->hydrate($form->getData(),
            new UserUpdateModel());

        try {
            $userId = $model->getUserId();
            $user = $this->client->requestUserDetails($userId);
            $user->setHomeLibrary($model->getHomeLibrary());
            $user->setSalutation($model->getSalutation());
            $user->setAcademicTitle($model->getAcademicTitle());
            $user->setFirstname($model->getFirstname());
            $user->setLastname($model->getLastname());
            $user->setYearOfBirth($model->getYearOfBirth());
            $user->setCollege($model->getCollege());
            $user->setJobTitle($model->getJobTitle());
            $user->setPermissions($model->getPermissions());
            $addresses = $user->getAddresses();
            foreach ($model->getAddresses() as $index => $address) {
                $addr = $addresses[$index] ?? new Address();
                $addr->setLine1($address['line1']);
                $addr->setLine2($address['line2']);
                $addr->setZip($address['zip']);
                $addr->setCity($address['city']);
                $addr->setCountry($address['country']);
                $addresses[$index] = $addr;
            }
            $user->setAddresses($addresses);
            $this->client->requestUserUpdate($user);
            $message = $this->translate('fid::user_update_success');
            $messenger->addSuccessMessage($message);


        } catch (ClientException $exception) {
            if (in_array($exception->getCode(), [403])) {
                $message = $this->translate('fid::user_update_error_'
                    . $exception->getCode());
            } else {
                $message = $this->translate('fid::user_update_error');
            }

            $messenger->addErrorMessage($message);
        }

        $this->client->flushUserList();
        return $this->redirect()->toRoute($redirect, [], [
            'query' => ['redirect' => false]
        ]);
    }

    protected function sendResetPassword(Form $form)
    {
        /** @var PasswordResetModel $model */
        $messenger = $this->getMessenger();
        $model = $form->getHydrator()->hydrate(
            $form->getData(), new PasswordResetModel());
        $username = $model->getUsername();

        try {
            /** @noinspection PhpUndefinedFieldInspection */
            $query['lng'] = $this->layout()->userLang;
            $baseUrl = $this->url()->fromRoute('fid/user/change-password',
                [], ['query' => $query, 'force_canonical' => true]);
            $this->client->requestPasswordLink($baseUrl, $username);
            $message = $this->translate('fid::password_reset_success');
            $messenger->addSuccessMessage(sprintf($message, $username));
        } catch (ClientException $exception) {
            $message = $exception->getCode() === 400
                ? $this->translate('fid::password_reset_error_username')
                : $this->translate('fid::password_reset_error');
            $messenger->addErrorMessage(sprintf($message, $username));
            return $this->redirect()->toRoute('fid/user/reset-password');
        }

        return $this->redirect()->toRoute('myresearch-home');
    }

    protected function changePassword(Form $form)
    {
        /** @var PasswordChangeModel $model */
        $messenger = $this->getMessenger();
        $model = $form->getHydrator()->hydrate(
            $form->getData(), new PasswordChangeModel());

        try {
            $user = $this->client->requestUserDetails();
            $user->setPassword($password = $model->getPassword());
            $this->client->requestUserPasswordUpdate($user);
            $message = $this->translate('fid::password_change_success');
            $message = sprintf($message, $username = $user->getUsername());
            $messenger->addSuccessMessage($message);
            /** @var Request $request */
            $request = clone $this->getRequest();
            $params = clone $request->getPost();
            $params->set('username', $username);
            $params->set('password', $password);
            $request->setPost($params);
            $this->authManager->create($request);
        } catch (ClientException $exception) {
            $message = $this->translate('fid::password_change_error');
            $messenger->addErrorMessage($message);
        } catch (AuthException $e) {
            $message = $this->translate('fid::password_change_error_autologon');
            $messenger->addErrorMessage($message);
        }

        return $this->redirect()->toRoute('myresearch-home', [], [
            'query' => ['redirect' => false]
        ]);
    }

    protected function changeUsername(Form $form)
    {
        $messenger = $this->getMessenger();
        $model = $form->getHydrator()->hydrate(
            $form->getData(), new UsernameChangeModel());

        /** @noinspection PhpUndefinedFieldInspection */
        $query['lng'] = $this->layout()->userLang;
        $username = $query['username'] = $model->getUsername();
        $baseUrl = $this->url()->fromRoute('fid/user/update-username',
            [], ['query' => $query, 'force_canonical' => true]);

        try {
            $this->client->requestUsernameLink($baseUrl, $username);
        } catch (ClientException $exception) {
            $message = $exception->getCode() === 400
                ? 'fid::username_change_error_username'
                : 'fid::username_change_error';
            $messenger->addErrorMessage($this->translate($message));
            return $this->forward()->dispatch(self::class, [
                'action'    => 'changeUsername',
                'forwarded' => true
            ]);
        }

        $message = $this->translate('fid::username_change_success');
        $messenger->addSuccessMessage(sprintf($message, $username));
        return $this->redirect()->toRoute('myresearch-home');
    }

    protected function getMessenger(): FlashMessenger
    {
        /** @noinspection PhpUndefinedMethodInspection */
        /** @var FlashMessenger $messenger */
        return $this->flashMessenger();
    }

    public function editAction()
    {
        // Not logged in?  Force user to log in:
        if (!($user = $this->getUser())) {
            return $this->forceLogin();
        }

        /** @var Request $request */
        $request = $this->getRequest();
        $userId = $this->params()->fromRoute('userid');
        if (empty($userId)) {
            // if no user ID is set the call is not valid
            // unless we are in submission state
            return $this->redirect()->toRoute('fid/admin/list');
        }

        $editableFields = $this->config['Admin']['editable_user_fields'] ?? [];

        try {
            try {
                $user = $this->client->requestUserDetails($userId);
            } catch (UserNotAuthorizedException $ex) {
                // either user does not exist, or we are not allowed to edit it
                $this->getMessenger()->addErrorMessage($this->translate('fid::user_edit_not_allowed', ['%%userid%%' => $userId]));
                return $this->redirect()->toRoute('fid/admin/list');
            } catch (\Exception $ex) {
                $this->getMessenger()->addErrorMessage($this->translate('fid::user_read_error',['%%userid%%' => $userId]));
                return $this->redirect()->toRoute('fid/admin/list');
            }
            $libraries = $this->client->requestLibraryList();
        } catch (ClientException $exception) {
            $this->setFollowupUrlToReferer();
            $message = $exception->getCode() === 401
                ? 'fid::user_update_error_expired'
                : 'fid::user_update_error';
            $this->getMessenger()->addErrorMessage($this->translate($message));
            return $this->redirect()->toRoute('fid/admin/list');
        }

        /** @var Form $form */
        $form = $this->serviceLocator->get(UserUpdateModel::class);

        if (!empty($libraries)) {
            $userLibrary = $user->getHomeLibrary();
            $libraries = array_map(function (Library $libary) use ($editableFields,$userLibrary) {
                $option = [
                    'label' => $libary->getLabel(),
                    'value' => $id = $libary->getId(),
                    'selected' => $id == $userLibrary
                ];
                if ($id != $userLibrary && !in_array('HomeLibrary', $editableFields)) {
                    $option['attributes']['disabled'] = 'disabled';
                }
                return $option;
            }, $libraries);

            /** @var Select $homeLibraryElement */
            $homeLibraryElement = $form->get('homeLibrary');
            $homeLibraryElement->setValueOptions($libraries);
        }

        if ($permissions = $this->config['Admin']['permission_options'] ?? []) {

            $userPermissions = $user->getPermissions();
            if (!isset(self::$currentPermissions)) {
                $valid = [];
                foreach ($permissions as $permission) {
                    $valid[$permission] = $userPermissions[$permission] ?? 'denied';
                }
                self::$currentPermissions = $valid;
            }
            /** @var MultiCheckbox $permissionsElement */
            $permissionsElement = $form->get('permissions');
            $permissions = array_map(function ($permission) use ($editableFields,$userPermissions) {
                $option = [
                    'label' => $this->translate('fid::permission_' . $permission),
                    'name' => $permission,
                    'label_attributes' => ['class' => 'permission-label col-sm-11'],
                    'attributes' => ['class' => 'permission-option col-sm-1'],
                    'selected' => isset($userPermissions[$permission]) && $userPermissions[$permission] == 'granted',
                    'value' => $permission . '::' . ($userPermissions[$permission] ?? 'denied'),
                ];
                if (!in_array('Permissions', $editableFields)) {
                    $option['disabled'] = '1';
                }
                return $option;
            }, $permissions);
            $permissionsElement->setDisableInArrayValidator(true);
            $permissionsElement->setValueOptions($permissions);
        }

        if ($this->formWasSubmitted()) {
            $form->setData($request->getPost());
            if ($form->isValid()) {
                return $this->update($form,'fid/admin/list');
            }
        }

        $viewModel = $this->createViewModel();
        $viewModel->setVariables(compact('form', 'user','editableFields'));
        $viewModel->setTemplate('fid/admin/edit');

        return $viewModel;
    }

    public static $currentPermissions;

    public static function combinePermissionsArray($input) {
        if (empty($input)) {
            return [];
        }

        $output = [];
        foreach ($input as $line) {
            list($key,) = explode('::',$line);
            if (isset(self::$currentPermissions[$key])) {
                $output[$key] = 'granted';
            }
        }
        foreach (self::$currentPermissions as $key => $state) {
            if ($state === 'granted' && !isset($output[$key])) {
                $output[$key] = 'denied';
            }
        }
        return array_intersect_key($output,['full_access'=>'0','limited_access'=>1]);
    }

    public function listAction() {

        // Not logged in?  Force user to log in:
        if (!($user = $this->getUser())) {
            return $this->forceLogin();
        }

        $viewModel = $this->createViewModel();
        try {
            $list = $this->client->requestUserList();
            $viewModel->setVariable('list',$list);
        } catch (UserNotAuthorizedException $exception) {
            $this->getMessenger()->addErrorMessage('fid::read_user_list_not_allowed');
        } catch (ClientException $exception) {
            $this->getMessenger()->addErrorMessage('fid::read_user_list_error');
        }

        if ($fields = $this->config['Admin']['overview_fields']) {
            $viewModel->setVariable('fields',$fields);
        }

        $viewModel->setTemplate('fid/admin/list');
        return $viewModel;
    }

}