<?php
/**
* Copyright (C) 2019 Leipzig University Library
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* @author Gregor Gawol <gawol@ub.uni-leipzig.de>
* @author Sebastian Kehr <kehr@ub.uni-leipzig.de>
* @license http://opensource.org/licenses/gpl-2.0.php GNU GPLv2
*/
namespace fid\Controller;
use fid\FormModel\PasswordChangeModel;
use fid\FormModel\PasswordResetModel;
use fid\FormModel\UsernameChangeModel;
use fid\Service\Client;
use fid\Service\ClientException;
use fid\Service\DataTransferObject\Library;
use fid\Service\DataTransferObject\User;
use fid\Service\UserNotAuthorizedException;
use VuFind\Auth\Manager as AuthManager;
use VuFind\Controller\AbstractBase;
use VuFind\Exception\Auth as AuthException;
use Zend\Form\Element\Checkbox;
use Zend\Form\Element\Radio;
use Zend\Form\Element\Select;
use Zend\Form\Form;
use Zend\Http\PhpEnvironment\Request;
use Zend\Http\Response;
use Zend\Mvc\Plugin\FlashMessenger\FlashMessenger;
use Zend\ServiceManager\ServiceLocatorInterface;
use Zend\View\Model\ViewModel;
class UserController extends AbstractBase
{
/**
* @var AuthManager
*/
protected $authManager;
/**
* @var Client
*/
protected $client;
/**
* @var array
*/
protected $config;
/**
* RegistrationController constructor.
*
* @param ServiceLocatorInterface $serviceLocator
* @param AuthManager $authManager
* @param Client $client
* @param array $config
*/
public function __construct(
ServiceLocatorInterface $serviceLocator,
AuthManager $authManager,
Client $client,
array $config
) {
parent::__construct($serviceLocator);
$this->authManager = $authManager;
$this->client = $client;
$this->config = $config;
}
/**
* @noinspection PhpUnused
* @return ViewModel
*/
public function initAction()
{
/** @var Form $form */
/** @var Request $request */
$request = $this->getRequest();
$form = $this->serviceLocator->get('user-init-form');
$forwarded = $this->params()->fromRoute('forwarded', false);
if ($submitted = $this->formWasSubmitted()) {
$form->setData($request->getPost());
if (!$forwarded && $form->isValid()) {
return $this->init($form);
}
}
$action = $this->url()->fromRoute('fid/user/init');
$form->setAttribute('action', $action);
$form->prepare();
$view = $this->createViewModel();
$view->setVariables(compact('form'));
$view->setTemplate('fid/user/init');
return $view;
}
/**
* @param Form $form
*
* @return mixed|Response
*/
protected function init(Form $form)
{
/** @var User $user */
$messenger = $this->getMessenger();
$user = $form->getHydrator()->hydrate($form->getData(), new User());
/** @noinspection PhpUndefinedFieldInspection */
$query['lng'] = $this->layout()->userLang;
$username = $query['username'] = $user->getUsername();
$firstname = $query['firstname'] = $user->getFirstname();
$lastname = $query['lastname'] = $user->getLastname();
$baseUrl = $this->url()->fromRoute('fid/user/create',
[], ['query' => $query, 'force_canonical' => true]);
try {
$this->client->requestRegistrationLink($baseUrl, $username,
$firstname, $lastname);
} catch (ClientException $exception) {
$message = $exception->getCode() === 400
? 'fid::user_init_error_username'
: 'fid::user_init_error';
$messenger->addErrorMessage($this->translate($message));
return $this->forward()->dispatch(self::class, [
'action' => 'init',
'forwarded' => true
]);
}
$message = $this->translate('fid::user_init_success');
$messenger->addSuccessMessage(sprintf($message, $username));
return $this->redirect()->toRoute('myresearch-home');
}
protected function getMessenger(): FlashMessenger
{
/** @noinspection PhpUndefinedMethodInspection */
/** @var FlashMessenger $messenger */
return $this->flashMessenger();
}
/**
* @noinspection PhpUnused
* @return Response|ViewModel
*/
public function createAction()
{
/** @var Form $form */
/** @var Request $request */
/** @var Select $homeLibraryElement */
$request = $this->getRequest();
$query = $request->getQuery();
$messenger = $this->getMessenger();
if ($credentials = $query->get('logon')) {
try {
$this->client->logon($credentials);
} catch (ClientException $exception) {
$message = $exception->getCode() === 401
? 'fid::user_create_error_expired'
: 'fid::user_create_error';
$messenger->addErrorMessage($this->translate($message));
return $this->redirect()->toRoute('fid/user/init');
}
$query->offsetUnset('logon');
return $this->redirect()->toRoute('fid/user/create', [], [
'query' => $query->toArray()
]);
}
try {
$libraries = array_map(function (Library $libary) {
return $libary->getLabel();
}, $this->client->requestLibraryList());
} catch (ClientException $exception) {
$message = 'fid::user_create_error';
$messenger->addErrorMessage($this->translate($message));
return $this->redirect()->toRoute('fid/user/init');
}
$form = $this->serviceLocator->get('user-create-form');
$homeLibraryElement = $form->get('home_library');
$homeLibraryElement->setValueOptions($libraries);
if ($this->formWasSubmitted()) {
$form->setData($request->getPost());
if ($form->isValid()) {
return $this->create($form);
}
} else {
$form->setData($query);
}
$action = $this->url()->fromRoute('fid/user/create');
$form->setAttribute('action', $action);
$form->prepare();
$view = $this->createViewModel();
$view->setVariables(compact('form'));
$view->setTemplate('fid/user/create');
return $view;
}
protected function create(Form $form)
{
/** @var User $user */
$messenger = $this->getMessenger();
$user = $form->getHydrator()->hydrate($form->getData(), new User());
try {
$this->client->requestUserCreation($user);
$message = $this->translate('fid::user_create_success');
$messenger->addSuccessMessage($message);
/** @noinspection PhpParamsInspection */
$this->authManager->create($this->getRequest());
} catch (ClientException $exception) {
$message = $this->translate('fid::user_create_error');
$messenger->addErrorMessage($message);
} catch (AuthException $e) {
$message = $this->translate('fid::user_create_error_autologon');
$messenger->addWarningMessage($message);
}
return $this->redirect()->toRoute('myresearch-home', [], [
'query' => ['redirect' => false]
]);
}
/**
* @return Response|ViewModel
* @throws UserNotAuthorizedException
*/
public function updateAction()
{
/** @var Form $form */
/** @var Request $request */
/** @var Select $homeLibraryElement */
try {
$request = $this->getRequest();
$user = $this->client->requestUserDetails();
$libraries = array_map(function (Library $libary) {
return $libary->getLabel();
}, $this->client->requestLibraryList());
} catch (ClientException $exception) {
$this->setFollowupUrlToReferer();
$message = $exception->getCode() === 401
? 'fid::user_update_error_expired'
: 'fid::user_update_error';
$this->getMessenger()->addErrorMessage($this->translate($message));
return $this->redirect()->toRoute('myresearch-home');
}
$form = $this->serviceLocator->get('user-update-form');
$homeLibraryElement = $form->get('home_library');
$homeLibraryElement->setValueOptions($libraries);
if ($this->formWasSubmitted()) {
$form->setData($request->getPost());
if ($form->isValid()) {
return $this->update($form);
}
} else {
$form->setData($form->getHydrator()->extract($user));
}
$action = $this->url()->fromRoute('fid/user/update');
$form->setAttribute('action', $action);
$form->prepare();
$viewModel = $this->createViewModel();
$viewModel->setVariables(compact('form'));
$viewModel->setTemplate('fid/user/update');
return $viewModel;
}
/**
* @param Form $form
* @param string $redirect
*
* @return Response
* @throws UserNotAuthorizedException
*/
protected function update(Form $form, string $redirect = 'myresearch-home')
{
$data = $form->getData();
$messenger = $this->getMessenger();
try {
$user = $this->client->requestUserDetails($data['id']);
$form->getHydrator()->hydrate($data, $user);
$this->client->requestUserUpdate($user);
$message = $this->translate('fid::user_update_success');
$messenger->addSuccessMessage($message);
} catch (ClientException $exception) {
if (in_array($exception->getCode(), [403])) {
$message = $this->translate('fid::user_update_error_'
. $exception->getCode());
} else {
$message = $this->translate('fid::user_update_error');
}
$messenger->addErrorMessage($message);
}
$this->client->flushUserList();
return $this->redirect()->toRoute($redirect, [], [
'query' => ['redirect' => false]
]);
}
/**
* @noinspection PhpUnused
* @return ViewModel
*/
public function changeUsernameAction()
{
/** @var Request $request */
$request = $this->getRequest();
$form = $this->serviceLocator->get(UsernameChangeModel::class);
$forwarded = $this->params()->fromRoute('forwarded', false);
if ($submitted = $this->formWasSubmitted()) {
$form->setData($request->getPost());
if (!$forwarded && $form->isValid()) {
return $this->changeUsername($form);
}
}
$view = $this->createViewModel();
$view->setVariables(compact('form'));
$view->setTemplate('fid/user/username-change');
return $view;
}
protected function changeUsername(Form $form)
{
$messenger = $this->getMessenger();
$model = $form->getHydrator()->hydrate(
$form->getData(), new UsernameChangeModel());
/** @noinspection PhpUndefinedFieldInspection */
$query['lng'] = $this->layout()->userLang;
$username = $query['username'] = $model->getUsername();
$baseUrl = $this->url()->fromRoute('fid/user/update-username',
[], ['query' => $query, 'force_canonical' => true]);
try {
$this->client->requestUsernameLink($baseUrl, $username);
} catch (ClientException $exception) {
$message = $exception->getCode() === 400
? 'fid::username_change_error_username'
: 'fid::username_change_error';
$messenger->addErrorMessage($this->translate($message));
return $this->forward()->dispatch(self::class, [
'action' => 'changeUsername',
'forwarded' => true
]);
}
$message = $this->translate('fid::username_change_success');
$messenger->addSuccessMessage(sprintf($message, $username));
return $this->redirect()->toRoute('myresearch-home');
}
/**
* @noinspection PhpUnused
* @return Response
*/
public function updateUsernameAction()
{
/** @var Request $request */
$request = $this->getRequest();
$query = $request->getQuery();
$messenger = $this->getMessenger();
if ($credentials = $query->get('logon')) {
try {
$this->client->logon($credentials);
} catch (ClientException $exception) {
$message = $exception->getCode() === 401
? 'fid::username_update_error_expired'
: 'fid::username_update_error';
$messenger->addErrorMessage($this->translate($message));
return $this->redirect()->toRoute('fid/user/change-username');
}
$query->offsetUnset('logon');
return $this->redirect()->toRoute('fid/user/update-username', [], [
'query' => $query->toArray()
]);
}
try {
$user = $this->client->requestUserDetails();
$user->setUsername($query->get('username'));
$this->client->requestUserUsernameUpdate($user);
$message = $this->translate('fid::username_update_success');
$this->getMessenger()->addSuccessMessage($message);
} catch (ClientException $exception) {
$message = $this->translate('fid::username_update_error');
$this->getMessenger()->addErrorMessage($message);
}
return $this->redirect()->toRoute('myresearch-home');
}
public function policyAction()
{
$viewModel = $this->createViewModel();
$viewModel->setTemplate('fid/user/policy');
$this->setBackUrl($viewModel);
return $viewModel;
}
public function termsAction()
{
$viewModel = $this->createViewModel();
$viewModel->setTemplate('fid/user/terms');
$this->setBackUrl($viewModel);
return $viewModel;
}
/**
* Reset password action - Allows the reset password form to appear.
*
* @return ViewModel
*/
public function resetPasswordAction()
{
/** @var Form $form */
/** @var Request $request */
$request = $this->getRequest();
$form = $this->serviceLocator->get(PasswordResetModel::class);
$forwarded = $this->params()->fromRoute('forwarded', false);
if ($submitted = $this->formWasSubmitted()) {
$form->setData($request->getPost());
if (!$forwarded && $form->isValid()) {
return $this->sendResetPassword($form);
}
}
$view = $this->createViewModel();
$view->setVariables(compact('form'));
$view->setTemplate('fid/user/password-reset');
return $view;
}
protected function sendResetPassword(Form $form)
{
/** @var PasswordResetModel $model */
$messenger = $this->getMessenger();
$model = $form->getHydrator()->hydrate(
$form->getData(), new PasswordResetModel());
$username = $model->getUsername();
try {
/** @noinspection PhpUndefinedFieldInspection */
$query['lng'] = $this->layout()->userLang;
$baseUrl = $this->url()->fromRoute('fid/user/change-password',
[], ['query' => $query, 'force_canonical' => true]);
$this->client->requestPasswordLink($baseUrl, $username);
$message = $this->translate('fid::password_reset_success');
$messenger->addSuccessMessage(sprintf($message, $username));
} catch (ClientException $exception) {
$message = $exception->getCode() === 400
? $this->translate('fid::password_reset_error_username')
: $this->translate('fid::password_reset_error');
$messenger->addErrorMessage(sprintf($message, $username));
return $this->redirect()->toRoute('fid/user/reset-password');
}
return $this->redirect()->toRoute('myresearch-home');
}
/**
* Reset password action - Allows the change password form to appear.
*
* @return Response|ViewModel
*/
public function changePasswordAction()
{
/** @var Request $request */
$request = $this->getRequest();
$query = $request->getQuery();
$messenger = $this->getMessenger();
if ($credentials = $query->get('logon')) {
try {
$this->client->logon($credentials);
} catch (ClientException $exception) {
$message = $exception->getCode() === 401
? 'fid::password_change_error_expired'
: 'fid::password_change_error';
$messenger->addErrorMessage($this->translate($message));
return $this->redirect()->toRoute('fid/user/reset-password');
}
$query->offsetUnset('logon');
return $this->redirect()->toRoute('fid/user/change-password', [], [
'query' => $query->toArray()
]);
}
$form = $this->serviceLocator->get(PasswordChangeModel::class);
if ($this->formWasSubmitted()) {
$form->setData($request->getPost());
if ($form->isValid()) {
return $this->changePassword($form);
}
} else {
$form->setData($query);
}
$view = $this->createViewModel();
$view->setVariables(compact('form'));
$view->setTemplate('fid/user/password-change');
return $view;
}
protected function changePassword(Form $form)
{
/** @var PasswordChangeModel $model */
$messenger = $this->getMessenger();
$model = $form->getHydrator()->hydrate(
$form->getData(), new PasswordChangeModel());
try {
$user = $this->client->requestUserDetails();
$user->setPassword($password = $model->getPassword());
$this->client->requestUserPasswordUpdate($user);
$message = $this->translate('fid::password_change_success');
$message = sprintf($message, $username = $user->getUsername());
$messenger->addSuccessMessage($message);
/** @var Request $request */
$request = clone $this->getRequest();
$params = clone $request->getPost();
$params->set('username', $username);
$params->set('password', $password);
$request->setPost($params);
$this->authManager->create($request);
} catch (ClientException $exception) {
$message = $this->translate('fid::password_change_error');
$messenger->addErrorMessage($message);
} catch (AuthException $e) {
$message = $this->translate('fid::password_change_error_autologon');
$messenger->addErrorMessage($message);
}
return $this->redirect()->toRoute('myresearch-home', [], [
'query' => ['redirect' => false]
]);
}
public function editAction()
{
if (!$this->getUser()) {
return $this->forceLogin();
}
/** @var Request $request */
$request = $this->getRequest();
$userId = $this->params()->fromRoute('userid');
if (empty($userId)) {
// if no user ID is set the call is not valid
// unless we are in submission state
return $this->redirect()->toRoute('fid/admin/list');
}
try {
try {
$user = $this->client->requestUserDetails($userId);
} catch (UserNotAuthorizedException $ex) {
// either user does not exist, or we are not allowed to edit it
$this->getMessenger()
->addErrorMessage($this->translate('fid::user_edit_not_allowed',
['%%userid%%' => $userId]));
return $this->redirect()->toRoute('fid/admin/list');
} catch (\Exception $ex) {
$this->getMessenger()
->addErrorMessage($this->translate('fid::user_read_error',
['%%userid%%' => $userId]));
return $this->redirect()->toRoute('fid/admin/list');
}
$libraries = array_map(function (Library $libary) {
return $libary->getLabel();
}, $this->client->requestLibraryList());
} catch (ClientException $exception) {
$this->setFollowupUrlToReferer();
$message = $exception->getCode() === 401
? 'fid::user_update_error_expired'
: 'fid::user_update_error';
$this->getMessenger()->addErrorMessage($this->translate($message));
return $this->redirect()->toRoute('fid/admin/list');
}
/** @var Form $form */
/** @var Select $homeLibraryElement */
$form = $this->serviceLocator->get('admin-edit-form');
$homeLibraryElement = $form->get('home_library');
$homeLibraryElement->setValueOptions($libraries);
$homeLibraryElement->setUnselectedValue($user->getHomeLibrary());
if ($this->formWasSubmitted()) {
$form->setData($request->getPost());
if ($form->isValid()) {
return $this->update($form, 'fid/admin/list');
}
} else {
$form->setData($form->getHydrator()->extract($user));
}
$action = $this->url()->fromRoute('fid/admin/edit', [
'userid' => $userId
]);
$form->setAttribute('action', $action);
$form->prepare();
$config = $this->config;
$viewModel = $this->createViewModel();
$viewModel->setVariables(compact('config', 'form', 'user'));
$viewModel->setTemplate('fid/admin/edit');
return $viewModel;
}
public function listAction()
{
if (!$this->getUser()) {
return $this->forceLogin();
}
$viewModel = $this->createViewModel();
try {
$list = $this->client->requestUserList();
$viewModel->setVariable('list', $list);
} catch (UserNotAuthorizedException $exception) {
$this->getMessenger()
->addErrorMessage('fid::read_user_list_not_allowed');
} catch (ClientException $exception) {
$this->getMessenger()->addErrorMessage('fid::read_user_list_error');
}
if ($fields = $this->config['Admin']['overview_fields']) {
$viewModel->setVariable('fields', $fields);
}
$viewModel->setVariable('config', $this->config);
$viewModel->setTemplate('fid/admin/list');
return $viewModel;
}
public function ordersAction()
{
if (!$this->getUser()) {
return $this->forceLogin();
}
try {
$user = $this->client->requestUserDetails();
$viewModel = $this->createViewModel();
$viewModel->setVariable('orders', $user->getOrders());
$viewModel->setTemplate('fid/user/orders');
return $viewModel;
} catch (ClientException $exception) {
$this->getMessenger()->addErrorMessage('fid::orders_error');
$this->redirect()->toRoute('myresearch-profile');
}
}
public function adminOrdersAction()
{
if (!$this->getUser()) {
return $this->forceLogin();
}
try {
$orders = $this->client->requestOrderList();
$viewModel = $this->createViewModel();
$viewModel->setVariables(compact('orders'));
$viewModel->setTemplate('fid/user/admin-orders');
return $viewModel;
} catch (UserNotAuthorizedException $exception) {
$this->getMessenger()->addErrorMessage('fid::read_order_list_not_allowed');
}
catch (ClientException $exception) {
$this->getMessenger()->addErrorMessage('fid::read_order_list_error');
$this->redirect()->toRoute('myresearch-profile');
}
}
/**
* @param ViewModel $viewModel
* @return bool
*/
protected function setBackUrl(ViewModel $viewModel): bool
{
if (!empty($query = $this->getRequest()->getQuery()) && !empty($query->get('backUrl'))) {
$viewModel->setVariable('backUrl', $this->getRequest()->getQuery()->get('backUrl'));
return true;
}
if (isset($_REQUEST['lbreferer'])) {
$viewModel->setVariable('backUrl', $_REQUEST['lbreferer']);
return true;
}
return false;
}
}