vendor/shopware/storefront/Controller/AuthController.php line 187

  1. <?php declare(strict_types=1);
  3. namespace Shopware\Storefront\Controller;
  5. use Shopware\Core\Checkout\Customer\Exception\BadCredentialsException;
  6. use Shopware\Core\Checkout\Customer\Exception\CustomerAuthThrottledException;
  7. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundByHashException;
  8. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundException;
  9. use Shopware\Core\Checkout\Customer\Exception\CustomerOptinNotCompletedException;
  10. use Shopware\Core\Checkout\Customer\Exception\CustomerRecoveryHashExpiredException;
  11. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractLoginRoute;
  12. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractLogoutRoute;
  13. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractResetPasswordRoute;
  14. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractSendPasswordRecoveryMailRoute;
  15. use Shopware\Core\Framework\DataAbstractionLayer\Exception\InconsistentCriteriaIdsException;
  16. use Shopware\Core\Framework\Log\Package;
  17. use Shopware\Core\Framework\RateLimiter\Exception\RateLimitExceededException;
  18. use Shopware\Core\Framework\Validation\DataBag\RequestDataBag;
  19. use Shopware\Core\Framework\Validation\Exception\ConstraintViolationException;
  20. use Shopware\Core\PlatformRequest;
  21. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextServiceInterface;
  22. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextServiceParameters;
  23. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  24. use Shopware\Storefront\Checkout\Cart\SalesChannel\StorefrontCartFacade;
  25. use Shopware\Storefront\Framework\Routing\RequestTransformer;
  26. use Shopware\Storefront\Page\Account\Login\AccountGuestLoginPageLoadedHook;
  27. use Shopware\Storefront\Page\Account\Login\AccountLoginPageLoadedHook;
  28. use Shopware\Storefront\Page\Account\Login\AccountLoginPageLoader;
  29. use Shopware\Storefront\Page\Account\RecoverPassword\AccountRecoverPasswordPageLoadedHook;
  30. use Shopware\Storefront\Page\Account\RecoverPassword\AccountRecoverPasswordPageLoader;
  31. use Symfony\Component\HttpFoundation\Request;
  32. use Symfony\Component\HttpFoundation\Response;
  33. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  34. use Symfony\Component\Routing\Annotation\Route;
  36. /**
  37.  * @internal
  38.  */
  39. #[Route(defaults: ['_routeScope' => ['storefront']])]
  40. #[Package('storefront')]
  41. class AuthController extends StorefrontController
  42. {
  43.     /**
  44.      * @internal
  45.      */
  46.     public function __construct(private readonly AccountLoginPageLoader $loginPageLoader, private readonly AbstractSendPasswordRecoveryMailRoute $sendPasswordRecoveryMailRoute, private readonly AbstractResetPasswordRoute $resetPasswordRoute, private readonly AbstractLoginRoute $loginRoute, private readonly AbstractLogoutRoute $logoutRoute, private readonly StorefrontCartFacade $cartFacade, private readonly AccountRecoverPasswordPageLoader $recoverPasswordPageLoader, private readonly SalesChannelContextServiceInterface $salesChannelContext)
  47.     {
  48.     }
  50.     #[Route(path'/account/login'name'frontend.account.login.page'defaults: ['_noStore' => true], methods: ['GET'])]
  51.     public function loginPage(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  52.     {
  53.         /** @var string $redirect */
  54.         $redirect $request->get('redirectTo''frontend.account.home.page');
  56.         $customer $context->getCustomer();
  58.         if ($customer !== null && $customer->getGuest() === false) {
  59.             $request->request->set('redirectTo'$redirect);
  61.             return $this->createActionResponse($request);
  62.         }
  64.         $page $this->loginPageLoader->load($request$context);
  66.         $this->hook(new AccountLoginPageLoadedHook($page$context));
  68.         return $this->renderStorefront('@Storefront/storefront/page/account/register/index.html.twig', [
  69.             'redirectTo' => $redirect,
  70.             'redirectParameters' => $request->get('redirectParameters'json_encode([])),
  71.             'page' => $page,
  72.             'loginError' => (bool) $request->get('loginError'),
  73.             'waitTime' => $request->get('waitTime'),
  74.             'errorSnippet' => $request->get('errorSnippet'),
  75.             'data' => $data,
  76.         ]);
  77.     }
  79.     #[Route(path'/account/guest/login'name'frontend.account.guest.login.page'defaults: ['_noStore' => true], methods: ['GET'])]
  80.     public function guestLoginPage(Request $requestSalesChannelContext $context): Response
  81.     {
  82.         /** @var string $redirect */
  83.         $redirect $request->get('redirectTo''frontend.account.home.page');
  85.         $customer $context->getCustomer();
  87.         if ($customer !== null) {
  88.             $request->request->set('redirectTo'$redirect);
  90.             return $this->createActionResponse($request);
  91.         }
  93.         $waitTime = (int) $request->get('waitTime');
  94.         if ($waitTime) {
  95.             $this->addFlash(self::INFO$this->trans('account.loginThrottled', ['%seconds%' => $waitTime]));
  96.         }
  98.         if ((bool) $request->get('loginError')) {
  99.             $this->addFlash(self::DANGER$this->trans('account.orderGuestLoginWrongCredentials'));
  100.         }
  102.         $page $this->loginPageLoader->load($request$context);
  104.         $this->hook(new AccountGuestLoginPageLoadedHook($page$context));
  106.         return $this->renderStorefront('@Storefront/storefront/page/account/guest-auth.html.twig', [
  107.             'redirectTo' => $redirect,
  108.             'redirectParameters' => $request->get('redirectParameters'json_encode([])),
  109.             'page' => $page,
  110.         ]);
  111.     }
  113.     #[Route(path'/account/logout'name'frontend.account.logout.page'methods: ['GET'])]
  114.     public function logout(Request $requestSalesChannelContext $contextRequestDataBag $dataBag): Response
  115.     {
  116.         if ($context->getCustomer() === null) {
  117.             return $this->redirectToRoute('frontend.account.login.page');
  118.         }
  120.         try {
  121.             $this->logoutRoute->logout($context$dataBag);
  122.             $this->addFlash(self::SUCCESS$this->trans('account.logoutSucceeded'));
  124.             $parameters = [];
  125.         } catch (ConstraintViolationException $formViolations) {
  126.             $parameters = ['formViolations' => $formViolations];
  127.         }
  129.         return $this->redirectToRoute('frontend.account.login.page'$parameters);
  130.     }
  132.     #[Route(path'/account/login'name'frontend.account.login'defaults: ['XmlHttpRequest' => true], methods: ['POST'])]
  133.     public function login(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  134.     {
  135.         $customer $context->getCustomer();
  137.         if ($customer !== null && $customer->getGuest() === false) {
  138.             return $this->createActionResponse($request);
  139.         }
  141.         try {
  142.             $token $this->loginRoute->login($data$context)->getToken();
  143.             $cartBeforeNewContext $this->cartFacade->get($token$context);
  145.             $newContext $this->salesChannelContext->get(
  146.                 new SalesChannelContextServiceParameters(
  147.                     $context->getSalesChannelId(),
  148.                     $token,
  149.                     $context->getLanguageIdChain()[0],
  150.                     $context->getCurrencyId(),
  151.                     $context->getDomainId(),
  152.                     $context->getContext()
  153.                 )
  154.             );
  156.             // Update the sales channel context for CacheResponseSubscriber
  157.             $request->attributes->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT$newContext);
  159.             if (!empty($token)) {
  160.                 $this->addCartErrors($cartBeforeNewContext);
  162.                 return $this->createActionResponse($request);
  163.             }
  164.         } catch (BadCredentialsException UnauthorizedHttpException CustomerOptinNotCompletedException CustomerAuthThrottledException $e) {
  165.             if ($e instanceof CustomerOptinNotCompletedException) {
  166.                 $errorSnippet $e->getSnippetKey();
  167.             }
  169.             if ($e instanceof CustomerAuthThrottledException) {
  170.                 $waitTime $e->getWaitTime();
  171.             }
  172.         }
  174.         $data->set('password'null);
  176.         return $this->forwardToRoute(
  177.             'frontend.account.login.page',
  178.             [
  179.                 'loginError' => true,
  180.                 'errorSnippet' => $errorSnippet ?? null,
  181.                 'waitTime' => $waitTime ?? null,
  182.             ]
  183.         );
  184.     }
  186.     #[Route(path'/account/recover'name'frontend.account.recover.page'methods: ['GET'])]
  187.     public function recoverAccountForm(Request $requestSalesChannelContext $context): Response
  188.     {
  189.         $page $this->loginPageLoader->load($request$context);
  191.         return $this->renderStorefront('@Storefront/storefront/page/account/profile/recover-password.html.twig', [
  192.             'page' => $page,
  193.         ]);
  194.     }
  196.     #[Route(path'/account/recover'name'frontend.account.recover.request'methods: ['POST'])]
  197.     public function generateAccountRecovery(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  198.     {
  199.         try {
  200.             $data->get('email')
  201.                 ->set('storefrontUrl'$request->attributes->get(RequestTransformer::STOREFRONT_URL));
  203.             $this->sendPasswordRecoveryMailRoute->sendRecoveryMail(
  204.                 $data->get('email')->toRequestDataBag(),
  205.                 $context,
  206.                 false
  207.             );
  209.             $this->addFlash(self::SUCCESS$this->trans('account.recoveryMailSend'));
  210.         } catch (CustomerNotFoundException $e) {
  211.             $this->addFlash(self::SUCCESS$this->trans('account.recoveryMailSend'));
  212.         } catch (InconsistentCriteriaIdsException $e) {
  213.             $this->addFlash(self::DANGER$this->trans('error.message-default'));
  214.         } catch (RateLimitExceededException $e) {
  215.             $this->addFlash(self::INFO$this->trans('error.rateLimitExceeded', ['%seconds%' => $e->getWaitTime()]));
  216.         }
  218.         return $this->redirectToRoute('frontend.account.recover.page');
  219.     }
  221.     #[Route(path'/account/recover/password'name'frontend.account.recover.password.page'methods: ['GET'])]
  222.     public function resetPasswordForm(Request $requestSalesChannelContext $context): Response
  223.     {
  224.         /** @var ?string $hash */
  225.         $hash $request->get('hash');
  227.         if (!$hash || !\is_string($hash)) {
  228.             $this->addFlash(self::DANGER$this->trans('account.passwordHashNotFound'));
  230.             return $this->redirectToRoute('frontend.account.recover.request');
  231.         }
  233.         try {
  234.             $page $this->recoverPasswordPageLoader->load($request$context$hash);
  235.         } catch (ConstraintViolationException) {
  236.             $this->addFlash(self::DANGER$this->trans('account.passwordHashNotFound'));
  238.             return $this->redirectToRoute('frontend.account.recover.request');
  239.         }
  241.         $this->hook(new AccountRecoverPasswordPageLoadedHook($page$context));
  243.         if ($page->getHash() === null || $page->isHashExpired()) {
  244.             $this->addFlash(self::DANGER$this->trans('account.passwordHashNotFound'));
  246.             return $this->redirectToRoute('frontend.account.recover.request');
  247.         }
  249.         return $this->renderStorefront('@Storefront/storefront/page/account/profile/reset-password.html.twig', [
  250.             'page' => $page,
  251.             'formViolations' => $request->get('formViolations'),
  252.         ]);
  253.     }
  255.     #[Route(path'/account/recover/password'name'frontend.account.recover.password.reset'methods: ['POST'])]
  256.     public function resetPassword(RequestDataBag $dataSalesChannelContext $context): Response
  257.     {
  258.         $hash $data->get('password')->get('hash');
  260.         try {
  261.             $pw $data->get('password');
  263.             $this->resetPasswordRoute->resetPassword($pw->toRequestDataBag(), $context);
  265.             $this->addFlash(self::SUCCESS$this->trans('account.passwordChangeSuccess'));
  266.         } catch (ConstraintViolationException $formViolations) {
  267.             $this->addFlash(self::DANGER$this->trans('account.passwordChangeNoSuccess'));
  269.             return $this->forwardToRoute(
  270.                 'frontend.account.recover.password.page',
  271.                 ['hash' => $hash'formViolations' => $formViolations'passwordFormViolation' => true]
  272.             );
  273.         } catch (CustomerNotFoundByHashException) {
  274.             $this->addFlash(self::DANGER$this->trans('account.passwordChangeNoSuccess'));
  276.             return $this->forwardToRoute('frontend.account.recover.request');
  277.         } catch (CustomerRecoveryHashExpiredException) {
  278.             $this->addFlash(self::DANGER$this->trans('account.passwordHashExpired'));
  280.             return $this->forwardToRoute('frontend.account.recover.request');
  281.         }
  283.         return $this->redirectToRoute('frontend.account.profile.page');
  284.     }
  285. }