vendor/shopware/storefront/Controller/AuthController.php line 79

  1. <?php declare(strict_types=1);
  3. namespace Shopware\Storefront\Controller;
  5. use Shopware\Core\Checkout\Customer\Exception\BadCredentialsException;
  6. use Shopware\Core\Checkout\Customer\Exception\CustomerAuthThrottledException;
  7. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundByHashException;
  8. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundByIdException;
  9. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundException;
  10. use Shopware\Core\Checkout\Customer\Exception\CustomerOptinNotCompletedException;
  11. use Shopware\Core\Checkout\Customer\Exception\CustomerRecoveryHashExpiredException;
  12. use Shopware\Core\Checkout\Customer\Exception\InvalidImitateCustomerTokenException;
  13. use Shopware\Core\Checkout\Customer\Exception\PasswordPoliciesUpdatedException;
  14. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractImitateCustomerRoute;
  15. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractLoginRoute;
  16. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractLogoutRoute;
  17. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractResetPasswordRoute;
  18. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractSendPasswordRecoveryMailRoute;
  19. use Shopware\Core\Framework\DataAbstractionLayer\Exception\InconsistentCriteriaIdsException;
  20. use Shopware\Core\Framework\Log\Package;
  21. use Shopware\Core\Framework\RateLimiter\Exception\RateLimitExceededException;
  22. use Shopware\Core\Framework\Routing\RoutingException;
  23. use Shopware\Core\Framework\Validation\DataBag\DataBag;
  24. use Shopware\Core\Framework\Validation\DataBag\RequestDataBag;
  25. use Shopware\Core\Framework\Validation\Exception\ConstraintViolationException;
  26. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  27. use Shopware\Storefront\Checkout\Cart\SalesChannel\StorefrontCartFacade;
  28. use Shopware\Storefront\Framework\Routing\RequestTransformer;
  29. use Shopware\Storefront\Page\Account\Login\AccountGuestLoginPageLoadedHook;
  30. use Shopware\Storefront\Page\Account\Login\AccountLoginPageLoadedHook;
  31. use Shopware\Storefront\Page\Account\Login\AccountLoginPageLoader;
  32. use Shopware\Storefront\Page\Account\RecoverPassword\AccountRecoverPasswordPageLoadedHook;
  33. use Shopware\Storefront\Page\Account\RecoverPassword\AccountRecoverPasswordPageLoader;
  34. use Symfony\Component\HttpFoundation\Request;
  35. use Symfony\Component\HttpFoundation\Response;
  36. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  37. use Symfony\Component\Routing\Attribute\Route;
  39. /**
  40.  * @internal
  41.  * Do not use direct or indirect repository calls in a controller. Always use a store-api route to get or put data
  42.  */
  43. #[Route(defaults: ['_routeScope' => ['storefront']])]
  44. #[Package('storefront')]
  45. class AuthController extends StorefrontController
  46. {
  47.     /**
  48.      * @internal
  49.      */
  50.     public function __construct(
  51.         private readonly AccountLoginPageLoader $loginPageLoader,
  52.         private readonly AbstractSendPasswordRecoveryMailRoute $sendPasswordRecoveryMailRoute,
  53.         private readonly AbstractResetPasswordRoute $resetPasswordRoute,
  54.         private readonly AbstractLoginRoute $loginRoute,
  55.         private readonly AbstractLogoutRoute $logoutRoute,
  56.         private readonly AbstractImitateCustomerRoute $imitateCustomerRoute,
  57.         private readonly StorefrontCartFacade $cartFacade,
  58.         private readonly AccountRecoverPasswordPageLoader $recoverPasswordPageLoader
  59.     ) {
  60.     }
  62.     #[Route(path'/account/login'name'frontend.account.login.page'defaults: ['_noStore' => true], methods: ['GET'])]
  63.     public function loginPage(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  64.     {
  65.         /** @var string $redirect */
  66.         $redirect $request->get('redirectTo''frontend.account.home.page');
  68.         $customer $context->getCustomer();
  70.         if ($customer !== null && $customer->getGuest() === false) {
  71.             $request->request->set('redirectTo'$redirect);
  73.             return $this->createActionResponse($request);
  74.         }
  76.         $page $this->loginPageLoader->load($request$context);
  78.         $this->hook(new AccountLoginPageLoadedHook($page$context));
  80.         return $this->renderStorefront('@Storefront/storefront/page/account/register/index.html.twig', [
  81.             'redirectTo' => $redirect,
  82.             'redirectParameters' => $request->get('redirectParameters'json_encode([])),
  83.             'errorRoute' => $request->attributes->get('_route'),
  84.             'page' => $page,
  85.             'loginError' => (bool) $request->get('loginError'),
  86.             'waitTime' => $request->get('waitTime'),
  87.             'errorSnippet' => $request->get('errorSnippet'),
  88.             'data' => $data,
  89.         ]);
  90.     }
  92.     #[Route(path'/account/guest/login'name'frontend.account.guest.login.page'defaults: ['_noStore' => true], methods: ['GET'])]
  93.     public function guestLoginPage(Request $requestSalesChannelContext $context): Response
  94.     {
  95.         /** @var string|null $redirect */
  96.         $redirect $request->get('redirectTo');
  97.         if (!$redirect) {
  98.             // page was probably called directly
  99.             $this->addFlash(self::DANGER$this->trans('account.orderGuestLoginWrongCredentials'));
  101.             return $this->redirectToRoute('frontend.account.login.page');
  102.         }
  104.         $customer $context->getCustomer();
  106.         if ($customer !== null) {
  107.             $request->request->set('redirectTo'$redirect);
  109.             return $this->createActionResponse($request);
  110.         }
  112.         $waitTime = (int) $request->get('waitTime');
  113.         if ($waitTime) {
  114.             $this->addFlash(self::INFO$this->trans('account.loginThrottled', ['%seconds%' => $waitTime]));
  115.         }
  117.         if ((bool) $request->get('loginError')) {
  118.             $this->addFlash(self::DANGER$this->trans('account.orderGuestLoginWrongCredentials'));
  119.         }
  121.         $page $this->loginPageLoader->load($request$context);
  123.         $this->hook(new AccountGuestLoginPageLoadedHook($page$context));
  125.         return $this->renderStorefront('@Storefront/storefront/page/account/guest-auth.html.twig', [
  126.             'redirectTo' => $redirect,
  127.             'redirectParameters' => $request->get('redirectParameters'json_encode([])),
  128.             'page' => $page,
  129.         ]);
  130.     }
  132.     #[Route(path'/account/logout'name'frontend.account.logout.page'methods: ['GET'])]
  133.     public function logout(Request $requestSalesChannelContext $contextRequestDataBag $dataBag): Response
  134.     {
  135.         if ($context->getCustomer() === null) {
  136.             return $this->redirectToRoute('frontend.account.login.page');
  137.         }
  139.         try {
  140.             $this->logoutRoute->logout($context$dataBag);
  141.             $this->addFlash(self::SUCCESS$this->trans('account.logoutSucceeded'));
  143.             $parameters = [];
  144.         } catch (ConstraintViolationException $formViolations) {
  145.             $parameters = ['formViolations' => $formViolations];
  146.         }
  148.         return $this->redirectToRoute('frontend.account.login.page'$parameters);
  149.     }
  151.     #[Route(path'/account/login'name'frontend.account.login'defaults: ['XmlHttpRequest' => true], methods: ['POST'])]
  152.     public function login(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  153.     {
  154.         $customer $context->getCustomer();
  156.         if ($customer !== null && $customer->getGuest() === false) {
  157.             return $this->createActionResponse($request);
  158.         }
  160.         try {
  161.             $token $this->loginRoute->login($data$context)->getToken();
  162.             $cartBeforeNewContext $this->cartFacade->get($token$context);
  164.             if (!empty($token)) {
  165.                 $this->addCartErrors($cartBeforeNewContext);
  167.                 return $this->createActionResponse($request);
  168.             }
  169.         } catch (CustomerOptinNotCompletedException $e) {
  170.             $errorSnippet $e->getSnippetKey();
  171.         } catch (CustomerAuthThrottledException $e) {
  172.             $waitTime $e->getWaitTime();
  173.             // @deprecated tag:v6.7.0 - Remove catch for UnauthorizedHttpException
  174.         } catch (BadCredentialsException|CustomerNotFoundException|UnauthorizedHttpException) {
  175.         } catch (PasswordPoliciesUpdatedException $e) {
  176.             $this->addFlash(self::WARNING$this->trans('account.passwordPoliciesUpdated'));
  178.             return $this->forwardToRoute('frontend.account.recover.page');
  179.         } finally {
  180.             $data->set('password'null);
  181.         }
  183.         return $this->forwardToRoute(
  184.             'frontend.account.login.page',
  185.             [
  186.                 'loginError' => true,
  187.                 'errorSnippet' => $errorSnippet ?? null,
  188.                 'waitTime' => $waitTime ?? null,
  189.             ]
  190.         );
  191.     }
  193.     #[Route(path'/account/recover'name'frontend.account.recover.page'methods: ['GET'])]
  194.     public function recoverAccountForm(Request $requestSalesChannelContext $context): Response
  195.     {
  196.         $page $this->loginPageLoader->load($request$context);
  198.         return $this->renderStorefront('@Storefront/storefront/page/account/profile/recover-password.html.twig', [
  199.             'page' => $page,
  200.         ]);
  201.     }
  203.     #[Route(path'/account/recover'name'frontend.account.recover.request'methods: ['POST'])]
  204.     public function generateAccountRecovery(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  205.     {
  206.         try {
  207.             $mailData $data->get('email');
  208.             if (!$mailData instanceof DataBag) {
  209.                 throw RoutingException::invalidRequestParameter('email');
  210.             }
  211.             $mailData->set('storefrontUrl'$request->attributes->get(RequestTransformer::STOREFRONT_URL));
  213.             $this->sendPasswordRecoveryMailRoute->sendRecoveryMail(
  214.                 $mailData->toRequestDataBag(),
  215.                 $context,
  216.                 false
  217.             );
  219.             $this->addFlash(self::SUCCESS$this->trans('account.recoveryMailSend'));
  220.         } catch (CustomerNotFoundException $e) {
  221.             $this->addFlash(self::SUCCESS$this->trans('account.recoveryMailSend'));
  222.         } catch (InconsistentCriteriaIdsException $e) {
  223.             $this->addFlash(self::DANGER$this->trans('error.message-default'));
  224.         } catch (RateLimitExceededException $e) {
  225.             $this->addFlash(self::INFO$this->trans('error.rateLimitExceeded', ['%seconds%' => $e->getWaitTime()]));
  226.         } catch (ConstraintViolationException $formViolations) {
  227.             return $this->forwardToRoute(
  228.                 'frontend.account.recover.page',
  229.                 ['formViolations' => $formViolations]
  230.             );
  231.         }
  233.         return $this->redirectToRoute('frontend.account.recover.page');
  234.     }
  236.     #[Route(path'/account/recover/password'name'frontend.account.recover.password.page'methods: ['GET'])]
  237.     public function resetPasswordForm(Request $requestSalesChannelContext $context): Response
  238.     {
  239.         /** @var ?string $hash */
  240.         $hash $request->get('hash');
  242.         if (!$hash || !\is_string($hash)) {
  243.             $this->addFlash(self::DANGER$this->trans('account.passwordHashNotFound'));
  245.             return $this->redirectToRoute('frontend.account.recover.request');
  246.         }
  248.         try {
  249.             $page $this->recoverPasswordPageLoader->load($request$context$hash);
  250.         } catch (ConstraintViolationException|CustomerNotFoundByHashException) {
  251.             $this->addFlash(self::DANGER$this->trans('account.passwordHashNotFound'));
  253.             return $this->redirectToRoute('frontend.account.recover.request');
  254.         }
  256.         $this->hook(new AccountRecoverPasswordPageLoadedHook($page$context));
  258.         if ($page->getHash() === null || $page->isHashExpired()) {
  259.             $this->addFlash(self::DANGER$this->trans('account.passwordHashNotFound'));
  261.             return $this->redirectToRoute('frontend.account.recover.request');
  262.         }
  264.         return $this->renderStorefront('@Storefront/storefront/page/account/profile/reset-password.html.twig', [
  265.             'page' => $page,
  266.             'formViolations' => $request->get('formViolations'),
  267.         ]);
  268.     }
  270.     #[Route(path'/account/recover/password'name'frontend.account.recover.password.reset'methods: ['POST'])]
  271.     public function resetPassword(RequestDataBag $dataSalesChannelContext $context): Response
  272.     {
  273.         $passwordData $data->get('password');
  274.         if (!$passwordData instanceof DataBag) {
  275.             throw RoutingException::invalidRequestParameter('password');
  276.         }
  277.         $hash $passwordData->get('hash');
  279.         try {
  280.             $this->resetPasswordRoute->resetPassword($passwordData->toRequestDataBag(), $context);
  282.             $this->addFlash(self::SUCCESS$this->trans('account.passwordChangeSuccess'));
  283.         } catch (ConstraintViolationException $formViolations) {
  284.             if ($formViolations->getViolations('newPassword')->count() === 1) {
  285.                 $this->addFlash(self::DANGER$this->trans('account.passwordNotIdentical'));
  286.             } else {
  287.                 $this->addFlash(self::DANGER$this->trans('account.passwordChangeNoSuccess'));
  288.             }
  290.             return $this->forwardToRoute(
  291.                 'frontend.account.recover.password.page',
  292.                 ['hash' => $hash'formViolations' => $formViolations'passwordFormViolation' => true]
  293.             );
  294.         } catch (CustomerNotFoundByHashException) {
  295.             $this->addFlash(self::DANGER$this->trans('account.passwordChangeNoSuccess'));
  297.             return $this->forwardToRoute('frontend.account.recover.request');
  298.         } catch (CustomerRecoveryHashExpiredException) {
  299.             $this->addFlash(self::DANGER$this->trans('account.passwordHashExpired'));
  301.             return $this->forwardToRoute('frontend.account.recover.request');
  302.         }
  304.         return $this->redirectToRoute('frontend.account.profile.page');
  305.     }
  307.     #[Route(path'/account/login/imitate-customer'name'frontend.account.login.imitate-customer'methods: ['POST'])]
  308.     public function imitateCustomerLogin(RequestDataBag $dataSalesChannelContext $context): Response
  309.     {
  310.         try {
  311.             $this->imitateCustomerRoute->imitateCustomerLogin($data$context);
  313.             return $this->redirectToRoute('frontend.account.home.page');
  314.         } catch (InvalidImitateCustomerTokenException|CustomerNotFoundByIdException) {
  315.             return $this->forwardToRoute(
  316.                 'frontend.account.login.page',
  317.                 [
  318.                     'loginError' => true,
  319.                 ]
  320.             );
  321.         }
  322.     }
  323. }