src/OceanExpertBundle/Controller/ApiController.php line 132

Open in your IDE?
  1. <?php
  3. namespace OceanExpertBundle\Controller;
  5. use FOS\UserBundle\Model\UserManagerInterface;
  6. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  7. use Symfony\Component\HttpFoundation\Request;
  8. use Symfony\Component\HttpFoundation\Response;
  9. use Symfony\Component\HttpFoundation\JsonResponse;
  10. use \Firebase\JWT\JWT;
  12. /**
  13.  * Class ApiController
  14.  * @package OceanExpertBundle\Controller
  15.  */
  16. class ApiController extends AbstractController
  17. {
  18.     private UserManagerInterface $fosUserManager;
  20.     public function __construct(UserManagerInterface $fosUserManager)
  21.     {
  22.         $this->fosUserManager $fosUserManager;
  23.     }
  25.     /**
  26.      * @return Response
  27.      */
  28.     public function indexAction()
  29.     {
  30.         return new Response('Api index');
  31.     }
  33.     /**
  34.      * check if login/pwd combination are known and valid in OE
  35.      *
  36.      * @param Request $request
  37.      *
  38.      * @return JsonResponse
  39.      */
  40.     public function loginAction(Request $request): JsonResponse
  41.     {
  42.         if ($request->getMethod() === 'POST') {
  44.             $userName $request->request->get('username');
  45.             $password $request->request->get('password');
  47.             $user $this->fosUserManager->findUserByUsernameOrEmail($userName);
  48.             if (!$user) {
  49.                 //we don't say the user does not exist, make the life of possible hackers not too easy
  50.                 return new JsonResponse(
  51.                     array(
  52.                         'status' => 1,
  53.                         'error' => 'Wrong user or password'
  54.                     )
  55.                 );
  56.             }
  58.             $isValid $this->get('security.password_encoder')
  59.                 ->isPasswordValid(
  60.                     $user,
  61.                     $password
  62.                 );
  63.             if (!$isValid) {
  64.                 return new JsonResponse(
  65.                     array(
  66.                         'status' => 1,
  67.                         'error' => 'Wrong user or password'
  68.                     )
  69.                 );
  70.             }
  72.             $privateKey openssl_get_privatekey(
  73.                 'file://var/jwt/jwtRS256.key',
  74.                 'oceanexpert'
  75.             );
  76.             $data $this->getExpertDetailsById($user->getEmail());
  78.             if (count($user->getRoles()) > 0) {
  80.                 //@todo : this logic should move away from here because it should be applied to every stage
  81.                 //calculate the highest permission (#523)
  82.                 $possibleRoles = array(
  83.                     'ROLE_SUPERADMIN' => 1,
  84.                     'ROLE_ADMIN' => 2,
  85.                     'ROLE_MANAGER' => 3,
  86.                     'ROLE_GLOBAL_EDITOR' => 4,
  87.                     'ROLE_COUNTRY_EDITOR' => 5,
  88.                     'ROLE_USER' => 100
  89.                 );
  91.                 $allRoles $user->getRoles();
  93.                 //what is the id of the maximum role of the user
  94.                 $maxRole 100;
  96.                 //'bubble sort'
  97.                 foreach($allRoles as $role) {
  98.                     if (isset($possibleRoles[$role])) {
  99.                         if ($possibleRoles[$role] < $maxRole) {
  100.                             $maxRole $possibleRoles[$role];
  101.                         }
  102.                     }
  103.                 }
  105.                 $maxRole array_search($maxRole$possibleRoles);
  106.                 //$maxRole = $user->getRoles()[0];
  107.                 $data['oeRole'] = $maxRole;
  108.                 $data['oeRoles'] = $allRoles;
  109.             } else {
  110.                 $data['oeRole'] = null;
  111.                 $data['oeRoles'] = null;
  112.             }
  113.             $jwt JWT::encode(
  114.                 $data,
  115.                 $privateKey,
  116.                 'RS256'
  117.             );
  118.             return new JsonResponse(['token' => $jwt]);
  119.         } else {
  120.             return new JsonResponse(
  121.                 array(
  122.                     'status' => 3,
  123.                     'error' => 'this call is only availlable via POST, RTFM'
  124.                 )
  125.             );
  126.         }
  127.     }
  129.     /**
  130.      * @return Response
  131.      */
  132.     public function checkSessionAction()
  133.     {
  134.         $response 0;
  135.         if (TRUE === $this->get('security.authorization_checker')->isGranted('ROLE_USER')) {
  136.             //we cannot do this because this makes the registration process unusable, session will always expire
  137.             //let's check if the logged-in user has a 'real' profile
  138.             //the mandatory profile fields are all filled and the expert is active
  139.             /*
  140.             $em = $this->getDoctrine()->getManager();
  141.             $userId = $this->get('security.token_storage')->getToken()->getUser()->getId();
  142.             if (!SecurityController::checkUserProfile($em, $userId)) {
  143.                $response = 0;
  144.             } else {
  145.                 $response = 1;
  146.             }
  147.             */
  148.             $response 1;
  149.         }else{
  150.             $response 0;
  151.         }
  153.         return new Response($response);
  154.     }
  156.     function getExpertDetailsById($email)
  157.     {
  158.         $em $this->getDoctrine()->getManager();
  159.         $member $em
  160.             ->getRepository('OceanExpertBundle:Indiv')
  161.             ->createQueryBuilder('i')
  162.             ->select(
  163.                 'i.idInd,
  164.                 i.fname,
  165.                 i.mname,
  166.                 i.sname,
  167.                 i.email1,
  168.                 i.jobtitle,
  169.                 i.gender,
  170.                 ins.idInst,
  171.                 ins.instName,
  172.                 ins.instNameEng,
  173.                 i.useInstAddr,
  174.                 i.idNationality,
  175.                 ci.country as insCountry,
  176.                 ci.countryCode as insCountryCode,
  177.                 c.country as country,
  178.                 c.countryCode as countryCode')
  179.             ->leftJoin('OceanExpertBundle:IndivInstitution''ii''WITH''ii.idInd = i.idInd')
  180.             ->leftJoin('OceanExpertBundle:Institutions''ins''WITH''ii.idInst = ins.idInst')
  181.             ->leftJoin('OceanExpertBundle:Countries''c''WITH''i.countryCode = c.idCountry')
  182.             ->leftJoin('OceanExpertBundle:Countries''ci''WITH''ins.countryCode = ci.idCountry')
  183.             ->where('i.email1 = :email')
  184.             ->andWhere('i.status = 1')
  185.             ->setParameter('email',$email)
  186.             ->getQuery()
  187.             ->getResult();
  189.         $memberdata = array();
  190.         if($member){
  191.             //dump($member);
  192.             //die();
  193.             $query $em
  194.                 ->getRepository('OceanExpertBundle:MemberGroups')
  195.                 ->createQueryBuilder('m')
  196.                 ->select('m.idGroup,g.groupname')
  197.                 ->leftJoin('OceanExpertBundle:Groups''g''WITH''g.idGroup = m.idGroup')
  198.                 ->where('m.idInd =:idInd')
  199.                 ->setParameter('idInd'$member[0]['idInd'])
  200.                 ->getQuery();
  201.             $groups $query->getResult();
  203.             $memberdata['idInd'] = $member[0]['idInd'];
  204.             $memberdata['fname'] = $member[0]['fname'];
  205.             $memberdata['mname'] = $member[0]['mname'];
  206.             $memberdata['sname'] = $member[0]['sname'];
  207.             if (file_exists('uploads/profile/profile_' $member[0]['idInd'] . '.png')) {
  208.                 $memberdata['image'] =$this->container
  209.                         ->get('request_stack')
  210.                         ->getMasterRequest()
  211.                         ->getHttpHost() . '/uploads/profile/profile_' $member[0]['idInd'] . '.png';
  212.             } else {
  213.                 $memberdata['image'] =  $this->container
  214.                         ->get('request_stack')
  215.                         ->getMasterRequest()
  216.                         ->getHttpHost() . '/assets/uploads/default.png';
  217.             }
  218.             $memberdata['gender'] = $member[0]['gender'];
  219.             $memberdata['name'] = $member[0]['fname'];
  220.             if (isset($member[0]['mname'])
  221.                 && $member[0]['mname'] != ''
  222.             ) {
  223.                 $memberdata['name'] .= ' ' $member[0]['mname'];
  224.             }
  225.             $memberdata['name'] .= ' ' $member[0]['sname'];
  226.             $memberdata['email'] = $email;
  227.             $memberdata['jobtitle'] = $member[0]['jobtitle'];
  228.             $memberdata['idInst'] = $member[0]['idInst'];
  229.             $memberdata['instName'] = $member[0]['instName'];
  230.             $memberdata['instNameEng'] = $member[0]['instNameEng'];
  231.             $memberdata['insCountry'] = $member[0]['insCountry'];
  232.             $memberdata['insCountryCode'] = $member[0]['insCountryCode'];
  233.             if ($member[0]['useInstAddr'] === 1) {
  234.                 $memberdata['country'] = $member[0]['insCountry'];
  235.                 $memberdata['countryCode'] = $member[0]['insCountryCode'];
  236.             } else {
  237.                 $memberdata['country'] = $member[0]['country'];
  238.                 $memberdata['countryCode'] = $member[0]['countryCode'];
  239.             }
  240.             $memberdata['workingLocationCountry'] =$memberdata['country'];
  241.             $memberdata['workingLocationCountryCode'] = $memberdata['countryCode'];
  242.             $memberdata['groups'] = $groups;
  244.             $query $em
  245.                 ->getRepository('OceanExpertBundle:Countries')
  246.                 ->createQueryBuilder('c')
  247.                 ->select('c.country, c.countryCode')
  248.                 ->where('c.idCountry in (' $member[0]['idNationality'] . ')')
  249.                 //->setParameter('idNationality', $member[0]['idNationality'])
  250.                 ->getQuery();
  251.             $nationalityData $query->getResult();
  252.             foreach ($nationalityData as $nationality) {
  253.                  $nationalities[] = $nationality['country'];
  254.                  $nationalityCodes[] = $nationality['countryCode'];
  255.             }
  256.             $memberdata['nationality'] = implode(','$nationalities);
  257.             $memberdata['nationalityCode'] = implode(','$nationalityCodes);
  258.         }else{
  259.             $memberdata['error'] = 'No memberdata available.';
  260.         }
  261.         return $memberdata;
  262.     }
  263. }