Total Complexity | 42 |
Total Lines | 449 |
Duplicated Lines | 0 % |
Changes | 2 | ||
Bugs | 0 | Features | 0 |
Complex classes like SignupUserAction often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use SignupUserAction, and based on these observations, apply Extract Interface, too.
1 | <?php |
||
42 | class SignupUserAction extends BaseAction implements EventListenerInterface |
||
43 | { |
||
44 | use EventDispatcherTrait; |
||
45 | use MailerAwareTrait; |
||
46 | |||
47 | /** |
||
48 | * 400 Username already registered |
||
49 | * |
||
50 | * @var string |
||
51 | * @deprecated Will be dropped in 5.x, use `UserExistsException` to use this app error code. |
||
52 | */ |
||
53 | public const BE_USER_EXISTS = 'be_user_exists'; |
||
54 | |||
55 | /** |
||
56 | * The UsersTable table |
||
57 | * |
||
58 | * @var \BEdita\Core\Model\Table\UsersTable |
||
59 | */ |
||
60 | protected $Users; |
||
61 | |||
62 | /** |
||
63 | * The AsyncJobs table |
||
64 | * |
||
65 | * @var \BEdita\Core\Model\Table\AsyncJobsTable |
||
66 | */ |
||
67 | protected $AsyncJobs; |
||
68 | |||
69 | /** |
||
70 | * The RolesTable table |
||
71 | * |
||
72 | * @var \BEdita\Core\Model\Table\RolesTable |
||
73 | */ |
||
74 | protected $Roles; |
||
75 | |||
76 | /** |
||
77 | * Default configuration. |
||
78 | * |
||
79 | * - activation_url => url used for signup activation |
||
80 | * - roles => the allowed roles on signup. if empty no role can be associated |
||
81 | * - defaultRoles => default roles associated to user if no one was specified |
||
82 | * - requireActivation => false if user will be active without confirm |
||
83 | * |
||
84 | * @var array |
||
85 | */ |
||
86 | protected $_defaultConfig = [ |
||
87 | 'activation_url' => null, |
||
88 | 'roles' => null, |
||
89 | 'defaultRoles' => null, |
||
90 | 'requireActivation' => true, |
||
91 | ]; |
||
92 | |||
93 | /** |
||
94 | * @inheritDoc |
||
95 | */ |
||
96 | protected function initialize(array $config) |
||
97 | { |
||
98 | $this->Users = TableRegistry::getTableLocator()->get('Users'); |
||
99 | $this->AsyncJobs = TableRegistry::getTableLocator()->get('AsyncJobs'); |
||
100 | $this->Roles = TableRegistry::getTableLocator()->get('Roles'); |
||
101 | |||
102 | $this->getEventManager()->on($this); |
||
103 | } |
||
104 | |||
105 | /** |
||
106 | * {@inheritDoc} |
||
107 | * |
||
108 | * @return \BEdita\Core\Model\Entity\User |
||
109 | * @throws \Cake\Http\Exception\BadRequestException When validation of URL options fails |
||
110 | * @throws \Cake\Http\Exception\UnauthorizedException Upon external authorization check failure. |
||
111 | */ |
||
112 | public function execute(array $data = []) |
||
113 | { |
||
114 | $this->setConfig((array)Configure::read('Signup')); |
||
115 | |||
116 | $data = $this->normalizeInput($data); |
||
117 | // add activation url from config if not set |
||
118 | $activationUrl = $this->getConfig('activationUrl'); |
||
119 | if (!empty($activationUrl) && empty($data['data']['activation_url'])) { |
||
120 | $data['data']['activation_url'] = Router::url($activationUrl); |
||
121 | } |
||
122 | $signupRoles = (array)Hash::get($data, 'data.roles', $this->getConfig('defaultRoles')); |
||
123 | if (!empty($signupRoles)) { |
||
124 | $data['data']['roles'] = $signupRoles; |
||
125 | } |
||
126 | $errors = $this->validate($data['data']); |
||
127 | if (!empty($errors)) { |
||
128 | throw new InvalidDataException(__d('bedita', 'Invalid data'), $errors); |
||
129 | } |
||
130 | |||
131 | // operations are not in transaction because AsyncJobs could use a different connection |
||
132 | $user = $this->createUser($data['data']); |
||
133 | try { |
||
134 | // add roles to user, with validity check |
||
135 | $this->addRoles($user, $data['data']); |
||
136 | |||
137 | if (empty($data['data']['auth_provider'])) { |
||
138 | $job = $this->createSignupJob($user); |
||
139 | $activationUrl = $this->getActivationUrl($job, $data['data']); |
||
140 | |||
141 | $this->dispatchEvent('Auth.signup', [$user, $job, $activationUrl], $this->Users); |
||
142 | } else { |
||
143 | $this->dispatchEvent('Auth.signupActivation', [$user], $this->Users); |
||
144 | } |
||
145 | } catch (\Exception $e) { |
||
146 | // if async job or send mail fail remove user created and re-throw the exception |
||
147 | $this->Users->delete($user); |
||
148 | |||
149 | throw $e; |
||
150 | } |
||
151 | |||
152 | return (new GetObjectAction(['table' => $this->Users]))->execute(['primaryKey' => $user->id, 'contain' => 'Roles']); |
||
|
|||
153 | } |
||
154 | |||
155 | /** |
||
156 | * Normalize input data to plain JSON if in JSON API format |
||
157 | * |
||
158 | * @param array $data Input data |
||
159 | * @return array Normalized array |
||
160 | */ |
||
161 | protected function normalizeInput(array $data) |
||
169 | } |
||
170 | |||
171 | /** |
||
172 | * Validate data. |
||
173 | * |
||
174 | * It needs to validate some data that don't concern the User entity |
||
175 | * as `activation_url` and `redirect_url` |
||
176 | * |
||
177 | * @param array $data The data to validate |
||
178 | * @return array |
||
179 | */ |
||
180 | protected function validate(array $data) |
||
181 | { |
||
182 | $validator = new Validator(); |
||
183 | $validator->setProvider('bedita', Validation::class); |
||
184 | |||
185 | if (empty($data['auth_provider'])) { |
||
186 | $validator->requirePresence('activation_url'); |
||
187 | |||
188 | $validator |
||
189 | ->requirePresence('username') |
||
190 | ->notEmptyString('username'); |
||
191 | } else { |
||
192 | $validator |
||
193 | ->requirePresence('provider_username') |
||
194 | ->requirePresence('access_token'); |
||
195 | } |
||
196 | |||
197 | $validator |
||
198 | ->add('activation_url', 'customUrl', [ |
||
199 | 'rule' => 'url', |
||
200 | 'provider' => 'bedita', |
||
201 | ]) |
||
202 | |||
203 | ->add('redirect_url', 'customUrl', [ |
||
204 | 'rule' => 'url', |
||
205 | 'provider' => 'bedita', |
||
206 | ]); |
||
207 | |||
208 | if (!empty($this->getConfig('roles'))) { |
||
209 | $validator |
||
210 | ->requirePresence('roles') |
||
211 | ->notEmptyArray('roles'); |
||
212 | } |
||
213 | |||
214 | $validator->add('roles', 'validateRoles', [ |
||
215 | 'rule' => [$this, 'validateRoles'], |
||
216 | ]); |
||
217 | |||
218 | return $validator->validate($data); |
||
219 | } |
||
220 | |||
221 | /** |
||
222 | * Validate roles against allowed signup roles configured. |
||
223 | * In addtion roles can't contain ADMIN_ROLE. |
||
224 | * |
||
225 | * @param string|array $roles The roles to check |
||
226 | * @return true|string |
||
227 | */ |
||
228 | public function validateRoles($roles) |
||
229 | { |
||
230 | $allowedRoles = (array)$this->getConfig('roles'); |
||
231 | if (empty($allowedRoles) && !empty($roles)) { |
||
232 | return __d('bedita', 'Roles are not allowed on signup'); |
||
233 | } |
||
234 | |||
235 | $adminRoleName = $this->Roles->get(RolesTable::ADMIN_ROLE)->get('name'); |
||
236 | |||
237 | $roles = (array)$roles; |
||
238 | $message = '{0} not allowed on signup'; |
||
239 | if (in_array($adminRoleName, $roles)) { |
||
240 | return __d('bedita', $message, [$adminRoleName]); |
||
241 | } |
||
242 | |||
243 | $valid = array_intersect($roles, $allowedRoles); |
||
244 | if (empty(array_diff($roles, $valid))) { |
||
245 | return true; |
||
246 | } |
||
247 | |||
248 | $rolesNotAllowed = array_diff($roles, $allowedRoles); |
||
249 | |||
250 | return __d('bedita', $message, [implode(', ', $rolesNotAllowed)]); |
||
251 | } |
||
252 | |||
253 | /** |
||
254 | * Create a new user with status: |
||
255 | * - `on` if an external auth provider is used or no activation |
||
256 | * is required via `requireActivation` config |
||
257 | * - `draft` in other cases. |
||
258 | * |
||
259 | * The user is validated using 'signup' validation. |
||
260 | * |
||
261 | * @param array $data The data to save |
||
262 | * @return \BEdita\Core\Model\Entity\User|bool User created or `false` on error |
||
263 | * @throws \Cake\Http\Exception\UnauthorizedException Upon external authorization check failure. |
||
264 | */ |
||
265 | protected function createUser(array $data) |
||
266 | { |
||
267 | if (!LoggedUser::getUser()) { |
||
268 | // use user 1 (admin) role 1 (admin / unchangeable) |
||
269 | LoggedUser::setUserAdmin(); |
||
270 | } |
||
271 | |||
272 | $status = 'draft'; |
||
273 | if ($this->getConfig('requireActivation') === false) { |
||
274 | $status = 'on'; |
||
275 | } |
||
276 | |||
277 | if (empty($data['auth_provider'])) { |
||
278 | return $this->createUserEntity($data, $status, 'signup'); |
||
279 | } |
||
280 | |||
281 | $authProvider = $this->checkExternalAuth($data); |
||
282 | |||
283 | $user = $this->createUserEntity($data, 'on', 'signupExternal', true); |
||
284 | |||
285 | // create `ExternalAuth` entry |
||
286 | $this->Users->dispatchEvent('Auth.externalAuth', [ |
||
287 | 'authProvider' => $authProvider, |
||
288 | 'providerUsername' => $data['provider_username'], |
||
289 | 'userId' => $user->get('id'), |
||
290 | 'params' => empty($data['provider_userdata']) ? null : $data['provider_userdata'], |
||
291 | ]); |
||
292 | |||
293 | return $user; |
||
294 | } |
||
295 | |||
296 | /** |
||
297 | * Create User entity. |
||
298 | * |
||
299 | * @param array $data The signup data |
||
300 | * @param string $status User `status`, `on` or `draft` |
||
301 | * @param string $validate Validation options to use |
||
302 | * @param bool $verified Add `verified` value to entity |
||
303 | * @return \BEdita\Core\Model\Entity\User The User entity created |
||
304 | * @throws \Cake\Http\Exception\BadRequestException When some data is invalid. |
||
305 | */ |
||
306 | protected function createUserEntity(array $data, $status, $validate, bool $verified = false) |
||
307 | { |
||
308 | if ($this->Users->exists(['username' => $data['username']])) { |
||
309 | $this->dispatchEvent('Auth.signupUserExists', [$data], $this->Users); |
||
310 | throw new UserExistsException( |
||
311 | __d('bedita', 'User "{0}" already registered', $data['username']) |
||
312 | ); |
||
313 | } |
||
314 | $action = new SaveEntityAction(['table' => $this->Users]); |
||
315 | |||
316 | $data['status'] = $status; |
||
317 | $entity = $this->Users->newEntity([]); |
||
318 | if ($verified === true) { |
||
319 | $entity->set('verified', FrozenTime::now()); |
||
320 | } |
||
321 | $entityOptions = compact('validate'); |
||
322 | |||
323 | return $action(compact('entity', 'data', 'entityOptions')); |
||
324 | } |
||
325 | |||
326 | /** |
||
327 | * Check external auth data validity |
||
328 | * |
||
329 | * To perform external auth check these fields are mandatory: |
||
330 | * - "auth_provider": provider name like "google", "facebook"... must be in `auth_providers` |
||
331 | * - "provider_username": id or username of the provider |
||
332 | * - "access_token": token returned by provider to use in check |
||
333 | * |
||
334 | * @param array $data The signup data |
||
335 | * @return \BEdita\Core\Model\Entity\AuthProvider AuthProvider entity |
||
336 | * @throws \Cake\Http\Exception\UnauthorizedException Upon external authorization check failure. |
||
337 | */ |
||
338 | protected function checkExternalAuth(array $data) |
||
339 | { |
||
340 | /** @var \BEdita\Core\Model\Entity\AuthProvider|null $authProvider */ |
||
341 | $authProvider = TableRegistry::getTableLocator()->get('AuthProviders')->find('enabled') |
||
342 | ->where(['name' => $data['auth_provider']]) |
||
343 | ->first(); |
||
344 | if (empty($authProvider)) { |
||
345 | throw new UnauthorizedException(__d('bedita', 'External auth provider not found')); |
||
346 | } |
||
347 | $options = (array)Hash::get((array)$authProvider->get('params'), 'options'); |
||
348 | $providerResponse = $this->getOAuth2Response( |
||
349 | $authProvider->get('url'), |
||
350 | $data['access_token'], |
||
351 | $options |
||
352 | ); |
||
353 | if (!$authProvider->checkAuthorization($providerResponse, $data['provider_username'])) { |
||
354 | throw new UnauthorizedException(__d('bedita', 'External auth failed')); |
||
355 | } |
||
356 | |||
357 | return $authProvider; |
||
358 | } |
||
359 | |||
360 | /** |
||
361 | * Get response from an OAuth2 provider |
||
362 | * |
||
363 | * @param string $url OAuth2 provider URL |
||
364 | * @param string $accessToken Access token to use in request |
||
365 | * @param array $options OAuth2 request options |
||
366 | * @return array Response from an OAuth2 provider |
||
367 | * @codeCoverageIgnore |
||
368 | */ |
||
369 | protected function getOAuth2Response(string $url, string $accessToken, array $options = []): array |
||
370 | { |
||
371 | return (new OAuth2())->response($url, $accessToken, $options); |
||
372 | } |
||
373 | |||
374 | /** |
||
375 | * Add roles to user if requested, with validity check |
||
376 | * |
||
377 | * @param \BEdita\Core\Model\Entity\User $entity The user created |
||
378 | * @param array $data The signup data |
||
379 | * @return void |
||
380 | */ |
||
381 | protected function addRoles(User $entity, array $data) |
||
382 | { |
||
383 | $signupRoles = Hash::get($data, 'roles'); |
||
384 | if (empty($signupRoles)) { |
||
385 | return; |
||
386 | } |
||
387 | $roles = $this->loadRoles($signupRoles); |
||
388 | |||
389 | /** @var \Cake\ORM\Association\BelongsToMany $association */ |
||
390 | $association = $this->Users->associations()->getByProperty('roles'); |
||
391 | $association->link($entity, $roles); |
||
392 | } |
||
393 | |||
394 | /** |
||
395 | * Load requested roles. |
||
396 | * |
||
397 | * @param array $roles Requested role names |
||
398 | * @return \BEdita\Core\Model\Entity\Role[] requested role entities |
||
399 | */ |
||
400 | protected function loadRoles(array $roles) |
||
406 | } |
||
407 | |||
408 | /** |
||
409 | * Create the signup async job |
||
410 | * |
||
411 | * @param \BEdita\Core\Model\Entity\User $user The user created |
||
412 | * @return \BEdita\Core\Model\Entity\AsyncJob |
||
413 | */ |
||
414 | protected function createSignupJob(User $user) |
||
415 | { |
||
416 | $action = new SaveEntityAction(['table' => $this->AsyncJobs]); |
||
417 | |||
418 | return $action([ |
||
419 | 'entity' => $this->AsyncJobs->newEntity([]), |
||
420 | 'data' => [ |
||
421 | 'service' => 'signup', |
||
422 | 'payload' => [ |
||
423 | 'user_id' => $user->id, |
||
424 | ], |
||
425 | 'scheduled_from' => new FrozenTime('1 day'), |
||
426 | 'priority' => 1, |
||
427 | ], |
||
428 | ]); |
||
429 | } |
||
430 | |||
431 | /** |
||
432 | * Send confirmation email to user |
||
433 | * |
||
434 | * @param \Cake\Event\Event $event Dispatched event. |
||
435 | * @param \BEdita\Core\Model\Entity\User $user The user |
||
436 | * @param \BEdita\Core\Model\Entity\AsyncJob $job The referred async job |
||
437 | * @param string $activationUrl URL to be used for activation. |
||
438 | * @return void |
||
439 | */ |
||
440 | public function sendMail(Event $event, User $user, AsyncJob $job, $activationUrl) |
||
449 | } |
||
450 | |||
451 | /** |
||
452 | * Send welcome email to user to inform of successfully activation |
||
453 | * External auth users are already activated |
||
454 | * |
||
455 | * @param \Cake\Event\Event $event Dispatched event. |
||
456 | * @param \BEdita\Core\Model\Entity\User $user The user |
||
457 | * @return void |
||
458 | */ |
||
459 | public function sendActivationMail(Event $event, User $user) |
||
460 | { |
||
461 | $options = [ |
||
462 | 'params' => compact('user'), |
||
463 | ]; |
||
464 | $this->getMailer('BEdita/Core.User')->send('welcome', [$options]); |
||
465 | } |
||
466 | |||
467 | /** |
||
468 | * Return the signup activation url |
||
469 | * |
||
470 | * @param \BEdita\Core\Model\Entity\AsyncJob $job The async job entity |
||
471 | * @param array $urlOptions The options used to build activation url |
||
472 | * @return string |
||
473 | */ |
||
474 | protected function getActivationUrl(AsyncJob $job, array $urlOptions) |
||
475 | { |
||
476 | $baseUrl = $urlOptions['activation_url']; |
||
477 | $redirectUrl = empty($urlOptions['redirect_url']) ? '' : '&redirect_url=' . rawurlencode($urlOptions['redirect_url']); |
||
478 | $baseUrl .= strpos($baseUrl, '?') === false ? '?' : '&'; |
||
479 | |||
480 | return sprintf('%suuid=%s%s', $baseUrl, $job->uuid, $redirectUrl); |
||
481 | } |
||
482 | |||
483 | /** |
||
484 | * @inheritDoc |
||
485 | */ |
||
486 | public function implementedEvents(): array |
||
491 | ]; |
||
492 | } |
||
493 | } |
||
494 |