SignupUserAction - Code Metrics - bedita/bedita - Measure and Improve Code Quality continuously with Scrutinizer

SignupUserAction A
last analyzed 2023-07-24 07:56 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	449
Duplicated Lines	0 %

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
eloc	156
dl	0
loc	449
rs	9.0399
c	2
b	0
f	0
wmc	42

16 Methods

Rating	Name	Size	Complexity
A	normalizeInput()	8	3
A	initialize()	7	1
A	loadRoles()	6	1
A	validate()	39	3
B	execute()	41	7
A	sendMail()	9	2
A	createSignupJob()	13	1
A	implementedEvents()	5	1
A	getActivationUrl()	7	3
A	createUser()	29	5
A	addRoles()	11	2
A	getOAuth2Response()	3	1
A	validateRoles()	23	5
A	createUserEntity()	18	3
A	checkExternalAuth()	20	3
A	sendActivationMail()	6	1

How to fix Complexity

<?php
/**
 * BEdita, API-first content management framework
 * Copyright 2019 ChannelWeb Srl, Chialab Srl
 *
 * This file is part of BEdita: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published
 * by the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * See LICENSE.LGPL or <http://gnu.org/licenses/lgpl-3.0.html> for more details.
 */

namespace BEdita\Core\Model\Action;

use BEdita\Core\Exception\InvalidDataException;
use BEdita\Core\Exception\UserExistsException;
use BEdita\Core\Model\Entity\AsyncJob;
use BEdita\Core\Model\Entity\User;
use BEdita\Core\Model\Table\RolesTable;
use BEdita\Core\Model\Table\UsersTable;
use BEdita\Core\Model\Validation\Validation;
use BEdita\Core\Utility\LoggedUser;
use BEdita\Core\Utility\OAuth2;
use Cake\Core\Configure;
use Cake\Event\Event;
use Cake\Event\EventDispatcherTrait;
use Cake\Event\EventListenerInterface;
use Cake\Http\Exception\UnauthorizedException;
use Cake\I18n\FrozenTime;
use Cake\Mailer\MailerAwareTrait;
use Cake\ORM\TableRegistry;
use Cake\Routing\Router;
use Cake\Utility\Hash;
use Cake\Validation\Validator;

/**
 * Command to signup a user.
 *
 * @since 4.0.0
 */
class SignupUserAction extends BaseAction implements EventListenerInterface
{
    use EventDispatcherTrait;
    use MailerAwareTrait;

    /**
     * 400 Username already registered
     *
     * @var string
     * @deprecated Will be dropped in 5.x, use `UserExistsException` to use this app error code.
     */
    public const BE_USER_EXISTS = 'be_user_exists';

    /**
     * The UsersTable table
     *
     * @var \BEdita\Core\Model\Table\UsersTable
     */
    protected $Users;

    /**
     * The AsyncJobs table
     *
     * @var \BEdita\Core\Model\Table\AsyncJobsTable
     */
    protected $AsyncJobs;

    /**
     * The RolesTable table
     *
     * @var \BEdita\Core\Model\Table\RolesTable
     */
    protected $Roles;

    /**
     * Default configuration.
     *
     * - activation_url => url used for signup activation
     * - roles => the allowed roles on signup. if empty no role can be associated
     * - defaultRoles => default roles associated to user if no one was specified
     * - requireActivation => false if user will be active without confirm
     *
     * @var array
     */
    protected $_defaultConfig = [
        'activation_url' => null,
        'roles' => null,
        'defaultRoles' => null,
        'requireActivation' => true,
    ];

    /**
     * @inheritDoc
     */
    protected function initialize(array $config)
    {
        $this->Users = TableRegistry::getTableLocator()->get('Users');
        $this->AsyncJobs = TableRegistry::getTableLocator()->get('AsyncJobs');
        $this->Roles = TableRegistry::getTableLocator()->get('Roles');

        $this->getEventManager()->on($this);
    }

    /**
     * {@inheritDoc}
     *
     * @return \BEdita\Core\Model\Entity\User
     * @throws \Cake\Http\Exception\BadRequestException When validation of URL options fails
     * @throws \Cake\Http\Exception\UnauthorizedException Upon external authorization check failure.
     */
    public function execute(array $data = [])
    {
        $this->setConfig((array)Configure::read('Signup'));

        $data = $this->normalizeInput($data);
        // add activation url from config if not set
        $activationUrl = $this->getConfig('activationUrl');
        if (!empty($activationUrl) && empty($data['data']['activation_url'])) {
            $data['data']['activation_url'] = Router::url($activationUrl);
        }
        $signupRoles = (array)Hash::get($data, 'data.roles', $this->getConfig('defaultRoles'));
        if (!empty($signupRoles)) {
            $data['data']['roles'] = $signupRoles;
        }
        $errors = $this->validate($data['data']);
        if (!empty($errors)) {
            throw new InvalidDataException(__d('bedita', 'Invalid data'), $errors);
        }

        // operations are not in transaction because AsyncJobs could use a different connection
        $user = $this->createUser($data['data']);
        try {
            // add roles to user, with validity check
            $this->addRoles($user, $data['data']);

            if (empty($data['data']['auth_provider'])) {
                $job = $this->createSignupJob($user);
                $activationUrl = $this->getActivationUrl($job, $data['data']);

                $this->dispatchEvent('Auth.signup', [$user, $job, $activationUrl], $this->Users);
            } else {
                $this->dispatchEvent('Auth.signupActivation', [$user], $this->Users);
            }
        } catch (\Exception $e) {
            // if async job or send mail fail remove user created and re-throw the exception
            $this->Users->delete($user);

            throw $e;
        }

        return (new GetObjectAction(['table' => $this->Users]))->execute(['primaryKey' => $user->id, 'contain' => 'Roles']);

    }

    /**
     * Normalize input data to plain JSON if in JSON API format
     *
     * @param array $data Input data
     * @return array Normalized array
     */
    protected function normalizeInput(array $data)
    {
        if (!empty($data['data']['data']['attributes'])) {
            $meta = !empty($data['data']['data']['meta']) ? $data['data']['data']['meta'] : [];
            $data['data'] = array_merge($data['data']['data']['attributes'], $meta);
        }

        return $data;
    }

    /**
     * Validate data.
     *
     * It needs to validate some data that don't concern the User entity
     * as `activation_url` and `redirect_url`
     *
     * @param array $data The data to validate
     * @return array
     */
    protected function validate(array $data)
    {
        $validator = new Validator();
        $validator->setProvider('bedita', Validation::class);

        if (empty($data['auth_provider'])) {
            $validator->requirePresence('activation_url');

            $validator
                ->requirePresence('username')
                ->notEmptyString('username');
        } else {
            $validator
                ->requirePresence('provider_username')
                ->requirePresence('access_token');
        }

        $validator
            ->add('activation_url', 'customUrl', [
                'rule' => 'url',
                'provider' => 'bedita',
            ])

            ->add('redirect_url', 'customUrl', [
                'rule' => 'url',
                'provider' => 'bedita',
            ]);

        if (!empty($this->getConfig('roles'))) {
            $validator
            ->requirePresence('roles')
            ->notEmptyArray('roles');
        }

        $validator->add('roles', 'validateRoles', [
            'rule' => [$this, 'validateRoles'],
        ]);

        return $validator->validate($data);
    }

    /**
     * Validate roles against allowed signup roles configured.
     * In addtion roles can't contain ADMIN_ROLE.
     *
     * @param string|array $roles The roles to check
     * @return true|string
     */
    public function validateRoles($roles)
    {
        $allowedRoles = (array)$this->getConfig('roles');
        if (empty($allowedRoles) && !empty($roles)) {
            return __d('bedita', 'Roles are not allowed on signup');
        }

        $adminRoleName = $this->Roles->get(RolesTable::ADMIN_ROLE)->get('name');

        $roles = (array)$roles;
        $message = '{0} not allowed on signup';
        if (in_array($adminRoleName, $roles)) {
            return __d('bedita', $message, [$adminRoleName]);
        }

        $valid = array_intersect($roles, $allowedRoles);
        if (empty(array_diff($roles, $valid))) {
            return true;
        }

        $rolesNotAllowed = array_diff($roles, $allowedRoles);

        return __d('bedita', $message, [implode(', ', $rolesNotAllowed)]);
    }

    /**
     * Create a new user with status:
     *  - `on` if an external auth provider is used or no activation
     *    is required via `requireActivation` config
     *  - `draft` in other cases.
     *
     * The user is validated using 'signup' validation.
     *
     * @param array $data The data to save
     * @return \BEdita\Core\Model\Entity\User|bool User created or `false` on error
     * @throws \Cake\Http\Exception\UnauthorizedException Upon external authorization check failure.
     */
    protected function createUser(array $data)
    {
        if (!LoggedUser::getUser()) {
            // use user 1 (admin) role 1 (admin / unchangeable)
            LoggedUser::setUserAdmin();
        }

        $status = 'draft';
        if ($this->getConfig('requireActivation') === false) {
            $status = 'on';
        }

        if (empty($data['auth_provider'])) {
            return $this->createUserEntity($data, $status, 'signup');
        }

        $authProvider = $this->checkExternalAuth($data);

        $user = $this->createUserEntity($data, 'on', 'signupExternal', true);

        // create `ExternalAuth` entry
        $this->Users->dispatchEvent('Auth.externalAuth', [
            'authProvider' => $authProvider,
            'providerUsername' => $data['provider_username'],
            'userId' => $user->get('id'),
            'params' => empty($data['provider_userdata']) ? null : $data['provider_userdata'],
        ]);

        return $user;
    }

    /**
     * Create User entity.
     *
     * @param array $data The signup data
     * @param string $status User `status`, `on` or `draft`
     * @param string $validate Validation options to use
     * @param bool $verified Add `verified` value to entity
     * @return \BEdita\Core\Model\Entity\User The User entity created
     * @throws \Cake\Http\Exception\BadRequestException When some data is invalid.
     */
    protected function createUserEntity(array $data, $status, $validate, bool $verified = false)
    {
        if ($this->Users->exists(['username' => $data['username']])) {
            $this->dispatchEvent('Auth.signupUserExists', [$data], $this->Users);
            throw new UserExistsException(
                __d('bedita', 'User "{0}" already registered', $data['username'])
            );
        }
        $action = new SaveEntityAction(['table' => $this->Users]);

        $data['status'] = $status;
        $entity = $this->Users->newEntity([]);
        if ($verified === true) {
            $entity->set('verified', FrozenTime::now());
        }
        $entityOptions = compact('validate');

        return $action(compact('entity', 'data', 'entityOptions'));
    }

    /**
     * Check external auth data validity
     *
     * To perform external auth check these fields are mandatory:
     *  - "auth_provider": provider name like "google", "facebook"... must be in `auth_providers`
     *  - "provider_username": id or username of the provider
     *  - "access_token": token returned by provider to use in check
     *
     * @param array $data The signup data
     * @return \BEdita\Core\Model\Entity\AuthProvider AuthProvider entity
     * @throws \Cake\Http\Exception\UnauthorizedException Upon external authorization check failure.
     */
    protected function checkExternalAuth(array $data)
    {
        /** @var \BEdita\Core\Model\Entity\AuthProvider|null $authProvider */
        $authProvider = TableRegistry::getTableLocator()->get('AuthProviders')->find('enabled')
            ->where(['name' => $data['auth_provider']])
            ->first();
        if (empty($authProvider)) {
            throw new UnauthorizedException(__d('bedita', 'External auth provider not found'));
        }
        $options = (array)Hash::get((array)$authProvider->get('params'), 'options');
        $providerResponse = $this->getOAuth2Response(
            $authProvider->get('url'),
            $data['access_token'],
            $options
        );
        if (!$authProvider->checkAuthorization($providerResponse, $data['provider_username'])) {
            throw new UnauthorizedException(__d('bedita', 'External auth failed'));
        }

        return $authProvider;
    }

    /**
     * Get response from an OAuth2 provider
     *
     * @param string $url OAuth2 provider URL
     * @param string $accessToken Access token to use in request
     * @param array $options OAuth2 request options
     * @return array Response from an OAuth2 provider
     * @codeCoverageIgnore
     */
    protected function getOAuth2Response(string $url, string $accessToken, array $options = []): array
    {
        return (new OAuth2())->response($url, $accessToken, $options);
    }

    /**
     * Add roles to user if requested, with validity check
     *
     * @param \BEdita\Core\Model\Entity\User $entity The user created
     * @param array $data The signup data
     * @return void
     */
    protected function addRoles(User $entity, array $data)
    {
        $signupRoles = Hash::get($data, 'roles');
        if (empty($signupRoles)) {
            return;
        }
        $roles = $this->loadRoles($signupRoles);

        /** @var \Cake\ORM\Association\BelongsToMany $association */
        $association = $this->Users->associations()->getByProperty('roles');
        $association->link($entity, $roles);
    }

    /**
     * Load requested roles.
     *
     * @param array $roles Requested role names
     * @return \BEdita\Core\Model\Entity\Role[] requested role entities
     */
    protected function loadRoles(array $roles)
    {
        return $this->Roles->find()
            ->where(['name IN' => $roles])
            ->all()
            ->toList();
    }

    /**
     * Create the signup async job
     *
     * @param \BEdita\Core\Model\Entity\User $user The user created
     * @return \BEdita\Core\Model\Entity\AsyncJob
     */
    protected function createSignupJob(User $user)
    {
        $action = new SaveEntityAction(['table' => $this->AsyncJobs]);

        return $action([
            'entity' => $this->AsyncJobs->newEntity([]),
            'data' => [
                'service' => 'signup',
                'payload' => [
                    'user_id' => $user->id,
                ],
                'scheduled_from' => new FrozenTime('1 day'),
                'priority' => 1,
            ],
        ]);
    }

    /**
     * Send confirmation email to user
     *
     * @param \Cake\Event\Event $event Dispatched event.
     * @param \BEdita\Core\Model\Entity\User $user The user
     * @param \BEdita\Core\Model\Entity\AsyncJob $job The referred async job
     * @param string $activationUrl URL to be used for activation.
     * @return void
     */
    public function sendMail(Event $event, User $user, AsyncJob $job, $activationUrl)
    {
        if (empty($user->get('email'))) {
            return;
        }
        $options = [
            'params' => compact('activationUrl', 'user'),
        ];
        $this->getMailer('BEdita/Core.User')->send('signup', [$options]);
    }

    /**
     * Send welcome email to user to inform of successfully activation
     * External auth users are already activated
     *
     * @param \Cake\Event\Event $event Dispatched event.
     * @param \BEdita\Core\Model\Entity\User $user The user
     * @return void
     */
    public function sendActivationMail(Event $event, User $user)
    {
        $options = [
            'params' => compact('user'),
        ];
        $this->getMailer('BEdita/Core.User')->send('welcome', [$options]);
    }

    /**
     * Return the signup activation url
     *
     * @param \BEdita\Core\Model\Entity\AsyncJob $job The async job entity
     * @param array $urlOptions The options used to build activation url
     * @return string
     */
    protected function getActivationUrl(AsyncJob $job, array $urlOptions)
    {
        $baseUrl = $urlOptions['activation_url'];
        $redirectUrl = empty($urlOptions['redirect_url']) ? '' : '&redirect_url=' . rawurlencode($urlOptions['redirect_url']);
        $baseUrl .= strpos($baseUrl, '?') === false ? '?' : '&';

        return sprintf('%suuid=%s%s', $baseUrl, $job->uuid, $redirectUrl);
    }

    /**
     * @inheritDoc
     */
    public function implementedEvents(): array
    {
        return [
            'Auth.signup' => 'sendMail',
            'Auth.signupActivation' => 'sendActivationMail',
        ];
    }
}


1			<?php
2			/**
3			* BEdita, API-first content management framework
4			* Copyright 2019 ChannelWeb Srl, Chialab Srl
5			*
6			* This file is part of BEdita: you can redistribute it and/or modify
7			* it under the terms of the GNU Lesser General Public License as published
8			* by the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			*
11			* See LICENSE.LGPL or <http://gnu.org/licenses/lgpl-3.0.html> for more details.
12			*/
13
14			namespace BEdita\Core\Model\Action;
15
16			use BEdita\Core\Exception\InvalidDataException;
17			use BEdita\Core\Exception\UserExistsException;
18			use BEdita\Core\Model\Entity\AsyncJob;
19			use BEdita\Core\Model\Entity\User;
20			use BEdita\Core\Model\Table\RolesTable;
21			use BEdita\Core\Model\Table\UsersTable;
22			use BEdita\Core\Model\Validation\Validation;
23			use BEdita\Core\Utility\LoggedUser;
24			use BEdita\Core\Utility\OAuth2;
25			use Cake\Core\Configure;
26			use Cake\Event\Event;
27			use Cake\Event\EventDispatcherTrait;
28			use Cake\Event\EventListenerInterface;
29			use Cake\Http\Exception\UnauthorizedException;
30			use Cake\I18n\FrozenTime;
31			use Cake\Mailer\MailerAwareTrait;
32			use Cake\ORM\TableRegistry;
33			use Cake\Routing\Router;
34			use Cake\Utility\Hash;
35			use Cake\Validation\Validator;
36
37			/**
38			* Command to signup a user.
39			*
40			* @since 4.0.0
41			*/
42			class SignupUserAction extends BaseAction implements EventListenerInterface
43			{
44			use EventDispatcherTrait;
45			use MailerAwareTrait;
46
47			/**
48			* 400 Username already registered
49			*
50			* @var string
51			* @deprecated Will be dropped in 5.x, use `UserExistsException` to use this app error code.
52			*/
53			public const BE_USER_EXISTS = 'be_user_exists';
54
55			/**
56			* The UsersTable table
57			*
58			* @var \BEdita\Core\Model\Table\UsersTable
59			*/
60			protected $Users;
61
62			/**
63			* The AsyncJobs table
64			*
65			* @var \BEdita\Core\Model\Table\AsyncJobsTable
66			*/
67			protected $AsyncJobs;
68
69			/**
70			* The RolesTable table
71			*
72			* @var \BEdita\Core\Model\Table\RolesTable
73			*/
74			protected $Roles;
75
76			/**
77			* Default configuration.
78			*
79			* - activation_url => url used for signup activation
80			* - roles => the allowed roles on signup. if empty no role can be associated
81			* - defaultRoles => default roles associated to user if no one was specified
82			* - requireActivation => false if user will be active without confirm
83			*
84			* @var array
85			*/
86			protected $_defaultConfig = [
87			'activation_url' => null,
88			'roles' => null,
89			'defaultRoles' => null,
90			'requireActivation' => true,
91			];
92
93			/**
94			* @inheritDoc
95			*/
96			protected function initialize(array $config)
97			{
98			$this->Users = TableRegistry::getTableLocator()->get('Users');
99			$this->AsyncJobs = TableRegistry::getTableLocator()->get('AsyncJobs');
100			$this->Roles = TableRegistry::getTableLocator()->get('Roles');
101
102			$this->getEventManager()->on($this);
103			}
104
105			/**
106			* {@inheritDoc}
107			*
108			* @return \BEdita\Core\Model\Entity\User
109			* @throws \Cake\Http\Exception\BadRequestException When validation of URL options fails
110			* @throws \Cake\Http\Exception\UnauthorizedException Upon external authorization check failure.
111			*/
112			public function execute(array $data = [])
113			{
114			$this->setConfig((array)Configure::read('Signup'));
115
116			$data = $this->normalizeInput($data);
117			// add activation url from config if not set
118			$activationUrl = $this->getConfig('activationUrl');
119			if (!empty($activationUrl) && empty($data['data']['activation_url'])) {
120			$data['data']['activation_url'] = Router::url($activationUrl);
121			}
122			$signupRoles = (array)Hash::get($data, 'data.roles', $this->getConfig('defaultRoles'));
123			if (!empty($signupRoles)) {
124			$data['data']['roles'] = $signupRoles;
125			}
126			$errors = $this->validate($data['data']);
127			if (!empty($errors)) {
128			throw new InvalidDataException(__d('bedita', 'Invalid data'), $errors);
129			}
130
131			// operations are not in transaction because AsyncJobs could use a different connection
132			$user = $this->createUser($data['data']);
133			try {
134			// add roles to user, with validity check
135			$this->addRoles($user, $data['data']);
136
137			if (empty($data['data']['auth_provider'])) {
138			$job = $this->createSignupJob($user);
139			$activationUrl = $this->getActivationUrl($job, $data['data']);
140
141			$this->dispatchEvent('Auth.signup', [$user, $job, $activationUrl], $this->Users);
142			} else {
143			$this->dispatchEvent('Auth.signupActivation', [$user], $this->Users);
144			}
145			} catch (\Exception $e) {
146			// if async job or send mail fail remove user created and re-throw the exception
147			$this->Users->delete($user);
148
149			throw $e;
150			}
151
152			return (new GetObjectAction(['table' => $this->Users]))->execute(['primaryKey' => $user->id, 'contain' => 'Roles']);
			0 ignored issues – show Bug Best Practice introduced 2018-06-04 13:09 UTC by Report Bug Copy Issue Report The expression `return new BEdita\Core\M... 'contain' => 'Roles'))` returns the type `array` which is incompatible with the documented return type `BEdita\Core\Model\Entity\User`. Loading history...
153			}
154
155			/**
156			* Normalize input data to plain JSON if in JSON API format
157			*
158			* @param array $data Input data
159			* @return array Normalized array
160			*/
161			protected function normalizeInput(array $data)
162			{
163			if (!empty($data['data']['data']['attributes'])) {
164			$meta = !empty($data['data']['data']['meta']) ? $data['data']['data']['meta'] : [];
165			$data['data'] = array_merge($data['data']['data']['attributes'], $meta);
166			}
167
168			return $data;
169			}
170
171			/**
172			* Validate data.
173			*
174			* It needs to validate some data that don't concern the User entity
175			* as `activation_url` and `redirect_url`
176			*
177			* @param array $data The data to validate
178			* @return array
179			*/
180			protected function validate(array $data)
181			{
182			$validator = new Validator();
183			$validator->setProvider('bedita', Validation::class);
184
185			if (empty($data['auth_provider'])) {
186			$validator->requirePresence('activation_url');
187
188			$validator
189			->requirePresence('username')
190			->notEmptyString('username');
191			} else {
192			$validator
193			->requirePresence('provider_username')
194			->requirePresence('access_token');
195			}
196
197			$validator
198			->add('activation_url', 'customUrl', [
199			'rule' => 'url',
200			'provider' => 'bedita',
201			])
202
203			->add('redirect_url', 'customUrl', [
204			'rule' => 'url',
205			'provider' => 'bedita',
206			]);
207
208			if (!empty($this->getConfig('roles'))) {
209			$validator
210			->requirePresence('roles')
211			->notEmptyArray('roles');
212			}
213
214			$validator->add('roles', 'validateRoles', [
215			'rule' => [$this, 'validateRoles'],
216			]);
217
218			return $validator->validate($data);
219			}
220
221			/**
222			* Validate roles against allowed signup roles configured.
223			* In addtion roles can't contain ADMIN_ROLE.
224			*
225			* @param string\|array $roles The roles to check
226			* @return true\|string
227			*/
228			public function validateRoles($roles)
229			{
230			$allowedRoles = (array)$this->getConfig('roles');
231			if (empty($allowedRoles) && !empty($roles)) {
232			return __d('bedita', 'Roles are not allowed on signup');
233			}
234
235			$adminRoleName = $this->Roles->get(RolesTable::ADMIN_ROLE)->get('name');
236
237			$roles = (array)$roles;
238			$message = '{0} not allowed on signup';
239			if (in_array($adminRoleName, $roles)) {
240			return __d('bedita', $message, [$adminRoleName]);
241			}
242
243			$valid = array_intersect($roles, $allowedRoles);
244			if (empty(array_diff($roles, $valid))) {
245			return true;
246			}
247
248			$rolesNotAllowed = array_diff($roles, $allowedRoles);
249
250			return __d('bedita', $message, [implode(', ', $rolesNotAllowed)]);
251			}
252
253			/**
254			* Create a new user with status:
255			* - `on` if an external auth provider is used or no activation
256			* is required via `requireActivation` config
257			* - `draft` in other cases.
258			*
259			* The user is validated using 'signup' validation.
260			*
261			* @param array $data The data to save
262			* @return \BEdita\Core\Model\Entity\User\|bool User created or `false` on error
263			* @throws \Cake\Http\Exception\UnauthorizedException Upon external authorization check failure.
264			*/
265			protected function createUser(array $data)
266			{
267			if (!LoggedUser::getUser()) {
268			// use user 1 (admin) role 1 (admin / unchangeable)
269			LoggedUser::setUserAdmin();
270			}
271
272			$status = 'draft';
273			if ($this->getConfig('requireActivation') === false) {
274			$status = 'on';
275			}
276
277			if (empty($data['auth_provider'])) {
278			return $this->createUserEntity($data, $status, 'signup');
279			}
280
281			$authProvider = $this->checkExternalAuth($data);
282
283			$user = $this->createUserEntity($data, 'on', 'signupExternal', true);
284
285			// create `ExternalAuth` entry
286			$this->Users->dispatchEvent('Auth.externalAuth', [
287			'authProvider' => $authProvider,
288			'providerUsername' => $data['provider_username'],
289			'userId' => $user->get('id'),
290			'params' => empty($data['provider_userdata']) ? null : $data['provider_userdata'],
291			]);
292
293			return $user;
294			}
295
296			/**
297			* Create User entity.
298			*
299			* @param array $data The signup data
300			* @param string $status User `status`, `on` or `draft`
301			* @param string $validate Validation options to use
302			* @param bool $verified Add `verified` value to entity
303			* @return \BEdita\Core\Model\Entity\User The User entity created
304			* @throws \Cake\Http\Exception\BadRequestException When some data is invalid.
305			*/
306			protected function createUserEntity(array $data, $status, $validate, bool $verified = false)
307			{
308			if ($this->Users->exists(['username' => $data['username']])) {
309			$this->dispatchEvent('Auth.signupUserExists', [$data], $this->Users);
310			throw new UserExistsException(
311			__d('bedita', 'User "{0}" already registered', $data['username'])
312			);
313			}
314			$action = new SaveEntityAction(['table' => $this->Users]);
315
316			$data['status'] = $status;
317			$entity = $this->Users->newEntity([]);
318			if ($verified === true) {
319			$entity->set('verified', FrozenTime::now());
320			}
321			$entityOptions = compact('validate');
322
323			return $action(compact('entity', 'data', 'entityOptions'));
324			}
325
326			/**
327			* Check external auth data validity
328			*
329			* To perform external auth check these fields are mandatory:
330			* - "auth_provider": provider name like "google", "facebook"... must be in `auth_providers`
331			* - "provider_username": id or username of the provider
332			* - "access_token": token returned by provider to use in check
333			*
334			* @param array $data The signup data
335			* @return \BEdita\Core\Model\Entity\AuthProvider AuthProvider entity
336			* @throws \Cake\Http\Exception\UnauthorizedException Upon external authorization check failure.
337			*/
338			protected function checkExternalAuth(array $data)
339			{
340			/** @var \BEdita\Core\Model\Entity\AuthProvider\|null $authProvider */
341			$authProvider = TableRegistry::getTableLocator()->get('AuthProviders')->find('enabled')
342			->where(['name' => $data['auth_provider']])
343			->first();
344			if (empty($authProvider)) {
345			throw new UnauthorizedException(__d('bedita', 'External auth provider not found'));
346			}
347			$options = (array)Hash::get((array)$authProvider->get('params'), 'options');
348			$providerResponse = $this->getOAuth2Response(
349			$authProvider->get('url'),
350			$data['access_token'],
351			$options
352			);
353			if (!$authProvider->checkAuthorization($providerResponse, $data['provider_username'])) {
354			throw new UnauthorizedException(__d('bedita', 'External auth failed'));
355			}
356
357			return $authProvider;
358			}
359
360			/**
361			* Get response from an OAuth2 provider
362			*
363			* @param string $url OAuth2 provider URL
364			* @param string $accessToken Access token to use in request
365			* @param array $options OAuth2 request options
366			* @return array Response from an OAuth2 provider
367			* @codeCoverageIgnore
368			*/
369			protected function getOAuth2Response(string $url, string $accessToken, array $options = []): array
370			{
371			return (new OAuth2())->response($url, $accessToken, $options);
372			}
373
374			/**
375			* Add roles to user if requested, with validity check
376			*
377			* @param \BEdita\Core\Model\Entity\User $entity The user created
378			* @param array $data The signup data
379			* @return void
380			*/
381			protected function addRoles(User $entity, array $data)
382			{
383			$signupRoles = Hash::get($data, 'roles');
384			if (empty($signupRoles)) {
385			return;
386			}
387			$roles = $this->loadRoles($signupRoles);
388
389			/** @var \Cake\ORM\Association\BelongsToMany $association */
390			$association = $this->Users->associations()->getByProperty('roles');
391			$association->link($entity, $roles);
392			}
393
394			/**
395			* Load requested roles.
396			*
397			* @param array $roles Requested role names
398			* @return \BEdita\Core\Model\Entity\Role[] requested role entities
399			*/
400			protected function loadRoles(array $roles)
401			{
402			return $this->Roles->find()
403			->where(['name IN' => $roles])
404			->all()
405			->toList();
406			}
407
408			/**
409			* Create the signup async job
410			*
411			* @param \BEdita\Core\Model\Entity\User $user The user created
412			* @return \BEdita\Core\Model\Entity\AsyncJob
413			*/
414			protected function createSignupJob(User $user)
415			{
416			$action = new SaveEntityAction(['table' => $this->AsyncJobs]);
417
418			return $action([
419			'entity' => $this->AsyncJobs->newEntity([]),
420			'data' => [
421			'service' => 'signup',
422			'payload' => [
423			'user_id' => $user->id,
424			],
425			'scheduled_from' => new FrozenTime('1 day'),
426			'priority' => 1,
427			],
428			]);
429			}
430
431			/**
432			* Send confirmation email to user
433			*
434			* @param \Cake\Event\Event $event Dispatched event.
435			* @param \BEdita\Core\Model\Entity\User $user The user
436			* @param \BEdita\Core\Model\Entity\AsyncJob $job The referred async job
437			* @param string $activationUrl URL to be used for activation.
438			* @return void
439			*/
440			public function sendMail(Event $event, User $user, AsyncJob $job, $activationUrl)
441			{
442			if (empty($user->get('email'))) {
443			return;
444			}
445			$options = [
446			'params' => compact('activationUrl', 'user'),
447			];
448			$this->getMailer('BEdita/Core.User')->send('signup', [$options]);
449			}
450
451			/**
452			* Send welcome email to user to inform of successfully activation
453			* External auth users are already activated
454			*
455			* @param \Cake\Event\Event $event Dispatched event.
456			* @param \BEdita\Core\Model\Entity\User $user The user
457			* @return void
458			*/
459			public function sendActivationMail(Event $event, User $user)
460			{
461			$options = [
462			'params' => compact('user'),
463			];
464			$this->getMailer('BEdita/Core.User')->send('welcome', [$options]);
465			}
466
467			/**
468			* Return the signup activation url
469			*
470			* @param \BEdita\Core\Model\Entity\AsyncJob $job The async job entity
471			* @param array $urlOptions The options used to build activation url
472			* @return string
473			*/
474			protected function getActivationUrl(AsyncJob $job, array $urlOptions)
475			{
476			$baseUrl = $urlOptions['activation_url'];
477			$redirectUrl = empty($urlOptions['redirect_url']) ? '' : '&redirect_url=' . rawurlencode($urlOptions['redirect_url']);
478			$baseUrl .= strpos($baseUrl, '?') === false ? '?' : '&';
479
480			return sprintf('%suuid=%s%s', $baseUrl, $job->uuid, $redirectUrl);
481			}
482
483			/**
484			* @inheritDoc
485			*/
486			public function implementedEvents(): array
487			{
488			return [
489			'Auth.signup' => 'sendMail',
490			'Auth.signupActivation' => 'sendActivationMail',
491			];
492			}
493			}
494

bedita / bedita

SignupUserAction A last analyzed 2023-07-24 07:56 UTC

Complexity

Size/Duplication

Importance

16 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like

SignupUserAction A
last analyzed 2023-07-24 07:56 UTC