PaymentOrderController::confirmation() - Code Metrics - Inspection of "Bumped version to 1.8.0" - jbtronics/StuRa-Finanzsoftware - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 9bf05d...919c2e )

by Jan

created 2021-09-23 22:40 UTC

PaymentOrderController::confirmation() F

↳ Parent: PaymentOrderController

Complexity

Conditions	21
Paths	270

Size

Total Lines	108
Code Lines	67

Duplication

Lines	0
Ratio	0 %

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
cc	21
eloc	67
c	2
b	0
f	0
nc	270
nop	3
dl	0
loc	108
rs	2.4583

How to fix Long Method Complexity

<?php
/*
 * Copyright (C) 2020  Jan Böhmer
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published
 * by the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

namespace App\Controller;

use App\Audit\UserProvider;
use App\Entity\PaymentOrder;
use App\Event\PaymentOrderSubmittedEvent;
use App\Form\PaymentOrderConfirmationType;
use App\Form\PaymentOrderType;
use App\Message\PaymentOrder\PaymentOrderDeletedNotification;
use App\Services\PaymentReferenceGenerator;
use DateTime;
use Doctrine\ORM\EntityManagerInterface;
use InvalidArgumentException;
use RuntimeException;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Form;
use Symfony\Component\Form\SubmitButton;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\RateLimiter\RateLimiterFactory;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;

/**
 * This controller handles the payment order submit form.
 *
 * @Route("/payment_order")
 */
class PaymentOrderController extends AbstractController
{
    private $userProvider;
    private $entityManager;

    public function __construct(UserProvider $userProvider, EntityManagerInterface $entityManager)
    {
        $this->userProvider = $userProvider;
        $this->entityManager = $entityManager;
    }

    /**
     * @Route("/new", name="payment_order_new")
     */
    public function new(Request $request, EntityManagerInterface $entityManager, EventDispatcherInterface $dispatcher,
        PaymentReferenceGenerator $paymentReferenceGenerator, RateLimiterFactory $paymentOrderSubmitLimiter): Response
    {
        $limiter = $paymentOrderSubmitLimiter->create($request->getClientIp());

        $new_order = new PaymentOrder();

        $blocked_token = $request->get('blocked_token');

        //Skip fsr blocked validation if a token was given (but it is not validated yet if the token is correct)
        $validation_groups = ['Default', 'frontend'];
        if (!$blocked_token) {
            $validation_groups[] = 'fsr_blocked';
        }

        $form = $this->createForm(PaymentOrderType::class, $new_order, [
            'validation_groups' => $validation_groups,
        ]);

        if (!$form instanceof Form) {
            throw new InvalidArgumentException('$form must be a Form object!');
        }

        $form->handleRequest($request);

        if ($form->isSubmitted()) {
            if ($form->isValid()) {
                /* Limit the amount of how many payment orders can be submitted by one user in an hour
                    This prevents automatic mass creation of payment orders and also prevents that skip token can
                    guessed by brute force */
                $limiter->consume(1)
                    ->ensureAccepted();

                //We know now the department and can check if token was valid
                //If it isn't, then show an flash and dont save the payment order
                if ($blocked_token && !$new_order->getDepartment()->isSkipBlockedValidationToken($blocked_token)) {
                    $this->addFlash('error', 'payment_order.flash.invalid_blocked_token');
                } else {
                    $entityManager->persist($new_order);

                    //Invalidate blocked token if one was given
                    if ($blocked_token) {
                        $new_order->getDepartment()
                            ->invalidateSkipBlockedValidationToken($blocked_token);
                    }

                    $username = sprintf('%s %s (%s) [New PaymentOrder]',
                        $new_order->getFirstName(),
                        $new_order->getLastName(),
                        $new_order->getContactEmail()
                    );
                    $this->userProvider->setManualUsername($username, $new_order->getContactEmail());

                    $entityManager->flush();

                    //We have to do this after the first flush, as we need to know the ID
                    $this->userProvider->setManualUsername('[Automatic payment reference generation]',
                        UserProvider::INTERNAL_USER_IDENTIFIER);
                    $paymentReferenceGenerator->setPaymentReference($new_order);
                    $entityManager->flush();

                    $this->addFlash('success', 'flash.saved_successfully');

                    //Dispatch event so an email can be sent
                    $event = new PaymentOrderSubmittedEvent($new_order);
                    $dispatcher->dispatch($event, $event::NAME);

                    //Redirect to homepage, if no further paymentOrders should be submitted
                    //Otherwise create a new form for further ones
                    if ('submit' === $form->getClickedButton()->getName()) {
                        return $this->redirectToRoute('homepage');
                    }

                    if ('submit_new' === $form->getClickedButton()->getName()) {
                        $old_order = $new_order;
                        $new_order = new PaymentOrder();
                        $this->copyProperties($old_order, $new_order);

                        $form = $this->createForm(PaymentOrderType::class, $new_order);
                    }
                }
            } else {
                $this->addFlash('error', 'flash.error.check_input');
            }
        }

        $limit = $limiter->consume(0);

        $response = $this->render('PaymentOrder/form.html.twig', [
            'form' => $form->createView(),
            'entity' => $new_order,
        ]);

        $response->headers->add(
            [
                'X-RateLimit-Remaining' => $limit->getRemainingTokens(),
                'X-RateLimit-Retry-After' => $limit->getRetryAfter()
                    ->getTimestamp(),
                'X-RateLimit-Limit' => $limit->getLimit(),
            ]
        );

        return $response;
    }

    private function copyProperties(PaymentOrder $source, PaymentOrder $target): void
    {
        $target->setFirstName($source->getFirstName());
        $target->setLastName($source->getLastName());
        $target->setContactEmail($source->getContactEmail());
        $target->setDepartment($source->getDepartment());
        $target->setBankInfo($source->getBankInfo());
    }

    /**
     * @Route("/{id}/confirm", name="payment_order_confirm")
     */
    public function confirmation(?PaymentOrder $paymentOrder, Request $request, EntityManagerInterface $em): Response
    {
        if($paymentOrder === null) {
            $this->addFlash('error', 'payment_order.can_not_be_found');
            return $this->redirectToRoute('homepage');
        }

        //Check if we have one of the valid confirm numbers
        $confirm_step = $request->query->getInt('confirm');
        if (1 !== $confirm_step && 2 !== $confirm_step) {
            $this->addFlash('error', 'payment_order.confirmation.invalid_step');

            return $this->redirectToRoute('homepage');
        }

        //Check if given token is correct for this step
        $correct_token = (1 === $confirm_step) ? $paymentOrder->getConfirm1Token() : $paymentOrder->getConfirm2Token();
        if (null === $correct_token) {
            throw new RuntimeException('This payment_order can not be confirmed! No token is set.');
        }

        $given_token = (string) $request->query->get('token');
        if (!password_verify($given_token, $correct_token)) {
            $this->addFlash('error', 'payment_order.confirmation.invalid_token');

            return $this->redirectToRoute('homepage');
        }

        $already_confirmed = false;

        //Check if it was already confirmed from this side and disable form if needed
        $confirm_timestamp = (1 === $confirm_step) ? $paymentOrder->getConfirm1Timestamp() : $paymentOrder->getConfirm2Timestamp();
        if (null !== $confirm_timestamp) {
            $already_confirmed = true;
        }
        $form = $this->createForm(PaymentOrderConfirmationType::class, null, [
            'disabled' => null !== $confirm_timestamp,
        ]);

        $paymentOrder_is_undeletable = $paymentOrder->isExported()
            || $paymentOrder->isConfirmed()
            || null != $paymentOrder->getBookingDate();

        $deletion_form = $this->createFormBuilder()
            ->add('delete', SubmitType::class, [
            'disabled' => $paymentOrder_is_undeletable,
            'label' => 'payment_order.confirm.delete.btn',
            'attr' => [
                'class' => 'btn btn-danger'
            ]
        ])->getForm();

        //Handle deletion form
        $deletion_form->handleRequest($request);
        if ($deletion_form->isSubmitted() && $deletion_form->isValid()) {
            if ($paymentOrder_is_undeletable) {
                throw new RuntimeException("This payment order is already exported or booked and therefore can not be deleted by user!");
            }

            if ($confirm_step === 1) {
                $blame_user = implode(",", $paymentOrder->getDepartment()->getEmailHhv());
            } elseif ($confirm_step === 2) {
                $blame_user = implode(',', $paymentOrder->getDepartment()->getEmailTreasurer());
            }

            $message = new PaymentOrderDeletedNotification($paymentOrder, $blame_user, PaymentOrderDeletedNotification::DELETED_WHERE_FRONTEND);

            $this->dispatchMessage($message);

            $this->entityManager->remove($paymentOrder);
            $this->entityManager->flush();

            $this->addFlash('success', 'payment_order.confirmation.delete.success');
            return $this->redirectToRoute('homepage');
        }

        //Handle confirmation form
        $form->handleRequest($request);
        if ($form->isSubmitted() && $form->isValid()) {
            $this->addFlash('success', 'payment_order.confirmation.success');
            //Write confirmation to DB
            if (1 === $confirm_step) {
                $paymentOrder->setConfirm1Timestamp(new DateTime());
            } elseif (2 === $confirm_step) {
                $paymentOrder->setConfirm2Timestamp(new DateTime());
            }

            //Add hintful information about who did this, to audit log
            $emails = (1 === $confirm_step) ? $paymentOrder->getDepartment()
                ->getEmailHhv() : $paymentOrder->getDepartment()
                ->getEmailTreasurer();
            $username = sprintf('%s [Confirmation %d]', implode(', ', $emails), $confirm_step);
            $this->userProvider->setManualUsername($username, implode(',', $emails));
            $em->flush();

            //Rerender form if it was confirmed, to apply the disabled state
            $form = $this->createForm(PaymentOrderConfirmationType::class, null, [
                'disabled' => true,
            ]);
            $this->addFlash('info', 'payment_order.confirmation.already_confirmed');
        }

        return $this->render('PaymentOrder/confirm/confirm.html.twig', [
            'entity' => $paymentOrder,
            'confirmation_nr' => $confirm_step,
            'form' => $form->createView(),
            'deletion_form' => $deletion_form->createView(),
            'paymentOrder_is_undeletable' => $paymentOrder_is_undeletable,
            'already_confirmed' => $already_confirmed,
        ]);
    }
}


1			<?php
2			/*
3			* Copyright (C) 2020 Jan Böhmer
4			*
5			* This program is free software: you can redistribute it and/or modify
6			* it under the terms of the GNU Affero General Public License as published
7			* by the Free Software Foundation, either version 3 of the License, or
8			* (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU Affero General Public License for more details.
14			*
15			* You should have received a copy of the GNU Affero General Public License
16			* along with this program. If not, see <https://www.gnu.org/licenses/>.
17			*/
18
19			namespace App\Controller;
20
21			use App\Audit\UserProvider;
22			use App\Entity\PaymentOrder;
23			use App\Event\PaymentOrderSubmittedEvent;
24			use App\Form\PaymentOrderConfirmationType;
25			use App\Form\PaymentOrderType;
26			use App\Message\PaymentOrder\PaymentOrderDeletedNotification;
27			use App\Services\PaymentReferenceGenerator;
28			use DateTime;
29			use Doctrine\ORM\EntityManagerInterface;
30			use InvalidArgumentException;
31			use RuntimeException;
32			use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
33			use Symfony\Component\Form\Extension\Core\Type\SubmitType;
34			use Symfony\Component\Form\Form;
35			use Symfony\Component\Form\SubmitButton;
36			use Symfony\Component\HttpFoundation\Request;
37			use Symfony\Component\HttpFoundation\Response;
38			use Symfony\Component\RateLimiter\RateLimiterFactory;
39			use Symfony\Component\Routing\Annotation\Route;
40			use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
41
42			/**
43			* This controller handles the payment order submit form.
44			*
45			* @Route("/payment_order")
46			*/
47			class PaymentOrderController extends AbstractController
48			{
49			private $userProvider;
50			private $entityManager;
51
52			public function __construct(UserProvider $userProvider, EntityManagerInterface $entityManager)
53			{
54			$this->userProvider = $userProvider;
55			$this->entityManager = $entityManager;
56			}
57
58			/**
59			* @Route("/new", name="payment_order_new")
60			*/
61			public function new(Request $request, EntityManagerInterface $entityManager, EventDispatcherInterface $dispatcher,
62			PaymentReferenceGenerator $paymentReferenceGenerator, RateLimiterFactory $paymentOrderSubmitLimiter): Response
63			{
64			$limiter = $paymentOrderSubmitLimiter->create($request->getClientIp());
65
66			$new_order = new PaymentOrder();
67
68			$blocked_token = $request->get('blocked_token');
69
70			//Skip fsr blocked validation if a token was given (but it is not validated yet if the token is correct)
71			$validation_groups = ['Default', 'frontend'];
72			if (!$blocked_token) {
73			$validation_groups[] = 'fsr_blocked';
74			}
75
76			$form = $this->createForm(PaymentOrderType::class, $new_order, [
77			'validation_groups' => $validation_groups,
78			]);
79
80			if (!$form instanceof Form) {
81			throw new InvalidArgumentException('$form must be a Form object!');
82			}
83
84			$form->handleRequest($request);
85
86			if ($form->isSubmitted()) {
87			if ($form->isValid()) {
88			/* Limit the amount of how many payment orders can be submitted by one user in an hour
89			This prevents automatic mass creation of payment orders and also prevents that skip token can
90			guessed by brute force */
91			$limiter->consume(1)
92			->ensureAccepted();
93
94			//We know now the department and can check if token was valid
95			//If it isn't, then show an flash and dont save the payment order
96			if ($blocked_token && !$new_order->getDepartment()->isSkipBlockedValidationToken($blocked_token)) {
97			$this->addFlash('error', 'payment_order.flash.invalid_blocked_token');
98			} else {
99			$entityManager->persist($new_order);
100
101			//Invalidate blocked token if one was given
102			if ($blocked_token) {
103			$new_order->getDepartment()
104			->invalidateSkipBlockedValidationToken($blocked_token);
105			}
106
107			$username = sprintf('%s %s (%s) [New PaymentOrder]',
108			$new_order->getFirstName(),
109			$new_order->getLastName(),
110			$new_order->getContactEmail()
111			);
112			$this->userProvider->setManualUsername($username, $new_order->getContactEmail());
113
114			$entityManager->flush();
115
116			//We have to do this after the first flush, as we need to know the ID
117			$this->userProvider->setManualUsername('[Automatic payment reference generation]',
118			UserProvider::INTERNAL_USER_IDENTIFIER);
119			$paymentReferenceGenerator->setPaymentReference($new_order);
120			$entityManager->flush();
121
122			$this->addFlash('success', 'flash.saved_successfully');
123
124			//Dispatch event so an email can be sent
125			$event = new PaymentOrderSubmittedEvent($new_order);
126			$dispatcher->dispatch($event, $event::NAME);
127
128			//Redirect to homepage, if no further paymentOrders should be submitted
129			//Otherwise create a new form for further ones
130			if ('submit' === $form->getClickedButton()->getName()) {
131			return $this->redirectToRoute('homepage');
132			}
133
134			if ('submit_new' === $form->getClickedButton()->getName()) {
135			$old_order = $new_order;
136			$new_order = new PaymentOrder();
137			$this->copyProperties($old_order, $new_order);
138
139			$form = $this->createForm(PaymentOrderType::class, $new_order);
140			}
141			}
142			} else {
143			$this->addFlash('error', 'flash.error.check_input');
144			}
145			}
146
147			$limit = $limiter->consume(0);
148
149			$response = $this->render('PaymentOrder/form.html.twig', [
150			'form' => $form->createView(),
151			'entity' => $new_order,
152			]);
153
154			$response->headers->add(
155			[
156			'X-RateLimit-Remaining' => $limit->getRemainingTokens(),
157			'X-RateLimit-Retry-After' => $limit->getRetryAfter()
158			->getTimestamp(),
159			'X-RateLimit-Limit' => $limit->getLimit(),
160			]
161			);
162
163			return $response;
164			}
165
166			private function copyProperties(PaymentOrder $source, PaymentOrder $target): void
167			{
168			$target->setFirstName($source->getFirstName());
169			$target->setLastName($source->getLastName());
170			$target->setContactEmail($source->getContactEmail());
171			$target->setDepartment($source->getDepartment());
172			$target->setBankInfo($source->getBankInfo());
173			}
174
175			/**
176			* @Route("/{id}/confirm", name="payment_order_confirm")
177			*/
178			public function confirmation(?PaymentOrder $paymentOrder, Request $request, EntityManagerInterface $em): Response
179			{
180			if($paymentOrder === null) {
181			$this->addFlash('error', 'payment_order.can_not_be_found');
182			return $this->redirectToRoute('homepage');
183			}
184
185			//Check if we have one of the valid confirm numbers
186			$confirm_step = $request->query->getInt('confirm');
187			if (1 !== $confirm_step && 2 !== $confirm_step) {
188			$this->addFlash('error', 'payment_order.confirmation.invalid_step');
189
190			return $this->redirectToRoute('homepage');
191			}
192
193			//Check if given token is correct for this step
194			$correct_token = (1 === $confirm_step) ? $paymentOrder->getConfirm1Token() : $paymentOrder->getConfirm2Token();
195			if (null === $correct_token) {
196			throw new RuntimeException('This payment_order can not be confirmed! No token is set.');
197			}
198
199			$given_token = (string) $request->query->get('token');
200			if (!password_verify($given_token, $correct_token)) {
201			$this->addFlash('error', 'payment_order.confirmation.invalid_token');
202
203			return $this->redirectToRoute('homepage');
204			}
205
206			$already_confirmed = false;
207
208			//Check if it was already confirmed from this side and disable form if needed
209			$confirm_timestamp = (1 === $confirm_step) ? $paymentOrder->getConfirm1Timestamp() : $paymentOrder->getConfirm2Timestamp();
210			if (null !== $confirm_timestamp) {
211			$already_confirmed = true;
212			}
213			$form = $this->createForm(PaymentOrderConfirmationType::class, null, [
214			'disabled' => null !== $confirm_timestamp,
215			]);
216
217			$paymentOrder_is_undeletable = $paymentOrder->isExported()
218			\|\| $paymentOrder->isConfirmed()
219			\|\| null != $paymentOrder->getBookingDate();
220
221			$deletion_form = $this->createFormBuilder()
222			->add('delete', SubmitType::class, [
223			'disabled' => $paymentOrder_is_undeletable,
224			'label' => 'payment_order.confirm.delete.btn',
225			'attr' => [
226			'class' => 'btn btn-danger'
227			]
228			])->getForm();
229
230			//Handle deletion form
231			$deletion_form->handleRequest($request);
232			if ($deletion_form->isSubmitted() && $deletion_form->isValid()) {
233			if ($paymentOrder_is_undeletable) {
234			throw new RuntimeException("This payment order is already exported or booked and therefore can not be deleted by user!");
235			}
236
237			if ($confirm_step === 1) {
238			$blame_user = implode(",", $paymentOrder->getDepartment()->getEmailHhv());
239			} elseif ($confirm_step === 2) {
240			$blame_user = implode(',', $paymentOrder->getDepartment()->getEmailTreasurer());
241			}
242
243			$message = new PaymentOrderDeletedNotification($paymentOrder, $blame_user, PaymentOrderDeletedNotification::DELETED_WHERE_FRONTEND);
			0 ignored issues – show Comprehensibility Best Practice introduced 2021-09-23 22:45 UTC by Report Bug Copy Issue Report The variable `$blame_user` does not seem to be defined for all execution paths leading up to this point. Loading history...
244			$this->dispatchMessage($message);
245
246			$this->entityManager->remove($paymentOrder);
247			$this->entityManager->flush();
248
249			$this->addFlash('success', 'payment_order.confirmation.delete.success');
250			return $this->redirectToRoute('homepage');
251			}
252
253			//Handle confirmation form
254			$form->handleRequest($request);
255			if ($form->isSubmitted() && $form->isValid()) {
256			$this->addFlash('success', 'payment_order.confirmation.success');
257			//Write confirmation to DB
258			if (1 === $confirm_step) {
259			$paymentOrder->setConfirm1Timestamp(new DateTime());
260			} elseif (2 === $confirm_step) {
261			$paymentOrder->setConfirm2Timestamp(new DateTime());
262			}
263
264			//Add hintful information about who did this, to audit log
265			$emails = (1 === $confirm_step) ? $paymentOrder->getDepartment()
266			->getEmailHhv() : $paymentOrder->getDepartment()
267			->getEmailTreasurer();
268			$username = sprintf('%s [Confirmation %d]', implode(', ', $emails), $confirm_step);
269			$this->userProvider->setManualUsername($username, implode(',', $emails));
270			$em->flush();
271
272			//Rerender form if it was confirmed, to apply the disabled state
273			$form = $this->createForm(PaymentOrderConfirmationType::class, null, [
274			'disabled' => true,
275			]);
276			$this->addFlash('info', 'payment_order.confirmation.already_confirmed');
277			}
278
279			return $this->render('PaymentOrder/confirm/confirm.html.twig', [
280			'entity' => $paymentOrder,
281			'confirmation_nr' => $confirm_step,
282			'form' => $form->createView(),
283			'deletion_form' => $deletion_form->createView(),
284			'paymentOrder_is_undeletable' => $paymentOrder_is_undeletable,
285			'already_confirmed' => $already_confirmed,
286			]);
287			}
288			}
289

jbtronics / StuRa-Finanzsoftware

Push — master ( 9bf05d...919c2e )

PaymentOrderController::confirmation() F

Complexity

Size

Duplication

Importance

How to fix Long Method Complexity

Long Method

Duplication Side-by-Side

Filter issues like