1<?php 2 3/** 4 * webtrees: online genealogy 5 * Copyright (C) 2021 webtrees development team 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation, either version 3 of the License, or 9 * (at your option) any later version. 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * You should have received a copy of the GNU General Public License 15 * along with this program. If not, see <https://www.gnu.org/licenses/>. 16 */ 17 18declare(strict_types=1); 19 20namespace Fisharebest\Webtrees\Http\RequestHandlers; 21 22use Fisharebest\Webtrees\FlashMessages; 23use Fisharebest\Webtrees\GuestUser; 24use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException; 25use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException; 26use Fisharebest\Webtrees\Http\ViewResponseTrait; 27use Fisharebest\Webtrees\I18N; 28use Fisharebest\Webtrees\Services\CaptchaService; 29use Fisharebest\Webtrees\Services\EmailService; 30use Fisharebest\Webtrees\Services\MessageService; 31use Fisharebest\Webtrees\Services\RateLimitService; 32use Fisharebest\Webtrees\Services\UserService; 33use Fisharebest\Webtrees\Tree; 34use Fisharebest\Webtrees\Validator; 35use Psr\Http\Message\ResponseInterface; 36use Psr\Http\Message\ServerRequestInterface; 37use Psr\Http\Server\RequestHandlerInterface; 38 39use function assert; 40use function e; 41use function in_array; 42use function preg_match; 43use function preg_quote; 44use function redirect; 45use function route; 46 47/** 48 * Send a message from a visitor. 49 */ 50class ContactAction implements RequestHandlerInterface 51{ 52 use ViewResponseTrait; 53 54 private CaptchaService $captcha_service; 55 56 private EmailService $email_service; 57 58 private MessageService $message_service; 59 60 private RateLimitService $rate_limit_service; 61 62 private UserService $user_service; 63 64 /** 65 * MessagePage constructor. 66 * 67 * @param CaptchaService $captcha_service 68 * @param EmailService $email_service 69 * @param MessageService $message_service 70 * @param RateLimitService $rate_limit_service 71 * @param UserService $user_service 72 */ 73 public function __construct( 74 CaptchaService $captcha_service, 75 EmailService $email_service, 76 MessageService $message_service, 77 RateLimitService $rate_limit_service, 78 UserService $user_service 79 ) { 80 $this->captcha_service = $captcha_service; 81 $this->email_service = $email_service; 82 $this->user_service = $user_service; 83 $this->rate_limit_service = $rate_limit_service; 84 $this->message_service = $message_service; 85 } 86 87 /** 88 * @param ServerRequestInterface $request 89 * 90 * @return ResponseInterface 91 */ 92 public function handle(ServerRequestInterface $request): ResponseInterface 93 { 94 $tree = $request->getAttribute('tree'); 95 assert($tree instanceof Tree); 96 97 $base_url = $request->getAttribute('base_url'); 98 $body = Validator::parsedBody($request)->string('body') ?? ''; 99 $from_email = Validator::parsedBody($request)->string('from_email') ?? ''; 100 $from_name = Validator::parsedBody($request)->string('from_name') ?? ''; 101 $subject = Validator::parsedBody($request)->string('subject') ?? ''; 102 $to = Validator::parsedBody($request)->string('to') ?? ''; 103 $url = Validator::parsedBody($request)->isLocalUrl($base_url)->string('url') ?? $base_url; 104 $ip = $request->getAttribute('client-ip'); 105 $to_user = $this->user_service->findByUserName($to); 106 107 if ($to_user === null) { 108 throw new HttpNotFoundException(); 109 } 110 111 if (!in_array($to_user, $this->message_service->validContacts($tree), false)) { 112 throw new HttpAccessDeniedException('Invalid contact user id'); 113 } 114 115 $errors = $body === '' || $subject === '' || $from_email === '' || $from_name === ''; 116 117 if ($this->captcha_service->isRobot($request)) { 118 FlashMessages::addMessage(I18N::translate('Please try again.'), 'danger'); 119 $errors = true; 120 } 121 122 if (!$this->email_service->isValidEmail($from_email)) { 123 FlashMessages::addMessage(I18N::translate('Please enter a valid email address.'), 'danger'); 124 $errors = true; 125 } 126 127 if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) { 128 FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . /* I18N: e.g. ‘You should delete the “https://” from “https://www.example.com” and try again.’ */ 129 I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]), 'danger'); 130 $errors = true; 131 } 132 133 if ($errors) { 134 return redirect(route(ContactPage::class, [ 135 'body' => $body, 136 'from_email' => $from_email, 137 'from_name' => $from_name, 138 'subject' => $subject, 139 'to' => $to, 140 'tree' => $tree->name(), 141 'url' => $url, 142 ])); 143 } 144 145 $sender = new GuestUser($from_email, $from_name); 146 147 $this->rate_limit_service->limitRateForUser($to_user, 20, 1200, 'rate-limit-contact'); 148 149 if ($this->message_service->deliverMessage($sender, $to_user, $subject, $body, $url, $ip)) { 150 FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', e($to_user->realName())), 'success'); 151 152 return redirect($url); 153 } 154 155 FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger'); 156 157 $redirect_url = route(ContactPage::class, [ 158 'body' => $body, 159 'from_email' => $from_email, 160 'from_name' => $from_name, 161 'subject' => $subject, 162 'to' => $to, 163 'tree' => $tree->name(), 164 'url' => $url, 165 ]); 166 167 return redirect($redirect_url); 168 } 169} 170