xref: /webtrees/app/Http/RequestHandlers/ContactAction.php (revision 72d49ceedf256aedf1b97871f100dc61df3fd16b)
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2023 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Http\RequestHandlers;
21
22use Fisharebest\Webtrees\FlashMessages;
23use Fisharebest\Webtrees\GuestUser;
24use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
25use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException;
26use Fisharebest\Webtrees\Http\ViewResponseTrait;
27use Fisharebest\Webtrees\I18N;
28use Fisharebest\Webtrees\Services\CaptchaService;
29use Fisharebest\Webtrees\Services\EmailService;
30use Fisharebest\Webtrees\Services\MessageService;
31use Fisharebest\Webtrees\Services\RateLimitService;
32use Fisharebest\Webtrees\Services\UserService;
33use Fisharebest\Webtrees\Validator;
34use Psr\Http\Message\ResponseInterface;
35use Psr\Http\Message\ServerRequestInterface;
36use Psr\Http\Server\RequestHandlerInterface;
37
38use function e;
39use function in_array;
40use function preg_match;
41use function preg_quote;
42use function redirect;
43use function route;
44
45/**
46 * Send a message from a visitor.
47 */
48class ContactAction implements RequestHandlerInterface
49{
50    use ViewResponseTrait;
51
52    private CaptchaService $captcha_service;
53
54    private EmailService $email_service;
55
56    private MessageService $message_service;
57
58    private RateLimitService $rate_limit_service;
59
60    private UserService $user_service;
61
62    /**
63     * @param CaptchaService   $captcha_service
64     * @param EmailService     $email_service
65     * @param MessageService   $message_service
66     * @param RateLimitService $rate_limit_service
67     * @param UserService      $user_service
68     */
69    public function __construct(
70        CaptchaService $captcha_service,
71        EmailService $email_service,
72        MessageService $message_service,
73        RateLimitService $rate_limit_service,
74        UserService $user_service
75    ) {
76        $this->captcha_service    = $captcha_service;
77        $this->email_service      = $email_service;
78        $this->user_service       = $user_service;
79        $this->rate_limit_service = $rate_limit_service;
80        $this->message_service    = $message_service;
81    }
82
83    /**
84     * @param ServerRequestInterface $request
85     *
86     * @return ResponseInterface
87     */
88    public function handle(ServerRequestInterface $request): ResponseInterface
89    {
90        $tree       = Validator::attributes($request)->tree();
91        $ip         = Validator::attributes($request)->string('client-ip');
92        $base_url   = Validator::attributes($request)->string('base_url');
93        $body       = Validator::parsedBody($request)->string('body');
94        $from_email = Validator::parsedBody($request)->string('from_email');
95        $from_name  = Validator::parsedBody($request)->string('from_name');
96        $subject    = Validator::parsedBody($request)->string('subject');
97        $to         = Validator::parsedBody($request)->string('to');
98        $url        = Validator::parsedBody($request)->isLocalUrl()->string('url', $base_url);
99        $to_user    = $this->user_service->findByUserName($to);
100
101        if ($to_user === null) {
102            throw new HttpNotFoundException();
103        }
104
105        if (!in_array($to_user, $this->message_service->validContacts($tree), false)) {
106            throw new HttpAccessDeniedException('Invalid contact user id');
107        }
108
109        $errors = $body === '' || $subject === '' || $from_email === '' || $from_name === '';
110
111        if ($this->captcha_service->isRobot($request)) {
112            FlashMessages::addMessage(I18N::translate('Please try again.'), 'danger');
113            $errors = true;
114        }
115
116        if (!$this->email_service->isValidEmail($from_email)) {
117            FlashMessages::addMessage(I18N::translate('Please enter a valid email address.'), 'danger');
118            $errors = true;
119        }
120
121        if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) {
122            FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . /* I18N: e.g. ‘You should delete the “https://” from “https://www.example.com” and try again.’ */
123                I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]), 'danger');
124            $errors = true;
125        }
126
127        if ($errors) {
128            return redirect(route(ContactPage::class, [
129                'body'       => $body,
130                'from_email' => $from_email,
131                'from_name'  => $from_name,
132                'subject'    => $subject,
133                'to'         => $to,
134                'tree'       => $tree->name(),
135                'url'        => $url,
136            ]));
137        }
138
139        $sender = new GuestUser($from_email, $from_name);
140
141        $this->rate_limit_service->limitRateForUser($to_user, 20, 1200, 'rate-limit-contact');
142
143        if ($this->message_service->deliverMessage($sender, $to_user, $subject, $body, $url, $ip)) {
144            FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', e($to_user->realName())), 'success');
145
146            return redirect($url);
147        }
148
149        FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger');
150
151        $redirect_url = route(ContactPage::class, [
152            'body'       => $body,
153            'from_email' => $from_email,
154            'from_name'  => $from_name,
155            'subject'    => $subject,
156            'to'         => $to,
157            'tree'       => $tree->name(),
158            'url'        => $url,
159        ]);
160
161        return redirect($redirect_url);
162    }
163}
164