xref: /webtrees/app/Http/RequestHandlers/ContactAction.php (revision 8f8787974040d069eb8daff5e2b4af725c6bd747)
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2021 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Http\RequestHandlers;
21
22use Fisharebest\Webtrees\FlashMessages;
23use Fisharebest\Webtrees\GuestUser;
24use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
25use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException;
26use Fisharebest\Webtrees\Http\ViewResponseTrait;
27use Fisharebest\Webtrees\I18N;
28use Fisharebest\Webtrees\Services\CaptchaService;
29use Fisharebest\Webtrees\Services\EmailService;
30use Fisharebest\Webtrees\Services\MessageService;
31use Fisharebest\Webtrees\Services\RateLimitService;
32use Fisharebest\Webtrees\Services\UserService;
33use Fisharebest\Webtrees\Validator;
34use Psr\Http\Message\ResponseInterface;
35use Psr\Http\Message\ServerRequestInterface;
36use Psr\Http\Server\RequestHandlerInterface;
37
38use function e;
39use function in_array;
40use function preg_match;
41use function preg_quote;
42use function redirect;
43use function route;
44
45/**
46 * Send a message from a visitor.
47 */
48class ContactAction implements RequestHandlerInterface
49{
50    use ViewResponseTrait;
51
52    private CaptchaService $captcha_service;
53
54    private EmailService $email_service;
55
56    private MessageService $message_service;
57
58    private RateLimitService $rate_limit_service;
59
60    private UserService $user_service;
61
62    /**
63     * MessagePage constructor.
64     *
65     * @param CaptchaService   $captcha_service
66     * @param EmailService     $email_service
67     * @param MessageService   $message_service
68     * @param RateLimitService $rate_limit_service
69     * @param UserService      $user_service
70     */
71    public function __construct(
72        CaptchaService $captcha_service,
73        EmailService $email_service,
74        MessageService $message_service,
75        RateLimitService $rate_limit_service,
76        UserService $user_service
77    ) {
78        $this->captcha_service    = $captcha_service;
79        $this->email_service      = $email_service;
80        $this->user_service       = $user_service;
81        $this->rate_limit_service = $rate_limit_service;
82        $this->message_service    = $message_service;
83    }
84
85    /**
86     * @param ServerRequestInterface $request
87     *
88     * @return ResponseInterface
89     */
90    public function handle(ServerRequestInterface $request): ResponseInterface
91    {
92        $tree       = Validator::attributes($request)->tree();
93        $ip         = Validator::attributes($request)->string('client-ip');
94        $base_url   = Validator::attributes($request)->string('base_url');
95        $body       = Validator::parsedBody($request)->string('body');
96        $from_email = Validator::parsedBody($request)->string('from_email');
97        $from_name  = Validator::parsedBody($request)->string('from_name');
98        $subject    = Validator::parsedBody($request)->string('subject');
99        $to         = Validator::parsedBody($request)->string('to');
100        $url        = Validator::parsedBody($request)->isLocalUrl($base_url)->string('url', $base_url);
101        $to_user    = $this->user_service->findByUserName($to);
102
103        if ($to_user === null) {
104            throw new HttpNotFoundException();
105        }
106
107        if (!in_array($to_user, $this->message_service->validContacts($tree), false)) {
108            throw new HttpAccessDeniedException('Invalid contact user id');
109        }
110
111        $errors = $body === '' || $subject === '' || $from_email === '' || $from_name === '';
112
113        if ($this->captcha_service->isRobot($request)) {
114            FlashMessages::addMessage(I18N::translate('Please try again.'), 'danger');
115            $errors = true;
116        }
117
118        if (!$this->email_service->isValidEmail($from_email)) {
119            FlashMessages::addMessage(I18N::translate('Please enter a valid email address.'), 'danger');
120            $errors = true;
121        }
122
123        if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) {
124            FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . /* I18N: e.g. ‘You should delete the “https://” from “https://www.example.com” and try again.’ */
125                I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]), 'danger');
126            $errors = true;
127        }
128
129        if ($errors) {
130            return redirect(route(ContactPage::class, [
131                'body'       => $body,
132                'from_email' => $from_email,
133                'from_name'  => $from_name,
134                'subject'    => $subject,
135                'to'         => $to,
136                'tree'       => $tree->name(),
137                'url'        => $url,
138            ]));
139        }
140
141        $sender = new GuestUser($from_email, $from_name);
142
143        $this->rate_limit_service->limitRateForUser($to_user, 20, 1200, 'rate-limit-contact');
144
145        if ($this->message_service->deliverMessage($sender, $to_user, $subject, $body, $url, $ip)) {
146            FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', e($to_user->realName())), 'success');
147
148            return redirect($url);
149        }
150
151        FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger');
152
153        $redirect_url = route(ContactPage::class, [
154            'body'       => $body,
155            'from_email' => $from_email,
156            'from_name'  => $from_name,
157            'subject'    => $subject,
158            'to'         => $to,
159            'tree'       => $tree->name(),
160            'url'        => $url,
161        ]);
162
163        return redirect($redirect_url);
164    }
165}
166