xref: /webtrees/app/Http/RequestHandlers/RegisterAction.php (revision 65cf57062fc712114f930335533210fd95170cea) 
1d403609dSGreg Roach<?php
2d403609dSGreg Roach
3d403609dSGreg Roach/**
4d403609dSGreg Roach * webtrees: online genealogy
5d403609dSGreg Roach * Copyright (C) 2019 webtrees development team
6d403609dSGreg Roach * This program is free software: you can redistribute it and/or modify
7d403609dSGreg Roach * it under the terms of the GNU General Public License as published by
8d403609dSGreg Roach * the Free Software Foundation, either version 3 of the License, or
9d403609dSGreg Roach * (at your option) any later version.
10d403609dSGreg Roach * This program is distributed in the hope that it will be useful,
11d403609dSGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
12d403609dSGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13d403609dSGreg Roach * GNU General Public License for more details.
14d403609dSGreg Roach * You should have received a copy of the GNU General Public License
15d403609dSGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>.
16d403609dSGreg Roach */
17fcfa147eSGreg Roach
18d403609dSGreg Roachdeclare(strict_types=1);
19d403609dSGreg Roach
20d403609dSGreg Roachnamespace Fisharebest\Webtrees\Http\RequestHandlers;
21d403609dSGreg Roach
22d403609dSGreg Roachuse Exception;
23d403609dSGreg Roachuse Fisharebest\Webtrees\FlashMessages;
24d403609dSGreg Roachuse Fisharebest\Webtrees\Http\Controllers\AbstractBaseController;
25d403609dSGreg Roachuse Fisharebest\Webtrees\I18N;
26d403609dSGreg Roachuse Fisharebest\Webtrees\Log;
27d403609dSGreg Roachuse Fisharebest\Webtrees\NoReplyUser;
28e381f98dSGreg Roachuse Fisharebest\Webtrees\Services\EmailService;
29d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UserService;
30d403609dSGreg Roachuse Fisharebest\Webtrees\Site;
31d403609dSGreg Roachuse Fisharebest\Webtrees\SiteUser;
32d403609dSGreg Roachuse Fisharebest\Webtrees\Tree;
33d403609dSGreg Roachuse Fisharebest\Webtrees\TreeUser;
347c4add84SGreg Roachuse Fisharebest\Webtrees\User;
35d403609dSGreg Roachuse Illuminate\Database\Capsule\Manager as DB;
36d403609dSGreg Roachuse Psr\Http\Message\ResponseInterface;
37d403609dSGreg Roachuse Psr\Http\Message\ServerRequestInterface;
38d403609dSGreg Roachuse Ramsey\Uuid\Uuid;
39d403609dSGreg Roachuse Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
40f3874e19SGreg Roach
419fa6ab69SGreg Roachuse function view;
4290a2f718SGreg Roach
43d403609dSGreg Roach/**
44d403609dSGreg Roach * Process a user registration.
45d403609dSGreg Roach */
46d403609dSGreg Roachclass RegisterAction extends AbstractBaseController
47d403609dSGreg Roach{
48d403609dSGreg Roach    /**
49e381f98dSGreg Roach     * @var EmailService
50d403609dSGreg Roach     */
51e381f98dSGreg Roach    private $email_service;
52d403609dSGreg Roach
53d403609dSGreg Roach    /**
54d403609dSGreg Roach     * @var UserService
55d403609dSGreg Roach     */
56d403609dSGreg Roach    private $user_service;
57d403609dSGreg Roach
58d403609dSGreg Roach    /**
59d403609dSGreg Roach     * RegisterController constructor.
60d403609dSGreg Roach     *
61e381f98dSGreg Roach     * @param EmailService $email_service
62d403609dSGreg Roach     * @param UserService  $user_service
63d403609dSGreg Roach     */
64e381f98dSGreg Roach    public function __construct(EmailService $email_service, UserService $user_service)
65d403609dSGreg Roach    {
66e381f98dSGreg Roach        $this->email_service = $email_service;
67d403609dSGreg Roach        $this->user_service  = $user_service;
68d403609dSGreg Roach    }
69d403609dSGreg Roach
70d403609dSGreg Roach    /**
71d403609dSGreg Roach     * Perform a registration.
72d403609dSGreg Roach     *
73d403609dSGreg Roach     * @param ServerRequestInterface $request
74d403609dSGreg Roach     *
75d403609dSGreg Roach     * @return ResponseInterface
76d403609dSGreg Roach     */
77d403609dSGreg Roach    public function handle(ServerRequestInterface $request): ResponseInterface
78d403609dSGreg Roach    {
799fa6ab69SGreg Roach        $tree = $request->getAttribute('tree');
809fa6ab69SGreg Roach
81d403609dSGreg Roach        $this->checkRegistrationAllowed();
82d403609dSGreg Roach
83d403609dSGreg Roach        $comments  = $request->getParsedBody()['comments'] ?? '';
84d403609dSGreg Roach        $email     = $request->getParsedBody()['email'] ?? '';
85d403609dSGreg Roach        $password  = $request->getParsedBody()['password'] ?? '';
86d403609dSGreg Roach        $realname  = $request->getParsedBody()['realname'] ?? '';
87d403609dSGreg Roach        $username  = $request->getParsedBody()['username'] ?? '';
88d403609dSGreg Roach
89d403609dSGreg Roach        try {
90d403609dSGreg Roach            $this->doValidateRegistration($request, $username, $email, $realname, $comments, $password);
91d403609dSGreg Roach        } catch (Exception $ex) {
92d403609dSGreg Roach            FlashMessages::addMessage($ex->getMessage(), 'danger');
93d403609dSGreg Roach
9456f9a9c1SGreg Roach            return redirect(route(RegisterPage::class, [
95d403609dSGreg Roach                'comments' => $comments,
96d403609dSGreg Roach                'email'    => $email,
97d403609dSGreg Roach                'realname' => $realname,
98d403609dSGreg Roach                'username' => $username,
99d403609dSGreg Roach            ]));
100d403609dSGreg Roach        }
101d403609dSGreg Roach
102d403609dSGreg Roach        Log::addAuthenticationLog('User registration requested for: ' . $username);
103d403609dSGreg Roach
104d403609dSGreg Roach        $user = $this->user_service->create($username, $realname, $email, $password);
105*65cf5706SGreg Roach        $user->setPreference(User::PREF_LANGUAGE, I18N::languageTag());
1067c4add84SGreg Roach        $user->setPreference(User::PREF_IS_EMAIL_VERIFIED, '');
1077c4add84SGreg Roach        $user->setPreference(User::PREF_IS_ACCOUNT_APPROVED, '');
1087c4add84SGreg Roach        $user->setPreference(User::PREF_TIMESTAMP_REGISTERED, date('U'));
1097c4add84SGreg Roach        $user->setPreference(User::PREF_VERIFICATION_TOKEN, md5(Uuid::uuid4()->toString()));
1107c4add84SGreg Roach        $user->setPreference(User::PREF_CONTACT_METHOD, 'messaging2');
1117c4add84SGreg Roach        $user->setPreference(User::PREF_NEW_ACCOUNT_COMMENT, $comments);
1127c4add84SGreg Roach        $user->setPreference(User::PREF_IS_VISIBLE_ONLINE, '1');
1137c4add84SGreg Roach        $user->setPreference(User::PREF_AUTO_ACCEPT_EDITS, '');
1147c4add84SGreg Roach        $user->setPreference(User::PREF_IS_ADMINISTRATOR, '');
1157c4add84SGreg Roach        $user->setPreference(User::PREF_TIMESTAMP_ACTIVE, '0');
116d403609dSGreg Roach
117d403609dSGreg Roach        $base_url = $request->getAttribute('base_url');
118d403609dSGreg Roach        $reply_to = $tree instanceof Tree ? new TreeUser($tree) : new SiteUser();
119d403609dSGreg Roach
120d403609dSGreg Roach        // Send a verification message to the user.
121d403609dSGreg Roach        /* I18N: %s is a server name/URL */
122e381f98dSGreg Roach        $this->email_service->send(
123d403609dSGreg Roach            new Siteuser(),
124d403609dSGreg Roach            $user,
125d403609dSGreg Roach            $reply_to,
126d403609dSGreg Roach            I18N::translate('Your registration at %s', $base_url),
12707ef9328SGreg Roach            view('emails/register-user-text', ['user' => $user, 'base_url' => $base_url, 'tree' => $tree]),
12807ef9328SGreg Roach            view('emails/register-user-html', ['user' => $user, 'base_url' => $base_url, 'tree' => $tree])
129d403609dSGreg Roach        );
130d403609dSGreg Roach
131d403609dSGreg Roach        // Tell the administrators about the registration.
132d403609dSGreg Roach        foreach ($this->user_service->administrators() as $administrator) {
1337c4add84SGreg Roach            I18N::init($administrator->getPreference(User::PREF_LANGUAGE));
134d403609dSGreg Roach
135d403609dSGreg Roach            /* I18N: %s is a server name/URL */
136d403609dSGreg Roach            $subject = I18N::translate('New registration at %s', $base_url);
137d403609dSGreg Roach
1389fa6ab69SGreg Roach            $body_text = view('emails/register-notify-text', [
1399fa6ab69SGreg Roach                'user'     => $user,
1409fa6ab69SGreg Roach                'comments' => $comments,
1419fa6ab69SGreg Roach                'base_url' => $base_url,
1429fa6ab69SGreg Roach                'tree'     => $tree,
1439fa6ab69SGreg Roach            ]);
1449fa6ab69SGreg Roach
1459fa6ab69SGreg Roach            $body_html = view('emails/register-notify-html', [
1469fa6ab69SGreg Roach                'user'     => $user,
1479fa6ab69SGreg Roach                'comments' => $comments,
1489fa6ab69SGreg Roach                'base_url' => $base_url,
1499fa6ab69SGreg Roach                'tree'     => $tree,
1509fa6ab69SGreg Roach            ]);
1519fa6ab69SGreg Roach
1529fa6ab69SGreg Roach
153d403609dSGreg Roach            /* I18N: %s is a server name/URL */
154e381f98dSGreg Roach            $this->email_service->send(
155d403609dSGreg Roach                new SiteUser(),
156d403609dSGreg Roach                $administrator,
157d403609dSGreg Roach                new NoReplyUser(),
158d403609dSGreg Roach                $subject,
1599fa6ab69SGreg Roach                $body_text,
1609fa6ab69SGreg Roach                $body_html
161d403609dSGreg Roach            );
162d403609dSGreg Roach
1637c4add84SGreg Roach            $mail1_method = $administrator->getPreference(User::PREF_CONTACT_METHOD);
164d403609dSGreg Roach            if ($mail1_method !== 'messaging3' && $mail1_method !== 'mailto' && $mail1_method !== 'none') {
165d403609dSGreg Roach                DB::table('message')->insert([
166d403609dSGreg Roach                    'sender'     => $user->email(),
1674874f72dSGreg Roach                    'ip_address' => $request->getAttribute('client-ip'),
168d403609dSGreg Roach                    'user_id'    => $administrator->id(),
169d403609dSGreg Roach                    'subject'    => $subject,
1709fa6ab69SGreg Roach                    'body'       => $body_text,
171d403609dSGreg Roach                ]);
172d403609dSGreg Roach            }
173d403609dSGreg Roach        }
174d403609dSGreg Roach
175d403609dSGreg Roach        $title = I18N::translate('Request a new user account');
176d403609dSGreg Roach
177d403609dSGreg Roach        return $this->viewResponse('register-success-page', [
178d403609dSGreg Roach            'title' => $title,
1799fa6ab69SGreg Roach            'tree'  => $tree,
180d403609dSGreg Roach            'user'  => $user,
181d403609dSGreg Roach        ]);
182d403609dSGreg Roach    }
183d403609dSGreg Roach
184d403609dSGreg Roach    /**
185d403609dSGreg Roach     * Check that visitors are allowed to register on this site.
186d403609dSGreg Roach     *
187d403609dSGreg Roach     * @return void
188d403609dSGreg Roach     * @throws NotFoundHttpException
189d403609dSGreg Roach     */
190d403609dSGreg Roach    private function checkRegistrationAllowed(): void
191d403609dSGreg Roach    {
192d403609dSGreg Roach        if (Site::getPreference('USE_REGISTRATION_MODULE') !== '1') {
193d403609dSGreg Roach            throw new NotFoundHttpException();
194d403609dSGreg Roach        }
195d403609dSGreg Roach    }
196d403609dSGreg Roach
197d403609dSGreg Roach    /**
198d403609dSGreg Roach     * Check the registration details.
199d403609dSGreg Roach     *
200d403609dSGreg Roach     * @param ServerRequestInterface $request
201d403609dSGreg Roach     * @param string                 $username
202d403609dSGreg Roach     * @param string                 $email
203d403609dSGreg Roach     * @param string                 $realname
204d403609dSGreg Roach     * @param string                 $comments
205d403609dSGreg Roach     * @param string                 $password
206d403609dSGreg Roach     *
207d403609dSGreg Roach     * @return void
208d403609dSGreg Roach     * @throws Exception
209d403609dSGreg Roach     */
210d403609dSGreg Roach    private function doValidateRegistration(ServerRequestInterface $request, string $username, string $email, string $realname, string $comments, string $password): void
211d403609dSGreg Roach    {
212d403609dSGreg Roach        // All fields are required
213d403609dSGreg Roach        if ($username === '' || $email === '' || $realname === '' || $comments === '' || $password === '') {
214d403609dSGreg Roach            throw new Exception(I18N::translate('All fields must be completed.'));
215d403609dSGreg Roach        }
216d403609dSGreg Roach
217d403609dSGreg Roach        // Username already exists
218d403609dSGreg Roach        if ($this->user_service->findByUserName($username) !== null) {
219d403609dSGreg Roach            throw new Exception(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.'));
220d403609dSGreg Roach        }
221d403609dSGreg Roach
222d403609dSGreg Roach        // Email already exists
223d403609dSGreg Roach        if ($this->user_service->findByEmail($email) !== null) {
224d403609dSGreg Roach            throw new Exception(I18N::translate('Duplicate email address. A user with that email already exists.'));
225d403609dSGreg Roach        }
226d403609dSGreg Roach
227d403609dSGreg Roach        $base_url = $request->getAttribute('base_url');
228d403609dSGreg Roach
229d403609dSGreg Roach        // No external links
230d403609dSGreg Roach        if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:http|https):\/\/)[a-zA-Z0-9.-]+)/', $comments, $match)) {
231d403609dSGreg Roach            throw new Exception(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', e($match[2]), e($match[1])));
232d403609dSGreg Roach        }
233d403609dSGreg Roach    }
234d403609dSGreg Roach}
235