src/MyBundle/Controller/AuthController.php line 1011

Open in your IDE?
  1. <?php
  4. namespace MyBundle\Controller;
  6. use CoreBundle\Entity\User;
  7. use CoreBundle\Repository\UserRepository;
  8. use DateTime;
  9. use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
  10. use Doctrine\ORM\EntityManagerInterface;
  11. use MyBundle\Component\InfobipSmsSender;
  12. use MyBundle\Entity\AttemptLogin;
  13. use MyBundle\Entity\CrossDomainAuthToken;
  14. use MyBundle\Entity\Otp;
  15. use MyBundle\Entity\RegisterRequest;
  16. use MyBundle\Entity\UserReferral;
  17. use MyBundle\Enum\AuthDataKeys;
  18. use MyBundle\Enum\RegistrationStatusEnums;
  19. use MyBundle\Exception\DataNotValidException;
  20. use MyBundle\Exception\UserNotFoundException;
  21. use MyBundle\Factory\AuthCodeDTOFactory;
  22. use MyBundle\Factory\OtpCodeGenerator;
  23. use MyBundle\Factory\OtpEntityFactory;
  24. use MyBundle\Factory\RegUserDTOFactory;
  25. use MyBundle\Factory\StringGenerator;
  26. use MyBundle\Factory\UserEntityFactory;
  27. use MyBundle\Messages;
  28. use MyBundle\Service\AuthDataValidator;
  29. use MyBundle\Service\AuthService;
  30. use Psr\Log\LoggerInterface;
  31. use Symfony\Component\HttpFoundation\JsonResponse;
  32. use Symfony\Component\HttpFoundation\RedirectResponse;
  33. use Symfony\Component\HttpFoundation\Request;
  34. use Symfony\Component\HttpFoundation\RequestStack;
  35. use Symfony\Component\HttpFoundation\Response;
  36. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  37. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  38. use Symfony\Component\Mailer\MailerInterface;
  39. use Symfony\Component\Mime\Address;
  40. use Symfony\Component\Mime\Email;
  41. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  42. use Symfony\Component\Routing\RouterInterface;
  43. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  44. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  45. use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
  46. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  47. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  48. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  49. use Symfony\Contracts\Translation\TranslatorInterface;
  50. use Twig\Environment;
  52. class AuthController extends MyBaseController
  53. {
  54.     use TargetPathTrait;
  57.     private SessionInterface $session;
  58.     private TokenStorageInterface $tokenStorage;
  60.     public function __construct(EntityManagerInterface $emRequestStack $requestStackMessages $messages,
  61.                                 \CoreBundle\Model\User $userModelSessionInterface $session,
  62.                                 TokenStorageInterface  $tokenStorageEnvironment $twig)
  63.     {
  64.         parent::__construct($em$requestStack$messages$userModel$twig);
  65.         $this->session $session;
  66.         $this->tokenStorage $tokenStorage;
  67.     }
  69.     public function logout(AuthService $authService): RedirectResponse
  70.     {
  72.         if ($this->getUser()) {
  73.             $authService->logoutUser($this->getUser());
  74.         }
  76.         return $this->redirectToRoute('my_login_page');
  77.     }
  79.     public function resendSms(Request $request): JsonResponse
  80.     {
  81.         $hash $request->get('hash');
  82.         if (!$this->userModel->initByHash($hash)) {
  83.             return $this->errorResponce(['total' => 'Виникла помилка, будь ласка, спробуйте ще раз пізніше']);
  84.         }
  85.         if ($this->userModel->sendConfirmSms()) {
  86.             return new JsonResponse(['success' => true'phone' => $this->userModel->getPhone()]);
  87.         }
  88.         return $this->errorResponce(['total' => 'Ви використали всі спроби доставки sms']);
  89.     }
  91.     public function confirmPhone(Request $request)
  92.     {
  93.         $hash $request->request->get('hash');
  94.         if (!$this->userModel->initByHash($hash)) {
  95.             return new JsonResponse(['success' => false]);
  96.         }
  97.         $code $request->request->get('code');
  99.         if (!$this->userModel->checkConfirmPhone($code)) {
  100.             return new JsonResponse(['success' => false]);
  101.         }
  103.         $this->userModel->senConfirmEmail();
  104.         return new JsonResponse(['success' => true'hash' => $hash]);
  105.     }
  107.     public function reSendEmail(Request $request): JsonResponse
  108.     {
  109.         $hash $request->get('hash');
  110.         if (!$this->userModel->initByHash($hash)) {
  111.             return new JsonResponse(['success' => false]);
  112.         }
  113.         $this->userModel->senConfirmEmail();
  114.         return new JsonResponse(['success' => true]);
  115.     }
  117.     public function confirmEmail(Request $request): ?Response
  118.     {
  119.         if (!$this->userModel->initByHash($request->get('hash'))) {
  120.             throw new NotFoundHttpException();
  121.         }
  122.         return $this->baseMyRender('@My/Auth/confirm_email.html.twig', [
  123.             'user' => $this->userModel->getUser()
  124.         ]);
  125.     }
  127.     public function finish($userHash$hash): ?Response
  128.     {
  129.         $success false;
  130.         if ($this->userModel->initByHash($userHash)) {
  131.             $success $this->userModel->confirmEmail($hash);
  132.         }
  133.         return $this->baseMyRender(
  134.             '@My/Auth/finish_register.html.twig',
  135.             ['success' => $success'ehash' => $this->userModel->getUser()->getEmailHash(), 'hash' => $this->userModel->getHash()]
  136.         );
  137.     }
  139.     public function setPassword(Request $requestEventDispatcherInterface $eventDispatcher): JsonResponse
  140.     {
  141.         $hash $request->get('userHash');
  142.         if (!$this->userModel->initByHash($hash)) {
  143.             return new JsonResponse(['success' => false]);
  144.         }
  145.         $emailHash $request->request->get('ehash');
  146.         if ($emailHash != $this->userModel->getUser()->getEmailHash()) {
  147.             return new JsonResponse(['success' => false]);
  148.         }
  149.         $password $request->request->get('password');
  150.         $this->userModel->setPassword($password);
  151.         $token = new UsernamePasswordToken($this->userModel->getUser(), null'prifile'$this->userModel->getUser()->getRoles());
  152.         $this->tokenStorage->setToken($token);
  153.         $this->session->set('_security_prifile'serialize($token));
  154.         $event = new InteractiveLoginEvent($request$token);
  155.         //TODO refactor this to correct dispatcher
  156.         $eventDispatcher->dispatch($event"security.interactive_login");
  157.         return new JsonResponse(['success' => true]);
  158.     }
  160.     public function recover($hash$ehash)
  161.     {
  162.         if (!$this->userModel->initByHash($hash)) {
  163.             throw $this->createAccessDeniedException();
  164.         }
  166.         if ($ehash != $this->userModel->getUser()->getEmailHash()) {
  167.             throw $this->createAccessDeniedException();
  168.         }
  170.         return $this->baseMyRender('@My/Auth/recover_pass.html.twig', [
  171.             'hash' => $hash,
  172.             'ehash' => $ehash,
  173.         ]);
  174.     }
  176.     public function loginCheck(Request $requestAuthService $authServiceEncoderFactoryInterface $factory): JsonResponse
  177.     {
  178.         $phone $request->request->get('phone');
  179.         $phone substr(preg_replace('~[^0-9]+~'''$phone), -10);
  180.         $_password $request->get('password');
  181.         $cardNumber $request->request->get('card');
  182.         $cardNumber preg_replace('~[^0-9]+~'''$cardNumber);
  184.         $login $request->get('login');
  186.         if ($login) {
  187.             $user $this->em->getRepository(User::class)->findOneBy(['username' => $login]);
  188.         } else {
  189.             $user $this->em->getRepository(User::class)->findByPhoneOrCardNum($phone$cardNumber);
  190.         }
  192.         if (!$user) {
  193.             return new JsonResponse(['success' => false'error' => 'account is not found']);
  194.         }
  196.         $encoder $factory->getEncoder($user);
  197.         $salt $user->getSalt();
  199.         if (!$encoder->isPasswordValid($user->getPassword(), $_password$salt)) {
  200.             return new JsonResponse(['success' => false'error' => 'password wrong']);
  201.         }
  203.         $this->userModel->pushReferrer($request$userUser::UTM_LOGIN);
  205.         return $authService->loginUser($user);
  206.     }
  208.     public function login(Request $requestEventDispatcherInterface $eventDispatcherRouterInterface $routerAuthService $authService): RedirectResponse|Response|null
  209.     {
  210.         if ($this->getUser()) {
  211.             $referer $authService->getRefererUser($request$this->getUser());
  213.             if ($referer) {
  214.                 return $this->redirect($referer);
  215.             }
  216.         }
  218.         $url $this->getTargetPath($request->getSession(), 'main');
  220.         if ($this->getUser() && !$referer) {
  221.             return $this->redirect($router->generate('my_about_car_page'));
  222.         }
  223.         $tokenStr $request->query->get('token');
  225.         if ($tokenStr) {
  226.             $AuthToken =
  227.                 $this->em
  228.                     ->getRepository(CrossDomainAuthToken::class)
  229.                     ->findOneBy(['token' => $tokenStr]);
  230.             if (!$AuthToken) {
  231.                 return $this->baseMyRender('@My/Auth/login.html.twig');
  232.             }
  233.             $now = new DateTime();
  234.             $tokenCreateDate $AuthToken->getDateCreate();
  235.             //TODO remove to some config
  236.             if ($tokenCreateDate $now->modify('-30 min')) {
  237.                 return $this->baseMyRender('@My/Auth/login.html.twig');
  238.             }
  239.             $user $AuthToken->getUser();
  241.             $token = new UsernamePasswordToken($usernull'profile'$user->getRoles());
  242.             $this->tokenStorage->setToken($token);
  244.             $this->session->set('_security_profile'serialize($token));
  246.             $event = new InteractiveLoginEvent($request$token);
  247.             //TODO refactor this to correct dispatcher
  248.             $eventDispatcher->dispatch($event"security.interactive_login");
  249.             $this->em->remove($AuthToken);
  250.             $this->em->flush();
  252.             return $this->redirect($request->headers->get('referer'));
  253.         }
  255.         return $this->baseMyRender('@My/Auth/login.html.twig', [
  256.             'backLoginUrl' => $url
  257.         ]);
  258.     }
  260.     public function register(
  261.         Request             $request,
  262.         AuthDataValidator   $validator,
  263.         LoggerInterface     $logger,
  264.         UserEntityFactory   $userEntityFactory,
  265.         RegUserDTOFactory   $userDTOFactory,
  266.         OtpCodeGenerator    $codeGenerator,
  267.         TranslatorInterface $translator
  268.     ): JsonResponse
  269.     {
  270.         $translator->setLocale($request->getLocale());
  271.         if ($request->request->has('locale')) {
  272.             $translator->setLocale($request->get('locale'));
  273.         }
  274.         $data $request->request->all();
  275.         try {
  276.             $validator->validateForRegisterUser($data);
  277.         } catch (DataNotValidException $e) {
  278.             $logger->error($e->getMessage(), $data);
  279.             return new JsonResponse([
  280.                 'success' => false,
  281.                 'message' => $translator->trans('auth.error', [], 'loyality'),
  282.             ]);
  283.         }
  284.         $userRegDTO $userDTOFactory->createDefaultAuthDTO($data);
  285.         /** @var UserRepository $users */
  286.         $users $this->em->getRepository(User::class);
  287.         $userCount $users->checkRegisteredUsersByParams(
  288.             [
  289.                 'phone' => $userRegDTO->phone,
  290.                 'email' => $userRegDTO->email
  291.             ]
  292.         );
  294.         if ($userCount) {
  295.             return new JsonResponse([
  296.                 'success' => false,
  297.                 'message' => $translator->trans('auth.duplicate_email_or_phone', [], 'loyality'),
  298.             ]);
  299.         }
  300.         $registerRequest = new RegisterRequest();
  301.         $registerRequest->setDateCreate(new DateTime());
  302.         $registerRequest->setPhone($userRegDTO->phone);
  303.         $registerRequest->setRequest(json_encode($data));
  304.         $registerRequest->setIsComplete(false);
  305.         $this->em->persist($registerRequest);
  306.         $this->em->flush();
  308.         $otp $codeGenerator->generate();
  309.         $registerRequest->setOtp($otp);
  310.         $registerRequest->setOtpExpDate((new DateTime())->modify('+1 hour'));
  312.         try {
  313.             $em $this->em;
  314.             $em->persist($registerRequest);
  315.             $em->flush();
  316.         } catch (UniqueConstraintViolationException $ex) {
  317.             return new JsonResponse([
  318.                 'success' => false,
  319.                 'message' => $translator->trans('auth.duplicate_email', [], 'loyality'),
  320.             ]);
  321.         }
  324.         return new JsonResponse([
  325.             'success' => true,
  326.             'requestId' => $registerRequest->getId(),
  327.             'message' => $translator->trans(
  328.                 'auth.sending_to_phone_succeed',
  329.                 ['%phone%' => $this->getSecurePhone($registerRequest->getPhone())],
  330.                 'loyality'
  331.             ),
  332.         ]);
  333.     }
  335.     public function getCode(
  336.         Request             $request,
  337.         AuthDataValidator   $validator,
  338.         LoggerInterface     $logger,
  339.         AuthCodeDTOFactory  $DTOFactory,
  340.         OtpEntityFactory    $otpEntityFactory,
  341.         UserEntityFactory   $userEntityFactory,
  342.         RegUserDTOFactory   $userDTOFactory,
  343.         TranslatorInterface $translator,
  344.         InfobipSmsSender    $infobipSmsSender,
  345.         AuthService $authService
  346.     ): JsonResponse
  347.     {
  349.         $data $request->request->all();
  350.         $phone substr(preg_replace('~[^0-9]+~'''$data[AuthDataKeys::EMAIL]), -10);
  352.         if ($request->request->get('loginPhone') == 'false') {
  353.             $email $request->request->get('email');
  354.             $userAuth $DTOFactory->getUserByEmail($email);
  355.         } else {
  356.             $userAuth $DTOFactory->getUserByPhone($phone);
  357.         }
  358.         $requestId $request->get('requestId');
  360.         if (!$userAuth && $requestId) {
  361.             $RegisterRequest $this->em->getRepository(RegisterRequest::class)->find($requestId);
  362.             if (!$RegisterRequest) {
  363.                 return new JsonResponse(['success' => false'error' => $translator->trans('auth.error', [], 'loyality')]);
  364.             }
  365.             $requestData json_decode($RegisterRequest->getRequest());
  366.             $requestEmail $requestData->email;
  367.             if (($phone != '' && $RegisterRequest->getPhone() != $phone) || ($email && $requestEmail != $email)) {
  368.                 return new JsonResponse(['success' => false'error' => $translator->trans('auth.error', [], 'loyality')]);
  369.             }
  371.             $em $this->em;
  372.             $dataRegister json_decode($RegisterRequest->getRequest(), true);
  373.             $userRegDTO $userDTOFactory->createDefaultAuthDTO($dataRegister);
  374.             $user $userEntityFactory->createUser($userRegDTO);
  375.             $user->setIsLoyalty(UserEntityFactory::LOYALTY_STATUS_DEFAULT);
  376.             $user->setEnabled(UserEntityFactory::ENABLED_STATUS);
  377.             $user->setRegistrationConfirm(UserEntityFactory::REGISTRATION_STATUS_CONFIRMED);
  378.             $user->setConfirmedPhone(UserEntityFactory::REGISTRATION_STATUS_CONFIRMED);
  379.             //TODO move to some config
  380.             if (!$user->hasRole('ROLE_LOYALTY_USER')) {
  381.                 $user->addRole('ROLE_LOYALTY_USER');
  382.             }
  383.             if (!$user->getPhone()) {
  384.                 $user->setPhone($phone);
  385.             }
  386.             $RegisterRequest->setIsComplete(1);
  387.             $RegisterRequest->setUser($user);
  388.             $em->persist($user);
  389.             $em->persist($RegisterRequest);
  390.             $em->flush();
  392.             $this->userModel->pushReferrer($request$userUser::UTM_REGISTRATION);
  393.         }
  394.         $translator->setLocale($request->getLocale());
  395.         if ($request->request->has('locale')) {
  396.             $translator->setLocale($request->get('locale'));
  397.         }
  399.         try {
  400.             $validator->validateGetCodeData($data);
  401.             $authDTO $DTOFactory->createWithLoginPropertyOnly($data);
  402.         } catch (DataNotValidException $e) {
  403.             $logger->error($e->getMessage(), $data);
  404.             return new JsonResponse([
  405.                 'success' => false,
  406.                 'field' => 'other',
  407.                 'error' => $translator->trans('auth.error', [], 'loyality'),
  408.             ]);
  409.         } catch (UserNotFoundException $e) {
  410.             $logger->critical($e->getMessage(), $data);
  411.             return new JsonResponse([
  412.                 'success' => false,
  413.                 'field' => 'other',
  414.                 'error' => $translator->trans('auth.user_not_found', [], 'loyality'),
  415.             ]);
  416.         }
  417.         $em $this->em;
  419.         if (!$this->checkAttemptLogin($authDTO->user$em$authDTO->login$authService)) {
  420.             return new JsonResponse([
  421.                 'success' => false,
  422.                 'field' => 'other',
  423.                 'error' => $translator->trans('auth.access_denied', [], 'loyality'),
  424.             ]);
  425.         }
  427.         $codes $em->getRepository(Otp::class)
  428.             ->findBy(['user' => $authDTO->user'state' => RegistrationStatusEnums::CREATED_STATE]);
  429. // todo remove when realise what this number are
  431.         $now = new DateTime();
  432.         foreach ($codes as $code) {
  433.             //TODO move to config
  434.             if ($code->getDateCreate()->modify('+15 minutes') <= $now) {
  435.                 /** @var Otp $code */
  436.                 $code->setState(RegistrationStatusEnums::OUTDATED_STATE);
  437. //$code->setState(3); todo remove when realise what this number are
  438.                 $em->persist($code);
  439.                 $em->flush();
  440.                 continue;
  441.             }
  442.             $code->setState(RegistrationStatusEnums::USED_STATE);
  443. //$code->setState(4); todo remove when realise what this number are
  444.             $em->persist($code);
  445.             $em->flush();
  446.         }
  448.         $resendCount 0;
  449.         foreach ($codes as $code) {
  450.             if ($code->getDateCreate()->modify('+30 minutes') >= $now) {
  451.                 $resendCount++;
  452.             }
  453.         }
  455.         if ($resendCount RegistrationStatusEnums::MAX_AUTH_ATTEMPT) {
  456.             return new JsonResponse([
  457.                 'success' => false,
  458.                 'field' => 'other',
  459.                 'error' => $translator->trans('auth.try_again_later', [], 'loyality')
  460.             ]);
  461.         }
  462.         $otpEntity $otpEntityFactory->createOtp($authDTO->user);
  463.         $authDTO->user->setOtp($otpEntity->getCode());
  464.         $authDTO->user->setOtpExpDate((new DateTime())->modify('+1 hour'));
  465.         $em->persist($otpEntity);
  466.         $em->persist($authDTO->user);
  467.         $em->flush();
  469.         if ($authDTO->user->getPhone() == null || strlen($authDTO->user->getPhone()) < User::MIN_LENGTH_PHONE) {
  470.             $message $translator->trans(
  471.                 'auth.phone_send_error',
  472.                 ['%phone%' => $this->getSecurePhone($authDTO->user->getPhone())],
  473.                 'loyality'
  474.             );
  475.             return new JsonResponse([
  476.                 'success' => false,
  477.                 'field' => 'brokenPhone',
  478.                 'error' => $message,
  479.             ]);
  480.         }
  482.         $infobipSmsSender->sendSms(
  483.             $authDTO->user->getPhone(),
  484.             $translator->trans('auth.your_auth_code', ['%code%' => $otpEntity->getCode()], 'loyality')
  485.         );
  487.         return new JsonResponse([
  488.             'success' => true,
  489.             'phone' => $authDTO->user->getPhone(),
  490.             'message' => $translator->trans(
  491.                 'auth.sending_to_phone_succeed',
  492.                 ['%phone%' => $this->getSecurePhone($authDTO->user->getPhone())],
  493.                 'loyality'
  494.             ),
  495.             'code' => $otpEntity->getId(),
  496.         ]);
  497.     }
  499.     public function resendRegistrationCode(Request             $requestOtpEntityFactory $otpEntityFactory,
  500.                                            TranslatorInterface $translatorInfobipSmsSender $infobipSmsSender): JsonResponse
  501.     {
  502.         $translator->setLocale($request->getLocale());
  503.         if ($request->request->has('locale')) {
  504.             $translator->setLocale($request->get('locale'));
  505.         }
  506.         $data $request->request->all();
  507.         $requestId $data['requestId'];
  508.         $RegisterRequest $this->em->getRepository(RegisterRequest::class)->find($requestId);
  510.         //TODO move to config or service
  511.         $phone substr(preg_replace('~[^0-9]+~'''$data['phone']), -10);
  512.         if (!$RegisterRequest || $RegisterRequest->getPhone() != $phone) {
  513.             return new JsonResponse([
  514.                 'success' => false,
  515.                 'field' => 'other',
  516.                 'error' => $translator->trans('auth.error', [], 'loyality'),
  517.             ]);
  518.         }
  521.         $em $this->em;
  522.         $codes $em->getRepository(Otp::class)
  523.             ->findBy(['request' => $RegisterRequest'state' => RegistrationStatusEnums::CREATED_STATE]);
  524.         $now = new DateTime();
  525.         foreach ($codes as $code) {
  526.             /** @var Otp $code */
  527.             //TODO move to config
  528.             if ($code->getDateCreate()->modify('+15 minutes') <= $now) {
  529.                 $code->setState(RegistrationStatusEnums::OUTDATED_STATE);
  530.                 $em->persist($code);
  531.                 $em->flush();
  532.                 continue;
  533.             }
  534.             $code->setState(RegistrationStatusEnums::USED_STATE);
  536.             $em->persist($code);
  537.             $em->flush();
  538.         }
  540.         $resendCount 0;
  541.         foreach ($codes as $code) {
  542.             if ($code->getDateCreate()->modify('+30 minutes') >= $now) {
  543.                 $resendCount++;
  544.             }
  545.         }
  547.         if ($resendCount RegistrationStatusEnums::MAX_AUTH_ATTEMPT) {
  548.             return new JsonResponse([
  549.                 'success' => false,
  550.                 'field' => 'other',
  551.                 'error' => $translator->trans('auth.try_again_later', [], 'loyality')
  552.             ]);
  553.         }
  554.         $otpEntity $otpEntityFactory->createOtpByRequest($RegisterRequest);
  555.         $RegisterRequest->setOtp($otpEntity->getCode());
  556.         $RegisterRequest->setOtpExpDate((new DateTime())->modify('+1 hour'));
  557.         $em->persist($otpEntity);
  558.         $em->persist($RegisterRequest);
  559.         $em->flush();
  561.         $infobipSmsSender->sendSms(
  562.             $RegisterRequest->getPhone(),
  563.             $translator->trans('auth.your_auth_code', ['%code%' => $otpEntity->getCode()], 'loyality')
  564.         );
  566.         return new JsonResponse([
  567.             'success' => true,
  568.             'phone' => $RegisterRequest->getPhone(),
  569.             'message' => $translator->trans(
  570.                 'auth.sending_to_phone_succeed',
  571.                 ['%phone%' => $this->getSecurePhone($RegisterRequest->getPhone())],
  572.                 'loyality'
  573.             ),
  574.             'code' => $otpEntity->getId(),
  575.         ]);
  576.     }
  578.     public function confirmRegistration(
  579.         Request             $request,
  580.         UserEntityFactory   $userEntityFactory,
  581.         RegUserDTOFactory   $userDTOFactory,
  582.         TranslatorInterface $translator,
  583.         AuthService $authService
  584.     ): JsonResponse
  585.     {
  586.         $requestId $request->get('requestId');
  587.         $code $request->get('code');
  588.         $phone $request->get('phone');
  589.         //TODO move to config or service
  590.         $phone substr(preg_replace('~[^0-9]+~'''$phone), -10);
  591.         $RegisterRequest $this->em->getRepository(RegisterRequest::class)->find($requestId);
  592.         if (!$RegisterRequest || $RegisterRequest->getPhone() != $phone) {
  593.             return new JsonResponse(['success' => false'error' => $translator->trans('auth.error', [], 'loyality')]);
  594.         }
  595.         $em $this->em;
  596.         if ($RegisterRequest->getOtp() == $code && $RegisterRequest->getOtpExpDate() > (new DateTime)) {
  597.             $data json_decode($RegisterRequest->getRequest(), true);
  598.             $userRegDTO $userDTOFactory->createDefaultAuthDTO($data);
  599.             $user $userEntityFactory->createUser($userRegDTO);
  600.             $user->setIsLoyalty(UserEntityFactory::LOYALTY_STATUS_DEFAULT);
  601.             $user->setEnabled(UserEntityFactory::ENABLED_STATUS);
  602.             $user->setRegistrationConfirm(UserEntityFactory::REGISTRATION_STATUS_CONFIRMED);
  603.             $user->setConfirmedPhone(UserEntityFactory::REGISTRATION_STATUS_CONFIRMED);
  604.             //TODO move to some config
  605.             if (!$user->hasRole('ROLE_LOYALTY_USER')) {
  606.                 $user->addRole('ROLE_LOYALTY_USER');
  607.             }
  608.             if (!$user->getPhone()) {
  609.                 $user->setPhone($phone);
  610.             }
  611.             $RegisterRequest->setIsComplete(1);
  612.             $RegisterRequest->setUser($user);
  613.             $em->persist($user);
  614.             $em->persist($RegisterRequest);
  615.             $em->flush();
  617.             $this->userModel->pushReferrer($request$userUser::UTM_REGISTRATION);
  619.             return $authService->loginUser($user);
  620.         }
  621.         return new JsonResponse(['success' => false'error' => 'Не вiрний код']);
  622.     }
  624.     public function referralRegister(
  625.         Request                     $request,
  626.         OtpCodeGenerator            $codeGenerator,
  627.         StringGenerator             $stringGenerator,
  628.         TranslatorInterface         $translator,
  629.         UserPasswordHasherInterface $encoder,
  630.         InfobipSmsSender            $infobipSmsSender
  631.     ): JsonResponse
  632.     {
  633.         $translator->setLocale($request->getLocale());
  634.         if ($request->request->has('locale')) {
  635.             $translator->setLocale($request->get('locale'));
  636.         }
  637.         $email $request->get('email');
  638.         $password $stringGenerator->generateUpperCaseAndNumbers();
  639.         $phone $request->get('phone');
  640.         $users $this->em->getRepository(User::class);
  641.         if ($users->checkRegisteredUsersByParams(['email' => $email])) {
  642.             return new JsonResponse([
  643.                 'success' => false,
  644.                 'error' => $translator->trans('register.email_already_in_use', [], 'loyality'),
  645.             ]);
  646.         }
  647.         $user $users->findByPhoneOrCardNum($phone);
  648.         if (!$user) {
  649.             return new JsonResponse([
  650.                 'success' => false,
  651.                 'error' => $translator->trans('register.user_register_problem', [], 'loyality'),
  652.             ]);
  653.         }
  654.         /** @var User $user */
  655.         $referrerUser $this->em
  656.             ->getRepository(UserReferral::class)->findOneBy(['user_id' => $user->getId()]);
  657.         $em $this->em;
  659.         if ($user && $user->getRegistrationConfirm()) {
  660.             return new JsonResponse([
  661.                 'success' => false,
  662.                 'error' => $translator->trans('register.user_already_register', [], 'loyality'),
  663.             ]);
  664.         }
  665.         $otp $codeGenerator->generate();
  666.         $user->setRegistrationConfirm(UserEntityFactory::REGISTRATION_STATUS_DEFAULT);
  667.         $user->setEmail($email);
  668.         $user->setEnabled(UserEntityFactory::ENABLED_STATUS);
  669.         $user->setIsLoyalty(UserEntityFactory::LOYALTY_STATUS_DEFAULT);
  670.         $user->setUsername($email);
  671.         $user->setEmailCanonical($email);
  672.         $user->setPassword($encoder->hashPassword($user$password));
  673.         $user->setOtp($otp);
  674.         //TODO move to some config
  675.         $user->setOtpExpDate((new DateTime())->modify('+1 hour'));
  676.         $user->setReferrer($referrerUser->getPromoCode());
  677.         $user->setConfirmPhoneCod($otp);
  678.         $em->persist($user);
  679.         try {
  680.             $em->flush();
  681.         } catch (UniqueConstraintViolationException $ex) {
  682.             return new JsonResponse([
  683.                 'success' => false,
  684.                 'error' => $translator->trans('register.main_problem', [], 'loyality'),
  685.             ]);
  686.         }
  687.         $infobipSmsSender->sendSms(
  688.             $phone,
  689.             $translator->trans('register.your_code_for_registration', ['%code%' => $otp], 'loyality')
  690.         );
  691.         return new JsonResponse([
  692.             'success' => true,
  693.             'message' => $translator->trans(
  694.                 'auth.sending_to_phone_succeed',
  695.                 ['%phone%' => $this->getSecurePhone($phone)],
  696.                 'loyality'
  697.             ),
  698.         ]);
  699.     }
  701.     public function referralRegisterConfirm(Request $requestAuthService $authService): JsonResponse
  702.     {
  703.         $code $request->get('code');
  704.         $phone $request->get('phone');
  705.         $em $this->em;
  706.         /** @var User $user */
  707.         if (!($user $this->em->getRepository(User::class)->findByPhoneOrCardNum($phone))) {
  708.             //TODO translate this
  709.             return new JsonResponse(
  710.                 [
  711.                     'success' => false,
  712.                     'error' => 'Користувача не знайдено, зверніться до адміністратора'
  713.                 ]
  714.             );
  715.         }
  717.         $ReferralUser $this->em->getRepository(UserReferral::class)
  718.             ->findOneBy(['user_id' => $user->getId(), 'promo_code' => $user->getReferrer()]);
  719.         if (!$ReferralUser) {
  720.             //TODO translate this
  721.             return new JsonResponse(
  722.                 [
  723.                     'success' => false,
  724.                     'error' => 'Користувача не знайдено, зверніться до адміністратора'
  725.                 ]
  726.             );
  727.         }
  728.         $ReferralUser->setStatus(UserReferral::STATUS_REGISTERED);
  729.         $em->persist($ReferralUser);
  730.         $em->flush();
  731.         if ($user->getOtp() == $code && $user->getOtpExpDate() > (new DateTime)) {
  732.             $user->setIsLoyalty(1);
  733.             $user->setEnabled(1);
  734.             $user->setRegistrationConfirm(1);
  735.             $user->setConfirmedPhone(1);
  736.             //TODO move to some config
  737.             if (!$user->hasRole('ROLE_LOYALTY_USER')) {
  738.                 $user->addRole('ROLE_LOYALTY_USER');
  739.             }
  740.             if (!$user->getPhone()) {
  741.                 $user->setPhone($phone);
  742.             }
  743.             $em->persist($user);
  744.             $em->flush();
  746.             $this->userModel->pushReferrer($request$userUser::UTM_REGISTRATION);
  748.             return $authService->loginUser($user);
  749.         }
  750.         return new JsonResponse(['success' => false'error' => 'Не вірний код']);
  751.     }
  753.     public function recoveryConfirmCode(Request $request): JsonResponse
  754.     {
  755.         $codeId $request->get('code');
  756.         $userCode $request->get('userCode');
  758.         $user null;
  759.         $login $request->get('email');
  760.         if ($request->get('loginPhone') === 'true') {
  761.             $login $this->preparePhone($login);
  762.             $user $this->em
  763.                 ->getRepository(User::class)
  764.                 ->findByPhoneOrCardNum($loginnullnull);
  765.         } else {
  766.             $user $this->em
  767.                 ->getRepository(User::class)
  768.                 ->findByPhoneOrCardNum(nullnull$login);
  769.         }
  771.         $userData null;
  772.         //TODO translate this
  773.         if (!$user) {
  774.             return new JsonResponse([
  775.                 'success' => false,
  776.                 'error' => 'Користувача з таким email та паролем не знайдено',
  777.             ]);
  778.         } else {
  779.             $userData $this->em->getRepository(User::class)->find($user);
  780.         }
  782.         $em $this->em;
  783.         $code $em->getRepository(Otp::class)->find($codeId);
  785.         if (!$code || $code->getUser() != $user) {
  786.             //TODO translate this
  787.             return new JsonResponse([
  788.                 'success' => false,
  789.                 'error' => 'Ваш код прострочений, будь ласка, отримаєте новий код'
  790.             ]);
  791.         }
  793.         if ($userCode != $code->getCode() || $userCode != $userData->getOtp()) {
  794.             //TODO translate this
  795.             return new JsonResponse([
  796.                 'success' => false,
  797.                 'error' => 'Невірний код'
  798.             ]);
  799.         }
  801.         if ($userData->getOtpExpDate() < (new DateTime)) {
  802.             //TODO translate this
  803.             return new JsonResponse([
  804.                 'success' => false,
  805.                 'error' => 'Термін дії коду закінчився. Вам необхідно запросити новий код відновлення',
  806.             ]);
  807.         }
  808.         return new JsonResponse(['success' => true]);
  809.     }
  811.     public function codeLogin(Request $requestTranslatorInterface $translatorAuthService $authService): JsonResponse
  812.     {
  813.         $translator->setLocale($request->getLocale());
  814.         if ($request->request->has('locale')) {
  815.             $translator->setLocale($request->get('locale'));
  816.         }
  818.         $user $this->getUser();
  820.         if ($user) {
  821.             $authService->logoutUser($user);
  822.         }
  824.         return $authService->verifyAuthUser();
  825.     }
  827.     public function codeLoginNewPhone(Request $requestTranslatorInterface $translatorAuthService $authService): JsonResponse
  828.     {
  829.         $translator->setLocale($request->getLocale());
  830.         if ($request->request->has('locale')) {
  831.             $translator->setLocale($request->get('locale'));
  832.         }
  834.         $user $this->getUser();
  836.         if ($user) {
  837.             $authService->logoutUser($user);
  838.         }
  840.         return $authService->verifyAuthNewPhoneUser();
  841.     }
  843.     public function getCodeRecovery(Request $requestTranslatorInterface $translatorInfobipSmsSender $infobipSmsSender): JsonResponse
  844.     {
  845.         $translator->setLocale($request->getLocale());
  846.         if ($request->request->has('locale')) {
  847.             $translator->setLocale($request->get('locale'));
  848.         }
  850.         $user null;
  851.         $login $request->get('email');
  852.         if ($request->get('loginPhone') === 'true') {
  853.             $login $this->preparePhone($login);
  854.             $user $this->em
  855.                 ->getRepository(User::class)
  856.                 ->findByPhoneOrCardNum($loginnullnull);
  857.         } else {
  858.             $user $this->em
  859.                 ->getRepository(User::class)
  860.                 ->findByPhoneOrCardNum(nullnull$login);
  861.         }
  863.         $userData null;
  864.         if (!$user) {
  865.             return new JsonResponse([
  866.                 'success' => false,
  867.                 'error' => $translator->trans('recovery.user_not_found', [], 'loyality')
  868.             ]);
  869.         } else {
  870.             //WTF??
  871.             $userData $this->em->getRepository(User::class)->find($user);
  872.         }
  874.         $em $this->em;
  875.         $codes =
  876.             $em->getRepository(Otp::class)
  877.                 ->findBy(['user' => $user'state' => RegistrationStatusEnums::CREATED_STATE]);
  878.         foreach ($codes as $code) {
  879.             $now = new DateTime();
  880.             if ($code->getDateCreate()->modify('+15 minutes') <= $now) {
  881. //                $code->setState(3);
  882.                 $code->setState(RegistrationStatusEnums::OUTDATED_STATE);
  883.                 $em->persist($code);
  884.                 continue;
  885.             }
  886. //            $code->setState(4);
  887.             $code->setState(RegistrationStatusEnums::USED_STATE);
  888.             $em->persist($code);
  889.         }
  890.         $em->flush();
  892.         $resendCount 0;
  893.         foreach ($codes as $code) {
  894.             $now = new DateTime();
  895.             //TODO move to some config
  896.             if ($code->getDateCreate()->modify('+30 minutes') >= $now) {
  897.                 $resendCount++;
  898.             }
  899.         }
  900.         //TODO move to some config
  901.         if ($resendCount RegistrationStatusEnums::MAX_AUTH_ATTEMPT) {
  902.             //TODO translate this
  903.             return new JsonResponse([
  904.                 'success' => false,
  905.                 'field' => 'other',
  906.                 'error' => $translator->trans('auth.try_again_later', [], 'loyality')
  907.             ]);
  908.         }
  909.         //TODO move to some config or use service
  910.         $otpRandCode random_int(111111999999);
  911.         $userData->setOtp($otpRandCode);
  912.         $userData->setOtpExpDate((new DateTime())->modify('+1 hour'));
  913.         $em->persist($userData);
  914.         $em->flush();
  915.         $otpEntity = new Otp();
  916.         $otpEntity->setCode($otpRandCode);
  917.         $otpEntity->setState(RegistrationStatusEnums::CREATED_STATE);
  918.         $otpEntity->setDateCreate(new DateTime());
  919.         $otpEntity->setUser($user);
  920.         $otpEntity->setPhone($userData->getPhone());
  921.         $em->persist($otpEntity);
  922.         $em->flush();
  923.         //TODO translate this
  924.         $infobipSmsSender->sendSms($userData->getPhone(), 'Ваш код для відновлення: ' $otpEntity->getCode());
  925.         //TODO translate this
  926.         $message =
  927.             'Ми відправили вам за номером телефону ' .
  928.             $this->getSecurePhone($userData->getPhone()) .
  929.             ' або в viber тимчасовий пароль';
  931.         return new JsonResponse([
  932.             'success' => true,
  933.             'message' => $message,
  934.             'code' => $otpEntity->getId()
  935.         ]);
  936.     }
  938.     public function setRecoveryPassword(Request                     $requestTranslatorInterface $translator,
  939.                                         UserPasswordHasherInterface $encoderAuthService $authService): JsonResponse
  940.     {
  941.         $recoveryPassword $request->get('recoveryPassword');
  942.         $codeId $request->get('code');
  943.         $userCode $request->get('userCode');
  945.         $user null;
  946.         $login $request->get('email');
  947.         if ($request->get('loginPhone') === 'true') {
  948.             $login $this->preparePhone($login);
  949.             $user $this->em
  950.                 ->getRepository(User::class)
  951.                 ->findByPhoneOrCardNum($loginnullnull);
  952.         } else {
  953.             $user $this->em
  954.                 ->getRepository(User::class)
  955.                 ->findByPhoneOrCardNum(nullnull$login);
  956.         }
  958.         if (!$user) {
  959.             return new JsonResponse(['success' => false'error' => 'Виникла помилка']);
  960.         }
  961.         $userData $this->em->getRepository(User::class)->find($user);
  962.         $em $this->em;
  963.         $code $em->getRepository(Otp::class)->find($codeId);
  965.         if (!$code || $code->getUser() != $user) {
  966.             return new JsonResponse([
  967.                 'success' => false,
  968.                 'error' => $translator->trans('auth.error_old_code', [], 'loyality'),
  969.             ]);
  970.         }
  972.         if ($userCode != $code->getCode() || $userCode != $userData->getOtp()) {
  973.             return new JsonResponse([
  974.                 'success' => false,
  975.                 'error' => $translator->trans('auth.error_code', [], 'loyality'),
  976.             ]);
  977.         }
  979.         if ($userData->getOtpExpDate() < (new DateTime)) {
  980.             return new JsonResponse([
  981.                 'success' => false,
  982.                 'error' => $translator->trans('auth.error_old_code', [], 'loyality'),
  983.             ]);
  984.         }
  986.         $userData->setPassword($encoder->hashPassword($user$recoveryPassword));
  987.         $em->persist($userData);
  988.         $em->flush();
  990.         return $authService->loginUser($user);
  991.     }
  993.     public function sendRecoverEmail(Request $requestRouterInterface $router): JsonResponse
  994.     {
  995.         $email $request->request->get('email');
  996.         $userModel $this->userModel;
  997.         if (!$userModel->initByEmail($email)) {
  998.             $regUrl $router->generate('my_register_page');
  999.             return $this->errorResponce('Користувача з таким E-mail не знайдено. <br>' .
  1000.                 'Перевірте адресу або <a href="' $regUrl '" class="upper-reg">зареєструйтесь</a>.');
  1001.         }
  1002.         $userModel->sendRestoreEmail();
  1003.         return new JsonResponse(['success' => true]);
  1004.     }
  1006.     public function checkUser()
  1007.     {
  1008.         return $this->baseMyRender('@My/Auth/aith-iframe.html.twig');
  1009.     }
  1011.     public function crossDomainAuth(): JsonResponse
  1012.     {
  1013.         $User $this->getUser();
  1015.         if (
  1016.             !$User ||
  1017.             !(
  1018.                 //TODO remove to som config path
  1019.                 $User->hasRole('ROLE_LOYALTY_USER') ||
  1020.                 $User->hasRole('ROLE_SUPER_ADMIN') ||
  1021.                 $User->hasRole('ROLE_DC_MANAGER') ||
  1022.                 $User->hasRole('ROLE_CONTENT_MANAGER')
  1023.             )
  1024.         ) {
  1025.             $Response = new JsonResponse([
  1026.                 'token' => false
  1027.             ]);
  1028.             return $Response;
  1029.         }
  1030.         //TODO remove to som config path
  1031.         $token md5(time() . 'myvidisaltD@##@$GFQSF' $User->getId());
  1032.         $AuthToken = new CrossDomainAuthToken();
  1033.         $AuthToken->setDateCreate(new DateTime());
  1034.         $AuthToken->setToken($token);
  1035.         $AuthToken->setUser($User);
  1036.         $this->em->persist($AuthToken);
  1037.         $this->em->flush();
  1038.         $Response = new JsonResponse([
  1039.             'token' => $token
  1040.         ]);
  1042.         return $Response;
  1043.     }
  1045.     public function getCodeChangePhone(Request             $requestOtpEntityFactory $otpEntityFactory,
  1046.                                        TranslatorInterface $translatorMailerInterface $mailer): JsonResponse
  1047.     {
  1048.         $translator->setLocale($request->getLocale());
  1049.         if ($request->request->has('locale')) {
  1050.             $translator->setLocale($request->get('locale'));
  1051.         }
  1052.         $email $request->get('email');
  1053.         $user $this->em
  1054.             ->getRepository(User::class)
  1055.             ->findByPhoneOrCardNum(nullnull$email);
  1056.         if (!$user) {
  1057.             return new JsonResponse([
  1058.                 'success' => false,
  1059.                 'field' => 'email',
  1060.                 'error' => $translator->trans('change_phone.user_not_found', [], 'loyality')
  1061.             ]);
  1062.         }
  1063.         $codes $this->em->getRepository(Otp::class)
  1064.             ->findBy(['user' => $user'state' => RegistrationStatusEnums::CREATED_STATE]);
  1065.         foreach ($codes as $code) {
  1066.             $now = new DateTime();
  1067.             if ($code->getDateCreate()->modify('+15 minutes') <= $now) {
  1068.                 $code->setState(RegistrationStatusEnums::OUTDATED_STATE);
  1069.                 $this->em->persist($code);
  1070.                 continue;
  1071.             }
  1072.             $code->setState(RegistrationStatusEnums::USED_STATE);
  1073.             $this->em->persist($code);
  1074.         }
  1075.         $this->em->flush();
  1077.         $resendCount 0;
  1078.         foreach ($codes as $code) {
  1079.             $now = new DateTime();
  1080.             if ($code->getDateCreate()->modify('+30 minutes') >= $now) {
  1081.                 $resendCount++;
  1082.             }
  1083.         }
  1085.         if ($resendCount RegistrationStatusEnums::MAX_AUTH_ATTEMPT) {
  1086.             return new JsonResponse([
  1087.                 'success' => false,
  1088.                 'field' => 'other',
  1089.                 'error' => $translator->trans('auth.try_again_later', [], 'loyality')
  1090.             ]);
  1091.         }
  1092.         $otpEntity $otpEntityFactory->createOtp($user);
  1093.         $user->setOtp($otpEntity->getCode());
  1094.         $user->setOtpExpDate((new DateTime())->modify('+1 hour'));
  1095.         $this->em->persist($otpEntity);
  1096.         $this->em->persist($user);
  1097.         $this->em->flush();
  1099.         $mailMessage $translator->trans('change_phone.mail_message', [], 'loyality');
  1100.         $mailBody $this->twig->render('@My/Mail/change_phone_email.html.twig', [
  1101.             'user' => $user,
  1102.             'message' => $mailMessage
  1103.         ]);
  1105.         $message = (new Email())
  1106.             ->subject($translator->trans('change_phone.mail_subject', [], 'loyality'))
  1107.             ->from(new Address('info@vidi.ua'$translator->trans('change_phone.mail_name_from', [], 'loyality')))
  1108.             ->html($mailBody)
  1109.             ->to($email);
  1110.         $mailer->send($message);
  1112.         return new JsonResponse([
  1113.             'success' => true,
  1114.             'message' => $translator->trans(
  1115.                 'change_phone.email_sending_to',
  1116.                 ['%email%' => $user->getEmail()],
  1117.                 'loyality'
  1118.             ),
  1119.             'code' => $otpEntity->getId()
  1120.         ]);
  1121.     }
  1123.     public function setNewPhone(
  1124.         Request             $request,
  1125.         OtpEntityFactory    $otpEntityFactory,
  1126.         AuthDataValidator   $validator,
  1127.         LoggerInterface     $logger,
  1128.         AuthCodeDTOFactory  $DTOFactory,
  1129.         TranslatorInterface $translator,
  1130.         InfobipSmsSender    $infobipSmsSender
  1131.     ): JsonResponse
  1132.     {
  1133.         $translator->setLocale($request->getLocale());
  1134.         if ($request->request->has('locale')) {
  1135.             $translator->setLocale($request->get('locale'));
  1136.         }
  1137.         $code $request->get('userCode');
  1138.         $data $request->request->all();
  1139.         try {
  1140.             $validator->validateForSetNewPhone($data);
  1141.             $authDTO $DTOFactory->createWithEmailAndPhoneProperties($data);
  1142.         } catch (DataNotValidException|UserNotFoundException $e) {
  1143.             $logger->error('auth.error'$data);
  1144.             return new JsonResponse([
  1145.                 'success' => false,
  1146.                 'error' => $translator->trans('auth.error', [], 'loyality')
  1147.             ]);
  1148.         }
  1149.         if ($authDTO->user->getOtp() != $code || $authDTO->user->getOtpExpDate() < (new DateTime)) {
  1150.             return new JsonResponse([
  1151.                 'success' => false,
  1152.                 'field' => 'code',
  1153.                 'error' => $translator->trans('auth.error_code', [], 'loyality'),
  1154.             ]);
  1155.         }
  1157.         if (
  1158.             $this->em
  1159.                 ->getRepository(User::class)
  1160.                 ->findByPhoneOrCardNum($authDTO->phonenullnull)
  1161.         ) {
  1162.             return new JsonResponse([
  1163.                 'success' => false,
  1164.                 'field' => 'phone',
  1165.                 'error' => $translator->trans('change_phone.not_unique_phone', [], 'loyality'),
  1166.             ]);
  1167.         }
  1168.         //set new phone to user
  1169.         $authDTO->user->setPhoneNew($authDTO->phone);
  1171.         $em $this->em;
  1172.         $usedOtp $em->getRepository(Otp::class)->findOneBy(['user' => $authDTO->user], ['id' => 'DESC']);
  1173.         //outdated current otp to avoid user block
  1174.         $usedOtp->setState(RegistrationStatusEnums::OUTDATED_STATE);
  1175.         //new OTP for sending to new user phone
  1176.         $otpEntity $otpEntityFactory->createOtpPhoneNew($authDTO->user);
  1177.         $authDTO->user->setOtp($otpEntity->getCode());
  1178.         $authDTO->user->setOtpExpDate((new DateTime())->modify('+1 hour'));
  1179.         $em->persist($usedOtp);
  1180.         $em->persist($authDTO->user);
  1181.         $em->persist($otpEntity);
  1182.         $em->flush();
  1183.         $infobipSmsSender->sendSms(
  1184.             $authDTO->user->getPhoneNew(),
  1185.             $translator->trans('auth.your_auth_code', ['%code%' => $otpEntity->getCode()], 'loyality')
  1186.         );
  1188.         return new JsonResponse([
  1189.             'success' => true,
  1190.             'code' => $otpEntity->getId(),
  1191.             'email' => $authDTO->user->getEmail(),
  1192.         ]);
  1193.     }
  1195.     private function preparePhone($phone)
  1196.     {
  1197.         return substr(preg_replace('~[^0-9]+~'''$phone), -10);
  1198.     }
  1200.     private function checkAttemptLogin(User $userEntityManagerInterface $em$loginAuthService $authService): bool
  1201.     {
  1202.         $lastAttempt $em->getRepository(AttemptLogin::class)
  1203.             ->findOneBy(['user' => $user], ['id' => 'DESC']);
  1204.         if ($lastAttempt && $lastAttempt->getState()) {
  1205.             $dateBlocked $lastAttempt->getCreatedAt()->modify('5 minutes');
  1206.             if ($dateBlocked->getTimestamp() < (new DateTime)->getTimestamp()) {
  1207.                 $authService->clearHistoryAttemptLogin($user);
  1208.             }
  1209.         }
  1210.         $attempts $em->getRepository(AttemptLogin::class)
  1211.             ->findBy(['user' => $user]);
  1212.         if (count($attempts) < RegistrationStatusEnums::MAX_AUTH_ATTEMPT_BEFORE_BLOCK) {
  1213.             $attemptLogin = new AttemptLogin();
  1214.             $attemptLogin->setCreatedAt(new DateTime());
  1215.             $attemptLogin->setLogin($login);
  1216.             $attemptLogin->setState(RegistrationStatusEnums::CREATED_STATE);
  1217.             $attemptLogin->setUser($user);
  1218.             $em->persist($attemptLogin);
  1219.             $em->flush();
  1220.             return true;
  1221.         }
  1223.         $lastAttempt->setState(RegistrationStatusEnums::ACTIVE_STATE);
  1224.         $em->persist($lastAttempt);
  1225.         $em->flush();
  1226.         return false;
  1227.     }
  1229.     private function errorResponce($errors): JsonResponse
  1230.     {
  1231.         return new JsonResponse(['success' => false'errors' => $errors]);
  1232.     }
  1234.     private function getSecurePhone($phone): string
  1235.     {
  1236.         //TODO move to config or service
  1237.         return '+380...' mb_substr($phone, -46);
  1238.     }
  1239. }