From 5709ecb36809fb009446a11a758232bbe8f264e4 Mon Sep 17 00:00:00 2001
From: Jeremy Benoist <jeremy.benoist@gmail.com>
Date: Tue, 30 May 2017 07:56:01 +0200
Subject: Re-use `NewUserType` to validate registration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The only ugly things is how we handle error by generating the view and then parse the content to retrieve all errors…

Fix exposition fields in User entity
---
 .../ApiBundle/Controller/UserRestController.php    | 119 ++++++++++++++-------
 1 file changed, 80 insertions(+), 39 deletions(-)

(limited to 'src/Wallabag/ApiBundle/Controller/UserRestController.php')

diff --git a/src/Wallabag/ApiBundle/Controller/UserRestController.php b/src/Wallabag/ApiBundle/Controller/UserRestController.php
index c5ffbdf1..a1b78e3f 100644
--- a/src/Wallabag/ApiBundle/Controller/UserRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/UserRestController.php
@@ -6,12 +6,14 @@ use FOS\UserBundle\Event\UserEvent;
 use FOS\UserBundle\FOSUserEvents;
 use JMS\Serializer\SerializationContext;
 use Nelmio\ApiDocBundle\Annotation\ApiDoc;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\JsonResponse;
+use Wallabag\UserBundle\Entity\User;
 
 class UserRestController extends WallabagRestController
 {
     /**
-     * Retrieve user informations
+     * Retrieve current logged in user informations.
      *
      * @ApiDoc()
      *
@@ -21,78 +23,117 @@ class UserRestController extends WallabagRestController
     {
         $this->validateAuthentication();
 
-        $serializationContext = SerializationContext::create()->setGroups(['user_api']);
-        $json = $this->get('serializer')->serialize($this->getUser(), 'json', $serializationContext);
-
-        return (new JsonResponse())->setJson($json);
+        return $this->sendUser($this->getUser());
     }
 
     /**
-     * Register an user
+     * Register an user.
      *
      * @ApiDoc(
      *      requirements={
      *          {"name"="username", "dataType"="string", "required"=true, "description"="The user's username"},
-     *          {"name"="password", "dataType"="string", "required"=true, "description"="The user's password"}
+     *          {"name"="password", "dataType"="string", "required"=true, "description"="The user's password"},
      *          {"name"="email", "dataType"="string", "required"=true, "description"="The user's email"}
      *      }
      * )
+     *
+     * @todo Make this method (or the whole API) accessible only through https
+     *
      * @return JsonResponse
      */
-    // TODO : Make this method (or the whole API) accessible only through https
-    public function putUserAction($username, $password, $email)
+    public function putUserAction(Request $request)
     {
         if (!$this->container->getParameter('fosuser_registration')) {
             $json = $this->get('serializer')->serialize(['error' => "Server doesn't allow registrations"], 'json');
+
             return (new JsonResponse())->setJson($json)->setStatusCode(403);
         }
 
-        if ($password === '') { // TODO : might be a good idea to enforce restrictions here
-            $json = $this->get('serializer')->serialize(['error' => 'Password is blank'], 'json');
-            return (new JsonResponse())->setJson($json)->setStatusCode(400);
-        }
+        $userManager = $this->get('fos_user.user_manager');
+        $user = $userManager->createUser();
+        // enable created user by default
+        $user->setEnabled(true);
 
+        $form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user, [
+            'csrf_protection' => false,
+        ]);
 
-        // TODO : Make only one call to database by using a custom repository method
-        if ($this->getDoctrine()
-            ->getRepository('WallabagUserBundle:User')
-            ->findOneByUserName($username)) {
-            $json = $this->get('serializer')->serialize(['error' => 'Username is already taken'], 'json');
-            return (new JsonResponse())->setJson($json)->setStatusCode(409);
-        }
+        // simulate form submission
+        $form->submit([
+            'username' => $request->request->get('username'),
+            'plainPassword' => [
+                'first' => $request->request->get('password'),
+                'second' => $request->request->get('password'),
+            ],
+            'email' => $request->request->get('email'),
+        ]);
 
-        if ($this->getDoctrine()
-            ->getRepository('WallabagUserBundle:User')
-            ->findOneByEmail($email)) {
-            $json = $this->get('serializer')->serialize(['error' => 'An account with this email already exists'], 'json');
-            return (new JsonResponse())->setJson($json)->setStatusCode(409);
-        }
+        if ($form->isSubmitted() && false === $form->isValid()) {
+            $view = $this->view($form, 400);
+            $view->setFormat('json');
 
-        $em = $this->get('doctrine.orm.entity_manager');
+            // handle errors in a more beautiful way than the default view
+            $data = json_decode($this->handleView($view)->getContent(), true)['children'];
+            $errors = [];
 
-        $userManager = $this->get('fos_user.user_manager');
-        $user = $userManager->createUser();
+            if (isset($data['username']['errors'])) {
+                $errors['username'] = $this->translateErrors($data['username']['errors']);
+            }
 
-        $user->setUsername($username);
+            if (isset($data['email']['errors'])) {
+                $errors['email'] = $this->translateErrors($data['email']['errors']);
+            }
 
-        $user->setPlainPassword($password);
+            if (isset($data['plainPassword']['children']['first']['errors'])) {
+                $errors['password'] = $this->translateErrors($data['plainPassword']['children']['first']['errors']);
+            }
 
-        $user->setEmail($email);
+            $json = $this->get('serializer')->serialize(['error' => $errors], 'json');
 
-        $user->setEnabled(true);
-        $user->addRole('ROLE_USER');
+            return (new JsonResponse())->setJson($json)->setStatusCode(400);
+        }
 
-        $em->persist($user);
+        $userManager->updateUser($user);
 
         // dispatch a created event so the associated config will be created
-        $event = new UserEvent($user);
+        $event = new UserEvent($user, $request);
         $this->get('event_dispatcher')->dispatch(FOSUserEvents::USER_CREATED, $event);
 
-        $serializationContext = SerializationContext::create()->setGroups(['user_api']);
-        $json = $this->get('serializer')->serialize($user, 'json', $serializationContext);
+        return $this->sendUser($user);
+    }
 
-        return (new JsonResponse())->setJson($json);
+    /**
+     * Send user response.
+     *
+     * @param User $user
+     *
+     * @return JsonResponse
+     */
+    private function sendUser(User $user)
+    {
+        $json = $this->get('serializer')->serialize(
+            $user,
+            'json',
+            SerializationContext::create()->setGroups(['user_api'])
+        );
 
+        return (new JsonResponse())->setJson($json);
     }
 
+    /**
+     * Translate errors message.
+     *
+     * @param array $errors
+     *
+     * @return array
+     */
+    private function translateErrors($errors)
+    {
+        $translatedErrors = [];
+        foreach ($errors as $error) {
+            $translatedErrors[] = $this->get('translator')->trans($error);
+        }
+
+        return $translatedErrors;
+    }
 }
-- 
cgit v1.2.3