src/Controller/DefaultController.php line 53

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Controller;
  5. use DateTime;
  6. use Doctrine\ORM\EntityManagerInterface;
  7. use Exception;
  8. use MedBrief\MSR\Controller\BaseController as Controller;
  9. use MedBrief\MSR\Entity\Analytics\AnalyticsReport;
  10. use MedBrief\MSR\Entity\Invitation;
  11. use MedBrief\MSR\Entity\Project;
  12. use MedBrief\MSR\Entity\RoleInvitation;
  13. use MedBrief\MSR\Entity\User;
  14. use MedBrief\MSR\Form\ChangePasswordFormType;
  15. use MedBrief\MSR\Form\Filter\MatterFilterType;
  16. use MedBrief\MSR\Form\Order\MatterOrderType;
  17. use MedBrief\MSR\Repository\ProjectRepository;
  18. use MedBrief\MSR\Repository\RoleInvitationRepository;
  19. use MedBrief\MSR\Repository\SystemNotificationRepository;
  20. use MedBrief\MSR\Service\Analytics\AnalyticsService;
  21. use MedBrief\MSR\Service\Analytics\Model\AnalyticsEmbeddedReport;
  22. use MedBrief\MSR\Service\DeviceDetectorService;
  23. use MedBrief\MSR\Service\EntityHelper\ProjectHelper;
  24. use MedBrief\MSR\Service\EntityHelper\UserHelper;
  25. use MedBrief\MSR\Service\LicenceRenewal\RenewalHelperService;
  26. use MedBrief\MSR\Service\ProjectMatch\MatchExpertUser;
  27. use MedBrief\MSR\Service\Role\RoleParserService;
  28. use MedBrief\MSR\Service\Security\GeneralSecurityService;
  29. use MedBrief\MSR\Traits\PaginatorAwareTrait;
  30. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
  31. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
  32. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  33. use Symfony\Component\HttpFoundation\Cookie;
  34. use Symfony\Component\HttpFoundation\JsonResponse;
  35. use Symfony\Component\HttpFoundation\RedirectResponse;
  36. use Symfony\Component\HttpFoundation\Request;
  37. use Symfony\Component\HttpFoundation\Response;
  38. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  39. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  40. use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken;
  41. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  43. class DefaultController extends Controller
  44. {
  45. use PaginatorAwareTrait;
  47. /**
  48. * When the user navigates to the MedBrief home page, if they are logged in, then we
  49. * log them out. We then redirect to login. This is per Steve England's
  50. * request that for security purposes, when the landing page is hit, we log
  51. * users out.
  52. */
  53. public function indexAction(): JsonResponse|RedirectResponse
  54. {
  55. // if the user is currently logged in
  56. if ($this->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
  57. // Forward to the dashboard. We used to log the user out but this caused more problems than it solved.
  58. return $this->redirectWithAjaxSupport($this->generateUrl('infology_medbrief_dashboard'));
  59. }
  61. // if we have a redirect page specified in the parameters
  62. $redirectUrl = $this->getParameter('root_page_redirect_url');
  63. if ($redirectUrl) {
  64. // redirect the user to it
  65. return $this->redirectWithAjaxSupport($redirectUrl);
  66. }
  67. // otherwise just sent them to login
  68. return $this->redirectWithAjaxSupport($this->generateUrl('login'));
  69. }
  71. /**
  72. * @param EntityManagerInterface $entityManager
  73. * @param AnalyticsService $analyticsService
  74. * @param UserHelper $userHelper
  75. * @param ProjectRepository $projectRepository
  76. * @param RoleInvitationRepository $roleInvitationRepository
  77. * @param SystemNotificationRepository $systemNotificationRepository
  78. * @param RoleParserService $roleParser
  79. * @param RenewalHelperService $renewalHelperService
  80. * @param Request $request
  81. * @param ProjectHelper $projectHelper
  82. * @param MatchExpertUser $matchExpertUserService
  83. * @param GeneralSecurityService $generalSecurityService
  84. *
  85. * @throws Exception
  86. *
  87. */
  88. public function dashboardAction(
  89. AnalyticsService $analyticsService,
  90. UserHelper $userHelper,
  91. ProjectRepository $projectRepository,
  92. RoleInvitationRepository $roleInvitationRepository,
  93. SystemNotificationRepository $systemNotificationRepository,
  94. RoleParserService $roleParser,
  95. RenewalHelperService $renewalHelperService,
  96. ProjectHelper $projectHelper,
  97. MatchExpertUser $matchExpertUserService,
  98. Request $request,
  99. GeneralSecurityService $generalSecurityService
  100. ): JsonResponse|RedirectResponse|Response {
  102. // Get the response message from url if we have one from the (match expert) complete profile confirm button.
  103. $responseMessage = $request->query->get('message', null);
  104. $referrer = $request->headers->get('referer');
  106. if ($responseMessage && $generalSecurityService->isRequestFromMedBrief($referrer)) {
  107. $this->addFlash('success', $responseMessage);
  108. }
  110. // Redirect to pending invitations page if User has pending role invitations.
  111. if ($this->userHasPendingInvitations()) {
  112. return $this->redirectWithAjaxSupport($this->pendingInvitationsUrlWithoutFlash());
  113. }
  115. /** @var User $user */
  116. $user = $this->getUser();
  117. $userHelper->setUser($user);
  119. // If the user has 2FA enabled and is rate limited, redirect them to the login page.
  120. if ($user->hasMultiMfaEnabled() && $request->getSession()->has('rateLimited')) {
  121. $this->addFlash('danger', 'You have entered the incorrect authentication code too many times. Please try again in fifteen minutes.');
  122. return $this->redirectToRoute('logout');
  123. }
  125. // If the user has 2FA enabled and their IP Address has been blacklisted, redirect them to the login page.
  126. if ($user->hasMultiMfaEnabled() && $request->getSession()->has('ipBlacklisted')) {
  127. $this->addFlash('danger', 'You have entered the incorrect authentication code too many times from this IP Address. Please try again in fifteen minutes.');
  128. return $this->redirectToRoute('logout');
  129. }
  131. $analyticsEmbeddedReport = $analyticsService->generateAnalyticsEmbeddedReport($user, AnalyticsReport::REPORT_TYPE_DASHBOARD);
  133. // We use this to determine if we should display the 'Explore Analytics' button.
  134. $analyticsEmbeddedReportMain = $analyticsService->generateAnalyticsEmbeddedReport($user, AnalyticsReport::REPORT_TYPE_MAIN);
  136. $recentlyViewedProjects = $this->getRecentlyViewedProjects($projectRepository, $userHelper, $projectHelper, $matchExpertUserService, false)['projects'];
  137. $favouriteProjects = $this->getFavouriteProjects($projectHelper, $matchExpertUserService, false)['projects'];
  138. $recentlyAcceptedProjects = $this->getRecentlyAcceptedProjects($roleInvitationRepository, $roleParser, $projectHelper, $matchExpertUserService, false)['projects'];
  140. $recentlyViewedProjectCount = count($recentlyViewedProjects);
  141. $favouritesCount = count($favouriteProjects);
  142. $recentlyAcceptedCount = count($recentlyAcceptedProjects);
  143. // Fetch renewal projects and filter by active licence renewal terms to get accurate count
  144. $renewalProjectsForCount = $projectRepository->findRenewalsDueWithin30DaysForUser($userHelper);
  145. $eligibleRenewalProjects = $this->getEligibleRenewalProjects($renewalProjectsForCount, $renewalHelperService);
  146. $renewalsCount = count($eligibleRenewalProjects);
  148. // Create a combined array of all unique Projects fetched in this controller action.
  149. $uniqueProjects = array_unique(array_merge(
  150. $recentlyViewedProjects,
  151. $favouriteProjects,
  152. $recentlyAcceptedProjects,
  153. ));
  155. $grossTotalProjectsCount = count($uniqueProjects);
  157. // All Projects that have a renewal date
  158. $eligibleProjects = $this->getEligibleRenewalProjects($uniqueProjects, $renewalHelperService);
  160. // Get the latest active system notification
  161. $systemNotification = $systemNotificationRepository->findLatestSystemNotification();
  163. /**
  164. * Create a form we will use to allow the user to Filter this list
  165. */
  166. $filterForm = $this->createForm(MatterFilterType::class, null, [
  167. 'userHelper' => $userHelper,
  168. 'em' => $this->getDoctrine()->getManager(),
  169. ]);
  171. // Create and user a form to order this list
  172. $orderForm = $this->createForm(MatterOrderType::class);
  174. $isExpert = $user->isExpertOnly() || $user->isExpertViewerOnly();
  176. // Order A applies to all user roles, excluding the two expert user roles
  177. // Order B applies to the two expert user roles only
  178. $tabOrder = $isExpert ? 'order-b' : 'order-a';
  180. return $this->renderTurbo('Default/dashboard.html.twig', [
  181. 'eligibleProjectsToDisplayRenewalDate' => $eligibleProjects,
  182. 'filterForm' => $filterForm->createView(),
  183. 'orderForm' => $orderForm->createView(),
  184. 'systemNotification' => $systemNotification,
  185. 'analyticsEmbeddedReport' => $analyticsEmbeddedReport,
  186. 'analyticsEmbeddedReportMain' => $analyticsEmbeddedReportMain,
  187. 'recentlyViewedCount' => $recentlyViewedProjectCount,
  188. 'recentlyAcceptedCount' => $recentlyAcceptedCount,
  189. 'favouritesCount' => $favouritesCount,
  190. 'renewalsCount' => $renewalsCount,
  191. 'grossTotalProjectsCount' => $grossTotalProjectsCount,
  192. 'tabOrder' => $tabOrder,
  193. 'isExpert' => $isExpert,
  195. ]);
  196. }
  198. /**
  199. * List Matters most recently viewed
  200. *
  201. * @Template("Default/Partials/viewedTab.html.twig")
  202. *
  203. * @param RoleInvitationRepository $roleInvitationRepository
  204. * @param RoleParserService $roleParser
  205. * @param UserHelper $userHelper
  206. * @param ProjectRepository $projectRepository
  207. * @param RenewalHelperService $renewalHelperService
  208. * @param ProjectHelper $projectHelper
  209. * @param MatchExpertUser $matchExpertUserService
  210. *
  211. * @throws Exception
  212. *
  213. */
  214. public function dashboardViewedAjaxAction(
  215. UserHelper $userHelper,
  216. ProjectRepository $projectRepository,
  217. RenewalHelperService $renewalHelperService,
  218. MatchExpertUser $matchExpertUserService,
  219. ProjectHelper $projectHelper,
  220. ): JsonResponse|RedirectResponse|array {
  221. // Redirect to pending invitations page if User has pending role invitations.
  222. if ($this->userHasPendingInvitations()) {
  223. return $this->redirectWithAjaxSupport($this->pendingInvitationsUrlWithFlash());
  224. }
  226. $userHelper->setUser($this->getUser());
  228. $recentlyViewed = $this->getRecentlyViewedProjects($projectRepository, $userHelper, $projectHelper, $matchExpertUserService);
  229. $recentlyViewedProjects = $recentlyViewed['projects'];
  230. $userType = $recentlyViewed['userType'];
  232. // Return if no qualifying Projects
  233. if ($recentlyViewedProjects === []) {
  234. return [
  235. 'blurb' => 'You do not have any recently viewed matters.',
  236. ];
  237. }
  239. // All Projects that have a renewal date
  240. $eligibleProjects = $this->getEligibleRenewalProjects($recentlyViewedProjects, $renewalHelperService);
  242. return [
  243. 'projects' => $recentlyViewedProjects,
  244. 'eligibleProjectsToDisplayRenewalDate' => $eligibleProjects,
  245. 'blurb' => 'Most recently viewed matters (up to 20).',
  246. 'userType' => $userType,
  247. ];
  249. }
  251. /**
  252. * List the User's favourite Matters
  253. *
  254. * @Template("Default/Partials/favouritesTab.html.twig")
  255. *
  256. * @param Request $request
  257. * @param RenewalHelperService $renewalHelperService
  258. * @param ProjectHelper $projectHelper
  259. * @param MatchExpertUser $matchExpertUserService
  260. *
  261. * @throws Exception
  262. */
  263. public function dashboardFavouritesAjaxAction(Request $request, RenewalHelperService $renewalHelperService, ProjectHelper $projectHelper, MatchExpertUser $matchExpertUserService): JsonResponse|RedirectResponse|array
  264. {
  265. // Redirect to pending invitations page if User has pending role invitations.
  266. if ($this->userHasPendingInvitations()) {
  267. return $this->redirectWithAjaxSupport($this->pendingInvitationsUrlWithFlash());
  268. }
  270. $favouriteProjectsArray = $this->getFavouriteProjects($projectHelper, $matchExpertUserService);
  271. $favouriteProjects = $favouriteProjectsArray['projects'];
  272. $userType = $favouriteProjectsArray['userType'];
  274. // Return if no qualifying Projects
  275. if ($favouriteProjects === []) {
  276. return [
  277. 'blurb' => 'You do not have any matters added as a favourite.',
  278. ];
  279. }
  281. // All favourite Projects that have a renewal date
  282. $eligibleProjects = $this->getEligibleRenewalProjects($favouriteProjects, $renewalHelperService);
  283. $projectCount = count($favouriteProjects);
  284. $blurbText = $projectCount === 1 ? '1 Matter added as a favourite.' : sprintf('%d %s', $projectCount, 'Matters added as a favourite.');
  286. // Paginate with a specific page and limit
  287. $pagination = $this->paginator->paginate(
  288. $favouriteProjects, // the array to paginate
  289. $request->query->getInt('page', 1), // current page number, default is 1
  290. 10 // items per page
  291. );
  293. return [
  294. 'pagination' => $pagination,
  295. 'totalProjectCount' => $projectCount,
  296. 'eligibleProjectsToDisplayRenewalDate' => $eligibleProjects,
  297. 'blurb' => $blurbText,
  298. 'userType' => $userType,
  299. ];
  300. }
  302. /**
  303. * List Matters accepted in the past 30 days
  304. *
  305. * @Template("Default/Partials/invitationsTab.html.twig")
  306. *
  307. * @param Request $request
  308. * @param RoleInvitationRepository $roleInvitationRepository
  309. * @param RoleParserService $roleParser
  310. * @param RenewalHelperService $renewalHelperService
  311. * @param ProjectHelper $projectHelper
  312. * @param MatchExpertUser $matchExpertUserService
  313. *
  314. * @throws Exception
  315. */
  316. public function dashboardInvitationsAjaxAction(
  317. Request $request,
  318. RoleInvitationRepository $roleInvitationRepository,
  319. RoleParserService $roleParser,
  320. RenewalHelperService $renewalHelperService,
  321. MatchExpertUser $matchExpertUserService,
  322. ProjectHelper $projectHelper
  323. ): JsonResponse|RedirectResponse|array {
  324. // Redirect to pending invitations page if User has pending role invitations.
  325. if ($this->userHasPendingInvitations()) {
  326. return $this->redirectWithAjaxSupport($this->pendingInvitationsUrlWithFlash());
  327. }
  329. $recentlyAcceptedArray = $this->getRecentlyAcceptedProjects($roleInvitationRepository, $roleParser, $projectHelper, $matchExpertUserService);
  330. $recentlyAccepted = $recentlyAcceptedArray['projects'];
  331. $userType = $recentlyAcceptedArray['userType'];
  333. // Return if no qualifying Projects
  334. if ($recentlyAccepted === []) {
  335. return [
  336. 'blurb' => 'You have not accepted any invitations in the last 30 days.',
  337. ];
  338. }
  340. // All recently accepted Projects that have a renewal date
  341. $eligibleProjects = $this->getEligibleRenewalProjects($recentlyAccepted, $renewalHelperService);
  342. $projectCount = count($recentlyAccepted);
  343. $blurbText = $projectCount === 1 ? '1 Invitation accepted in the last 30 days.' : sprintf('%d %s', $projectCount, 'Invitations accepted in the last 30 days.');
  345. // Paginate with a specific page and limit
  346. $pagination = $this->paginator->paginate(
  347. $recentlyAccepted, // the array to paginate
  348. $request->query->getInt('page', 1), // current page number, default is 1
  349. 10 // items per page
  350. );
  352. return [
  353. 'pagination' => $pagination,
  354. 'totalProjectCount' => $projectCount,
  355. 'eligibleProjectsToDisplayRenewalDate' => $eligibleProjects,
  356. 'blurb' => $blurbText,
  357. 'userType' => $userType,
  358. ];
  359. }
  361. /**
  362. * List Matters due for renewal
  363. *
  364. * @Template("Default/Partials/renewalsTab.html.twig")
  365. *
  366. * @param Request $request
  367. * @param ProjectRepository $projectRepository
  368. * @param UserHelper $userHelper
  369. * @param ProjectHelper $projectHelper
  370. * @param MatchExpertUser $matchExpertUserService
  371. *
  372. * @return array
  373. */
  374. public function dashboardRenewalsAjaxAction(Request $request, ProjectRepository $projectRepository, UserHelper $userHelper, ProjectHelper $projectHelper, MatchExpertUser $matchExpertUserService): RedirectResponse|array
  375. {
  376. // Redirect to pending invitations page if User has pending role invitations.
  377. if ($this->userHasPendingInvitations()) {
  378. return $this->redirect($this->pendingInvitationsUrlWithFlash());
  379. }
  381. $userHelper->setUser($this->getUser());
  383. // All Projects that are due for renewal within the next 30 days
  384. $renewalProjects = $projectRepository->findRenewalsDueWithin30DaysForUser($userHelper);
  386. // Filter out projects whose accounts no longer have active licence renewal terms.
  387. // Use array_values(array_filter()) instead of getEligibleRenewalProjects() to preserve
  388. // the DB query's nextRenewalDate ASC sort order (soonest renewals first).
  389. $renewalProjects = array_values(array_filter(
  390. $renewalProjects,
  391. fn (Project $project): ?bool => $renewalHelperService->isMatterEligibleForRenewal($project)
  392. ));
  394. $projectCount = count($renewalProjects);
  395. $blurbText = $projectCount === 1 ? '1 Matter due for renewal within the next 30 days.' : sprintf('%d %s', $projectCount, 'Matters due for renewal within the next 30 days.');
  397. // Return if no qualifying Projects
  398. if (empty($renewalProjects)) {
  399. return [
  400. 'blurb' => 'There are no matters due for renewal in the next 30 days.',
  401. ];
  402. }
  404. // Paginate with a specific page and limit
  405. $pagination = $this->paginator->paginate(
  406. $renewalProjects, // the array to paginate
  407. $request->query->getInt('page', 1), // current page number, default is 1
  408. 10 // items per page
  409. );
  411. // Determine user type for displaying unread message counts (firm/expert)
  412. $userType = $matchExpertUserService->getUserType($this->getUser());
  413. // This sets the unread message counts on each Project entity
  414. $projectHelper->setUnreadMessageCount(iterator_to_array($pagination), $userType, $this->getUser());
  416. return [
  417. 'pagination' => $pagination,
  418. 'totalProjectCount' => $projectCount,
  419. 'eligibleProjectsToDisplayRenewalDate' => $renewalProjects,
  420. 'blurb' => $blurbText,
  421. 'userType' => $userType,
  422. ];
  423. }
  425. /**
  426. * @Template("Default/analytics.html.twig")
  427. *
  428. * @Security("is_granted('IS_AUTHENTICATED_REMEMBERED')")
  429. *
  430. * @param AnalyticsService $analyticsService
  431. */
  432. public function analyticsAction(AnalyticsService $analyticsService): RedirectResponse|array
  433. {
  434. $analyticsEmbeddedReport = $analyticsService->generateAnalyticsEmbeddedReport($this->getUser(), AnalyticsReport::REPORT_TYPE_MAIN);
  435. if (!$analyticsEmbeddedReport instanceof AnalyticsEmbeddedReport) {
  436. $this->addFlash('warning', 'No Analytics Report for this case');
  437. return $this->redirectToRoute('infology_medbrief_dashboard');
  438. }
  439. return [
  440. 'analyticsEmbeddedReport' => $analyticsEmbeddedReport,
  441. ];
  442. }
  444. /**
  445. * This action is the click through from the email that is sent to a user asking
  446. * them to finalise their registration in order to enable their account
  447. *
  448. * @Template("Default/enableAccount.html.twig")
  449. *
  450. * @param Request $request
  451. * @param TokenStorageInterface $tokenStorage
  452. * @param EventDispatcherInterface $eventDispatcher
  453. * @param EntityManagerInterface $entityManager
  454. * @param UserPasswordEncoderInterface $userPasswordEncoder
  455. * @param UserHelper $userHelper
  456. *
  457. * @throws Exception
  458. */
  459. public function enableAccountAction(
  460. Request $request,
  461. TokenStorageInterface $tokenStorage,
  462. EventDispatcherInterface $eventDispatcher,
  463. EntityManagerInterface $entityManager,
  464. UserPasswordEncoderInterface $userPasswordEncoder,
  465. UserHelper $userHelper
  466. ): RedirectResponse|array {
  467. // if the user is logged in
  468. if ($this->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
  469. // log them out
  470. $tokenStorage->setToken();
  471. $request->getSession()->invalidate();
  473. // redirect them back here
  474. return $this->redirect($request->getRequestUri());
  475. }
  477. // grab the invitation code from the URL
  478. $invitationCode = $request->query->get('i');
  480. // if none was provided, we have a problem
  481. if (empty($invitationCode)) {
  482. throw $this->createNotFoundException('Invitation could not be found.');
  483. }
  485. // try to find a matching invitation
  486. $invitation = $this->getDoctrine()->getRepository(Invitation::class)->findOneByCode($invitationCode);
  488. // if we cant find one, we have a problem
  489. if (!$invitation) {
  490. throw $this->createNotFoundException('Unable to find Invitation.');
  491. }
  493. // try to find a user who matches this invitation
  494. $matchingUser = $entityManager->getRepository(User::class)
  495. ->findOneByEmail($invitation->getEmail())
  496. ;
  498. if (!$matchingUser) {
  499. throw $this->createNotFoundException('Unable to find User.');
  500. }
  502. // if the user is already enabled, then we assume this invitation has been processed already
  503. if ($matchingUser->isEnabled()) {
  504. return $this->redirectToRoute('infology_medbrief_invitation_already_processed');
  505. }
  507. // if we get here then we have found a user who is not yet enabled and may now complete their registration
  508. $form = $this->createForm(ChangePasswordFormType::class, $matchingUser, [
  509. 'action' => $this->generateUrl('infology_medbrief_user_complete_registration', ['id' => $matchingUser->getId()]),
  510. ]);
  512. $form->handleRequest($request);
  514. if ($form->isSubmitted() && $form->isValid()) {
  516. // Accept the Medbrief policies
  517. $userHelper->acceptDeclineMedbriefPolicies($matchingUser);
  519. $encodedPassword = $userPasswordEncoder->encodePassword(
  520. $matchingUser,
  521. $form->get('plainPassword')->getData()
  522. );
  524. // Set the password
  525. $matchingUser->setPassword($encodedPassword);
  527. // set the user enabled now
  528. $matchingUser->setEnabled(true);
  529. $entityManager->flush();
  531. // log the user in
  532. $token = new PostAuthenticationGuardToken($matchingUser, 'main', $matchingUser->getRoles());
  533. $tokenStorage->setToken($token); //now the user is logged in
  535. //now dispatch the login event
  536. $eventDispatcher->dispatch(
  537. new InteractiveLoginEvent($request, $token),
  538. 'security.interactive_login'
  539. );
  541. // Determine if th user requires 2FA to be enabled (if they don't already) and store it in the session
  542. // to prevent navigating to any part of the site, except the 2FA enable page, or logout page.
  543. // @see MedBrief\MSR\EventSubscriber\Enforce2FASubscriber
  544. /** @var User $user */
  545. $user = $this->getUser();
  546. $userHelper->setUser($user);
  548. if ($userHelper->twoFactoryAuthEnabledUser() && !$user->hasMultiMfaEnabled()) {
  549. $request->getSession()->set('enforce-two-factor-authentication-detail', [
  550. '2faRequired' => true,
  551. 'targetPath' => null,
  552. ]);
  554. return $this->redirectToRoute('mfa_enable_force');
  555. }
  557. // If the user has 2FA enabled and is rate limited, redirect them to the login page.
  558. if ($user->hasMultiMfaEnabled() && $request->getSession()->has('rateLimited')) {
  559. $this->addFlash('danger', 'You have entered the incorrect authentication code too many times. Please try again in five minutes.');
  560. return $this->redirectToRoute('logout');
  561. }
  563. // If the user has 2FA enabled and their IP Address has been blacklisted, redirect them to the login page.
  564. if ($user->hasMultiMfaEnabled() && $request->getSession()->has('ipBlacklisted')) {
  565. $this->addFlash('danger', 'You have entered the incorrect authentication code too many times from this IP address. Please try again in fifteen minutes.');
  566. return $this->redirectToRoute('logout');
  567. }
  569. return $this->redirectToRoute('infology_medbrief_dashboard');
  570. }
  572. return [
  573. 'user' => $matchingUser,
  574. 'form' => $form->createView(),
  575. ];
  576. }
  578. /**
  579. * Is the user logged in?
  580. *
  581. *
  582. *
  583. * @param Request $request
  584. *
  585. * @return JsonResponse 1/0
  586. */
  587. public function isUserLoggedInAction(Request $request)
  588. {
  589. // if the user is currently logged in
  590. if ($this->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
  591. return new JsonResponse(['status' => 1], 200);
  592. }
  594. return new JsonResponse(['status' => 0], 200);
  595. }
  597. /**
  598. * Refresh the session upon user wishing to remain logged in.
  599. *
  600. *
  601. *
  602. * @param Request $request
  603. *
  604. * @return JsonResponse
  605. */
  606. public function refreshSessionAction(Request $request)
  607. {
  608. // if the user is currently logged in
  609. if ($this->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
  610. // Extend the session
  611. try {
  612. $cookie_lifetime = ini_get('session.cookie_lifetime');
  613. if ($cookie_lifetime === false || $cookie_lifetime === '') {
  614. throw new Exception('session.cookie_lifetime not found!');
  615. }
  617. $lifeTime = (int) $cookie_lifetime;
  618. } catch (Exception) {
  619. $lifeTime = $request->getSession()->getMetadataBag()->getLifetime();
  620. }
  621. $request->getSession()->getMetadataBag()->stampNew($lifeTime);
  623. $now = new DateTime();
  624. $expire = $request->getSession()->getMetadataBag()->getCreated() + $request->getSession()->getMetadataBag()->getLifetime();
  626. $response = new JsonResponse([
  627. 'sessionExpire' => $expire,
  628. ]);
  629. $sessionName = $this->getParameter('session.name');
  630. $sessionCookieValue = $request->cookies->get($sessionName);
  631. $sessionCookie = Cookie::create($sessionName, $sessionCookieValue, $expire);
  632. $response->headers->setCookie($sessionCookie);
  634. return $response;
  635. }
  636. return new JsonResponse([], 404);
  637. }
  639. /**
  640. * Refresh the session upon user wishing to remain logged in.
  641. *
  642. *
  643. *
  644. * @param Request $request
  645. *
  646. * @return JsonResponse
  647. */
  648. public function refreshUserSessionAction(Request $request)
  649. {
  650. // if the user is currently logged in
  651. if ($this->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
  652. // Expiration time
  653. $expire = time() + (20 * 60 * 1000);
  655. return new JsonResponse([
  656. 'sessionExpire' => $expire,
  657. ]);
  658. }
  659. return new JsonResponse(['status' => 0], Response::HTTP_FORBIDDEN);
  660. }
  662. /**
  663. * Redirect the user to the login page with a message
  664. *
  665. * Used by the session timeout feature to logout inactive users while preserving
  666. * the return URL so they can resume where they left off after logging back in.
  667. *
  668. * @param Request $request
  669. */
  670. public function userInactivityLoginRedirectAction(Request $request): RedirectResponse
  671. {
  672. $this->addFlash('warning', 'You have been automatically logged out due to inactivity');
  674. // Get the return URL from the query parameter (passed from JavaScript)
  675. $returnUrl = $request->query->get('returnUrl');
  677. // Note: Uses 'logout' route (not legacy 'fos_user_security_logout' which no longer exists)
  678. $response = $this->redirectToRoute('logout');
  680. // Store return URL in a cookie that survives logout (session is cleared on logout)
  681. // The login authenticator will read this cookie and redirect after successful login
  682. if ($returnUrl) {
  683. $response->headers->setCookie(
  684. new Cookie(
  685. 'inactivity_return_url',
  686. $returnUrl,
  687. time() + 3600, // 1 hour expiry
  688. '/',
  689. null,
  690. $request->isSecure(),
  691. true, // httpOnly
  692. false,
  693. Cookie::SAMESITE_LAX
  694. )
  695. );
  696. }
  698. return $response;
  699. }
  701. /**
  702. * Helper function which determines if the user is using a deprecated browser.
  703. *
  704. *
  705. *
  706. * @param Request $request
  707. * @param DeviceDetectorService $deviceDetector
  708. *
  709. * @return bool
  710. */
  711. protected function isDeprecatedBrowser(Request $request, DeviceDetectorService $deviceDetector)
  712. {
  713. $dci = $deviceDetector->getClientInfoFromRequest($request);
  715. if (is_array($dci)) {
  716. // Check if the browser matches IE10 or lower (which we won't support in future).
  717. return $dci['type'] === 'browser' && $dci['short_name'] === 'IE' && floor($dci['version']) <= 10;
  718. }
  720. // If we didn't get an array of results, this is probably an automated action
  721. return true;
  722. }
  724. /**
  725. * Helper function to determine whether the User has any pending Role Invitations
  726. */
  727. private function userHasPendingInvitations(): bool
  728. {
  729. return $this->getUser()->hasUnsuppressedRoleInvitationsPendingApproval();
  730. }
  732. /**
  733. * Generate the Url to the role invitation listing page and
  734. * add a flash message to current session
  735. */
  736. private function pendingInvitationsUrlWithFlash(): string
  737. {
  738. $this->addFlash('info', 'You have pending invitations. Before you continue, please accept or decline all of your invitations.');
  740. return $this->generateUrl('infology_medbrief_role_invitation_list_pending');
  741. }
  743. /**
  744. * Generate the Url to the role invitation listing page without adding a flash message to current session
  745. * Used for AJAX calls where we want to redirect the user but not show a flash message as well
  746. */
  747. private function pendingInvitationsUrlWithoutFlash(): string
  748. {
  749. return $this->generateUrl('infology_medbrief_role_invitation_list_pending');
  750. }
  752. /**
  753. * Get all Projects the User has recently viewed
  754. *
  755. * @param ProjectRepository $projectRepository
  756. * @param UserHelper $userHelper
  757. * @param ProjectHelper $projectHelper
  758. * @param int $limit
  759. * @param bool $calculateUnreadMessages
  760. * @param MatchExpertUser $matchExpertUserService
  761. *
  762. * @return array ['projects' => Project[], 'userType' => string|null]
  763. */
  764. private function getRecentlyViewedProjects(
  765. ProjectRepository $projectRepository,
  766. UserHelper $userHelper,
  767. ProjectHelper $projectHelper,
  768. MatchExpertUser $matchExpertUserService,
  769. bool $calculateUnreadMessages = true,
  770. int $limit = 20
  771. ): array {
  772. $projects = $projectRepository->findRecentlyAccessedByUser($userHelper, $limit);
  773. // if calculating unread messages, set them on each Project entity
  774. if ($calculateUnreadMessages) {
  775. // Determine user type for displaying unread message counts (firm/expert)
  776. $userType = $matchExpertUserService->getUserType($this->getUser());
  777. // This sets the unread message counts on each Project entity
  778. $projectHelper->setUnreadMessageCount(iterator_to_array($projects), $userType, $userHelper->getUser());
  779. return ['projects' => $projects, 'userType' => $userType];
  780. }
  781. return ['projects' => $projects, 'userType' => null];
  782. }
  784. /**
  785. * Get all Projects the User has recently accepted
  786. *
  787. * @param RoleInvitationRepository $roleInvitationRepository
  788. * @param RoleParserService $roleParser
  789. * @param ProjectHelper $projectHelper
  790. * @param bool $calculateUnreadMessages
  791. * @param MatchExpertUser $matchExpertUserService
  792. *
  793. * @return array ['projects' => Project[], 'userType' => string|null]
  794. */
  795. private function getRecentlyAcceptedProjects(RoleInvitationRepository $roleInvitationRepository, RoleParserService $roleParser, ProjectHelper $projectHelper, MatchExpertUser $matchExpertUserService, bool $calculateUnreadMessages = true): array
  796. {
  797. /**
  798. * Not Accessed
  799. */
  800. $recentlyAccepted = $roleInvitationRepository->findLatestProjectRoleInvitationsByUser($this->getUser());
  802. // Map Role Invitations to obtain Projects via the RoleParserService
  803. $recentlyAccepted = array_map(fn (RoleInvitation $roleInvitation)
  804. => $roleParser->parseRole($roleInvitation)->getSubject(), $recentlyAccepted);
  806. // Filter out Projects with any type of deleted or archived status
  807. $recentlyAccepted = array_filter($recentlyAccepted, fn ($project): bool => !$project->isCloseInProgressOrComplete());
  809. // if calculating unread messages, set them on each Project entity
  810. if ($calculateUnreadMessages) {
  811. // Determine user type for displaying unread message counts (firm/expert)
  812. $userType = $matchExpertUserService->getUserType($this->getUser());
  813. // This sets the unread message counts on each Project entity
  814. $projectHelper->setUnreadMessageCount(iterator_to_array($recentlyAccepted), $userType, $this->getUser());
  815. return ['projects' => $recentlyAccepted, 'userType' => $userType];
  816. }
  818. return ['projects' => $recentlyAccepted, 'userType' => null];
  819. }
  821. /**
  822. * Get all the User's favourite Projects
  823. *
  824. * @param ProjectHelper $projectHelper
  825. * @param bool $calculateUnreadMessages
  826. * @param MatchExpertUser $matchExpertUserService
  827. *
  828. * @return array ['projects' => Project[], 'userType' => string|null]
  829. */
  830. private function getFavouriteProjects(ProjectHelper $projectHelper, MatchExpertUser $matchExpertUserService, bool $calculateUnreadMessages = true): array
  831. {
  832. $favouriteProjects = $this->getUser()->getFavouriteProjects()->toArray();
  833. // Filter out deleted and archived Projects
  834. $favouriteProjects = array_filter($favouriteProjects, fn ($project): bool => !$project->isDeleteStatusComplete() && !$project->isArchiveStatusComplete());
  836. // Converts favourite projects to project_id's and removes ones where access is no longer granted
  837. foreach ($favouriteProjects as $key => $project) {
  838. if (!$this->isGranted('READ', $project)) {
  839. unset($favouriteProjects[$key]);
  840. }
  841. }
  843. // if calculating unread messages, set them on each Project entity
  844. if ($calculateUnreadMessages) {
  845. // Determine user type for displaying unread message counts (firm/expert)
  846. $userType = $matchExpertUserService->getUserType($this->getUser());
  847. // This sets the unread message counts on each Project entity
  848. $projectHelper->setUnreadMessageCount(iterator_to_array($favouriteProjects), $userType, $this->getUser());
  849. return ['projects' => $favouriteProjects, 'userType' => $userType];
  850. }
  852. // TODO: create a UserProject Entity to store the date when the Project was favourited
  853. return ['projects' => $favouriteProjects, 'userType' => null];
  854. }
  856. /**
  857. * @param Project[] $projects
  858. * @param RenewalHelperService $renewalHelperService
  859. *
  860. * @return Projects[]|[]
  861. */
  862. private function getEligibleRenewalProjects(array $projects, RenewalHelperService $renewalHelperService): array
  863. {
  864. $eligibleProjectsToDisplayRenewalDate = array_filter($projects, fn ($project): ?bool => $renewalHelperService->isMatterEligibleForRenewal($project));
  866. return $this->sortProjectsByDateOrder($eligibleProjectsToDisplayRenewalDate, 'descending');
  867. }
  869. /**
  870. * Sort an array of Projects by their Updated date in specified order.
  871. *
  872. *
  873. *
  874. * @param array $projects
  875. * @param string $order
  876. *
  877. * @return array $projects
  878. */
  879. private function sortProjectsByDateOrder(array $projects, string $order = 'descending'): array
  880. {
  881. // Use usort to sort the array using the custom comparison function
  882. if ($order === 'descending') {
  883. usort($projects, self::compareByDateDescending(...));
  884. } else {
  885. usort($projects, self::compareByDateAscending(...));
  886. }
  888. return $projects;
  889. }
  891. /**
  892. * Callback function for the comparison of two Projects by Updated date Descending.
  893. *
  894. * @param Project $project1
  895. * @param Project $project2
  896. */
  897. private function compareByDateDescending($project1, $project2): bool
  898. {
  899. $date1 = $project1->getUpdated();
  900. $date2 = $project2->getUpdated();
  901. return $date2 <=> $date1;
  902. }
  904. /**
  905. * Callback function for the comparison of two Projects by Updated date Ascending.
  906. *
  907. * @param Project $project1
  908. * @param Project $project2
  909. */
  910. private function compareByDateAscending($project1, $project2): bool
  911. {
  912. $date1 = $project1->getUpdated();
  913. $date2 = $project2->getUpdated();
  914. return $date1 <=> $date2;
  915. }
  916. }