cagettepei/src/controller/User.hx

package controller;

import haxe.crypto.Md5;
import sugoi.form.elements.Input;
import sugoi.form.Form;
import sugoi.form.elements.IntInput;
import sugoi.form.elements.StringInput;
import sugoi.form.validators.EmailValidator;
import ufront.mail.*;

class User extends Controller {
	public function new() {
		super();
	}

	@tpl("user/default.mtt")
	function doDefault() {}

	@tpl("user/login.mtt")
	function doLogin() {
		if (App.current.user != null) {
			throw Redirect('/');
		}

		// if its needed to redirect after login
		if (app.params.exists("redirect")) {
			view.redirect = app.params.exists("redirect");
		} else {
			view.redirect = "/";
		}
	}

	/**
	 * Choose which group to connect to.
	 */
	@logged
	@tpl("user/choose.mtt")
	function doChoose(?args:{amap:db.Amap}) {
		if (app.user == null)
			throw t._("You are not connected");

		var amaps = db.UserAmap.manager.search($user == app.user, false);

		if (amaps.length == 1 && !app.params.exists("show")) {
			// qu'une amap
			app.session.data.amapId = amaps.first().amap.id;
			throw Redirect('/');
		} else {
			view.noGroup = true; // force template to not display current group
		}

		if (args != null && args.amap != null) {
			// select a group
			var which = app.session.data == null ? 0 : app.session.data.whichUser;
			app.session.data.order = null;
			app.session.data.newGroup = null;
			app.session.data.amapId = args.amap.id;
			app.session.data.whichUser = which;
			throw Redirect('/');
		}

		view.amaps = amaps;
		view.wl = db.WaitingList.manager.search($user == app.user, false);

		#if plugins
		view.pros = pro.db.PUserCompany.getCompanies(app.user);
		#end
	}

	function doLogout() {
		App.current.session.delete();
		throw Redirect('/');
	}

	/**
	 * Ask for password renewal by mail
	 * when password is forgotten
	 */
	@tpl("user/forgottenPassword.mtt")
	function doForgottenPassword(?key:String, ?u:db.User) {
		// STEP 1
		var step = 1;
		var error:String = null;
		var url = "/user/forgottenPassword";

		// ask for mail
		var askmailform = new Form("askemail");
		askmailform.addElement(new StringInput("email", t._("Please key-in your E-Mail address"), null, true));

		// change pass form
		var chpassform = new Form("chpass");

		var pass1 = new StringInput("pass1", t._("Your new password"), null, true);
		pass1.password = true;
		chpassform.addElement(pass1);

		var pass2 = new StringInput("pass2", t._("Again your new password"), null, true);
		pass2.password = true;
		chpassform.addElement(pass2);

		var uid = new IntInput("uid", "uid", u == null ? null : u.id);
		uid.inputType = ITHidden;
		chpassform.addElement(uid);

		if (askmailform.isValid()) {
			// STEP 2
			// send password renewal email
			step = 2;

			var email:String = askmailform.getValueOf("email");
			var user = db.User.manager.select(email == $email, false);
			// could be user 2
			if (user == null)
				user = db.User.manager.select(email == $email2, false);

			// user not found
			if (user == null)
				throw Error(url, t._("This E-mail is not linked to a known account"));

			// create token
			var token = haxe.crypto.Md5.encode("chp" + Std.random(1000000000));
			sugoi.db.Cache.set(token, user.id, 60 * 60 * 24 * 30);

			var m = new sugoi.mail.Mail();
			m.setSender(App.config.get("default_email"), t._("Cagette.net"));
			m.setRecipient(email, user.name);
			m.setSubject("[" + App.config.NAME + "] " + t._("Password change"));
			m.setHtmlBody(app.processTemplate('mail/forgottenPassword.mtt',
				{user: user, link: 'http://' + App.config.HOST + '/user/forgottenPassword/' + token + "/" + user.id}));
			App.sendMail(m);
		}

		if (key != null && u != null) {
			// check key and propose to change pass
			step = 3;

			if (u.id == sugoi.db.Cache.get(key)) {
				view.form = chpassform;
			} else {
				error = t._("Invalid request");
			}
		}

		if (chpassform.isValid()) {
			// change pass
			step = 4;

			if (chpassform.getValueOf("pass1") == chpassform.getValueOf("pass2")) {
				var uid = Std.parseInt(chpassform.getValueOf("uid"));
				var user = db.User.manager.get(uid, true);
				var pass = chpassform.getValueOf("pass1");
				user.setPass(pass);
				user.update();

				var m = new sugoi.mail.Mail();
				m.setSender(App.config.get("default_email"), t._("Cagette.net"));
				m.setRecipient(user.email, user.name);
				if (user.email2 != null)
					m.setRecipient(user.email2, user.name);
				m.setSubject("[" + App.config.NAME + "] : " + t._("New password confirmed"));
				var emails = [user.email];
				if (user.email2 != null)
					emails.push(user.email2);
				var params = {
					user: user,
					emails: emails.join(", "),
					password: pass,
					NAME: App.config.NAME
				}
				m.setHtmlBody(app.processTemplate('mail/newPasswordConfirmed.mtt', params));
				App.sendMail(m);
			} else {
				error = t._("You must key-in two times the same password");
			}
		}

		if (step == 1) {
			view.form = askmailform;
		}

		view.step = step;
		view.error = error;
	}

	/**
	 * generate a custom key for transactionnal emails, valid during the current day
	 */
	// function getKey(m:db.User) {
	// return haxe.crypto.Md5.encode(App.config.get("key")+m.email+(Date.now().getDate())).substr(0,12);
	// }

	@logged
	@tpl("form.mtt")
	function doDefinePassword(?key:String, ?u:db.User) {
		if (app.user.isFullyRegistred())
			throw Error("/", t._("You already have a password"));

		var form = new Form("definepass");
		var pass1 = new StringInput("pass1", t._("Your new password"));
		var pass2 = new StringInput("pass2", t._("Again your new password"));
		pass1.password = true;
		pass2.password = true;
		form.addElement(pass1);
		form.addElement(pass2);

		if (form.isValid()) {
			if (form.getValueOf("pass1") == form.getValueOf("pass2")) {
				app.user.lock();
				app.user.setPass(form.getValueOf("pass1"));
				app.user.update();
				throw Ok('/', t._("Congratulations, your account is now protected by a password."));
			} else {
				form.addError(t._("You must key-in two times the same password"));
			}
		}
		view.form = form;
		view.title = t._("Create a password for your account");
	}

	/**
	 * landing page when coming from an invitation
	 * @param	k
	 */
	public function doValidate(k:String) {
		var uid = Std.parseInt(sugoi.db.Cache.get("validation" + k));
		if (uid == null || uid == 0)
			throw Error('/user/login', t._("Your invitation is invalid or expired ($k)"));
		var user = db.User.manager.get(uid, true);

		db.User.login(user, user.email);

		var groups = user.getAmaps();
		if (groups.length > 0)
			app.session.data.amapId = groups.first().id;

		sugoi.db.Cache.destroy("validation" + k);

		throw Ok("/user/definePassword", t._("Congratulations ::userName::, your account is validated!", {userName: user.getName()}));
	}
}