vendor/symfonycasts/verify-email-bundle/src/VerifyEmailHelper.php line 52

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the SymfonyCasts VerifyEmailBundle package.
  5.  * Copyright (c) SymfonyCasts <https://symfonycasts.com/>
  6.  * For the full copyright and license information, please view the LICENSE
  7.  * file that was distributed with this source code.
  8.  */
  10. namespace SymfonyCasts\Bundle\VerifyEmail;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpFoundation\UriSigner;
  14. use Symfony\Component\HttpKernel\UriSigner as LegacyUriSigner;
  15. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  16. use SymfonyCasts\Bundle\VerifyEmail\Exception\ExpiredSignatureException;
  17. use SymfonyCasts\Bundle\VerifyEmail\Exception\InvalidSignatureException;
  18. use SymfonyCasts\Bundle\VerifyEmail\Exception\WrongEmailVerifyException;
  19. use SymfonyCasts\Bundle\VerifyEmail\Generator\VerifyEmailTokenGenerator;
  20. use SymfonyCasts\Bundle\VerifyEmail\Model\VerifyEmailSignatureComponents;
  21. use SymfonyCasts\Bundle\VerifyEmail\Util\VerifyEmailQueryUtility;
  23. /**
  24.  * @author Jesse Rushlow <jr@rushlow.dev>
  25.  * @author Ryan Weaver   <ryan@symfonycasts.com>
  26.  */
  27. final class VerifyEmailHelper implements VerifyEmailHelperInterface
  28. {
  29.     private $router;
  30.     /**
  31.      * @var UriSigner|LegacyUriSigner
  32.      */
  33.     private $uriSigner;
  34.     private $queryUtility;
  35.     private $tokenGenerator;
  37.     /**
  38.      * @var int The length of time in seconds that a signed URI is valid for after it is created
  39.      */
  40.     private $lifetime;
  42.     public function __construct(UrlGeneratorInterface $router/* no typehint for BC with legacy PHP */ $uriSignerVerifyEmailQueryUtility $queryUtilityVerifyEmailTokenGenerator $generatorint $lifetime)
  43.     {
  44.         $this->router $router;
  45.         $this->uriSigner $uriSigner;
  46.         $this->queryUtility $queryUtility;
  47.         $this->tokenGenerator $generator;
  48.         $this->lifetime $lifetime;
  50.         if (!$uriSigner instanceof UriSigner) {
  51.             /** @psalm-suppress UndefinedFunction */
  52.             @trigger_deprecation('symfonycasts/verify-email-bundle''1.17.0''Not providing an instance of %s is deprecated. It will be required in v2.0'UriSigner::class);
  53.         }
  54.     }
  56.     public function generateSignature(string $routeNamestring $userIdstring $userEmail, array $extraParams = []): VerifyEmailSignatureComponents
  57.     {
  58.         $generatedAt time();
  59.         $expiryTimestamp $generatedAt $this->lifetime;
  61.         $extraParams['token'] = $this->tokenGenerator->createToken($userId$userEmail);
  62.         $extraParams['expires'] = $expiryTimestamp;
  64.         $uri $this->router->generate($routeName$extraParamsUrlGeneratorInterface::ABSOLUTE_URL);
  66.         $signature $this->uriSigner->sign($uri);
  68.         /** @psalm-suppress PossiblyFalseArgument */
  69.         return new VerifyEmailSignatureComponents(\DateTimeImmutable::createFromFormat('U', (string) $expiryTimestamp), $signature$generatedAt);
  70.     }
  72.     public function validateEmailConfirmation(string $signedUrlstring $userIdstring $userEmail): void
  73.     {
  74.         /** @psalm-suppress UndefinedFunction */
  75.         @trigger_deprecation('symfonycasts/verify-email-bundle''1.17.0''%s() is deprecated and will be removed in v2.0, use validateEmailConfirmationFromRequest() instead.'__METHOD__);
  77.         if (!$this->uriSigner->check($signedUrl)) {
  78.             throw new InvalidSignatureException();
  79.         }
  81.         if ($this->queryUtility->getExpiryTimestamp($signedUrl) <= time()) {
  82.             throw new ExpiredSignatureException();
  83.         }
  85.         $knownToken $this->tokenGenerator->createToken($userId$userEmail);
  86.         $userToken $this->queryUtility->getTokenFromQuery($signedUrl);
  88.         if (!hash_equals($knownToken$userToken)) {
  89.             throw new WrongEmailVerifyException();
  90.         }
  91.     }
  93.     public function validateEmailConfirmationFromRequest(Request $requeststring $userIdstring $userEmail): void
  94.     {
  95.         /** @legacy - Remove in 2.0 */
  96.         if (!$this->uriSigner instanceof UriSigner) {
  97.             throw new \RuntimeException(sprintf('An instance of %s is required, provided by symfony/http-kernel >=6.4, to validate an email confirmation.'UriSigner::class));
  98.         }
  100.         if (!$this->uriSigner->checkRequest($request)) {
  101.             throw new InvalidSignatureException();
  102.         }
  104.         if ($request->query->getInt('expires') <= time()) {
  105.             throw new ExpiredSignatureException();
  106.         }
  108.         $knownToken $this->tokenGenerator->createToken($userId$userEmail);
  110.         if (!hash_equals($knownToken$request->query->getString('token'))) {
  111.             throw new WrongEmailVerifyException();
  112.         }
  113.     }
  114. }