admin/crm_ecosplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: authentification par code email pour contrats (verify/resend)

Browse Source 
- Route /process/contrat/{id}/verify : saisie code 6 chiffres
- Code envoye par email au client, expire 15 minutes
- Bouton "Renvoyer le code"
- Protection process et sign derriere la verification session
- Template verify.html.twig + email contrat_verify_code.html.twig

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
2026-04-09 15:55:24 +02:00
parent 14527227a8
commit 23a5e92292
3 changed files with 141 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
src/Controller/ContratProcessController.php
View File

@@ -4,22 +4,88 @@ namespace App\Controller;
use App\Entity\Contrat; use App\Entity\Contrat;
use App\Service\DocuSealService; use App\Service\DocuSealService;
use App\Service\MailerService;
use Doctrine\ORM\EntityManagerInterface; use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\DependencyInjection\Attribute\Autowire; use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route; use Symfony\Component\Routing\Attribute\Route;
use Twig\Environment;
class ContratProcessController extends AbstractController class ContratProcessController extends AbstractController
{ {
#[Route('/process/contrat/{id}', name: 'app_contrat_process', requirements: ['id' => '\d+'])] public function __construct(
public function process(int $id, EntityManagerInterface $em): Response private EntityManagerInterface $em,
private MailerService $mailer,
private Environment $twig,
) {
}
#[Route('/process/contrat/{id}/verify', name: 'app_contrat_verify', requirements: ['id' => '\d+'])]
public function verify(int $id, Request $request): Response
{ {
$contrat = $em->getRepository(Contrat::class)->find($id); $contrat = $this->em->getRepository(Contrat::class)->find($id);
if (null === $contrat) { if (null === $contrat) {
throw $this->createNotFoundException('Contrat introuvable.'); throw $this->createNotFoundException('Contrat introuvable.');
} }
$session = $request->getSession();
$error = null;
if ($request->isMethod('POST')) {
$code = $request->request->getString('code');
$storedCode = $session->get('contrat_code_'.$id);
$expires = $session->get('contrat_code_expires_'.$id, 0);
if (time() > $expires) {
$error = 'Code expire. Veuillez en demander un nouveau.';
} elseif ($code !== $storedCode) {
$error = 'Code incorrect.';
} else {
$session->set('contrat_verified_'.$id, true);
return $this->redirectToRoute('app_contrat_process', ['id' => $id]);
}
}
// Envoyer un code si pas encore fait
if (null === $session->get('contrat_code_'.$id)) {
$this->sendVerificationCode($contrat, $session, $id);
}
return $this->render('contrat/verify.html.twig', [
'contrat' => $contrat,
'error' => $error,
]);
}
#[Route('/process/contrat/{id}/verify/resend', name: 'app_contrat_resend_code', requirements: ['id' => '\d+'], methods: ['POST'])]
public function resendCode(int $id, Request $request): Response
{
$contrat = $this->em->getRepository(Contrat::class)->find($id);
if (null === $contrat) {
throw $this->createNotFoundException('Contrat introuvable.');
}
$this->sendVerificationCode($contrat, $request->getSession(), $id);
return $this->redirectToRoute('app_contrat_verify', ['id' => $id]);
}
#[Route('/process/contrat/{id}', name: 'app_contrat_process', requirements: ['id' => '\d+'])]
public function process(int $id, Request $request): Response
{
$contrat = $this->em->getRepository(Contrat::class)->find($id);
if (null === $contrat) {
throw $this->createNotFoundException('Contrat introuvable.');
}
$session = $request->getSession();
if (!$session->get('contrat_verified_'.$contrat->getId(), false)) {
return $this->redirectToRoute('app_contrat_verify', ['id' => $id]);
}
return $this->render('contrat/process.html.twig', [ return $this->render('contrat/process.html.twig', [
'contrat' => $contrat, 'contrat' => $contrat,
]); ]);
@@ -28,15 +94,20 @@ class ContratProcessController extends AbstractController
#[Route('/process/contrat/{id}/sign', name: 'app_contrat_sign', requirements: ['id' => '\d+'])] #[Route('/process/contrat/{id}/sign', name: 'app_contrat_sign', requirements: ['id' => '\d+'])]
public function sign( public function sign(
int $id, int $id,
EntityManagerInterface $em, Request $request,
DocuSealService $docuSeal, DocuSealService $docuSeal,
#[Autowire(env: 'DOCUSEAL_URL')] string $docuSealUrl = '', #[Autowire(env: 'DOCUSEAL_URL')] string $docuSealUrl = '',
): Response { ): Response {
$contrat = $em->getRepository(Contrat::class)->find($id); $contrat = $this->em->getRepository(Contrat::class)->find($id);
if (null === $contrat || null === $contrat->getSubmissionId()) { if (null === $contrat || null === $contrat->getSubmissionId()) {
throw $this->createNotFoundException('Contrat introuvable.'); throw $this->createNotFoundException('Contrat introuvable.');
} }
$session = $request->getSession();
if (!$session->get('contrat_verified_'.$contrat->getId(), false)) {
return $this->redirectToRoute('app_contrat_verify', ['id' => $id]);
}
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
$slug = $docuSeal->getSubmitterSlug((int) $contrat->getSubmissionId()); $slug = $docuSeal->getSubmitterSlug((int) $contrat->getSubmissionId());
if (null !== $slug) { if (null !== $slug) {
@@ -46,4 +117,23 @@ class ContratProcessController extends AbstractController
throw $this->createNotFoundException('Lien de signature introuvable.'); throw $this->createNotFoundException('Lien de signature introuvable.');
} }
private function sendVerificationCode(Contrat $contrat, object $session, int $id): void
{
$code = str_pad((string) random_int(0, 999999), 6, '0', \STR_PAD_LEFT);
$session->set('contrat_code_'.$id, $code);
$session->set('contrat_code_expires_'.$id, time() + 900);
$this->mailer->sendEmail(
$contrat->getEmail(),
'Code de verification - Contrat '.$contrat->getReference(),
$this->twig->render('emails/contrat_verify_code.html.twig', [
'contrat' => $contrat,
'code' => $code,
]),
null,
null,
false,
);
}
} }

32
templates/contrat/verify.html.twig Normal file
View File

@@ -0,0 +1,32 @@
{% extends 'base.html.twig' %}
{% block title %}Verification - Contrat {{ contrat.reference }} - Association E-Cosplay{% endblock %}
{% block body %}
<div class="min-h-screen flex items-center justify-center p-4" style="background: linear-gradient(135deg, #f5f5f0 0%, #e8e8e0 100%);">
<div class="glass-heavy w-full max-w-md overflow-hidden">
<div class="glass-dark text-white px-8 py-6 text-center">
<h1 class="text-lg font-bold uppercase tracking-widest">Verification</h1>
<p class="text-xs text-white/60 mt-1">{{ contrat.reference }} - Un code a ete envoye a {{ contrat.email }}</p>
</div>
<div class="p-8">
{% if error %}
<div class="mb-4 p-3 bg-red-500/20 text-red-700 font-bold text-xs">{{ error }}</div>
{% endif %}
<p class="text-sm text-gray-600 mb-4">Saisissez le code de verification a 6 chiffres recu par email pour acceder a votre contrat.</p>
<form method="post" action="{{ path('app_contrat_verify', {id: contrat.id}) }}">
<div class="mb-4">
<label for="code" class="block text-[9px] font-bold uppercase tracking-wider text-gray-400 mb-1">Code de verification</label>
<input type="text" id="code" name="code" maxlength="6" pattern="[0-9]{6}" required autofocus
class="input-glass w-full px-4 py-3 text-center text-2xl font-bold tracking-[0.5em]" placeholder="000000">
</div>
<button type="submit" class="w-full btn-gold px-4 py-3 font-bold uppercase text-xs tracking-wider text-gray-900">Verifier</button>
</form>
<p class="text-center text-xs text-gray-400 mt-4">Le code expire dans 15 minutes.</p>
<form method="post" action="{{ path('app_contrat_resend_code', {id: contrat.id}) }}" class="mt-3 text-center">
<button type="submit" class="text-xs font-bold uppercase tracking-wider text-gray-500 hover:text-gray-900 underline transition-all">Renvoyer le code</button>
</form>
</div>
</div>
</div>
{% endblock %}

14
templates/emails/contrat_verify_code.html.twig Normal file
View File

@@ -0,0 +1,14 @@
{% extends 'email/base.html.twig' %}
{% block content %}
<table width="600" cellpadding="0" cellspacing="0" style="margin: 0 auto;">
<tr>
<td style="padding: 32px; text-align: center;">
<h1 style="font-family: Arial, Helvetica, sans-serif; font-size: 22px; font-weight: 700; color: #111827; margin: 0 0 16px;">Code de verification</h1>
<p style="font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #374151; margin: 0 0 20px;">Contrat {{ contrat.reference }}</p>
<div style="background: #111827; color: #fabf04; font-family: monospace; font-size: 36px; font-weight: 700; letter-spacing: 12px; padding: 20px; display: inline-block;">{{ code }}</div>
<p style="font-family: Arial, Helvetica, sans-serif; font-size: 12px; color: #9ca3af; margin: 20px 0 0;">Ce code expire dans 15 minutes.</p>
</td>
</tr>
</table>
{% endblock %}