feat: authentification par code email pour contrats (verify/resend)

- Route /process/contrat/{id}/verify : saisie code 6 chiffres - Code envoye par email au client, expire 15 minutes - Bouton "Renvoyer le code" - Protection process et sign derriere la verification session - Template verify.html.twig + email contrat_verify_code.html.twig Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 15:55:24 +02:00
parent 14527227a8
commit 23a5e92292
3 changed files with 141 additions and 5 deletions
--- a/src/Controller/ContratProcessController.php
+++ b/src/Controller/ContratProcessController.php
@@ -4,22 +4,88 @@ namespace App\Controller;

 use App\Entity\Contrat;
 use App\Service\DocuSealService;
+use App\Service\MailerService;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
+use Twig\Environment;

 class ContratProcessController extends AbstractController
 {
-    #[Route('/process/contrat/{id}', name: 'app_contrat_process', requirements: ['id' => '\d+'])]
-    public function process(int $id, EntityManagerInterface $em): Response
+    public function __construct(
+        private EntityManagerInterface $em,
+        private MailerService $mailer,
+        private Environment $twig,
+    ) {
+    }
+
+    #[Route('/process/contrat/{id}/verify', name: 'app_contrat_verify', requirements: ['id' => '\d+'])]
+    public function verify(int $id, Request $request): Response
    {
-        $contrat = $em->getRepository(Contrat::class)->find($id);
+        $contrat = $this->em->getRepository(Contrat::class)->find($id);
        if (null === $contrat) {
            throw $this->createNotFoundException('Contrat introuvable.');
        }

+        $session = $request->getSession();
+        $error = null;
+
+        if ($request->isMethod('POST')) {
+            $code = $request->request->getString('code');
+            $storedCode = $session->get('contrat_code_'.$id);
+            $expires = $session->get('contrat_code_expires_'.$id, 0);
+
+            if (time() > $expires) {
+                $error = 'Code expire. Veuillez en demander un nouveau.';
+            } elseif ($code !== $storedCode) {
+                $error = 'Code incorrect.';
+            } else {
+                $session->set('contrat_verified_'.$id, true);
+
+                return $this->redirectToRoute('app_contrat_process', ['id' => $id]);
+            }
+        }
+
+        // Envoyer un code si pas encore fait
+        if (null === $session->get('contrat_code_'.$id)) {
+            $this->sendVerificationCode($contrat, $session, $id);
+        }
+
+        return $this->render('contrat/verify.html.twig', [
+            'contrat' => $contrat,
+            'error' => $error,
+        ]);
+    }
+
+    #[Route('/process/contrat/{id}/verify/resend', name: 'app_contrat_resend_code', requirements: ['id' => '\d+'], methods: ['POST'])]
+    public function resendCode(int $id, Request $request): Response
+    {
+        $contrat = $this->em->getRepository(Contrat::class)->find($id);
+        if (null === $contrat) {
+            throw $this->createNotFoundException('Contrat introuvable.');
+        }
+
+        $this->sendVerificationCode($contrat, $request->getSession(), $id);
+
+        return $this->redirectToRoute('app_contrat_verify', ['id' => $id]);
+    }
+
+    #[Route('/process/contrat/{id}', name: 'app_contrat_process', requirements: ['id' => '\d+'])]
+    public function process(int $id, Request $request): Response
+    {
+        $contrat = $this->em->getRepository(Contrat::class)->find($id);
+        if (null === $contrat) {
+            throw $this->createNotFoundException('Contrat introuvable.');
+        }
+
+        $session = $request->getSession();
+        if (!$session->get('contrat_verified_'.$contrat->getId(), false)) {
+            return $this->redirectToRoute('app_contrat_verify', ['id' => $id]);
+        }
+
        return $this->render('contrat/process.html.twig', [
            'contrat' => $contrat,
        ]);
@@ -28,15 +94,20 @@ class ContratProcessController extends AbstractController
    #[Route('/process/contrat/{id}/sign', name: 'app_contrat_sign', requirements: ['id' => '\d+'])]
    public function sign(
        int $id,
-        EntityManagerInterface $em,
+        Request $request,
        DocuSealService $docuSeal,
        #[Autowire(env: 'DOCUSEAL_URL')] string $docuSealUrl = '',
    ): Response {
-        $contrat = $em->getRepository(Contrat::class)->find($id);
+        $contrat = $this->em->getRepository(Contrat::class)->find($id);
        if (null === $contrat || null === $contrat->getSubmissionId()) {
            throw $this->createNotFoundException('Contrat introuvable.');
        }

+        $session = $request->getSession();
+        if (!$session->get('contrat_verified_'.$contrat->getId(), false)) {
+            return $this->redirectToRoute('app_contrat_verify', ['id' => $id]);
+        }
+
        // @codeCoverageIgnoreStart
        $slug = $docuSeal->getSubmitterSlug((int) $contrat->getSubmissionId());
        if (null !== $slug) {
@@ -46,4 +117,23 @@ class ContratProcessController extends AbstractController

        throw $this->createNotFoundException('Lien de signature introuvable.');
    }
+
+    private function sendVerificationCode(Contrat $contrat, object $session, int $id): void
+    {
+        $code = str_pad((string) random_int(0, 999999), 6, '0', \STR_PAD_LEFT);
+        $session->set('contrat_code_'.$id, $code);
+        $session->set('contrat_code_expires_'.$id, time() + 900);
+
+        $this->mailer->sendEmail(
+            $contrat->getEmail(),
+            'Code de verification - Contrat '.$contrat->getReference(),
+            $this->twig->render('emails/contrat_verify_code.html.twig', [
+                'contrat' => $contrat,
+                'code' => $code,
+            ]),
+            null,
+            null,
+            false,
+        );
+    }
 }
--- a/templates/contrat/verify.html.twig
+++ b/templates/contrat/verify.html.twig
@@ -0,0 +1,32 @@
+{% extends 'base.html.twig' %}
+
+{% block title %}Verification - Contrat {{ contrat.reference }} - Association E-Cosplay{% endblock %}
+
+{% block body %}
+<div class="min-h-screen flex items-center justify-center p-4" style="background: linear-gradient(135deg, #f5f5f0 0%, #e8e8e0 100%);">
+    <div class="glass-heavy w-full max-w-md overflow-hidden">
+        <div class="glass-dark text-white px-8 py-6 text-center">
+            <h1 class="text-lg font-bold uppercase tracking-widest">Verification</h1>
+            <p class="text-xs text-white/60 mt-1">{{ contrat.reference }} - Un code a ete envoye a {{ contrat.email }}</p>
+        </div>
+        <div class="p-8">
+            {% if error %}
+                <div class="mb-4 p-3 bg-red-500/20 text-red-700 font-bold text-xs">{{ error }}</div>
+            {% endif %}
+            <p class="text-sm text-gray-600 mb-4">Saisissez le code de verification a 6 chiffres recu par email pour acceder a votre contrat.</p>
+            <form method="post" action="{{ path('app_contrat_verify', {id: contrat.id}) }}">
+                <div class="mb-4">
+                    <label for="code" class="block text-[9px] font-bold uppercase tracking-wider text-gray-400 mb-1">Code de verification</label>
+                    <input type="text" id="code" name="code" maxlength="6" pattern="[0-9]{6}" required autofocus
+                           class="input-glass w-full px-4 py-3 text-center text-2xl font-bold tracking-[0.5em]" placeholder="000000">
+                </div>
+                <button type="submit" class="w-full btn-gold px-4 py-3 font-bold uppercase text-xs tracking-wider text-gray-900">Verifier</button>
+            </form>
+            <p class="text-center text-xs text-gray-400 mt-4">Le code expire dans 15 minutes.</p>
+            <form method="post" action="{{ path('app_contrat_resend_code', {id: contrat.id}) }}" class="mt-3 text-center">
+                <button type="submit" class="text-xs font-bold uppercase tracking-wider text-gray-500 hover:text-gray-900 underline transition-all">Renvoyer le code</button>
+            </form>
+        </div>
+    </div>
+</div>
+{% endblock %}
--- a/templates/emails/contrat_verify_code.html.twig
+++ b/templates/emails/contrat_verify_code.html.twig
@@ -0,0 +1,14 @@
+{% extends 'email/base.html.twig' %}
+
+{% block content %}
+<table width="600" cellpadding="0" cellspacing="0" style="margin: 0 auto;">
+    <tr>
+        <td style="padding: 32px; text-align: center;">
+            <h1 style="font-family: Arial, Helvetica, sans-serif; font-size: 22px; font-weight: 700; color: #111827; margin: 0 0 16px;">Code de verification</h1>
+            <p style="font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #374151; margin: 0 0 20px;">Contrat {{ contrat.reference }}</p>
+            <div style="background: #111827; color: #fabf04; font-family: monospace; font-size: 36px; font-weight: 700; letter-spacing: 12px; padding: 20px; display: inline-block;">{{ code }}</div>
+            <p style="font-family: Arial, Helvetica, sans-serif; font-size: 12px; color: #9ca3af; margin: 20px 0 0;">Ce code expire dans 15 minutes.</p>
+        </td>
+    </tr>
+</table>
+{% endblock %}