Implement email verification feature, add registration form, and update user entity for verification status

src/Controller/BackofficeController.php

@@ -6,24 +6,35 @@ namespace App\Controller;
 
 use App\Entity\Quiz;
 use App\Entity\Season;
+use App\Entity\User;
 use App\Repository\CandidateRepository;
 use App\Repository\SeasonRepository;
+use App\Security\Voter\SeasonVoter;
+use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Attribute\AsController;
 use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
 
 #[AsController]
+#[IsGranted('ROLE_USER')]
 final class BackofficeController extends AbstractController
 {
     public function __construct(
         private readonly SeasonRepository $seasonRepository,
         private readonly CandidateRepository $candidateRepository,
+        private readonly Security $security,
     ) {}
 
     #[Route('/backoffice/', name: 'app_backoffice_index')]
     public function index(): Response
     {
-        $seasons = $this->seasonRepository->findAll();
+        $user = $this->getUser();
+        \assert($user instanceof User);
+
+        $seasons = $this->security->isGranted('ROLE_ADMIN')
+            ? $this->seasonRepository->findAll()
+            : $this->seasonRepository->getSeasonsForUser($user);
 
         return $this->render('backoffice/index.html.twig', [
             'seasons' => $seasons,
@@ -31,6 +42,7 @@ final class BackofficeController extends AbstractController
     }
 
     #[Route('/backoffice/{seasonCode}', name: 'app_backoffice_season')]
+    #[IsGranted(SeasonVoter::EDIT, subject: 'season')]
     public function season(Season $season): Response
     {
         return $this->render('backoffice/season.html.twig', [

src/Controller/LoginController.php

@@ -11,7 +11,7 @@ use Symfony\Component\Routing\Attribute\Route;
 use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
 
 #[AsController]
-class LoginController extends AbstractController
+final class LoginController extends AbstractController
 {
     #[Route(path: '/login', name: 'app_login_login')]
     public function login(AuthenticationUtils $authenticationUtils): Response
@@ -29,7 +29,7 @@ class LoginController extends AbstractController
     }
 
     #[Route(path: '/logout', name: 'app_login_logout')]
-    public function logout(): void
+    public function logout(): never
     {
         throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
     }

src/Controller/PrepareEliminationController.php

@@ -8,10 +8,9 @@ use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
 
-#[Route(path: '/backoffice/elimination')]
 final class PrepareEliminationController extends AbstractController
 {
-    #[Route('/prepare', name: 'app_prepare_elimination')]
+    #[Route('/backoffice/elimination/prepare', name: 'app_prepare_elimination')]
     public function index(): Response
     {
         return $this->render('prepare_elimination/index.html.twig', [

src/Controller/QuizController.php

@@ -84,14 +84,9 @@ final class QuizController extends AbstractController
         $candidate = $candidateRepository->getCandidateByHash($season, $nameHash);
 
         if (!$candidate instanceof Candidate) {
-            if ($season->isPreregisterCandidates()) {
-                $this->addFlash(FlashType::Danger, 'Candidate not found');
+            $this->addFlash(FlashType::Danger, 'Candidate not found');
 
-                return $this->redirectToRoute('app_quiz_entername', ['seasonCode' => $season->getSeasonCode()]);
-            }
-
-            $candidate = new Candidate(Base64::base64UrlDecode($nameHash));
-            $candidateRepository->save($candidate);
+            return $this->redirectToRoute('app_quiz_entername', ['seasonCode' => $season->getSeasonCode()]);
         }
 
         if ('POST' === $request->getMethod()) {

src/Controller/RegistrationController.php

@@ -0,0 +1,93 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller;
+
+use App\Entity\User;
+use App\Form\RegistrationFormType;
+use App\Repository\UserRepository;
+use App\Security\EmailVerifier;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Contracts\Translation\TranslatorInterface;
+use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface;
+
+final class RegistrationController extends AbstractController
+{
+    public function __construct(private readonly EmailVerifier $emailVerifier, private readonly TranslatorInterface $translator) {}
+
+    #[Route('/register', name: 'app_register')]
+    public function register(
+        Request $request,
+        UserPasswordHasherInterface $userPasswordHasher,
+        Security $security,
+        EntityManagerInterface $entityManager,
+    ): Response {
+        $user = new User();
+        $form = $this->createForm(RegistrationFormType::class, $user);
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            /** @var string $plainPassword */
+            $plainPassword = $form->get('plainPassword')->getData();
+
+            $user->setPassword($userPasswordHasher->hashPassword($user, $plainPassword));
+
+            $entityManager->persist($user);
+            $entityManager->flush();
+
+            // generate a signed url and email it to the user
+            $this->emailVerifier->sendEmailConfirmation('app_verify_email', $user,
+                (new TemplatedEmail())
+                    ->to((string) $user->getEmail())
+                    ->subject($this->translator->trans('Please Confirm your Email'))
+                    ->htmlTemplate('registration/confirmation_email.html.twig')
+            );
+
+            $response = $security->login($user, 'form_login', 'main');
+            \assert($response instanceof Response);
+
+            return $response;
+        }
+
+        return $this->render('registration/register.html.twig', [
+            'registrationForm' => $form,
+        ]);
+    }
+
+    #[Route('/verify/email', name: 'app_verify_email')]
+    public function verifyUserEmail(Request $request, TranslatorInterface $translator, UserRepository $userRepository): Response
+    {
+        $id = $request->query->get('id');
+
+        if (null === $id) {
+            return $this->redirectToRoute('app_register');
+        }
+
+        $user = $userRepository->find($id);
+
+        if (null === $user) {
+            return $this->redirectToRoute('app_register');
+        }
+
+        // validate email confirmation link, sets User::isVerified=true and persists
+        try {
+            $this->emailVerifier->handleEmailConfirmation($request, $user);
+        } catch (VerifyEmailExceptionInterface $verifyEmailException) {
+            $this->addFlash('verify_email_error', $translator->trans($verifyEmailException->getReason(), [], 'VerifyEmailBundle'));
+
+            return $this->redirectToRoute('app_register');
+        }
+
+        $this->addFlash('success', 'Your email address has been verified.');
+
+        return $this->redirectToRoute('app_backoffice_index');
+    }
+}