diff --git a/Resources/defaults.yml b/Resources/defaults.yml index 9a7e1b2494..abbbcba032 100644 --- a/Resources/defaults.yml +++ b/Resources/defaults.yml @@ -81,6 +81,9 @@ url: - /password-reset - /signup + # Domains that are allowed by the application to redirect to outside of the platform. + allowed_domains: + # If you want to use a CDN or another web server to serve the cached images # You can define this constants. All cached images links will point to this # Url, event if don't exists yet. diff --git a/src/Goteo/Application/Event/FilterInvestFinishEvent.php b/src/Goteo/Application/Event/FilterInvestFinishEvent.php index e7f029c39d..745a6bb981 100644 --- a/src/Goteo/Application/Event/FilterInvestFinishEvent.php +++ b/src/Goteo/Application/Event/FilterInvestFinishEvent.php @@ -14,6 +14,8 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Contracts\EventDispatcher\Event; +use Goteo\Application\Session; +use Goteo\Library\Domain; use Goteo\Model\Invest; class FilterInvestFinishEvent extends Event @@ -46,6 +48,13 @@ public function setHttpResponse(Response $response) public function getHttpResponse() { if($this->response) return $this->response; + + $return_to = Session::get('return_to'); + if ($return_to && Domain::isAllowedDomain($return_to)) { + Session::del('return_to'); + return new RedirectResponse($return_to); + } + // Default is a redirection if($this->invest->project) { return new RedirectResponse('/invest/' . $this->invest->project . '/' . $this->invest->id . '/share'); @@ -57,4 +66,5 @@ public function getHttpResponse() { return new RedirectResponse('/donate/' . $this->invest->id . '/share'); } } + } diff --git a/src/Goteo/Controller/InvestController.php b/src/Goteo/Controller/InvestController.php index 971482d07c..8aad9c28e5 100644 --- a/src/Goteo/Controller/InvestController.php +++ b/src/Goteo/Controller/InvestController.php @@ -23,6 +23,7 @@ use Goteo\Application\Session; use Goteo\Application\View; use Goteo\Core\Controller; +use Goteo\Library\Domain; use Goteo\Library\Text; use Goteo\Model\Invest; use Goteo\Model\Project; @@ -73,7 +74,7 @@ protected function getUser(): ?User * the skip_login variable from project configuration */ private function validate( - $project_id, $reward_id = null, &$custom_amount = null, $invest = null, $login_required = true + $project_id, $reward_id = null, &$custom_amount = null, $invest = null, $login_required = true, ?Request $request = null ) { $project = Project::get($project_id, Lang::current()); // Add analytics to config @@ -96,11 +97,23 @@ private function validate( Config::get('currency') ); + if ($request) { + $return_to = ''; + + if ($request->query->has('return_to')) { + $return_to = $request->query->get('return_to'); + + if (Domain::isAllowedDomain($return_to)) + Session::store('return_to', $return_to); + } + } + $this->page = '/invest/' . $project_id; $this->query = http_build_query([ 'amount' => "$amount_original$currency", 'reward' => $reward_id, - 'donate_amount' => "$donate_amount$currency" + 'donate_amount' => "$donate_amount$currency", + 'return_to' => $return_to ]); // Some projects may have activated a non-registering investion @@ -243,7 +256,7 @@ public function selectRewardAction($project_id, Request $request): Response { // TODO: add events $amount = $request->query->get('amount'); - $reward = $this->validate($project_id, $request->query->get('reward'), $amount, null, false); + $reward = $this->validate($project_id, $request->query->get('reward'), $amount, null, false, $request); if($reward instanceOf Response) return $reward; // Aqui cambiar por escoger recompensa @@ -260,7 +273,7 @@ public function selectRewardAction($project_id, Request $request): Response public function loginAction($project_id, Request $request) { $amount = $request->query->get('amount'); - $reward = $this->validate($project_id, $request->query->get('reward'), $amount, null, false); + $reward = $this->validate($project_id, $request->query->get('reward'), $amount, null, false, $request); if($reward instanceOf Response) return $reward; if(!$request->query->has('return')) { @@ -282,7 +295,7 @@ public function loginAction($project_id, Request $request) public function signupAction($project_id, Request $request) { $amount = $request->query->get('amount'); - $reward = $this->validate($project_id, $request->query->get('reward'), $amount, null, false); + $reward = $this->validate($project_id, $request->query->get('reward'), $amount, null, false, $request); if($reward instanceOf Response) return $reward; if(!$request->query->has('return')) { @@ -307,7 +320,7 @@ public function selectPaymentMethodAction(Request $request, $project_id) $amount = $request->query->get('amount'); $donate_amount = $request->query->getInt('donate_amount', Config::get('donate.tip_amount')); $email = $request->query->has('email'); - $reward = $this->validate($project_id, $request->query->get('reward'), $amount, null, 'auto'); + $reward = $this->validate($project_id, $request->query->get('reward'), $amount, null, 'auto', $request); if(!($this->skip_login && $email) && !Session::isLogged()) { return $this->redirect('/invest/' . $project_id . '/signup?' . $this->query); @@ -346,7 +359,7 @@ public function paymentFormAction($project_id, Request $request) { $tip=$request->query->get('tip'); $donate_amount = $tip ? $request->query->get('donate_amount') : 0; $amount = $amount_original = $request->query->get('amount'); - $reward = $this->validate($project_id, $request->query->get('reward'), $amount, null, 'auto'); + $reward = $this->validate($project_id, $request->query->get('reward'), $amount, null, 'auto', $request); if($reward instanceOf Response) return $reward; @@ -601,13 +614,15 @@ public function userDataAction($project_id, $invest_id, Request $request) } } $invest->extra_info = $invest_address['extra_info']; - $invest->save(); + $invest->save($errors); - if($ok && $invest->setAddress($invest_address)) { + $isAddressValid = $invest->setAddress($invest_address); + if($ok && $isAddressValid) { return $this->dispatch(AppEvents::INVEST_FINISHED, new FilterInvestFinishEvent($invest, $request))->getHttpResponse(); } } Message::error(Text::get('invest-address-fail')); + Message::error(implode(',', $errors)); } return $this->viewResponse( diff --git a/src/Goteo/Library/Domain.php b/src/Goteo/Library/Domain.php new file mode 100644 index 0000000000..1ab994968e --- /dev/null +++ b/src/Goteo/Library/Domain.php @@ -0,0 +1,35 @@ +