feat(story-2.2+2.3): device setup page, account linking, naming & configuration

Story 2.2 — /setup/{mac} Twig page (no Vue, works JS-disabled): - Register tab: creates account + logs in + links device → /setup/{mac}/configure - Login tab: manual credential check via UserPasswordHasherInterface + Security::login() + links device → /setup/{mac}/configure - Re-provisioning: DeviceService.linkToUser() atomically transfers ownership + stubs purgeDeviceHistory() (completed in Epic 3 when Image/Approval entities exist) Story 2.3 — /setup/{mac}/configure (requires auth): - GET: device name, orientation (landscape/portrait), rotation interval (6/12/24/48/168h), uniqueness window (5/10/20/50 cycles) - POST: validates name, saves to Device entity, redirects to Vue SPA - Device entity: mac, name, orientation (Orientation enum), rotationIntervalHours, uniquenessWindow, user (ManyToOne), linkedAt - PATCH /api/devices/{id}: Vue SPA can edit any device field (Story 2.3 "edit from app") - GET /api/devices: list authenticated user's devices - Migration: create device table with Orientation enum column Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-28 00:47:14 -04:00
parent 15bab87998
commit fb380c45bd
10 changed files with 620 additions and 0 deletions
@@ -0,0 +1,86 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller;
+
+use App\Entity\Device;
+use App\Entity\User;
+use App\Enum\Orientation;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
+
+#[Route('/api/devices')]
+#[IsGranted('ROLE_USER')]
+class DeviceApiController extends AbstractController
+{
+    #[Route('', name: 'api_devices_list', methods: ['GET'])]
+    public function list(EntityManagerInterface $em): JsonResponse
+    {
+        /** @var User $user */
+        $user = $this->getUser();
+        $devices = $em->getRepository(Device::class)->findBy(['user' => $user]);
+
+        return $this->json(array_map($this->serialize(...), $devices));
+    }
+
+    #[Route('/{id}', name: 'api_device_update', methods: ['PATCH'])]
+    public function update(int $id, Request $request, EntityManagerInterface $em): JsonResponse
+    {
+        /** @var User $user */
+        $user   = $this->getUser();
+        $device = $em->getRepository(Device::class)->findOneBy(['id' => $id, 'user' => $user]);
+
+        if (!$device) {
+            return $this->json(['error' => 'Device not found'], Response::HTTP_NOT_FOUND);
+        }
+
+        $body = json_decode($request->getContent(), true) ?? [];
+
+        if (isset($body['name'])) {
+            $name = trim((string) $body['name']);
+            if (empty($name)) {
+                return $this->json(['error' => 'Name cannot be empty'], Response::HTTP_UNPROCESSABLE_ENTITY);
+            }
+            $device->setName($name);
+        }
+
+        if (isset($body['orientation'])) {
+            $orientation = Orientation::tryFrom($body['orientation']);
+            if (!$orientation) {
+                return $this->json(['error' => 'Invalid orientation'], Response::HTTP_UNPROCESSABLE_ENTITY);
+            }
+            $device->setOrientation($orientation);
+        }
+
+        if (isset($body['rotationIntervalHours'])) {
+            $device->setRotationIntervalHours(max(1, (int) $body['rotationIntervalHours']));
+        }
+
+        if (isset($body['uniquenessWindow'])) {
+            $device->setUniquenessWindow(max(1, (int) $body['uniquenessWindow']));
+        }
+
+        $em->flush();
+
+        return $this->json($this->serialize($device));
+    }
+
+    private function serialize(Device $d): array
+    {
+        return [
+            'id'                   => $d->getId(),
+            'mac'                  => $d->getMac(),
+            'name'                 => $d->getName(),
+            'orientation'          => $d->getOrientation()->value,
+            'rotationIntervalHours' => $d->getRotationIntervalHours(),
+            'uniquenessWindow'     => $d->getUniquenessWindow(),
+            'linkedAt'             => $d->getLinkedAt()->format(\DateTimeInterface::ATOM),
+        ];
+    }
+}
@@ -0,0 +1,152 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller;
+
+use App\Entity\Device;
+use App\Entity\User;
+use App\Enum\Orientation;
+use App\Form\RegistrationFormType;
+use App\Service\DeviceService;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
+
+#[Route('/setup/{mac}', requirements: ['mac' => '[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}'])]
+class SetupController extends AbstractController
+{
+    #[Route('', name: 'setup_index', methods: ['GET', 'POST'])]
+    public function index(
+        string $mac,
+        Request $request,
+        UserPasswordHasherInterface $hasher,
+        EntityManagerInterface $em,
+        Security $security,
+        DeviceService $deviceService,
+    ): Response {
+        // If already authenticated, link device and proceed to configure
+        if ($this->getUser()) {
+            /** @var User $user */
+            $user = $this->getUser();
+            $device = $deviceService->linkToUser($mac, $user);
+            if (empty($device->getName())) {
+                return $this->redirectToRoute('setup_configure', ['mac' => $mac]);
+            }
+            return $this->redirectToRoute('spa');
+        }
+
+        $regForm  = $this->createForm(RegistrationFormType::class, new User(), [
+            'action' => $this->generateUrl('setup_register', ['mac' => $mac]),
+        ]);
+        $loginError = $request->getSession()->get('_setup_login_error');
+        $request->getSession()->remove('_setup_login_error');
+
+        return $this->render('setup/index.html.twig', [
+            'mac'        => $mac,
+            'reg_form'   => $regForm,
+            'login_error' => $loginError,
+        ]);
+    }
+
+    #[Route('/register', name: 'setup_register', methods: ['POST'])]
+    public function register(
+        string $mac,
+        Request $request,
+        UserPasswordHasherInterface $hasher,
+        EntityManagerInterface $em,
+        Security $security,
+        DeviceService $deviceService,
+    ): Response {
+        $user = new User();
+        $form = $this->createForm(RegistrationFormType::class, $user);
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            /** @var string $plain */
+            $plain = $form->get('plainPassword')->getData();
+            $user->setPassword($hasher->hashPassword($user, $plain));
+            $em->persist($user);
+            $em->flush();
+
+            $security->login($user, 'form_login', 'main');
+            $deviceService->linkToUser($mac, $user);
+
+            return $this->redirectToRoute('setup_configure', ['mac' => $mac]);
+        }
+
+        return $this->render('setup/index.html.twig', [
+            'mac'         => $mac,
+            'reg_form'    => $form,
+            'login_error' => null,
+        ]);
+    }
+
+    #[Route('/login', name: 'setup_login', methods: ['POST'])]
+    public function login(
+        string $mac,
+        Request $request,
+        UserPasswordHasherInterface $hasher,
+        EntityManagerInterface $em,
+        Security $security,
+        DeviceService $deviceService,
+    ): Response {
+        $email    = trim((string) $request->request->get('_username', ''));
+        $password = (string) $request->request->get('_password', '');
+
+        $user = $em->getRepository(User::class)->findOneBy(['email' => $email]);
+        if ($user && $hasher->isPasswordValid($user, $password)) {
+            $security->login($user, 'form_login', 'main');
+            $deviceService->linkToUser($mac, $user);
+            return $this->redirectToRoute('setup_configure', ['mac' => $mac]);
+        }
+
+        $request->getSession()->set('_setup_login_error', 'Incorrect email or password');
+        return $this->redirectToRoute('setup_index', ['mac' => $mac]);
+    }
+
+    #[Route('/configure', name: 'setup_configure', methods: ['GET', 'POST'])]
+    #[IsGranted('ROLE_USER')]
+    public function configure(
+        string $mac,
+        Request $request,
+        EntityManagerInterface $em,
+        DeviceService $deviceService,
+    ): Response {
+        /** @var User $user */
+        $user   = $this->getUser();
+        $device = $deviceService->linkToUser($mac, $user);
+
+        if ($request->isMethod('POST')) {
+            $name   = trim((string) $request->request->get('name', ''));
+            $orient = $request->request->get('orientation', Orientation::Landscape->value);
+            $interval  = (int) $request->request->get('rotation_interval_hours', 24);
+            $window    = (int) $request->request->get('uniqueness_window', 10);
+
+            if (empty($name)) {
+                return $this->render('setup/configure.html.twig', [
+                    'device' => $device,
+                    'error'  => 'Please enter a name for your frame.',
+                ]);
+            }
+
+            $device->setName($name);
+            $device->setOrientation(Orientation::from($orient));
+            $device->setRotationIntervalHours(max(1, $interval));
+            $device->setUniquenessWindow(max(1, $window));
+            $em->flush();
+
+            return $this->redirectToRoute('spa');
+        }
+
+        return $this->render('setup/configure.html.twig', [
+            'device' => $device,
+            'error'  => null,
+        ]);
+    }
+}