src/FHI360/Access/Portal/Controller/SecurityController.php line 23

Open in your IDE?
  1. <?php 
  3. namespace App\FHI360\Access\Portal\Controller;
  5. //use http\Env\Response;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Bundle\FrameworkBundle\Controller\Controller;
  8. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  9. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
  10. use Symfony\Component\HttpFoundation\RedirectResponse;
  11. use Symfony\Component\HttpFoundation\Response;
  12. use \Curl\Curl;
  13. use Symfony\Component\Security\Core\Security;
  14. use Symfony\Component\HttpFoundation\Cookie;
  16. class SecurityController extends Controller
  17. {    
  18.     protected $authorizationChecker;
  19.     
  20.     /**
  21.      * @Route("/login", name="login")
  22.      */
  23.     public function loginAction(Request $request)
  24.     {
  25.         $this->authorizationChecker $this->get('security.authorization_checker');
  27.         // if user is logged in already, redirect to portal dashboard
  28.         if ($this->authorizationChecker->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
  29.             return new RedirectResponse($this->generateUrl('portal'));
  30.         }
  31.         
  32.         $authenticationUtils $this->get('security.authentication_utils');
  33.         
  34.         // get the login error if there is one
  35.         $error $authenticationUtils->getLastAuthenticationError();        
  36.         // last username entered by the user
  37.         $lastUsername $authenticationUtils->getLastUsername();
  38.         $check_if_javascript_is_enabled $this->getParameter("check_if_javascript_is_enabled");
  39.         $check_if_cookie_is_enabled $this->getParameter("check_if_cookie_is_enabled");
  40.         
  41.         //Check Browser compatibility
  42.         $suiteUtils $this->container->get('suite_utils');
  43.         $browser_details $suiteUtils->getBrowserDetails();
  44.         $browserName $browser_details['name'];
  45.         $acceptableBrowser = array('Mozilla Firefox','Apple Safari','Google Chrome''Microsoft Edge');
  47.         if(in_array($browserName,$acceptableBrowser)){
  48.             $check_browser_compatible "yes";
  49.         }else{
  50.             $check_browser_compatible "no";
  51.         }
  53.         return $this->render('Portal/Security/login.html.twig', array(
  54.             'lastUserName' => $lastUsername,
  55.             'check_browser_compatible' => $check_browser_compatible,
  56.             'check_if_javascript_is_enabled' => $check_if_javascript_is_enabled,
  57.             'check_if_cookie_is_enabled' => $check_if_cookie_is_enabled
  58.         ));
  59.     }
  60.     
  61.     /**
  62.      * @Route("/login_check", name="login_check")
  63.      */
  64.     public function loginCheckAction(Request $request)
  65.     {
  66.         return $this->render('Portal/Security/login.html.twig');
  67.     }
  68.     
  69.     /**
  70.      * @Route("/logout", name="logout")
  71.      */
  72.     public function logoutAction(){
  73.         throw new \Exception('This should not be reached!');
  74.     }
  76.     /**
  77.      * @Route("/extend_session", name="extend_session")
  78.      */
  79.     public function extendSessionAction(Request $request)
  80.     {
  81.         if ($request->hasSession()) {
  82.             $session $request->getSession();
  84.             if (isset($_COOKIE["PHPSESSID"])) {
  85.                 $session_created $session->getMetadataBag()->getCreated();
  86.                 $session_lifetime $session->getMetadataBag()->getLifetime();
  87.                 $session_expire_time $session_created $session_lifetime;
  88.                 $time_to_expire $session_expire_time time();
  90.                 //only ask user to extend the session when we have less than 15 minutes left
  91.                 $minutes_before_prompt $this->getParameter("session_timeout_timer_minutes");
  92.                 if ($time_to_expire && $time_to_expire $minutes_before_prompt 60) {
  93.                     $request->getSession()->migrate(true); //keep session active but generate new session id
  94.                     
  95.                     //set same session/cookie for suitecrm
  96.                     setcookie("PHPSESSID"$session->get('suite_session'), time()+$session_lifetime"/crm");
  97.                 }
  98.             }
  99.         }
  101.         $redirectUrl "https://{$this->getParameter('portal_domain')}";
  103.         return new RedirectResponse($redirectUrl);
  104.     }
  106.     /**
  107.      * @Route("/check_session", name="check_session")
  108.      */
  109.     public function checkSessionAction(Request $request)
  110.     {
  111.         $display_timeout_modal "false";
  112.         $this->authorizationChecker $this->get('security.authorization_checker');
  114.         // if user is logged in already, redirect to portal dashboard
  115.         if ($this->authorizationChecker->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
  116.             if ($request->hasSession()) {
  117.                 $session $request->getSession();
  119.                 if (isset($_COOKIE["PHPSESSID"])) {
  120.                     $session_created $session->getMetadataBag()->getCreated();
  121.                     $session_lifetime $session->getMetadataBag()->getLifetime();
  122.                     $session_expire_time $session_created $session_lifetime;
  123.                     $time_to_expire $session_expire_time time();
  125.                     //only ask user to extend the session when we have less than 15 minutes left
  126.                     $minutes_before_prompt $this->getParameter("session_timeout_timer_minutes");
  127.                     if ($time_to_expire && $time_to_expire $minutes_before_prompt 60) {
  128.                         $display_timeout_modal $time_to_expire;
  129.                     }
  130.                 }
  131.             }
  132.         }
  133.         return new Response($display_timeout_modal);
  134.     }
  136.     /**
  137.      * @Route("/reset-password", name="reset-password")
  138.      */
  139.     public function forgotPasswordAction(Request $request)
  140.     {
  141.         return $this->render('Portal/Security/reset-password.html.twig', array(
  142.                 'recaptcha_site_key' => $this->getParameter('recaptcha_site_key'),
  143.                 'forgot_password_url' => $this->getParameter('forgot_password_url'),
  144.                 'lastEmail' => "",
  145.         ));
  146.     }
  148.     /**
  149.      * @Route("/changenewpassword", name="Changenewpassword")
  150.      */
  151.     public function changenewpasswordAction(Request $request)
  152.     {
  153.         $suiteUtils $this->container->get('suite_utils');
  154.         $password_link_id $request->query->get('guid');
  155.         $password_link_details $suiteUtils->getPasswordLinkDetails($password_link_id);
  156.         $linkexpiration 24;
  157.         $expired='0';
  158.         if(sizeof($password_link_details)==0){
  159.             // Set success error message
  160.             $this->addFlash(
  161.                 'error',
  162.                 'The reset password link has been expired. Please create a new one using forgot password'
  163.             );
  165.             // Redirect to login page
  166.             return $this->redirectToRoute('login');
  167.         }
  168.         $password_link_details $password_link_details[0];
  169.         if($linkexpiration){
  170.             $delay=$linkexpiration*60*60;
  171.             $stim strtotime($password_link_details['date_generated']) + date('Z');
  172.             $expiretime =$stim+$delay;
  173.             $timenow time();
  174.             if ($timenow $expiretime){
  175.                 // Set success error message
  176.                 $this->addFlash(
  177.                     'error',
  178.                     'The reset password link has been expired. Please create a new one using forgot password'
  179.                 );
  181.                 // Redirect to login page
  182.                 return $this->redirectToRoute('login');
  183.             }
  184.         }
  185.         $file $this->get('kernel')->getProjectDir().'/password-requirements.json';
  186.         $password_settings json_decode(file_get_contents($file),true);
  187.         $data = array(
  188.             'tools' => '',
  189.             'username' => $password_link_details['username'],
  190.             'guid' => $password_link_id,
  191.             'first_name' => $password_link_details['first_name'],
  192.             'last_name' => $password_link_details['last_name'],
  193.             'email' => $password_link_details['email'],
  194.             'password_settings'=>$password_settings,
  195.         );
  196.         return $this->render('Portal/Security/generate-password.html.twig',$data);
  198.     }
  200.     /**
  201.      * @Route("/changenewpassword/submit", name="changenewpassword-submit")
  202.      */
  203.     public function changenewpasswordSubmitAction(Request $request){
  205.         // FHI360\Access\SuiteBundle\Service\SuiteUtils
  206.         $suiteUtils $this->container->get('suite_utils');
  208.         // Get the fields from request
  209.         $form_user_name $request->request->get('user_name');
  210.         $form_new_password $request->request->get('new_password');
  211.         $form_confirm_password $request->request->get('confirm_password');
  212.         $form_guid $request->request->get('guid');
  213.         $firstName $request->request->get('first_name');
  214.         $lastName $request->request->get('last_name');
  215.         $email $request->request->get('email');
  217.         $file $this->get('kernel')->getProjectDir().'/password-requirements.json';
  218.         $password_settings json_decode(file_get_contents($file),true);
  220.         $password_ok true;
  222.         if(!empty($form_new_password)) {
  223.             if(empty($form_confirm_password)) {
  225.                 $this->addFlash(
  226.                     'error',
  227.                     "Please enter Confirmation Password"
  228.                 );
  229.                 $password_ok false;
  230.                 return $this->redirect('/changenewpassword?guid='.$form_guid);
  231.             } else if($form_new_password !== $form_confirm_password) {
  232.                 $this->addFlash(
  233.                     'error',
  234.                     "New and Confirmation Passwords don't match"
  235.                 );
  236.                 $password_ok false;
  237.                 return $this->redirect('/changenewpassword?guid='.$form_guid);
  238.             }
  239.             $password_requirements $suiteUtils->validatePasswordRequirements($file,$form_new_password,strtolower($form_user_name),strtolower($firstName),strtolower($lastName),strtolower($email));
  240.             if(!$password_requirements['valid']){
  241.                 $this->addFlash(
  242.                     'error',
  243.                     $password_requirements['message']
  244.                 );
  245.                 $password_ok false;
  246.                 return $this->redirect('/changenewpassword?guid='.$form_guid);
  247.             }
  248.         }
  251.         if($password_ok && !empty($form_new_password) && !empty($form_confirm_password) && !empty($form_user_name)){
  253.             $sugarURL $this->getParameter('suitecrml_url');
  254.             $url $sugarURL "/index.php?entryPoint=change_new_password";
  256.             $curl = new Curl($url);
  257.             $curl->setOpt(CURLOPT_SSL_VERIFYPEERfalse);
  258.             $curl->setOpt(CURLOPT_RETURNTRANSFERtrue);
  259.             $curl->setOpt(CURLOPT_FOLLOWLOCATIONfalse);
  261.             $post_param = array(
  262.                 'user_name' => $form_user_name,
  263.                 'new_password' => trim($form_new_password),
  264.                 'guid' => $form_guid,
  265.                 'previous_passwords' => $password_settings['previous_passwords']['required'],
  266.                 'previous_passwords_count' => $password_settings['previous_passwords']['min'],
  268.             );
  270.             $curl->post($url$post_param);
  272.             $response_data json_decode(json_encode($curl->response), true);
  273.             if(isset($response_data) && $response_data==false) {
  274.                 $this->addFlash('error'"There was an error when trying to change your password.");
  275.                 return $this->redirect('/changenewpassword?guid='.$form_guid);
  276.             }else if(isset($response_data) && $response_data=='password_used'){
  277.                 $this->addFlash('error'$password_settings['previous_passwords']['message']);
  278.                 return $this->redirect('/changenewpassword?guid='.$form_guid);
  279.             }
  280.             else {
  281.                 $this->addFlash('notice'"Your password has been reset.");
  282.                 return $this->redirectToRoute('login');
  283.             }
  285.         }else{
  286.             return $this->redirect('/changenewpassword?guid='.$form_guid);
  287.         }
  289.     }
  290.     
  291.     /**
  292.      * @Route("/send-forgot-password", name="send-forgot-password")
  293.      */
  294.     public function sendForgotPasswordAction(Request $request)
  295.     {
  296.         // FHI360\Access\SuiteBundle\Service\SuiteUtils
  297.         $suiteUtils $this->container->get('suite_utils');
  298.         
  299.         $lastEmail = !empty($request->request->get('fp_user_mail')) ? $request->request->get('fp_user_mail') : "";
  300.         
  301.         // Set URL to verify user captcha before calling SuiteCRM reset password endpoint        
  302.         $recaptcha_verify_url $this->getParameter('recaptcha_verify_url');
  303.         $curl = new Curl($recaptcha_verify_url);
  304.         
  305.         $curl->setOpt(CURLOPT_SSL_VERIFYPEERfalse);
  306.         $curl->setOpt(CURLOPT_RETURNTRANSFERtrue);
  307.         $curl->setOpt(CURLOPT_FOLLOWLOCATIONfalse);        
  308.         
  309.         // Setting the values defined at 
  310.         // https://www.google.com/recaptcha/admin#site/338881496?setup
  311.         $post = array(
  312.                 'secret' => $this->getParameter('recaptcha_secret_key'),
  313.                 'response' => $request->request->get('g-recaptcha-response'),
  314.         );
  315.         
  316.         $curl->post($recaptcha_verify_url$post);
  317.         
  318.         $response_data json_decode(json_encode($curl->response), true);  
  319.         
  320.         // If captcha verified send forgot password 
  321.         // email and redirect to login page
  322.         if($response_data['success']){
  323.             
  324.             $userName $request->request->get('fp_user_name');
  325.             //Check Restrict user before sending any email
  326.             $userRestrictCheck $suiteUtils->getUserRestrictCheck($userName);
  327.             if($userRestrictCheck == 1){
  328.                 $this->addFlash('error''Invalid User Login');
  329.                 // Redirect to login page
  330.                 return $this->redirectToRoute('login');
  331.             }
  332.             
  333.             // Call SuiteCRM to send reset password email
  334.             $post = array(
  335.                     'user_name' => $request->request->get('fp_user_name'),
  336.                     'user_email' => $request->request->get('fp_user_mail'),
  337.                     'link' => '1',
  338.             );
  339.             
  340.             $sugarURL "https://{$this->getParameter('suite_domain')}";
  341.             $curl->post("$sugarURL/index.php?entryPoint=GeneratePassword"$post);
  342.             $response_data json_decode(json_encode($curl->response), true);  
  343.             
  344.             if($response_data == "1"){
  345.                 
  346.                 // Set success error message
  347.                 $this->addFlash(
  348.                     'notice',
  349.                     'The email was sent! Please check your inbox to reset your password.'
  350.                 );
  351.                 
  352.                 // Redirect to login page
  353.                 return $this->redirectToRoute('login');
  354.             } else {
  355.                 // Set email address
  356.                 
  357.                 // Show error
  358.                 $this->addFlash(
  359.                     'error',
  360.                     "The email couldn't be sent, please check your email address or contact the Access Tech Team."
  361.                 );
  362.             }            
  363.             
  364.         } else {
  365.             // Show error
  366.             $this->addFlash(
  367.                 'error',
  368.                 "Please complete the reCaptcha challenge before submitting your request."
  369.             );
  370.         }
  371.         
  372.         return $this->render('Portal/Security/reset-password.html.twig', array(
  373.                 'recaptcha_site_key' => $this->getParameter('recaptcha_site_key'),
  374.                 'forgot_password_url' => $this->getParameter('forgot_password_url'),
  375.                 'lastEmail' => $lastEmail
  376.         ));
  377.     }
  379.     /**
  380.      * @Route("/changepassword", name="Changepassword")
  381.      */
  382.     public function changepasswordAction(Request $request)
  383.     {
  384.         $suiteUtils $this->container->get('suite_utils');
  385.         $password_link_id $request->query->get('guid');
  386.         $password_link_details $suiteUtils->getPasswordLinkDetails($password_link_id);
  387.         if(sizeof($password_link_details)==0){
  388.             // Set success error message
  389.             $this->addFlash(
  390.                 'error',
  391.                 'The reset password link has been expired. Please create a new one using forgot password'
  392.             );
  394.             // Redirect to login page
  395.             return $this->redirectToRoute('login');
  396.         }
  397.         $password_link_details $password_link_details[0];
  398.         $file $this->get('kernel')->getProjectDir().'/password-requirements.json';
  399.         $password_settings json_decode(file_get_contents($file),true);
  400.         $data = array(
  401.             'tools' => '',
  402.             'username' => $password_link_details['username'],
  403.             'guid' => $password_link_id,
  404.             'first_name' => $password_link_details['first_name'],
  405.             'last_name' => $password_link_details['last_name'],
  406.             'email' => $password_link_details['email'],
  407.             'password_settings'=>$password_settings,
  408.         );
  409.         return $this->render('Portal/Security/change-old-password.html.twig',$data);
  411.     }
  413.     /**
  414.      * @Route("/changepassword/submit", name="changepassword-submit")
  415.      */
  416.     public function changepasswordSubmitAction(Request $request){
  418.         // FHI360\Access\SuiteBundle\Service\SuiteUtils
  419.         $suiteUtils $this->container->get('suite_utils');
  421.         // Get the fields from request
  422.         $form_user_name $request->request->get('user_name');
  423.         $form_old_password $request->request->get('old_password');
  424.         $form_new_password $request->request->get('new_password');
  425.         $form_confirm_password $request->request->get('confirm_password');
  426.         $form_guid $request->request->get('guid');
  427.         $firstName $request->request->get('first_name');
  428.         $lastName $request->request->get('last_name');
  429.         $email $request->request->get('email');
  431.         $file $this->get('kernel')->getProjectDir().'/password-requirements.json';
  432.         $password_settings json_decode(file_get_contents($file),true);
  434.         $password_ok true;
  436.         if(!empty($form_new_password)) {
  437.             if(empty($form_old_password)) {
  439.                 $this->addFlash(
  440.                     'error',
  441.                     "Please enter Current Password"
  442.                 );
  443.                 $password_ok false;
  444.                 return $this->redirect('/changepassword?guid='.$form_guid);
  445.             }
  446.             else if(empty($form_confirm_password)) {
  448.                 $this->addFlash(
  449.                     'error',
  450.                     "Please enter Confirmation Password"
  451.                 );
  452.                 $password_ok false;
  453.                 return $this->redirect('/changepassword?guid='.$form_guid);
  454.             } else if($form_new_password !== $form_confirm_password) {
  455.                 $this->addFlash(
  456.                     'error',
  457.                     "New and Confirmation Passwords don't match"
  458.                 );
  459.                 $password_ok false;
  460.                 return $this->redirect('/changepassword?guid='.$form_guid);
  461.             }
  462.             $password_requirements $suiteUtils->validatePasswordRequirements($file,$form_new_password,strtolower($form_user_name),strtolower($firstName),strtolower($lastName),strtolower($email));
  463.             if(!$password_requirements['valid']){
  464.                 $this->addFlash(
  465.                     'error',
  466.                     $password_requirements['message']
  467.                 );
  468.                 $password_ok false;
  469.                 return $this->redirect('/changepassword?guid='.$form_guid);
  470.             }
  471.         }
  474.         if($password_ok && !empty($form_new_password) && !empty($form_confirm_password) && !empty($form_user_name)){
  476.             $sugarURL $this->getParameter('suitecrml_url');
  477.             $url $sugarURL "/index.php?entryPoint=change_new_password";
  479.             $curl = new Curl($url);
  480.             $curl->setOpt(CURLOPT_SSL_VERIFYPEERfalse);
  481.             $curl->setOpt(CURLOPT_RETURNTRANSFERtrue);
  482.             $curl->setOpt(CURLOPT_FOLLOWLOCATIONfalse);
  484.             $post_param = array(
  485.                 'user_name' => $form_user_name,
  486.                 'old_password' => trim($form_old_password),
  487.                 'new_password' => trim($form_new_password),
  488.                 'guid' => $form_guid,
  489.                 'previous_passwords' => $password_settings['previous_passwords']['required'],
  490.                 'previous_passwords_count' => $password_settings['previous_passwords']['min'],
  492.             );
  494.             $curl->post($url$post_param);
  495.             $response_data json_decode(json_encode($curl->response), true);
  497.             $this->container->get('session')->getFlashBag()->clear();
  498.             if(isset($response_data) && $response_data==false) {
  499.                 $this->addFlash('error'"There was an error when trying to change your password.");
  500.                 return $this->redirect('/changepassword?guid='.$form_guid);
  501.             }else if(isset($response_data) && $response_data=='password_failed'){
  502.                 $this->addFlash('error''There was an error when trying to change your password, make sure the current password is correct.');
  503.                 return $this->redirect('/changepassword?guid='.$form_guid);
  504.             }else if(isset($response_data) && $response_data=='password_used'){
  505.                 $this->addFlash('error'$password_settings['previous_passwords']['message']);
  506.                 return $this->redirect('/changepassword?guid='.$form_guid);
  507.             }
  508.             else {
  509.                 $this->addFlash('notice'"Your password has been reset.");
  510.                 return $this->redirectToRoute('login');
  511.             }
  513.         }else{
  514.             return $this->redirect('/changepassword?guid='.$form_guid);
  515.         }
  517.     }
  519.     /**
  520.      * @Route("/policies", name="policies")
  521.      */
  522.     public function policies(Request $request)
  523.     {
  524.         if($this->getParameter("enable_disclaimer")=='no'){
  525.             return $this->redirect('/');
  526.         }
  527.         $suiteUtils $this->container->get('suite_utils');
  528.         $gid $request->query->get('guid');
  529.         if(isset($gid) && $gid!=""){
  530.             $password_link_details $suiteUtils->getPasswordLinkDetails($gid);
  531.             if(sizeof($password_link_details)==0){
  532.                 // Set success error message
  533.                 $this->addFlash(
  534.                     'error',
  535.                     'The link has been expired.'
  536.                 );
  538.                 // Redirect to login page
  539.                 return $this->redirectToRoute('login');
  540.             }
  541.         }
  542.         $file $this->get('kernel')->getProjectDir().'/policy-document.txt';
  543.         $policy_content file_get_contents($file,FILE_IGNORE_NEW_LINES);
  544.         $data = array(
  545.             'tools' => '',
  546.             'policy_content' => nl2br($policy_content,true),
  547.             'guid' => $gid
  548.         );
  549.         return $this->render('Portal/Security/policies.html.twig',$data);
  551.     }
  553.     /**
  554.      * @Route("/policies-submit", name="policies-submit")
  555.      */
  556.     public function policiesSubmitAction(Request $request)
  557.     {
  558.         $suiteUtils $this->container->get('suite_utils');
  559.         if($this->get('security.token_storage')->getToken() != null && $this->get('security.token_storage')->getToken()->getUsername() != 'anon.'){
  560.             $user $this->get('security.token_storage')->getToken()->getUser();
  561.             $user_id $user->getID();
  562.             $user_name $user->getUsername();
  563.             $suiteUtils->saveUserAcceptedTerms($user_id,$user_name);
  564.             $request->getSession()->set("user_accepted_terms",'yes');
  565.             return $this->redirect('/');
  566.         }else{
  567.             $gid $request->request->get('guid');
  568.             if(isset($gid) && $gid!=""){
  569.                 $password_link_details $suiteUtils->getPasswordLinkDetails($gid);
  570.                 if(sizeof($password_link_details)==0){
  571.                     // Set success error message
  572.                     $this->addFlash(
  573.                         'error',
  574.                         'The link has been expired.'
  575.                     );
  577.                     // Redirect to login page
  578.                     return $this->redirectToRoute('login');
  579.                 }
  580.                 $suiteUtils->saveUserAcceptedTerms($password_link_details[0]['user_id'],$password_link_details[0]['username']);
  581.                 return $this->redirect('/changepassword?guid='.$gid);
  582.             }
  584.         }
  585.     }
  587.     /**
  588.      * @Route("/set-user-consent", name="set-user-consent")
  589.      */
  590.     public function setUserConsentAction(Request $request){
  591.         $user $this->get('security.token_storage')->getToken()->getUser();
  592.         $suiteUtils $this->container->get('suite_utils');
  593.         
  594.         $user_id $user->getID();
  595.         $suiteUtils->saveUserConsent($user_id);
  596.         
  597.         return $this->redirectToRoute('login');
  598.     }
  599.     
  600.     
  601.     /**
  602.      * @Route("/masquerade", name="masquerade")
  603.      * @author Mahesh
  604.      * Check if the logged in user is admin and rewrite
  605.      * the session to make the logged in user as requested user.
  606.      */
  607.     public function masqueradeAction(Request $request)
  608.     {
  609.         $this->authorizationChecker $this->get('security.authorization_checker');
  610.         if ($this->authorizationChecker->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
  611.             if ($request->hasSession()) {
  612.                 $user $this->get('security.token_storage')->getToken()->getUser();
  613.                 $suiteUtils $this->container->get('suite_utils');
  614.                 $user_has_switch_permission $suiteUtils->getUserPermissionForSwitchUser($user->getID());
  615.                 if($user_has_switch_permission){
  616.                     setcookie("masquerade""true");
  617.                     return $this->redirect("/?_swtich_user=".$request->query->get('username'));
  618.                 }else{
  619.                     return new RedirectResponse($this->generateUrl('portal'));
  620.                 }
  621.             }
  623.         }
  625.     }
  627. }