From 676b563046cb60c872c96f42711401b5b6c09cd4 Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Thu, 2 Nov 2023 16:30:35 +0100
Subject: [PATCH 01/20] feat: 108625 Update entity to handle email protection +
 generate new FormType

---
 bundle/Entity/ProtectedAccess.php             | 24 +++++++--
 bundle/Form/ProtectedAccessType.php           |  4 +-
 .../Form/RequestEmailProtectedAccessType.php  | 46 +++++++++++++++++
 bundle/Listener/PreContentView.php            | 51 ++++++++++++++-----
 .../translations/ezprotectedcontent.en.yml    |  2 +
 .../translations/ezprotectedcontent.fr.yml    |  2 +
 .../views/tabs/protected_content.html.twig    |  3 ++
 7 files changed, 114 insertions(+), 18 deletions(-)
 create mode 100644 bundle/Form/RequestEmailProtectedAccessType.php

diff --git a/bundle/Entity/ProtectedAccess.php b/bundle/Entity/ProtectedAccess.php
index ba2a022..6a96962 100644
--- a/bundle/Entity/ProtectedAccess.php
+++ b/bundle/Entity/ProtectedAccess.php
@@ -38,8 +38,7 @@ class ProtectedAccess implements ContentInterface
     /**
      * @var string
      *
-     * @ORM\Column(type="string", length=255, nullable=false)
-     * @Assert\NotBlank()
+     * @ORM\Column(type="string", length=255, nullable=true)
      * @Assert\Length(max=255)
      */
     protected $password;
@@ -51,6 +50,13 @@ class ProtectedAccess implements ContentInterface
      */
     protected $enabled;
 
+    /**
+     * @var bool
+     *
+     * @ORM\Column(type="boolean", nullable=false)
+     */
+    protected $asEmail = false;
+
     /**
      * @var bool
      *
@@ -76,12 +82,24 @@ public function setId(int $id): self
         return $this;
     }
 
+    public function getAsEmail(): bool
+    {
+        return $this->asEmail ?? false;
+    }
+
+    public function setAsEmail(bool $asEmail): self
+    {
+        $this->asEmail = $asEmail;
+
+        return $this;
+    }
+
     public function getPassword(): string
     {
         return $this->password ?? '';
     }
 
-    public function setPassword(string $password): self
+    public function setPassword(?string $password = ''): self
     {
         $this->password = $password;
 
diff --git a/bundle/Form/ProtectedAccessType.php b/bundle/Form/ProtectedAccessType.php
index 6b5d384..40cda92 100644
--- a/bundle/Form/ProtectedAccessType.php
+++ b/bundle/Form/ProtectedAccessType.php
@@ -31,7 +31,9 @@ public function buildForm(FormBuilderInterface $builder, array $options): void
                     ['label' => 'tab.table.th.children_protection', 'required' => false]
                 )
                 ->add('enabled', CheckboxType::class, ['label' => 'tab.table.th.enabled', 'required' => false])
-                ->add('password', TextType::class, ['required' => true, 'label' => 'tab.table.th.password']);
+                ->add('password', TextType::class, ['required' => false, 'label' => 'tab.table.th.password'])
+                ->add('asEmail', CheckboxType::class, ['label' => 'tab.table.th.as_email', 'required' => false])
+        ;
     }
 
     public function configureOptions(OptionsResolver $resolver): void
diff --git a/bundle/Form/RequestEmailProtectedAccessType.php b/bundle/Form/RequestEmailProtectedAccessType.php
new file mode 100644
index 0000000..4a82e19
--- /dev/null
+++ b/bundle/Form/RequestEmailProtectedAccessType.php
@@ -0,0 +1,46 @@
+<?php
+/**
+ * NovaeZProtectedContentBundle.
+ *
+ * @package   Novactive\Bundle\eZProtectedContentBundle
+ *
+ * @author    Novactive
+ * @copyright 2019 Novactive
+ * @license   https://github.com/Novactive/eZProtectedContentBundle/blob/master/LICENSE MIT Licence
+ */
+declare(strict_types=1);
+
+namespace Novactive\Bundle\eZProtectedContentBundle\Form;
+
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\EmailType;
+use Symfony\Component\Form\Extension\Core\Type\SubmitType;
+use Symfony\Component\Form\Extension\Core\Type\TextType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+
+class RequestEmailProtectedAccessType extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $builder->add(
+            'email',
+            EmailType::class,
+            [
+                'required' => true,
+                'label' => 'tab.table.th.email',
+            ]
+        );
+
+        $builder->add('submit', SubmitType::class);
+    }
+
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver->setDefaults(
+            [
+                'translation_domain' => 'ezprotectedcontent',
+            ]
+        );
+    }
+}
diff --git a/bundle/Listener/PreContentView.php b/bundle/Listener/PreContentView.php
index ba47bdb..1dd9318 100644
--- a/bundle/Listener/PreContentView.php
+++ b/bundle/Listener/PreContentView.php
@@ -17,6 +17,7 @@
 use eZ\Publish\Core\MVC\Symfony\Event\PreContentViewEvent;
 use eZ\Publish\Core\MVC\Symfony\View\ContentView;
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedAccess;
+use Novactive\Bundle\eZProtectedContentBundle\Form\RequestEmailProtectedAccessType;
 use Novactive\Bundle\eZProtectedContentBundle\Form\RequestProtectedAccessType;
 use Symfony\Component\Form\FormFactoryInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
@@ -78,18 +79,25 @@ public function onPreContentView(PreContentViewEvent $event)
         $canRead = $this->permissionResolver->canUser('private_content', 'read', $content);
 
         if (!$canRead) {
-            $cookies = $this->requestStack->getCurrentRequest()->cookies;
-            foreach ($cookies as $name => $value) {
-                if (PasswordProvided::COOKIE_PREFIX !== substr($name, 0, \strlen(PasswordProvided::COOKIE_PREFIX))) {
-                    continue;
-                }
-                if (str_replace(PasswordProvided::COOKIE_PREFIX, '', $name) !== $value) {
-                    continue;
-                }
-                foreach ($protections as $protection) {
-                    /** @var ProtectedAccess $protection */
-                    if (md5($protection->getPassword()) === $value) {
-                        $canRead = true;
+            $request = $this->requestStack->getCurrentRequest();
+
+            if ($request->query->has('mail') && $request->query->has('token')) {
+                dump($this->requestStack->getCurrentRequest()->query->get('token'));
+                dump($this->requestStack->getCurrentRequest()->query->get('mail'));
+            } else {
+                $cookies = $request->cookies;
+                foreach ($cookies as $name => $value) {
+                    if (PasswordProvided::COOKIE_PREFIX !== substr($name, 0, \strlen(PasswordProvided::COOKIE_PREFIX))) {
+                        continue;
+                    }
+                    if (str_replace(PasswordProvided::COOKIE_PREFIX, '', $name) !== $value) {
+                        continue;
+                    }
+                    foreach ($protections as $protection) {
+                        /** @var ProtectedAccess $protection */
+                        if (md5($protection->getPassword()) === $value) {
+                            $canRead = true;
+                        }
                     }
                 }
             }
@@ -97,8 +105,23 @@ public function onPreContentView(PreContentViewEvent $event)
         $contentView->addParameters(['canReadProtectedContent' => $canRead]);
 
         if (!$canRead) {
-            $form = $this->formFactory->create(RequestProtectedAccessType::class);
-            $contentView->addParameters(['requestProtectedContentPasswordForm' => $form->createView()]);
+            if ($this->getContentProtectionType($protections) == 'by_mail') {
+                $form = $this->formFactory->create(RequestEmailProtectedAccessType::class);
+                $contentView->addParameters(['requestProtectedContentEmailForm' => $form->createView()]);
+            } else {
+                $form = $this->formFactory->create(RequestProtectedAccessType::class);
+                $contentView->addParameters(['requestProtectedContentPasswordForm' => $form->createView()]);
+            }
+        }
+    }
+
+    private function getContentProtectionType(array $protections): string {
+        foreach ($protections as $protection) {
+            /** @var ProtectedAccess $protection */
+            if ( !is_null($protection->getPassword()) && $protection->getPassword() != '' ) {
+                return 'by_password';
+            }
         }
+        return 'by_mail';
     }
 }
diff --git a/bundle/Resources/translations/ezprotectedcontent.en.yml b/bundle/Resources/translations/ezprotectedcontent.en.yml
index 3c8db4b..b7b963e 100644
--- a/bundle/Resources/translations/ezprotectedcontent.en.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.en.yml
@@ -7,6 +7,8 @@ tab.modal.buttons.add: "Add"
 tab.table.th.password: "Password"
 tab.table.th.children_protection: "Protect Children?"
 tab.table.th.enabled: "Enabled?"
+tab.table.th.as_email: "Protection by mail"
+tab.table.th.email: "Your email"
 tab.table.th.remove: "Remove"
 
 tab.yes: "YES"
diff --git a/bundle/Resources/translations/ezprotectedcontent.fr.yml b/bundle/Resources/translations/ezprotectedcontent.fr.yml
index 2039255..7f5f963 100644
--- a/bundle/Resources/translations/ezprotectedcontent.fr.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.fr.yml
@@ -7,6 +7,8 @@ tab.modal.buttons.add: "Ajouter"
 tab.table.th.password: "Mot de passe"
 tab.table.th.children_protection: "Protéger les contenus enfants?"
 tab.table.th.enabled: "Activer?"
+tab.table.th.as_email: "Protection par email"
+tab.table.th.email: "Votre adresse email"
 tab.table.th.remove: "Supprimer"
 
 tab.yes: "OUI"
diff --git a/bundle/Resources/views/tabs/protected_content.html.twig b/bundle/Resources/views/tabs/protected_content.html.twig
index 92c314e..a343510 100644
--- a/bundle/Resources/views/tabs/protected_content.html.twig
+++ b/bundle/Resources/views/tabs/protected_content.html.twig
@@ -24,6 +24,7 @@
                         {{ form_row(form.password) }}
                         {{ form_row(form.protectChildren) }}
                         {{ form_row(form.enabled) }}
+                        {{ form_row(form.asEmail) }}
                     </div>
                     <div class="modal-footer">
                         <button type="button" class="btn btn-secondary btn--no" data-dismiss="modal">
@@ -47,6 +48,7 @@
             <th>{{ 'tab.table.th.password'|trans }}</th>
             <th>{{ "tab.table.th.children_protection"|trans }}</th>
             <th>{{ "tab.table.th.enabled"|trans }}</th>
+            <th>{{ "tab.table.th.as_email"|trans }}</th>
             <th>{{ "tab.table.th.remove"|trans }}</th>
         </tr>
         </thead>
@@ -62,6 +64,7 @@
                     {% endif %}
                 </td>
                 <td class="ez-table__cell">{{ item.enabled ? 'tab.yes'|trans:'tab.no'|trans }}</td>
+                <td class="ez-table__cell">{{ item.asEmail ? 'tab.yes'|trans:'tab.no'|trans }}</td>
                 <td class="ez-table__cell">
                     {% if item.contentId == location.contentInfo.id %}
                         <a href="{{ path("novaezprotectedcontent_bundle_admin_remove_protection", {locationId: location.id, access: item.id }) }}" class="button">

From 0fb45dd0db6c92c209cfdfe21cd2658e694b5e19 Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Mon, 6 Nov 2023 18:17:25 +0100
Subject: [PATCH 02/20] feat: 108625 Store token to access protected content
 and sendEmail

---
 bundle/Entity/ProtectedAccess.php             |  17 +++
 bundle/Entity/ProtectedTokenStorage.php       | 111 +++++++++++++++
 bundle/Form/ProtectedAccessType.php           |   3 +
 .../Form/RequestEmailProtectedAccessType.php  |   3 +-
 bundle/Listener/EmailProvided.php             | 126 ++++++++++++++++++
 bundle/Listener/PreContentView.php            |  15 ++-
 .../ProtectedTokenStorageRepository.php       |  24 ++++
 bundle/Resources/config/services.yaml         |   4 +
 .../translations/ezprotectedcontent.en.yml    |   5 +
 .../translations/ezprotectedcontent.fr.yml    |   5 +
 .../views/tabs/protected_content.html.twig    |   3 +
 11 files changed, 313 insertions(+), 3 deletions(-)
 create mode 100644 bundle/Entity/ProtectedTokenStorage.php
 create mode 100644 bundle/Listener/EmailProvided.php
 create mode 100644 bundle/Repository/ProtectedTokenStorageRepository.php

diff --git a/bundle/Entity/ProtectedAccess.php b/bundle/Entity/ProtectedAccess.php
index 6a96962..575565d 100644
--- a/bundle/Entity/ProtectedAccess.php
+++ b/bundle/Entity/ProtectedAccess.php
@@ -64,6 +64,13 @@ class ProtectedAccess implements ContentInterface
      */
     protected $protectChildren;
 
+    /**
+     * @var string
+     *
+     * @ORM\Column(type="string", nullable=true)
+     */
+    protected $emailMessage;
+
     public function __construct()
     {
         $this->enabled         = true;
@@ -127,4 +134,14 @@ public function setProtectChildren(bool $protectChildren): void
     {
         $this->protectChildren = $protectChildren;
     }
+
+    public function getEmailMessage(): ?string
+    {
+        return $this->emailMessage;
+    }
+
+    public function setEmailMessage(string $emailMessage): void
+    {
+        $this->emailMessage = $emailMessage;
+    }
 }
diff --git a/bundle/Entity/ProtectedTokenStorage.php b/bundle/Entity/ProtectedTokenStorage.php
new file mode 100644
index 0000000..0404c51
--- /dev/null
+++ b/bundle/Entity/ProtectedTokenStorage.php
@@ -0,0 +1,111 @@
+<?php
+
+/**
+ * NovaeZProtectedContentBundle.
+ *
+ * @package   Novactive\Bundle\eZProtectedContentBundle
+ *
+ * @author    Novactive
+ * @copyright 2023 Novactive
+ * @license   https://github.com/Novactive/eZProtectedContentBundle/blob/master/LICENSE MIT Licence
+ */
+declare(strict_types=1);
+
+namespace Novactive\Bundle\eZProtectedContentBundle\Entity;
+
+use DateTime;
+use Doctrine\ORM\Mapping as ORM;
+use Symfony\Component\Validator\Constraints as Assert;
+
+/**
+ * @ORM\Entity(repositoryClass="Novactive\Bundle\eZProtectedContentBundle\Repository\ProtectedTokenStorageRepository")
+ * @ORM\Table(name="novaezprotectedcontentstorage")
+ */
+class ProtectedTokenStorage {
+    /**
+     * @var int
+     *
+     * @ORM\Id
+     * @ORM\Column(type="integer")
+     * @ORM\GeneratedValue(strategy="AUTO")
+     */
+    private $id;
+
+    /**
+     * @var DateTime
+     * @ORM\Column(name="created", type="datetime")
+     */
+    private $created;
+
+    /**
+     * @var string
+     *
+     * @ORM\Column(type="string", length=255, nullable=false)
+     * @Assert\Length(max=255)
+     */
+    protected $token;
+
+    /**
+     * @var string
+     *
+     * @ORM\Column(type="string", length=255, nullable=false)
+     * @Assert\Length(max=255)
+     */
+    protected $mail;
+
+    /**
+     * @var int
+     *
+     * @ORM\Column(type="integer")
+     */
+    protected $content_id;
+
+    public function getId(): int
+    {
+        return $this->id;
+    }
+
+    public function setId(int $id): void
+    {
+        $this->id = $id;
+    }
+    public function getCreated(): DateTime
+    {
+        return $this->created;
+    }
+
+    public function setCreated(DateTime $created): void
+    {
+        $this->created = $created;
+    }
+
+    public function getToken(): string
+    {
+        return $this->token;
+    }
+
+    public function setToken(string $token): void
+    {
+        $this->token = $token;
+    }
+
+    public function getMail(): string
+    {
+        return $this->mail;
+    }
+
+    public function setMail(string $mail): void
+    {
+        $this->mail = $mail;
+    }
+
+    public function getContentId(): int
+    {
+        return $this->content_id;
+    }
+
+    public function setContentId(int $content_id): void
+    {
+        $this->content_id = $content_id;
+    }
+}
diff --git a/bundle/Form/ProtectedAccessType.php b/bundle/Form/ProtectedAccessType.php
index 40cda92..07e51b6 100644
--- a/bundle/Form/ProtectedAccessType.php
+++ b/bundle/Form/ProtectedAccessType.php
@@ -13,10 +13,12 @@
 namespace Novactive\Bundle\eZProtectedContentBundle\Form;
 
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedAccess;
+
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
 use Symfony\Component\Form\Extension\Core\Type\HiddenType;
 use Symfony\Component\Form\Extension\Core\Type\TextType;
+use Symfony\Component\Form\Extension\Core\Type\TextareaType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
 
@@ -33,6 +35,7 @@ public function buildForm(FormBuilderInterface $builder, array $options): void
                 ->add('enabled', CheckboxType::class, ['label' => 'tab.table.th.enabled', 'required' => false])
                 ->add('password', TextType::class, ['required' => false, 'label' => 'tab.table.th.password'])
                 ->add('asEmail', CheckboxType::class, ['label' => 'tab.table.th.as_email', 'required' => false])
+                ->add('emailMessage', TextareaType::class, ['label' => 'tab.table.th.message_email', 'required' => false])
         ;
     }
 
diff --git a/bundle/Form/RequestEmailProtectedAccessType.php b/bundle/Form/RequestEmailProtectedAccessType.php
index 4a82e19..18cfd1e 100644
--- a/bundle/Form/RequestEmailProtectedAccessType.php
+++ b/bundle/Form/RequestEmailProtectedAccessType.php
@@ -14,6 +14,7 @@
 
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\Extension\Core\Type\EmailType;
+use Symfony\Component\Form\Extension\Core\Type\HiddenType;
 use Symfony\Component\Form\Extension\Core\Type\SubmitType;
 use Symfony\Component\Form\Extension\Core\Type\TextType;
 use Symfony\Component\Form\FormBuilderInterface;
@@ -31,7 +32,7 @@ public function buildForm(FormBuilderInterface $builder, array $options): void
                 'label' => 'tab.table.th.email',
             ]
         );
-
+        $builder->add('content_id', HiddenType::class);
         $builder->add('submit', SubmitType::class);
     }
 
diff --git a/bundle/Listener/EmailProvided.php b/bundle/Listener/EmailProvided.php
new file mode 100644
index 0000000..23056e8
--- /dev/null
+++ b/bundle/Listener/EmailProvided.php
@@ -0,0 +1,126 @@
+<?php
+/**
+ * NovaeZProtectedContentBundle.
+ *
+ * @package   Novactive\Bundle\eZProtectedContentBundle
+ *
+ * @author    Novactive
+ * @copyright 2019 Novactive
+ * @license   https://github.com/Novactive/eZProtectedContentBundle/blob/master/LICENSE MIT Licence
+ */
+declare(strict_types=1);
+
+namespace Novactive\Bundle\eZProtectedContentBundle\Listener;
+
+use DateTime;
+use Doctrine\ORM\EntityManagerInterface;
+use Exception;
+use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedAccess;
+use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedTokenStorage;
+use Novactive\Bundle\eZProtectedContentBundle\Form\RequestEmailProtectedAccessType;
+use Swift_Message;
+use Symfony\Component\Form\FormFactoryInterface;
+use Symfony\Component\HttpFoundation\Cookie;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Swift_Mailer;
+use Symfony\Component\Translation\TranslatorInterface;
+
+class EmailProvided
+{
+    protected const SENDMAIL_ERROR = 'Impossible d\'envoyer le lien formaté à l\'adresse mail %s';
+    /**
+     * @var FormFactoryInterface
+     */
+    private $formFactory;
+    /**
+     * @var Swift_Mailer
+     */
+    private $mailer;
+    /**
+     * @var Swift_Message
+     */
+    protected $messageInstance;
+
+    /**
+     * @var EntityManagerInterface
+     */
+    private $entityManager;
+
+    /**
+     * @var TranslatorInterface
+     */
+    private $translator;
+
+    public function __construct(
+        FormFactoryInterface $formFactory,
+        Swift_Mailer $mailer,
+        EntityManagerInterface $entityManager,
+        TranslatorInterface $translator
+    )
+    {
+        $this->formFactory   = $formFactory;
+        $this->mailer        = $mailer;
+        $this->entityManager = $entityManager;
+        $this->translator    = $translator;
+        $this->messageInstance = new Swift_Message();
+    }
+
+    public function onKernelRequest(GetResponseEvent $event): void
+    {
+        if (!$event->isMasterRequest()) {
+            return;
+        }
+        $form = $this->formFactory->create(RequestEmailProtectedAccessType::class);
+
+        $request = $event->getRequest();
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            $data           = $form->getData();
+            $contentId      = intval($data['content_id']);
+            $randomString   = bin2hex(random_bytes(16));
+            $token          = substr($randomString, 0, 16);
+
+            $access         = new ProtectedTokenStorage();
+            $access->setMail($data['email']);
+            $access->setContentId($contentId);
+            $access->setCreated(new DateTime());
+            $access->setToken($token);
+
+            $this->entityManager->persist($access);
+            $this->entityManager->flush();
+
+            $currentUrl = $request->getScheme().'://'.$request->getHost().$request->getBaseUrl().$request->getRequestUri();
+            $accessUrl  = $currentUrl."?mail=".$data['email']."&token=".$token;
+            $this->sendMail($contentId, $data['email'], $accessUrl);
+            $response   = new RedirectResponse($request->getRequestUri()."?waiting_validation=".$data['email']);
+            $response->setPrivate();
+            $event->setResponse($response);
+        }
+    }
+
+    /**
+     * @throws Exception
+     */
+    private function sendMail(int $contentId, string $receiver, string $link): void {
+        /** @var ProtectedAccess $protectedAccess */
+        $protectedAccess = $this->entityManager->getRepository(ProtectedAccess::class)->findOneBy(['contentId' => $contentId]);
+
+        $message = $this->messageInstance
+            ->setSubject('Access to protected content')
+            ->setFrom('noreply@culture.gouv.fr')
+            ->setTo($receiver)
+            ->setContentType('text/html')
+            ->setBody(
+                $protectedAccess->getEmailMessage()
+                . "</br><a href='$link'>".$this->translator->trans('mail.link')."</a>"
+            );
+
+        try {
+            $this->mailer->send($message);
+        } catch (Exception $exception) {
+            throw new Exception(sprintf(self::SENDMAIL_ERROR, $receiver));
+        }
+    }
+}
diff --git a/bundle/Listener/PreContentView.php b/bundle/Listener/PreContentView.php
index 1dd9318..381fae8 100644
--- a/bundle/Listener/PreContentView.php
+++ b/bundle/Listener/PreContentView.php
@@ -17,6 +17,7 @@
 use eZ\Publish\Core\MVC\Symfony\Event\PreContentViewEvent;
 use eZ\Publish\Core\MVC\Symfony\View\ContentView;
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedAccess;
+use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedTokenStorage;
 use Novactive\Bundle\eZProtectedContentBundle\Form\RequestEmailProtectedAccessType;
 use Novactive\Bundle\eZProtectedContentBundle\Form\RequestProtectedAccessType;
 use Symfony\Component\Form\FormFactoryInterface;
@@ -82,8 +83,18 @@ public function onPreContentView(PreContentViewEvent $event)
             $request = $this->requestStack->getCurrentRequest();
 
             if ($request->query->has('mail') && $request->query->has('token')) {
-                dump($this->requestStack->getCurrentRequest()->query->get('token'));
-                dump($this->requestStack->getCurrentRequest()->query->get('mail'));
+                $emailProtections = $this->entityManager->getRepository(ProtectedTokenStorage::class)->findByContentId($content->id);
+
+                foreach ($emailProtections as $emailProtection) {
+                    /** @var ProtectedTokenStorage $emailProtection */
+                    if (
+                        $emailProtection->getToken() == $request->get('token')
+                        && $emailProtection->getMail() == $request->get('mail')
+                        && $emailProtection->getCreated()->getTimestamp() >= strtotime('now - 1 hours')
+                    ) {
+                        $canRead = true;
+                    }
+                }
             } else {
                 $cookies = $request->cookies;
                 foreach ($cookies as $name => $value) {
diff --git a/bundle/Repository/ProtectedTokenStorageRepository.php b/bundle/Repository/ProtectedTokenStorageRepository.php
new file mode 100644
index 0000000..90b09fc
--- /dev/null
+++ b/bundle/Repository/ProtectedTokenStorageRepository.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Novactive\Bundle\eZProtectedContentBundle\Repository;
+
+use eZ\Publish\API\Repository\Repository;
+use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedTokenStorage;
+
+class ProtectedTokenStorageRepository extends EntityRepository
+{
+    protected function getAlias(): string
+    {
+        return 'pts';
+    }
+
+    protected function getEntityClass(): string
+    {
+        return ProtectedTokenStorage::class;
+    }
+
+    public function findByContentId(int $contentId): array
+    {
+        return $this->findBy(['content_id' => $contentId]);
+    }
+}
diff --git a/bundle/Resources/config/services.yaml b/bundle/Resources/config/services.yaml
index 3aaae53..a55d546 100644
--- a/bundle/Resources/config/services.yaml
+++ b/bundle/Resources/config/services.yaml
@@ -30,3 +30,7 @@ services:
     Novactive\Bundle\eZProtectedContentBundle\Listener\PasswordProvided:
         tags:
             - { name: kernel.event_listener, event: kernel.request, method: 'onKernelRequest', priority: -100}
+
+    Novactive\Bundle\eZProtectedContentBundle\Listener\EmailProvided:
+        tags:
+            - { name: kernel.event_listener, event: kernel.request, method: 'onKernelRequest', priority: -100}
diff --git a/bundle/Resources/translations/ezprotectedcontent.en.yml b/bundle/Resources/translations/ezprotectedcontent.en.yml
index b7b963e..437ca37 100644
--- a/bundle/Resources/translations/ezprotectedcontent.en.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.en.yml
@@ -8,8 +8,13 @@ tab.table.th.password: "Password"
 tab.table.th.children_protection: "Protect Children?"
 tab.table.th.enabled: "Enabled?"
 tab.table.th.as_email: "Protection by mail"
+tab.table.th.message_email: "Message to display in send email"
 tab.table.th.email: "Your email"
+tab.table.th.as_email_message: "Email message defined"
 tab.table.th.remove: "Remove"
 
+mail.link: Click here
+mail.subject: "Your request for access to protected content"
+
 tab.yes: "YES"
 tab.no: "NO"
diff --git a/bundle/Resources/translations/ezprotectedcontent.fr.yml b/bundle/Resources/translations/ezprotectedcontent.fr.yml
index 7f5f963..5fed50f 100644
--- a/bundle/Resources/translations/ezprotectedcontent.fr.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.fr.yml
@@ -8,8 +8,13 @@ tab.table.th.password: "Mot de passe"
 tab.table.th.children_protection: "Protéger les contenus enfants?"
 tab.table.th.enabled: "Activer?"
 tab.table.th.as_email: "Protection par email"
+tab.table.th.message_email: "Message à afficher dans l'email envoyé"
 tab.table.th.email: "Votre adresse email"
+tab.table.th.as_email_message: "Message email défini"
 tab.table.th.remove: "Supprimer"
 
+mail.link: "Cliquez ici"
+mail.subject: "Votre demande d'accès à un contenu protégé"
+
 tab.yes: "OUI"
 tab.no: "NON"
diff --git a/bundle/Resources/views/tabs/protected_content.html.twig b/bundle/Resources/views/tabs/protected_content.html.twig
index a343510..5618869 100644
--- a/bundle/Resources/views/tabs/protected_content.html.twig
+++ b/bundle/Resources/views/tabs/protected_content.html.twig
@@ -25,6 +25,7 @@
                         {{ form_row(form.protectChildren) }}
                         {{ form_row(form.enabled) }}
                         {{ form_row(form.asEmail) }}
+                        {{ form_row(form.emailMessage) }}
                     </div>
                     <div class="modal-footer">
                         <button type="button" class="btn btn-secondary btn--no" data-dismiss="modal">
@@ -49,6 +50,7 @@
             <th>{{ "tab.table.th.children_protection"|trans }}</th>
             <th>{{ "tab.table.th.enabled"|trans }}</th>
             <th>{{ "tab.table.th.as_email"|trans }}</th>
+            <th>{{ "tab.table.th.as_email_message"|trans }}</th>
             <th>{{ "tab.table.th.remove"|trans }}</th>
         </tr>
         </thead>
@@ -65,6 +67,7 @@
                 </td>
                 <td class="ez-table__cell">{{ item.enabled ? 'tab.yes'|trans:'tab.no'|trans }}</td>
                 <td class="ez-table__cell">{{ item.asEmail ? 'tab.yes'|trans:'tab.no'|trans }}</td>
+                <td class="ez-table__cell">{{ item.emailMessage ? 'tab.yes'|trans:'tab.no'|trans }}</td>
                 <td class="ez-table__cell">
                     {% if item.contentId == location.contentInfo.id %}
                         <a href="{{ path("novaezprotectedcontent_bundle_admin_remove_protection", {locationId: location.id, access: item.id }) }}" class="button">

From 5020002a7d9dd6dd1bd1969bd9373d02d048821b Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Tue, 7 Nov 2023 11:49:27 +0100
Subject: [PATCH 03/20] feat: 108625 Change receiver to get from parameters

---
 bundle/Listener/EmailProvided.php | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/bundle/Listener/EmailProvided.php b/bundle/Listener/EmailProvided.php
index 23056e8..8859188 100644
--- a/bundle/Listener/EmailProvided.php
+++ b/bundle/Listener/EmailProvided.php
@@ -19,8 +19,8 @@
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedTokenStorage;
 use Novactive\Bundle\eZProtectedContentBundle\Form\RequestEmailProtectedAccessType;
 use Swift_Message;
+use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\Form\FormFactoryInterface;
-use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Swift_Mailer;
@@ -52,18 +52,26 @@ class EmailProvided
      */
     private $translator;
 
+    /**
+     * @var ContainerInterface
+     */
+    private $container;
+
     public function __construct(
         FormFactoryInterface $formFactory,
         Swift_Mailer $mailer,
         EntityManagerInterface $entityManager,
-        TranslatorInterface $translator
+        TranslatorInterface $translator,
+        ContainerInterface $container
     )
     {
-        $this->formFactory   = $formFactory;
-        $this->mailer        = $mailer;
-        $this->entityManager = $entityManager;
-        $this->translator    = $translator;
+        $this->formFactory     = $formFactory;
+        $this->mailer          = $mailer;
+        $this->entityManager   = $entityManager;
+        $this->translator      = $translator;
+        $this->container       = $container;
         $this->messageInstance = new Swift_Message();
+
     }
 
     public function onKernelRequest(GetResponseEvent $event): void
@@ -109,7 +117,7 @@ private function sendMail(int $contentId, string $receiver, string $link): void
 
         $message = $this->messageInstance
             ->setSubject('Access to protected content')
-            ->setFrom('noreply@culture.gouv.fr')
+            ->setFrom($this->container->getParameter('default_sender_email'))
             ->setTo($receiver)
             ->setContentType('text/html')
             ->setBody(

From eca146ee887be656d4daf19f47f3030e0f5a310c Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Tue, 7 Nov 2023 11:51:41 +0100
Subject: [PATCH 04/20] feat: 108625 Fix translations issue for mail link + add
 test for view params

---
 bundle/Listener/EmailProvided.php  | 2 +-
 bundle/Listener/PreContentView.php | 8 +++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/bundle/Listener/EmailProvided.php b/bundle/Listener/EmailProvided.php
index 8859188..66c7e93 100644
--- a/bundle/Listener/EmailProvided.php
+++ b/bundle/Listener/EmailProvided.php
@@ -122,7 +122,7 @@ private function sendMail(int $contentId, string $receiver, string $link): void
             ->setContentType('text/html')
             ->setBody(
                 $protectedAccess->getEmailMessage()
-                . "</br><a href='$link'>".$this->translator->trans('mail.link')."</a>"
+                . "</br><a href='$link'>".$this->translator->trans('mail.link', [], 'ezprotectedcontent')."</a>"
             );
 
         try {
diff --git a/bundle/Listener/PreContentView.php b/bundle/Listener/PreContentView.php
index 381fae8..9b3c365 100644
--- a/bundle/Listener/PreContentView.php
+++ b/bundle/Listener/PreContentView.php
@@ -82,13 +82,15 @@ public function onPreContentView(PreContentViewEvent $event)
         if (!$canRead) {
             $request = $this->requestStack->getCurrentRequest();
 
-            if ($request->query->has('mail') && $request->query->has('token')) {
+            if ($request->query->has('mail')
+                && $request->query->has('token')
+                && !$request->query->has('waiting_validation')
+            ) {
                 $emailProtections = $this->entityManager->getRepository(ProtectedTokenStorage::class)->findByContentId($content->id);
 
                 foreach ($emailProtections as $emailProtection) {
                     /** @var ProtectedTokenStorage $emailProtection */
-                    if (
-                        $emailProtection->getToken() == $request->get('token')
+                    if ($emailProtection->getToken() == $request->get('token')
                         && $emailProtection->getMail() == $request->get('mail')
                         && $emailProtection->getCreated()->getTimestamp() >= strtotime('now - 1 hours')
                     ) {

From 39f60914161fe634184718b80705949988b79c8f Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Tue, 7 Nov 2023 12:02:52 +0100
Subject: [PATCH 05/20] feat: 108625 Change container for parameterBag to
 getParams

---
 bundle/Listener/EmailProvided.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/bundle/Listener/EmailProvided.php b/bundle/Listener/EmailProvided.php
index 66c7e93..39a8164 100644
--- a/bundle/Listener/EmailProvided.php
+++ b/bundle/Listener/EmailProvided.php
@@ -19,7 +19,7 @@
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedTokenStorage;
 use Novactive\Bundle\eZProtectedContentBundle\Form\RequestEmailProtectedAccessType;
 use Swift_Message;
-use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
 use Symfony\Component\Form\FormFactoryInterface;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
@@ -53,23 +53,23 @@ class EmailProvided
     private $translator;
 
     /**
-     * @var ContainerInterface
+     * @var ParameterBagInterface
      */
-    private $container;
+    private $parameterBag;
 
     public function __construct(
         FormFactoryInterface $formFactory,
         Swift_Mailer $mailer,
         EntityManagerInterface $entityManager,
         TranslatorInterface $translator,
-        ContainerInterface $container
+        ParameterBagInterface $parameterBag
     )
     {
         $this->formFactory     = $formFactory;
         $this->mailer          = $mailer;
         $this->entityManager   = $entityManager;
         $this->translator      = $translator;
-        $this->container       = $container;
+        $this->parameterBag    = $parameterBag;
         $this->messageInstance = new Swift_Message();
 
     }
@@ -117,7 +117,7 @@ private function sendMail(int $contentId, string $receiver, string $link): void
 
         $message = $this->messageInstance
             ->setSubject('Access to protected content')
-            ->setFrom($this->container->getParameter('default_sender_email'))
+            ->setFrom($this->parameterBag->get('default_sender_email'))
             ->setTo($receiver)
             ->setContentType('text/html')
             ->setBody(

From 76ca64724f90a2e967ed65bd0bbf1f40649c365b Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Tue, 7 Nov 2023 16:51:48 +0100
Subject: [PATCH 06/20] feat: 108625 add command to remove expired token

---
 bundle/Command/CleanTokenCommand.php  | 67 +++++++++++++++++++++++++++
 bundle/Resources/config/services.yaml |  4 ++
 2 files changed, 71 insertions(+)
 create mode 100644 bundle/Command/CleanTokenCommand.php

diff --git a/bundle/Command/CleanTokenCommand.php b/bundle/Command/CleanTokenCommand.php
new file mode 100644
index 0000000..97a2890
--- /dev/null
+++ b/bundle/Command/CleanTokenCommand.php
@@ -0,0 +1,67 @@
+<?php
+/**
+ * NovaeZProtectedContentBundle.
+ *
+ * @package   Novactive\Bundle\eZProtectedContentBundle
+ *
+ * @author    Novactive
+ * @copyright 2023 Novactive
+ * @license   https://github.com/Novactive/eZProtectedContentBundle/blob/master/LICENSE MIT Licence
+ */
+declare(strict_types=1);
+
+namespace Novactive\Bundle\eZProtectedContentBundle\Command;
+
+use Doctrine\ORM\EntityManagerInterface;
+use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedTokenStorage;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+
+class CleanTokenCommand extends Command
+{
+    /**
+     * @var EntityManagerInterface
+     */
+    private $entityManager;
+
+    public function __construct(EntityManagerInterface $entityManager)
+    {
+        parent::__construct();
+        $this->entityManager = $entityManager;
+
+    }
+
+    protected function configure(): void
+    {
+        $this
+            ->setName('novaezprotectedcontent:cleantoken')
+            ->setDescription('Remove expired token in the DB');
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $io = new SymfonyStyle($input, $output);
+
+        $dbQuery = $this->entityManager->createQueryBuilder()
+            ->select('c')
+            ->from(ProtectedTokenStorage::class, 'c')
+            ->where('c.created < :nowMinusOneHour')
+            ->setParameter('nowMinusOneHour', new \DateTime('now - 1 hours'));
+
+        $entities = $dbQuery->getQuery()->getResult();
+
+        foreach ($entities as $entity) {
+            $this->entityManager->remove($entity);
+        }
+
+        $this->entityManager->flush();
+
+        $io->success(sprintf('%d entities deleted', count($entities)));
+        $io->success('Done.');
+    }
+}
diff --git a/bundle/Resources/config/services.yaml b/bundle/Resources/config/services.yaml
index a55d546..945dc28 100644
--- a/bundle/Resources/config/services.yaml
+++ b/bundle/Resources/config/services.yaml
@@ -15,6 +15,10 @@ services:
         resource: '../../Controller'
         tags: ['controller.service_arguments']
 
+    Novactive\Bundle\eZProtectedContentBundle\Command\CleanTokenCommand:
+        tags:
+            - { name: 'novaezprotectedcontent:cleantoken', command: 'novaezprotectedcontent:cleantoken' }
+
     Novactive\Bundle\eZProtectedContentBundle\Core\Tab\ProtectContent:
         tags:
             - { name: ezplatform.tab, group: location-view }

From 3dc8a414d5fd39d5629f1f353517933a3088004a Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Tue, 7 Nov 2023 17:25:04 +0100
Subject: [PATCH 07/20] feat: 108625 change token generation

---
 bundle/Listener/EmailProvided.php | 10 +++++-----
 composer.json                     |  1 +
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/bundle/Listener/EmailProvided.php b/bundle/Listener/EmailProvided.php
index 39a8164..dd9e276 100644
--- a/bundle/Listener/EmailProvided.php
+++ b/bundle/Listener/EmailProvided.php
@@ -18,6 +18,7 @@
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedAccess;
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedTokenStorage;
 use Novactive\Bundle\eZProtectedContentBundle\Form\RequestEmailProtectedAccessType;
+use Ramsey\Uuid\Uuid;
 use Swift_Message;
 use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
 use Symfony\Component\Form\FormFactoryInterface;
@@ -85,12 +86,11 @@ public function onKernelRequest(GetResponseEvent $event): void
         $form->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
-            $data           = $form->getData();
-            $contentId      = intval($data['content_id']);
-            $randomString   = bin2hex(random_bytes(16));
-            $token          = substr($randomString, 0, 16);
+            $data      = $form->getData();
+            $contentId = intval($data['content_id']);
+            $token     = Uuid::uuid4()->toString();
+            $access    = new ProtectedTokenStorage();
 
-            $access         = new ProtectedTokenStorage();
             $access->setMail($data['email']);
             $access->setContentId($contentId);
             $access->setCreated(new DateTime());
diff --git a/composer.json b/composer.json
index e079443..2f00b8f 100644
--- a/composer.json
+++ b/composer.json
@@ -32,6 +32,7 @@
     "require": {
         "php": "^7.1",
         "symfony/thanks": "^1.0",
+        "ramsey/uuid": "^3.0.0",
         "ezsystems/ezpublish-kernel": "^7.1",
         "ext-json": "*"
     },

From b7d960dda05eff6251692a392067f5117e8b0578 Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Tue, 7 Nov 2023 17:28:38 +0100
Subject: [PATCH 08/20] feat: 108625 Use translation for mail subject

---
 bundle/Listener/EmailProvided.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bundle/Listener/EmailProvided.php b/bundle/Listener/EmailProvided.php
index dd9e276..5397755 100644
--- a/bundle/Listener/EmailProvided.php
+++ b/bundle/Listener/EmailProvided.php
@@ -116,7 +116,7 @@ private function sendMail(int $contentId, string $receiver, string $link): void
         $protectedAccess = $this->entityManager->getRepository(ProtectedAccess::class)->findOneBy(['contentId' => $contentId]);
 
         $message = $this->messageInstance
-            ->setSubject('Access to protected content')
+            ->setSubject($this->translator->trans('mail.subject', [], 'ezprotectedcontent'))
             ->setFrom($this->parameterBag->get('default_sender_email'))
             ->setTo($receiver)
             ->setContentType('text/html')

From 0f92353d4a3e377d23ecf284234ace70f19a0c5d Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Wed, 8 Nov 2023 12:22:37 +0100
Subject: [PATCH 09/20] feat: 108625 refacto query to match token

---
 bundle/Command/CleanTokenCommand.php          | 10 +++----
 bundle/Listener/PreContentView.php            | 21 ++++++++-------
 .../ProtectedTokenStorageRepository.php       | 26 +++++++++++++++++--
 3 files changed, 39 insertions(+), 18 deletions(-)

diff --git a/bundle/Command/CleanTokenCommand.php b/bundle/Command/CleanTokenCommand.php
index 97a2890..32e0ffb 100644
--- a/bundle/Command/CleanTokenCommand.php
+++ b/bundle/Command/CleanTokenCommand.php
@@ -14,6 +14,7 @@
 
 use Doctrine\ORM\EntityManagerInterface;
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedTokenStorage;
+use Novactive\Bundle\eZProtectedContentBundle\Repository\ProtectedTokenStorageRepository;
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
@@ -47,13 +48,10 @@ protected function execute(InputInterface $input, OutputInterface $output)
     {
         $io = new SymfonyStyle($input, $output);
 
-        $dbQuery = $this->entityManager->createQueryBuilder()
-            ->select('c')
-            ->from(ProtectedTokenStorage::class, 'c')
-            ->where('c.created < :nowMinusOneHour')
-            ->setParameter('nowMinusOneHour', new \DateTime('now - 1 hours'));
+        /** @var ProtectedTokenStorageRepository $protectedTokenStorageRepository */
+        $protectedTokenStorageRepository  = $this->entityManager->getRepository(ProtectedTokenStorage::class);
 
-        $entities = $dbQuery->getQuery()->getResult();
+        $entities =  $protectedTokenStorageRepository->findExpired();
 
         foreach ($entities as $entity) {
             $this->entityManager->remove($entity);
diff --git a/bundle/Listener/PreContentView.php b/bundle/Listener/PreContentView.php
index 9b3c365..4b6d5c8 100644
--- a/bundle/Listener/PreContentView.php
+++ b/bundle/Listener/PreContentView.php
@@ -20,6 +20,7 @@
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedTokenStorage;
 use Novactive\Bundle\eZProtectedContentBundle\Form\RequestEmailProtectedAccessType;
 use Novactive\Bundle\eZProtectedContentBundle\Form\RequestProtectedAccessType;
+use Novactive\Bundle\eZProtectedContentBundle\Repository\ProtectedTokenStorageRepository;
 use Symfony\Component\Form\FormFactoryInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
 
@@ -86,16 +87,16 @@ public function onPreContentView(PreContentViewEvent $event)
                 && $request->query->has('token')
                 && !$request->query->has('waiting_validation')
             ) {
-                $emailProtections = $this->entityManager->getRepository(ProtectedTokenStorage::class)->findByContentId($content->id);
-
-                foreach ($emailProtections as $emailProtection) {
-                    /** @var ProtectedTokenStorage $emailProtection */
-                    if ($emailProtection->getToken() == $request->get('token')
-                        && $emailProtection->getMail() == $request->get('mail')
-                        && $emailProtection->getCreated()->getTimestamp() >= strtotime('now - 1 hours')
-                    ) {
-                        $canRead = true;
-                    }
+                /** @var ProtectedTokenStorageRepository $protectedTokenStorageRepository */
+                $protectedTokenStorageRepository = $this->entityManager->getRepository(ProtectedTokenStorage::class);
+                $unexpiredToken = $protectedTokenStorageRepository->findUnexpiredBy([
+                    'content_id'      => $content->id,
+                    'token'           => $request->get('token'),
+                    'mail'            => $request->get('mail')
+                ]);
+
+                if (count($unexpiredToken) > 0 ) {
+                    $canRead = true;
                 }
             } else {
                 $cookies = $request->cookies;
diff --git a/bundle/Repository/ProtectedTokenStorageRepository.php b/bundle/Repository/ProtectedTokenStorageRepository.php
index 90b09fc..cb8e0f8 100644
--- a/bundle/Repository/ProtectedTokenStorageRepository.php
+++ b/bundle/Repository/ProtectedTokenStorageRepository.php
@@ -4,6 +4,7 @@
 
 use eZ\Publish\API\Repository\Repository;
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedTokenStorage;
+use Symfony\Bridge\Doctrine\RegistryInterface;
 
 class ProtectedTokenStorageRepository extends EntityRepository
 {
@@ -17,8 +18,29 @@ protected function getEntityClass(): string
         return ProtectedTokenStorage::class;
     }
 
-    public function findByContentId(int $contentId): array
+    public function findUnexpiredBy(array $criteria= []): array
     {
-        return $this->findBy(['content_id' => $contentId]);
+        $dbQuery = $this->_em->createQueryBuilder()
+            ->select('c')
+            ->from(ProtectedTokenStorage::class, 'c')
+            ->where('c.created >= :nowMinusOneHour')
+            ->setParameter('nowMinusOneHour', new \DateTime('now - 1 hours'));
+
+        foreach ($criteria as $key => $criterion) {
+            $dbQuery->andWhere("c.$key = $criterion");
+        }
+
+        return $dbQuery->getQuery()->getResult();
+    }
+
+    public function findExpired(): array
+    {
+        $dbQuery = $this->_em->createQueryBuilder()
+            ->select('c')
+            ->from(ProtectedTokenStorage::class, 'c')
+            ->where('c.created < :nowMinusOneHour')
+            ->setParameter('nowMinusOneHour', new \DateTime('now - 1 hours'));
+
+        return $dbQuery->getQuery()->getResult();
     }
 }

From 472fa9dc2d56fcb76296e8c569e880336908af7a Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Thu, 9 Nov 2023 11:03:13 +0100
Subject: [PATCH 10/20] feat: 108625 Add custom balise for description and
 replacement at link generation

---
 bundle/Form/ProtectedAccessType.php                     | 6 +++++-
 bundle/Listener/EmailProvided.php                       | 6 ++++--
 bundle/Resources/translations/ezprotectedcontent.en.yml | 1 +
 bundle/Resources/translations/ezprotectedcontent.fr.yml | 1 +
 bundle/Resources/views/tabs/protected_content.html.twig | 1 +
 5 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/bundle/Form/ProtectedAccessType.php b/bundle/Form/ProtectedAccessType.php
index 07e51b6..5fb8506 100644
--- a/bundle/Form/ProtectedAccessType.php
+++ b/bundle/Form/ProtectedAccessType.php
@@ -35,7 +35,11 @@ public function buildForm(FormBuilderInterface $builder, array $options): void
                 ->add('enabled', CheckboxType::class, ['label' => 'tab.table.th.enabled', 'required' => false])
                 ->add('password', TextType::class, ['required' => false, 'label' => 'tab.table.th.password'])
                 ->add('asEmail', CheckboxType::class, ['label' => 'tab.table.th.as_email', 'required' => false])
-                ->add('emailMessage', TextareaType::class, ['label' => 'tab.table.th.message_email', 'required' => false])
+                ->add('emailMessage', TextareaType::class, [
+                    'label' => 'tab.table.th.message_email',
+                    'help' => 'mail.help_message',
+                    'required' => false
+                ])
         ;
     }
 
diff --git a/bundle/Listener/EmailProvided.php b/bundle/Listener/EmailProvided.php
index 5397755..a03b0db 100644
--- a/bundle/Listener/EmailProvided.php
+++ b/bundle/Listener/EmailProvided.php
@@ -115,14 +115,16 @@ private function sendMail(int $contentId, string $receiver, string $link): void
         /** @var ProtectedAccess $protectedAccess */
         $protectedAccess = $this->entityManager->getRepository(ProtectedAccess::class)->findOneBy(['contentId' => $contentId]);
 
+        $mailLink = "<a href='$link'>".$this->translator->trans('mail.link', [], 'ezprotectedcontent')."</a>";
+        $bodyMessage = str_replace('{{ url }}', $mailLink, $protectedAccess->getEmailMessage());
+
         $message = $this->messageInstance
             ->setSubject($this->translator->trans('mail.subject', [], 'ezprotectedcontent'))
             ->setFrom($this->parameterBag->get('default_sender_email'))
             ->setTo($receiver)
             ->setContentType('text/html')
             ->setBody(
-                $protectedAccess->getEmailMessage()
-                . "</br><a href='$link'>".$this->translator->trans('mail.link', [], 'ezprotectedcontent')."</a>"
+                $bodyMessage
             );
 
         try {
diff --git a/bundle/Resources/translations/ezprotectedcontent.en.yml b/bundle/Resources/translations/ezprotectedcontent.en.yml
index 437ca37..cdf414d 100644
--- a/bundle/Resources/translations/ezprotectedcontent.en.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.en.yml
@@ -13,6 +13,7 @@ tab.table.th.email: "Your email"
 tab.table.th.as_email_message: "Email message defined"
 tab.table.th.remove: "Remove"
 
+mail.help_message: Ajoutez {{ url }} dans votre message, cela sea remplacé par "Cliquez ici" et un lien
 mail.link: Click here
 mail.subject: "Your request for access to protected content"
 
diff --git a/bundle/Resources/translations/ezprotectedcontent.fr.yml b/bundle/Resources/translations/ezprotectedcontent.fr.yml
index 5fed50f..8cf98d9 100644
--- a/bundle/Resources/translations/ezprotectedcontent.fr.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.fr.yml
@@ -13,6 +13,7 @@ tab.table.th.email: "Votre adresse email"
 tab.table.th.as_email_message: "Message email défini"
 tab.table.th.remove: "Supprimer"
 
+mail.help_message: Add {{ url }} in your message it will be replace by "Click here" and a link
 mail.link: "Cliquez ici"
 mail.subject: "Votre demande d'accès à un contenu protégé"
 
diff --git a/bundle/Resources/views/tabs/protected_content.html.twig b/bundle/Resources/views/tabs/protected_content.html.twig
index 5618869..97750b5 100644
--- a/bundle/Resources/views/tabs/protected_content.html.twig
+++ b/bundle/Resources/views/tabs/protected_content.html.twig
@@ -26,6 +26,7 @@
                         {{ form_row(form.enabled) }}
                         {{ form_row(form.asEmail) }}
                         {{ form_row(form.emailMessage) }}
+                        <span class="small">{{ form.emailMessage.vars['help']|trans }}</span>
                     </div>
                     <div class="modal-footer">
                         <button type="button" class="btn btn-secondary btn--no" data-dismiss="modal">

From 4eeec3652f2861740e4078b5a56dee7ee35145a0 Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Thu, 9 Nov 2023 11:03:48 +0100
Subject: [PATCH 11/20] feat: 108625 Fix queryException for mail search

---
 bundle/Repository/ProtectedTokenStorageRepository.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bundle/Repository/ProtectedTokenStorageRepository.php b/bundle/Repository/ProtectedTokenStorageRepository.php
index cb8e0f8..b08f734 100644
--- a/bundle/Repository/ProtectedTokenStorageRepository.php
+++ b/bundle/Repository/ProtectedTokenStorageRepository.php
@@ -27,7 +27,7 @@ public function findUnexpiredBy(array $criteria= []): array
             ->setParameter('nowMinusOneHour', new \DateTime('now - 1 hours'));
 
         foreach ($criteria as $key => $criterion) {
-            $dbQuery->andWhere("c.$key = $criterion");
+            $dbQuery->andWhere("c.$key = '$criterion'");
         }
 
         return $dbQuery->getQuery()->getResult();

From 189d73c431e9bb282c4ca3aa1d5fea3ab8875288 Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Thu, 9 Nov 2023 11:04:08 +0100
Subject: [PATCH 12/20] feat: 108625 Add clean command to cron

---
 bundle/Resources/config/services.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bundle/Resources/config/services.yaml b/bundle/Resources/config/services.yaml
index 945dc28..b23622e 100644
--- a/bundle/Resources/config/services.yaml
+++ b/bundle/Resources/config/services.yaml
@@ -18,6 +18,7 @@ services:
     Novactive\Bundle\eZProtectedContentBundle\Command\CleanTokenCommand:
         tags:
             - { name: 'novaezprotectedcontent:cleantoken', command: 'novaezprotectedcontent:cleantoken' }
+            - { name: ezplatform.cron.job, schedule: '0 1 * * *' }
 
     Novactive\Bundle\eZProtectedContentBundle\Core\Tab\ProtectContent:
         tags:

From 5ee049b4d80be72e61ea77d2264e6f094e9b4aef Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Mon, 13 Nov 2023 15:08:33 +0100
Subject: [PATCH 13/20] feat: 108625 Fix translation for courriel / email

---
 bundle/Resources/translations/ezprotectedcontent.fr.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/bundle/Resources/translations/ezprotectedcontent.fr.yml b/bundle/Resources/translations/ezprotectedcontent.fr.yml
index 8cf98d9..fb421cc 100644
--- a/bundle/Resources/translations/ezprotectedcontent.fr.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.fr.yml
@@ -7,10 +7,10 @@ tab.modal.buttons.add: "Ajouter"
 tab.table.th.password: "Mot de passe"
 tab.table.th.children_protection: "Protéger les contenus enfants?"
 tab.table.th.enabled: "Activer?"
-tab.table.th.as_email: "Protection par email"
-tab.table.th.message_email: "Message à afficher dans l'email envoyé"
-tab.table.th.email: "Votre adresse email"
-tab.table.th.as_email_message: "Message email défini"
+tab.table.th.as_email: "Protection par courriel"
+tab.table.th.message_email: "Message à afficher dans le courriel envoyé"
+tab.table.th.email: "Votre adresse courriel"
+tab.table.th.as_email_message: "Message courriel défini"
 tab.table.th.remove: "Supprimer"
 
 mail.help_message: Add {{ url }} in your message it will be replace by "Click here" and a link

From 6e2d447fb85f997632b1bfb4671d1d232d2e3768 Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Mon, 13 Nov 2023 16:41:31 +0100
Subject: [PATCH 14/20] feat: 108625 add more translations for protected area

---
 bundle/Resources/translations/ezprotectedcontent.en.yml | 2 ++
 bundle/Resources/translations/ezprotectedcontent.fr.yml | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/bundle/Resources/translations/ezprotectedcontent.en.yml b/bundle/Resources/translations/ezprotectedcontent.en.yml
index cdf414d..c736775 100644
--- a/bundle/Resources/translations/ezprotectedcontent.en.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.en.yml
@@ -19,3 +19,5 @@ mail.subject: "Your request for access to protected content"
 
 tab.yes: "YES"
 tab.no: "NO"
+
+'This area is email protected.': 'This area is email protected.'
diff --git a/bundle/Resources/translations/ezprotectedcontent.fr.yml b/bundle/Resources/translations/ezprotectedcontent.fr.yml
index fb421cc..05329d8 100644
--- a/bundle/Resources/translations/ezprotectedcontent.fr.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.fr.yml
@@ -19,3 +19,5 @@ mail.subject: "Votre demande d'accès à un contenu protégé"
 
 tab.yes: "OUI"
 tab.no: "NON"
+
+'This area is email protected.': 'Cette zone est protégé par une vérification de courriel'

From 585179d8ee9a428df721231fdbb82b3fe8312c9b Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Tue, 14 Nov 2023 11:07:35 +0100
Subject: [PATCH 15/20] feat: 108625 fix mistake by swapping translations in
 file

---
 bundle/Resources/translations/ezprotectedcontent.en.yml | 2 +-
 bundle/Resources/translations/ezprotectedcontent.fr.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bundle/Resources/translations/ezprotectedcontent.en.yml b/bundle/Resources/translations/ezprotectedcontent.en.yml
index c736775..2113894 100644
--- a/bundle/Resources/translations/ezprotectedcontent.en.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.en.yml
@@ -13,7 +13,7 @@ tab.table.th.email: "Your email"
 tab.table.th.as_email_message: "Email message defined"
 tab.table.th.remove: "Remove"
 
-mail.help_message: Ajoutez {{ url }} dans votre message, cela sea remplacé par "Cliquez ici" et un lien
+mail.help_message: Add {{ url }} in your message it will be replace by "Click here" and a link
 mail.link: Click here
 mail.subject: "Your request for access to protected content"
 
diff --git a/bundle/Resources/translations/ezprotectedcontent.fr.yml b/bundle/Resources/translations/ezprotectedcontent.fr.yml
index 05329d8..a1b3502 100644
--- a/bundle/Resources/translations/ezprotectedcontent.fr.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.fr.yml
@@ -13,7 +13,7 @@ tab.table.th.email: "Votre adresse courriel"
 tab.table.th.as_email_message: "Message courriel défini"
 tab.table.th.remove: "Supprimer"
 
-mail.help_message: Add {{ url }} in your message it will be replace by "Click here" and a link
+mail.help_message: Ajoutez {{ url }} dans votre message, cela sea remplacé par "Cliquez ici" et un lien
 mail.link: "Cliquez ici"
 mail.subject: "Votre demande d'accès à un contenu protégé"
 

From 3b5f6f0d56154c0597de470551730671da330b51 Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Tue, 14 Nov 2023 12:04:12 +0100
Subject: [PATCH 16/20] feat: 108625 update documentation

---
 README.md | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 0cdbd9b..1ec1a57 100644
--- a/README.md
+++ b/README.md
@@ -5,16 +5,27 @@ A bundle that provides quick password protection on Contents.
 # How it works
 
 Allows you to add 1 on N password on a Content in the Admin UI.
+Once a protection is set, the Content becomes Protected.
+In this situation you can have 3 new variables in the view full
+ - canReadProtectedContent (always)
+ - requestProtectedContentPasswordForm (if content is protected by password)
+ - requestProtectedContentEmailForm (if content is protected with email verification)
 
-Once a Password is set, the Content becomes Protected. In this situation you will have 2 new variables in the view full.
 Allowing you do:
 ```twig
 <h2>{{ ez_content_name(content) }}</h2>
 {% if not canReadProtectedContent %}
-    <p>This content has been protected by a password</p>
-    <div class="protected-content-form">
-        {{ form(requestProtectedContentPasswordForm) }}
-    </div>
+    {% if requestProtectedContentPasswordForm is defined %}
+        <p>This content has been protected by a password</p>
+        <div class="protected-content-form">
+            {{ form(requestProtectedContentPasswordForm) }}
+        </div>
+    {% elseif requestProtectedContentEmailForm is defined %}
+        <p>This content has been protected by an email verification</p>
+            <div class="protected-content-form">
+                {{ form(requestProtectedContentEmailForm) }}
+            </div>
+    {% endif %}
 {% else %}
     {% for field in content.fieldsByLanguage(language|default(null)) %}
         <h3>{{ field.fieldDefIdentifier }}</h3>

From b00579b86b25d9c9f3f48e32e0daa52ae39313ae Mon Sep 17 00:00:00 2001
From: Canicio Sacha <s.canicio@inforca.mc>
Date: Tue, 14 Nov 2023 16:34:12 +0100
Subject: [PATCH 17/20] feat: 108625 fix typo in translations

---
 bundle/Resources/translations/ezprotectedcontent.fr.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bundle/Resources/translations/ezprotectedcontent.fr.yml b/bundle/Resources/translations/ezprotectedcontent.fr.yml
index a1b3502..7a03be6 100644
--- a/bundle/Resources/translations/ezprotectedcontent.fr.yml
+++ b/bundle/Resources/translations/ezprotectedcontent.fr.yml
@@ -13,7 +13,7 @@ tab.table.th.email: "Votre adresse courriel"
 tab.table.th.as_email_message: "Message courriel défini"
 tab.table.th.remove: "Supprimer"
 
-mail.help_message: Ajoutez {{ url }} dans votre message, cela sea remplacé par "Cliquez ici" et un lien
+mail.help_message: Ajoutez {{ url }} dans votre message, cela sera remplacé par "Cliquez ici" et un lien
 mail.link: "Cliquez ici"
 mail.subject: "Votre demande d'accès à un contenu protégé"
 

From 57dcf2fba1c474eec4199709ae2237626736eafc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20LIMOUZIN?= <remy.limouzin@almaviacx.com>
Date: Tue, 27 May 2025 11:37:16 +0200
Subject: [PATCH 18/20] Reindex contents after a protection change

---
 .../Admin/ProtectedAccessController.php       | 120 ++++++++++++++----
 1 file changed, 94 insertions(+), 26 deletions(-)

diff --git a/bundle/Controller/Admin/ProtectedAccessController.php b/bundle/Controller/Admin/ProtectedAccessController.php
index 3a8c652..e1d605d 100644
--- a/bundle/Controller/Admin/ProtectedAccessController.php
+++ b/bundle/Controller/Admin/ProtectedAccessController.php
@@ -14,32 +14,43 @@
 
 use DateTime;
 use Doctrine\ORM\EntityManagerInterface;
-use eZ\Publish\API\Repository\Values\Content\Location;
-use EzSystems\PlatformHttpCacheBundle\PurgeClient\PurgeClientInterface;
+use Ibexa\Contracts\Core\Repository\Values\Content\Content;
+use Ibexa\Contracts\Core\Repository\Values\Content\Location;
+use Ibexa\Contracts\Core\Repository\Values\Content\Query;
+use Ibexa\Contracts\HttpCache\Handler\ContentTagInterface;
+use Ibexa\Core\Repository\SiteAccessAware\Repository;
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedAccess;
 use Novactive\Bundle\eZProtectedContentBundle\Form\ProtectedAccessType;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
-use Symfony\Component\Form\FormFactory;
+use Symfony\Component\Form\FormFactoryInterface;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Routing\RouterInterface;
 
 class ProtectedAccessController
 {
+    public function __construct(
+        protected readonly Repository $repository,
+        protected readonly \Ibexa\Contracts\Core\Search\Handler $searchHandler,
+        protected readonly \Ibexa\Contracts\Core\Persistence\Handler $persistenceHandler,
+    ) { }
+
     /**
      * @Route("/handle/{locationId}/{access}", name="novaezprotectedcontent_bundle_admin_handle_form",
      *                                           defaults={"accessId": null})
      */
+    //#[Route(path: '/handle/{locationId}/{access}', name: 'novaezprotectedcontent_bundle_admin_handle_form')]
     public function handle(
-        Location $location,
+        int $locationId,
         Request $request,
-        FormFactory $formFactory,
+        FormFactoryInterface $formFactory,
         EntityManagerInterface $entityManager,
         RouterInterface $router,
-        PurgeClientInterface $httpCachePurgeClient,
-        ?ProtectedAccess $access = null
+        ContentTagInterface $responseTagger,
+        ?ProtectedAccess $access = null,
     ): RedirectResponse {
         if ($request->isMethod('post')) {
+            $location = $this->repository->getLocationService()->loadLocation($locationId);
             $now = new DateTime();
             if (null === $access) {
                 $access = new ProtectedAccess();
@@ -52,38 +63,95 @@ public function handle(
                 $access->setUpdated($now);
                 $entityManager->persist($access);
                 $entityManager->flush();
-                $httpCachePurgeClient->purge(
-                    [
-                        'location-'.$location->id,
-                        'location-'.$location->parentLocationId,
-                    ]
-                );
+                $responseTagger->addLocationTags([$location->id]);
+                $responseTagger->addParentLocationTags([$location->parentLocationId]);
+
+                $content = $location->getContent();
+                $this->reindexContent($content);
+                if ($access->isProtectChildren()) {
+                    $this->reindexChildren($content);
+                }
             }
         }
 
-        return new RedirectResponse($router->generate($location).'#ez-tab-location-view-protect-content#tab');
+        return new RedirectResponse(
+            $router->generate('ibexa.content.view', ['contentId' => $location->contentId,
+                'locationId' => $location->id,
+            ]).
+            '#ibexa-tab-location-view-protect-content#tab'
+        );
     }
 
-    /**
-     * @Route("/remove/{locationId}/{access}", name="novaezprotectedcontent_bundle_admin_remove_protection")
-     */
+    #[Route(path: '/remove/{locationId}/{access}', name: 'novaezprotectedcontent_bundle_admin_remove_protection')]
     public function remove(
         Location $location,
         EntityManagerInterface $entityManager,
         RouterInterface $router,
-        ProtectedAccess $access,
-        PurgeClientInterface $httpCachePurgeClient
+        int $access,
+        ContentTagInterface $responseTagger
     ): RedirectResponse {
+        $access = $entityManager->find(ProtectedAccess::class, $access);
         $entityManager->remove($access);
         $entityManager->flush();
+        $responseTagger->addLocationTags([$location->id]);
+        $responseTagger->addParentLocationTags([$location->parentLocationId]);
 
-        $httpCachePurgeClient->purge(
-            [
-                'location-'.$location->id,
-                'location-'.$location->parentLocationId,
-            ]
+        $content = $location->getContent();
+        $this->reindexContent($content);
+        if ($access->isProtectChildren()) {
+            $this->reindexChildren($content);
+        }
+
+        return new RedirectResponse(
+            $router->generate('ibexa.content.view', ['contentId' => $location->contentId,
+                'locationId' => $location->id,
+            ]).
+            '#ibexa-tab-location-view-protect-content#tab'
         );
+    }
 
-        return new RedirectResponse($router->generate($location).'#ez-tab-location-view-protect-content#tab');
+    /**
+     * @param Content $content
+     * @return void
+     */
+    protected function reindexContent(Content $content)
+    {
+        $contentId = $content->id;
+        $contentVersionNo = $content->getVersionInfo()->versionNo;
+
+        $this->searchHandler->indexContent(
+            $this->persistenceHandler->contentHandler()->load($contentId, $contentVersionNo)
+        );
+
+        $locations = $this->persistenceHandler->locationHandler()->loadLocationsByContent($contentId);
+        foreach ($locations as $location) {
+            $this->searchHandler->indexLocation($location);
+        }
+    }
+
+    protected function reindexChildren(Content $content, int $limit = 100)
+    {
+        $locations = $this->repository->getLocationService()->loadLocations($content->contentInfo);
+        $pathStringArray = [];
+        foreach ($locations as $location) {
+            /** @var Location $location */
+            $pathStringArray[] = $location->pathString;
+        }
+
+        if ($pathStringArray) {
+            $query = new Query();
+            $query->limit = $limit;
+            $query->filter = new Query\Criterion\LogicalAnd([
+                new Query\Criterion\Subtree($pathStringArray)
+            ]);
+            $query->sortClauses = [
+                new Query\SortClause\ContentId(),
+                // new Query\SortClause\Visibility(), // domage..
+            ];
+            $searchResult = $this->repository->getSearchService()->findContent($query);
+            foreach ($searchResult->searchHits as $hit) {
+                $this->reindexContent($hit->valueObject);
+            }
+        }
     }
 }

From 2385d57b1ea1d0165233390364fd6736f15f1f9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20LIMOUZIN?= <remy.limouzin@almaviacx.com>
Date: Tue, 27 May 2025 11:46:27 +0200
Subject: [PATCH 19/20] Reindex contents after a protection change

---
 bundle/Resources/config/services.yaml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/bundle/Resources/config/services.yaml b/bundle/Resources/config/services.yaml
index b23622e..be3d4a0 100644
--- a/bundle/Resources/config/services.yaml
+++ b/bundle/Resources/config/services.yaml
@@ -6,7 +6,12 @@ services:
         autoconfigure: true
         public: false
         bind:
-            $httpCachePurgeClient: '@ezplatform.http_cache.purge_client'
+            $entityManager: "@ibexa.doctrine.orm.entity_manager"
+            $searchHandler: '@ibexa.spi.search'
+            $persistenceHandler: '@ibexa.api.persistence_handler'
+
+    Novactive\Bundle\eZProtectedContentBundle\Command\:
+        resource: '../../Command'
 
     Novactive\Bundle\eZProtectedContentBundle\Repository\:
         resource: '../../Repository'
@@ -18,15 +23,11 @@ services:
     Novactive\Bundle\eZProtectedContentBundle\Command\CleanTokenCommand:
         tags:
             - { name: 'novaezprotectedcontent:cleantoken', command: 'novaezprotectedcontent:cleantoken' }
-            - { name: ezplatform.cron.job, schedule: '0 1 * * *' }
+            - { name: ibexa.cron.job, schedule: '0 1 * * *' }
 
     Novactive\Bundle\eZProtectedContentBundle\Core\Tab\ProtectContent:
         tags:
-            - { name: ezplatform.tab, group: location-view }
-
-    Novactive\Bundle\eZProtectedContentBundle\Listener\EntityContentLink:
-        tags:
-            - { name: doctrine.orm.entity_listener }
+            - { name: ibexa.admin_ui.tab, group: location-view }
 
     Novactive\Bundle\eZProtectedContentBundle\Listener\PreContentView:
         tags:

From 39ee4e26537b4ac5ec38811a901e93c4cb2baaec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20LIMOUZIN?= <remy.limouzin@almaviacx.com>
Date: Tue, 27 May 2025 12:02:19 +0200
Subject: [PATCH 20/20] remove Reindex contents after a protection change

---
 .../Admin/ProtectedAccessController.php       | 120 ++++++++++++++----
 bundle/Resources/config/services.yaml         |  15 ++-
 2 files changed, 102 insertions(+), 33 deletions(-)

diff --git a/bundle/Controller/Admin/ProtectedAccessController.php b/bundle/Controller/Admin/ProtectedAccessController.php
index 3a8c652..e1d605d 100644
--- a/bundle/Controller/Admin/ProtectedAccessController.php
+++ b/bundle/Controller/Admin/ProtectedAccessController.php
@@ -14,32 +14,43 @@
 
 use DateTime;
 use Doctrine\ORM\EntityManagerInterface;
-use eZ\Publish\API\Repository\Values\Content\Location;
-use EzSystems\PlatformHttpCacheBundle\PurgeClient\PurgeClientInterface;
+use Ibexa\Contracts\Core\Repository\Values\Content\Content;
+use Ibexa\Contracts\Core\Repository\Values\Content\Location;
+use Ibexa\Contracts\Core\Repository\Values\Content\Query;
+use Ibexa\Contracts\HttpCache\Handler\ContentTagInterface;
+use Ibexa\Core\Repository\SiteAccessAware\Repository;
 use Novactive\Bundle\eZProtectedContentBundle\Entity\ProtectedAccess;
 use Novactive\Bundle\eZProtectedContentBundle\Form\ProtectedAccessType;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
-use Symfony\Component\Form\FormFactory;
+use Symfony\Component\Form\FormFactoryInterface;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Routing\RouterInterface;
 
 class ProtectedAccessController
 {
+    public function __construct(
+        protected readonly Repository $repository,
+        protected readonly \Ibexa\Contracts\Core\Search\Handler $searchHandler,
+        protected readonly \Ibexa\Contracts\Core\Persistence\Handler $persistenceHandler,
+    ) { }
+
     /**
      * @Route("/handle/{locationId}/{access}", name="novaezprotectedcontent_bundle_admin_handle_form",
      *                                           defaults={"accessId": null})
      */
+    //#[Route(path: '/handle/{locationId}/{access}', name: 'novaezprotectedcontent_bundle_admin_handle_form')]
     public function handle(
-        Location $location,
+        int $locationId,
         Request $request,
-        FormFactory $formFactory,
+        FormFactoryInterface $formFactory,
         EntityManagerInterface $entityManager,
         RouterInterface $router,
-        PurgeClientInterface $httpCachePurgeClient,
-        ?ProtectedAccess $access = null
+        ContentTagInterface $responseTagger,
+        ?ProtectedAccess $access = null,
     ): RedirectResponse {
         if ($request->isMethod('post')) {
+            $location = $this->repository->getLocationService()->loadLocation($locationId);
             $now = new DateTime();
             if (null === $access) {
                 $access = new ProtectedAccess();
@@ -52,38 +63,95 @@ public function handle(
                 $access->setUpdated($now);
                 $entityManager->persist($access);
                 $entityManager->flush();
-                $httpCachePurgeClient->purge(
-                    [
-                        'location-'.$location->id,
-                        'location-'.$location->parentLocationId,
-                    ]
-                );
+                $responseTagger->addLocationTags([$location->id]);
+                $responseTagger->addParentLocationTags([$location->parentLocationId]);
+
+                $content = $location->getContent();
+                $this->reindexContent($content);
+                if ($access->isProtectChildren()) {
+                    $this->reindexChildren($content);
+                }
             }
         }
 
-        return new RedirectResponse($router->generate($location).'#ez-tab-location-view-protect-content#tab');
+        return new RedirectResponse(
+            $router->generate('ibexa.content.view', ['contentId' => $location->contentId,
+                'locationId' => $location->id,
+            ]).
+            '#ibexa-tab-location-view-protect-content#tab'
+        );
     }
 
-    /**
-     * @Route("/remove/{locationId}/{access}", name="novaezprotectedcontent_bundle_admin_remove_protection")
-     */
+    #[Route(path: '/remove/{locationId}/{access}', name: 'novaezprotectedcontent_bundle_admin_remove_protection')]
     public function remove(
         Location $location,
         EntityManagerInterface $entityManager,
         RouterInterface $router,
-        ProtectedAccess $access,
-        PurgeClientInterface $httpCachePurgeClient
+        int $access,
+        ContentTagInterface $responseTagger
     ): RedirectResponse {
+        $access = $entityManager->find(ProtectedAccess::class, $access);
         $entityManager->remove($access);
         $entityManager->flush();
+        $responseTagger->addLocationTags([$location->id]);
+        $responseTagger->addParentLocationTags([$location->parentLocationId]);
 
-        $httpCachePurgeClient->purge(
-            [
-                'location-'.$location->id,
-                'location-'.$location->parentLocationId,
-            ]
+        $content = $location->getContent();
+        $this->reindexContent($content);
+        if ($access->isProtectChildren()) {
+            $this->reindexChildren($content);
+        }
+
+        return new RedirectResponse(
+            $router->generate('ibexa.content.view', ['contentId' => $location->contentId,
+                'locationId' => $location->id,
+            ]).
+            '#ibexa-tab-location-view-protect-content#tab'
         );
+    }
 
-        return new RedirectResponse($router->generate($location).'#ez-tab-location-view-protect-content#tab');
+    /**
+     * @param Content $content
+     * @return void
+     */
+    protected function reindexContent(Content $content)
+    {
+        $contentId = $content->id;
+        $contentVersionNo = $content->getVersionInfo()->versionNo;
+
+        $this->searchHandler->indexContent(
+            $this->persistenceHandler->contentHandler()->load($contentId, $contentVersionNo)
+        );
+
+        $locations = $this->persistenceHandler->locationHandler()->loadLocationsByContent($contentId);
+        foreach ($locations as $location) {
+            $this->searchHandler->indexLocation($location);
+        }
+    }
+
+    protected function reindexChildren(Content $content, int $limit = 100)
+    {
+        $locations = $this->repository->getLocationService()->loadLocations($content->contentInfo);
+        $pathStringArray = [];
+        foreach ($locations as $location) {
+            /** @var Location $location */
+            $pathStringArray[] = $location->pathString;
+        }
+
+        if ($pathStringArray) {
+            $query = new Query();
+            $query->limit = $limit;
+            $query->filter = new Query\Criterion\LogicalAnd([
+                new Query\Criterion\Subtree($pathStringArray)
+            ]);
+            $query->sortClauses = [
+                new Query\SortClause\ContentId(),
+                // new Query\SortClause\Visibility(), // domage..
+            ];
+            $searchResult = $this->repository->getSearchService()->findContent($query);
+            foreach ($searchResult->searchHits as $hit) {
+                $this->reindexContent($hit->valueObject);
+            }
+        }
     }
 }
diff --git a/bundle/Resources/config/services.yaml b/bundle/Resources/config/services.yaml
index b23622e..be3d4a0 100644
--- a/bundle/Resources/config/services.yaml
+++ b/bundle/Resources/config/services.yaml
@@ -6,7 +6,12 @@ services:
         autoconfigure: true
         public: false
         bind:
-            $httpCachePurgeClient: '@ezplatform.http_cache.purge_client'
+            $entityManager: "@ibexa.doctrine.orm.entity_manager"
+            $searchHandler: '@ibexa.spi.search'
+            $persistenceHandler: '@ibexa.api.persistence_handler'
+
+    Novactive\Bundle\eZProtectedContentBundle\Command\:
+        resource: '../../Command'
 
     Novactive\Bundle\eZProtectedContentBundle\Repository\:
         resource: '../../Repository'
@@ -18,15 +23,11 @@ services:
     Novactive\Bundle\eZProtectedContentBundle\Command\CleanTokenCommand:
         tags:
             - { name: 'novaezprotectedcontent:cleantoken', command: 'novaezprotectedcontent:cleantoken' }
-            - { name: ezplatform.cron.job, schedule: '0 1 * * *' }
+            - { name: ibexa.cron.job, schedule: '0 1 * * *' }
 
     Novactive\Bundle\eZProtectedContentBundle\Core\Tab\ProtectContent:
         tags:
-            - { name: ezplatform.tab, group: location-view }
-
-    Novactive\Bundle\eZProtectedContentBundle\Listener\EntityContentLink:
-        tags:
-            - { name: doctrine.orm.entity_listener }
+            - { name: ibexa.admin_ui.tab, group: location-view }
 
     Novactive\Bundle\eZProtectedContentBundle\Listener\PreContentView:
         tags: