src/UserBundle/Controller/ResetPasswordController.php line 51

Open in your IDE?
  1. <?php
  3. namespace App\UserBundle\Controller;
  5. use App\BaseBundle\Controller\AbstractController;
  6. use App\BaseBundle\SystemConfiguration;
  7. use App\CMSBundle\Service\SiteSettingService;
  8. use App\UserBundle\Entity\User;
  9. use App\UserBundle\Form\ChangePasswordFormType;
  10. use App\UserBundle\Form\ResetPasswordRequestFormType;
  11. use App\UserBundle\Security\CustomAuthenticator;
  12. use Doctrine\ORM\EntityManagerInterface;
  13. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  14. use Symfony\Component\HttpFoundation\RedirectResponse;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\Mailer\MailerInterface;
  18. use Symfony\Component\Mime\Address;
  19. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  20. use Symfony\Component\Routing\Annotation\Route;
  21. use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
  22. use Symfony\Component\Security\Http\FirewallMapInterface;
  23. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  24. use Symfony\Contracts\Translation\TranslatorInterface;
  25. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  26. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  27. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  29. /**
  30. * @Route("/reset-password")
  31. */
  32. class ResetPasswordController extends AbstractController
  33. {
  34. use ResetPasswordControllerTrait;
  35. use TargetPathTrait;
  38. private ResetPasswordHelperInterface $resetPasswordHelper;
  39. private EntityManagerInterface $em;
  41. public function __construct(ResetPasswordHelperInterface $resetPasswordHelper, EntityManagerInterface $em)
  42. {
  43. $this->resetPasswordHelper = $resetPasswordHelper;
  44. $this->em = $em;
  45. }
  47. /**
  48. * Display & process form to request a password reset.
  49. * @Route("", name="app_user_forgot_password_request")
  50. */
  51. public function request(Request $request, MailerInterface $mailer, TranslatorInterface $translator): Response
  52. {
  53. $form = $this->createForm(ResetPasswordRequestFormType::class);
  54. $form->handleRequest($request);
  56. if ($form->isSubmitted() && $form->isValid()) {
  57. return $this->processSendingPasswordResetEmail(
  58. $form->get('email')->getData(),
  59. $mailer,
  60. $translator
  61. );
  62. }
  63. $breadcrumbs = [
  64. [
  65. "title" => $translator->trans("home_txt"),
  66. "url" => $this->generateUrl("fe_home"),
  67. ],
  68. [
  69. "title" => $translator->trans("forgot_password_question_txt"),
  70. "url" => null,
  71. ],
  72. ];
  74. return $this->render('user/reset_password/request.html.twig', [
  75. 'form' => $form->createView(),
  76. "breadcrumbs" => $breadcrumbs
  78. ]);
  79. }
  81. /**
  82. * Confirmation page after a user has requested a password reset.
  83. * @Route("/check-email", name="app_user_check_email")
  84. */
  85. public function checkEmail(): Response
  86. {
  87. // Generate a fake token if the user does not exist or someone hit this page directly.
  88. // This prevents exposing whether or not a user was found with the given email address or not
  89. if (null === ($resetToken = $this->getTokenObjectFromSession())) {
  90. $resetToken = $this->resetPasswordHelper->generateFakeResetToken();
  91. }
  93. return $this->render('user/reset_password/check_email.html.twig', [
  94. 'resetToken' => $resetToken,
  95. ]);
  96. }
  98. /**
  99. * Validates and process the reset URL that the user clicked in their email.
  100. * @Route("/reset/{token}", name="app_user_reset_password")
  101. */
  102. public function reset(
  103. Request $request,
  104. UserPasswordHasherInterface $userPasswordHasher,
  105. TranslatorInterface $translator,
  106. UserAuthenticatorInterface $userAuthenticator,
  107. CustomAuthenticator $authenticator,
  108. FirewallMapInterface $firewallMap,
  109. string $token = null
  110. ): Response
  111. {
  112. if ($token) {
  113. // We store the token in session and remove it from the URL, to avoid the URL being
  114. // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  115. $this->storeTokenInSession($token);
  117. return $this->redirectToRoute('app_user_reset_password');
  118. }
  120. $token = $this->getTokenFromSession();
  121. if (null === $token) {
  122. throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  123. }
  125. try {
  126. $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  127. } catch (ResetPasswordExceptionInterface $e) {
  128. $this->addFlash('error', sprintf(
  129. '%s - %s',
  130. $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [],
  131. 'ResetPasswordBundle'),
  132. $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  133. ));
  135. return $this->redirectToRoute('app_user_forgot_password_request');
  136. }
  138. // The token is valid; allow the user to change their password.
  139. $form = $this->createForm(ChangePasswordFormType::class);
  140. $form->handleRequest($request);
  142. if ($form->isSubmitted() && $form->isValid()) {
  143. // A password reset token should be used only once, remove it.
  144. $this->resetPasswordHelper->removeResetRequest($token);
  146. // Encode(hash) the plain password, and set it.
  147. $encodedPassword = $userPasswordHasher->hashPassword(
  148. $user,
  149. $form->get('plainPassword')->getData()
  150. );
  152. $user->setPassword($encodedPassword);
  153. $this->em->flush();
  155. // The session is cleaned up after the password has been changed.
  156. $this->cleanSessionAfterReset();
  158. $userAuthenticator->authenticateUser($user, $authenticator, $request);
  160. return $this->onAuthenticationSuccess($request, $firewallMap);
  161. }
  164. $breadcrumbs = [
  165. [
  166. "title" => $translator->trans("home_txt"),
  167. "url" => $this->generateUrl("fe_home"),
  168. ],
  169. [
  170. "title" => $translator->trans("reset_password_txt"),
  171. "url" => null,
  172. ],
  173. ];
  174. return $this->render('user/reset_password/reset.html.twig', [
  175. 'form' => $form->createView(),
  176. 'breadcrumbs' => $breadcrumbs,
  177. ]);
  178. }
  180. private function processSendingPasswordResetEmail(
  181. string $emailFormData,
  182. MailerInterface $mailer,
  183. TranslatorInterface $translator,
  184. SiteSettingService $siteSettingService
  185. ): RedirectResponse
  186. {
  187. $user = $this->em->getRepository(User::class)->findOneBy([
  188. 'email' => $emailFormData,
  189. "enabled" => true,
  190. "deleted" => null,
  191. ]);
  193. // Do not reveal whether a user account was found or not.
  194. if (!$user) {
  195. return $this->redirectToRoute('app_user_check_email');
  196. }
  198. try {
  199. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  200. } catch (ResetPasswordExceptionInterface $e) {
  201. // If you want to tell the user why a reset email was not sent, uncomment
  202. // the lines below and change the redirect to 'app_forgot_password_request'.
  203. // Caution: This may reveal if a user is registered or not.
  204. //
  205. // $this->addFlash('error', sprintf(
  206. // '%s - %s',
  207. // $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE, [], 'ResetPasswordBundle'),
  208. // $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  209. // ));
  211. return $this->redirectToRoute('app_user_check_email');
  212. }
  214. $email = (new TemplatedEmail())
  215. ->from(new Address($siteSettingService->getByConstantName('email-from'), $siteSettingService->getByConstantName('website-title')))
  216. ->to($user->getEmail())
  217. ->subject($siteSettingService->getByConstantName('website-title') . ' | Your password reset request')
  218. ->htmlTemplate('user/reset_password/email.html.twig')
  219. ->context([
  220. 'user' => $user,
  221. 'resetToken' => $resetToken,
  222. ]);
  224. $mailer->send($email);
  226. // Store the token object in session for retrieval in check-email route.
  227. $this->setTokenObjectInSession($resetToken);
  229. return $this->redirectToRoute('app_user_check_email');
  230. }
  232. private function onAuthenticationSuccess(Request $request, FirewallMapInterface $firewallMap): ?Response
  233. {
  234. $firewallConfig = $firewallMap->getFirewallConfig($request);
  236. if ($targetPath = $this->getTargetPath($request->getSession(), $firewallConfig->getName())) {
  237. return new RedirectResponse($targetPath);
  238. }
  240. return new RedirectResponse($this->generateUrl('fe_home'));
  241. }
  242. }