src/Controller/ResetPasswordController.php line 47

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\User;
  6. use App\Form\ChangePasswordFormType;
  7. use App\Form\ResetPasswordRequestFormType;
  8. use App\Utils\Constants;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  11. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  12. use Symfony\Component\HttpFoundation\RedirectResponse;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpFoundation\Response;
  15. use Symfony\Component\Mailer\MailerInterface;
  16. use Symfony\Component\Mime\Address;
  17. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  18. use Symfony\Component\Routing\Annotation\Route;
  19. use Symfony\Contracts\Translation\TranslatorInterface;
  20. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  21. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  22. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  23. use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
  24. use Symfony\Component\Mime\Email;
  26. /**
  27. * @Route("/reset-password")
  28. */
  29. class ResetPasswordController extends AbstractController
  30. {
  31. use ResetPasswordControllerTrait;
  33. private $resetPasswordHelper;
  34. private $entityManager;
  36. public function __construct(ResetPasswordHelperInterface $resetPasswordHelper, EntityManagerInterface $entityManager)
  37. {
  38. $this->resetPasswordHelper = $resetPasswordHelper;
  39. $this->entityManager = $entityManager;
  40. }
  42. /**
  43. * Display & process form to request a password reset.
  44. *
  45. * @Route("", name="app_forgot_password_request")
  46. */
  47. public function request(Request $request, MailerInterface $mailer, TranslatorInterface $translator, UserPasswordHasherInterface $passwordHasher): Response
  48. {
  49. $form = $this->createForm(ResetPasswordRequestFormType::class);
  50. $form->handleRequest($request);
  52. if ($form->isSubmitted() && $form->isValid()) {
  53. return $this->processSendingPasswordResetEmail(
  54. $form->get('email')->getData(),
  55. $mailer,
  56. $translator,
  57. $passwordHasher
  58. );
  59. }
  61. return $this->render('reset_password/request.html.twig', [
  62. 'requestForm' => $form->createView(),
  63. ]);
  64. }
  66. /**
  67. * Confirmation page after a user has requested a password reset.
  68. *
  69. * @Route("/check-email", name="app_check_email")
  70. */
  71. public function checkEmail(): Response
  72. {
  73. // Generate a fake token if the user does not exist or someone hit this page directly.
  74. // This prevents exposing whether or not a user was found with the given email address or not
  75. if (null === ($resetToken = $this->getTokenObjectFromSession())) {
  76. $resetToken = $this->resetPasswordHelper->generateFakeResetToken();
  77. }
  79. return $this->render('reset_password/check_email.html.twig', [
  80. 'resetToken' => $resetToken
  81. ]);
  82. }
  84. /**
  85. * Validates and process the reset URL that the user clicked in their email.
  86. *
  87. * @Route("/reset/{token}", name="app_reset_password")
  88. */
  89. public function reset(Request $request, UserPasswordHasherInterface $userPasswordHasher, TranslatorInterface $translator, ?string $token = null): Response
  90. {
  91. if ($token) {
  92. // We store the token in session and remove it from the URL, to avoid the URL being
  93. // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  94. $this->storeTokenInSession($token);
  96. return $this->redirectToRoute('app_reset_password');
  97. }
  99. $token = $this->getTokenFromSession();
  100. if (null === $token) {
  101. throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  102. }
  104. try {
  105. $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  106. } catch (ResetPasswordExceptionInterface $e) {
  107. $this->addFlash('reset_password_error', sprintf(
  108. '%s - %s',
  109. $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [], 'ResetPasswordBundle'),
  110. $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  111. ));
  113. return $this->redirectToRoute('app_forgot_password_request');
  114. }
  116. // The token is valid; allow the user to change their password.
  117. $form = $this->createForm(ChangePasswordFormType::class);
  118. $form->handleRequest($request);
  120. if ($form->isSubmitted() && $form->isValid()) {
  121. // A password reset token should be used only once, remove it.
  122. $this->resetPasswordHelper->removeResetRequest($token);
  124. // Encode(hash) the plain password, and set it.
  125. $encodedPassword = $userPasswordHasher->hashPassword(
  126. $user,
  127. $form->get('plainPassword')->getData()
  128. );
  130. $user->setPassword($encodedPassword);
  131. $this->entityManager->flush();
  133. // The session is cleaned up after the password has been changed.
  134. $this->cleanSessionAfterReset();
  136. return $this->redirectToRoute('app_login');
  137. }
  139. return $this->render('reset_password/reset.html.twig', [
  140. 'resetForm' => $form->createView(),
  141. ]);
  142. }
  144. private function processSendingPasswordResetEmail(string $emailFormData, MailerInterface $mailer, TranslatorInterface $translator, UserPasswordHasherInterface $passwordHasher): RedirectResponse
  145. {
  146. $user = $this->entityManager->getRepository(User::class)->findOneBy([
  147. 'email' => $emailFormData,
  148. ]);
  150. // Do not reveal whether a user account was found or not.
  151. if (!$user) {
  152. $this->addFlash(
  153. 'user_email_not_fount_notice',
  154. "L'utilisateur est introuvable!"
  155. );
  156. return $this->redirectToRoute('app_login');
  157. }
  159. if ($passwordHasher->isPasswordValid($user, Constants::VISITOR_DEFAULT_PASSWORD_PREFIX."_".$emailFormData)) {
  160. $this->addFlash(
  161. 'visitor_not_allowed_notice',
  162. "Action non permise aux visiteurs!"
  163. );
  164. return $this->redirectToRoute('app_login');
  165. }
  167. try {
  168. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  169. } catch (ResetPasswordExceptionInterface $e) {
  170. // If you want to tell the user why a reset email was not sent, uncomment
  171. // the lines below and change the redirect to 'app_forgot_password_request'.
  172. // Caution: This may reveal if a user is registered or not.
  173. //
  174. // $this->addFlash('reset_password_error', sprintf(
  175. // '%s - %s',
  176. // $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE, [], 'ResetPasswordBundle'),
  177. // $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  178. // ));
  180. dd($e->getMessage());
  182. return $this->redirectToRoute('app_check_email');
  183. }
  185. $email = (new TemplatedEmail())
  186. ->from(new Address($this->getParameter('cofina_sender_mail'), 'Cofina Mail Bot'))
  187. ->to($user->getEmail())
  188. ->subject('Demande de réinitialisation de mot de passe')
  189. ->htmlTemplate('reset_password/email.html.twig')
  190. ->context([
  191. 'resetToken' => $resetToken,
  192. 'baseUrl' => $_ENV['BASE_URL']
  193. ])
  194. ;
  196. try {
  197. $mailer->send($email);
  198. } catch (TransportExceptionInterface $e) {
  199. dd($e->getMessage());
  200. }
  202. // Store the token object in session for retrieval in check-email route.
  203. $this->setTokenObjectInSession($resetToken);
  205. return $this->redirectToRoute('app_check_email');
  206. }
  207. }