src/Controller/ResetPasswordController.php line 48

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\User;
  6. use App\Form\ChangePasswordFormType;
  7. use App\Form\ResetPasswordRequestFormType;
  8. use App\Service\MailerService;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use Psr\Log\LoggerInterface;
  11. use App\Controller\base\AbstractController;
  12. use Symfony\Component\HttpFoundation\RedirectResponse;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpFoundation\Response;
  15. use Symfony\Component\Mailer\MailerInterface;
  16. use Symfony\Component\Routing\Annotation\Route;
  17. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  18. use Symfony\Contracts\Translation\TranslatorInterface;
  19. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  20. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  21. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  23. /**
  24. * @Route("/reset-password")
  25. */
  26. class ResetPasswordController extends AbstractController
  27. {
  28. use ResetPasswordControllerTrait;
  30. private $resetPasswordHelper;
  31. private $entityManager;
  32. private $mailerService;
  33. private $logger;
  35. public function __construct(ResetPasswordHelperInterface $resetPasswordHelper, EntityManagerInterface $entityManager, MailerService $mailerService, LoggerInterface $logger)
  36. {
  37. $this->resetPasswordHelper = $resetPasswordHelper;
  38. $this->entityManager = $entityManager;
  39. $this->mailerService = $mailerService;
  40. $this->logger = $logger;
  41. }
  43. /**
  44. * Display & process form to request a password reset.
  45. *
  46. * @Route("", name="app_forgot_password_request")
  47. */
  48. public function request(Request $request, MailerInterface $mailer, TranslatorInterface $translator): Response
  49. {
  50. $form = $this->createForm(ResetPasswordRequestFormType::class);
  51. $form->handleRequest($request);
  53. if ($form->isSubmitted() && $form->isValid()) {
  54. $inputValue = $form->get('username')->getData();
  55. $fieldName = filter_var($inputValue, FILTER_VALIDATE_EMAIL) ? 'email' : 'username';
  57. return $this->processSendingPasswordResetEmail(
  58. $fieldName,
  59. $form->get('username')->getData(),
  60. $mailer,
  61. $translator,
  62. $request
  63. );
  64. }
  66. return $this->render('reset_password/request.html.twig', [
  67. 'requestForm' => $form->createView(),
  68. ]);
  69. }
  71. /**
  72. * Confirmation page after a user has requested a password reset.
  73. *
  74. * @Route("/check-email", name="app_check_email")
  75. */
  76. public function checkEmail(): Response
  77. {
  78. // Generate a fake token if the user does not exist or someone hit this page directly.
  79. // This prevents exposing whether or not a user was found with the given email address or not
  80. if (null === ($resetToken = $this->getTokenObjectFromSession())) {
  81. $resetToken = $this->resetPasswordHelper->generateFakeResetToken();
  82. }
  84. return $this->render('reset_password/check_email.html.twig', [
  85. 'resetToken' => $resetToken,
  86. ]);
  87. }
  89. /**
  90. * Validates and process the reset URL that the user clicked in their email.
  91. *
  92. * @Route("/reset/{token}", name="app_reset_password")
  93. */
  94. public function reset(Request $request, UserPasswordHasherInterface $userPasswordEncoder, TranslatorInterface $translator, string $token = null): Response
  95. {
  96. if ($token) {
  97. // We store the token in session and remove it from the URL, to avoid the URL being
  98. // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  99. $this->storeTokenInSession($token);
  101. return $this->redirectToRoute('app_reset_password');
  102. }
  104. $token = $this->getTokenFromSession();
  105. if (null === $token) {
  106. throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  107. }
  109. try {
  110. $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  111. } catch (ResetPasswordExceptionInterface $e) {
  112. $this->addFlash('reset_password_error', sprintf(
  113. '%s - %s',
  114. $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [], 'ResetPasswordBundle'),
  115. $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  116. ));
  118. return $this->redirectToRoute('app_forgot_password_request');
  119. }
  121. // The token is valid; allow the user to change their password.
  122. $form = $this->createForm(ChangePasswordFormType::class);
  123. $form->handleRequest($request);
  125. if ($form->isSubmitted() && $form->isValid()) {
  126. // A password reset token should be used only once, remove it.
  127. $this->resetPasswordHelper->removeResetRequest($token);
  129. // Encode(hash) the plain password, and set it.
  130. $encodedPassword = $userPasswordEncoder->hashPassword(
  131. $user,
  132. $form->get('plainPassword')->getData()
  133. );
  135. $user->setPassword($encodedPassword);
  136. $user->setLastLogin(new \DateTime('now', new \DateTimeZone('America/New_York')));
  137. $hatchManager = $this->getDoctrine()->getManager();
  138. $hatchManager->persist($user);
  139. $hatchManager->flush();
  141. // The session is cleaned up after the password has been changed.
  142. $this->cleanSessionAfterReset();
  143. $this->addFlash('success', 'Password successfully updated!');
  145. return $this->redirectToRoute('app_login');
  146. }
  148. return $this->render('reset_password/reset.html.twig', [
  149. 'resetForm' => $form->createView(),
  150. ]);
  151. }
  153. private function processSendingPasswordResetEmail(string $fieldName, string $fieldData, MailerInterface $mailer, TranslatorInterface $translator, Request $request): RedirectResponse
  154. {
  155. /** @var User $user */
  156. $user = $this->entityManager->getRepository(User::class)->findOneBy([
  157. $fieldName => $fieldData,
  158. ]);
  160. // Do not reveal whether a user account was found or not.
  161. if (!$user) {
  162. return $this->redirectToRoute('app_check_email');
  163. }
  165. try {
  166. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  167. } catch (ResetPasswordExceptionInterface $e) {
  168. $this->logger->error($e->getMessage());
  169. $this->logger->error($e->getTraceAsString());
  171. return $this->redirectToRoute('app_check_email');
  172. }
  173. try {
  174. $locationId = $user->getDefaultLocation() ? $user->getDefaultLocation()->getId() : $user->getActiveLocations()->first()->getId();
  176. $this->mailerService
  177. ->setSubject('Kipu Compliance: Reset password request')
  178. ->setTo($user->getEmail(), $user->getUsername())
  179. ->setContext([
  180. 'resetToken' => $resetToken,
  181. ])
  182. ->setHtmlTemplate('emails/reset_password.html.twig')
  183. ->setLocationId($locationId)
  184. ->setEmailRecipient($user)
  185. ->send();
  187. $this->logger->info('Reset password email sent: ' . $user->getEmail());
  189. // Store the token object in session for retrieval in check-email route.
  190. $this->setTokenObjectInSession($resetToken);
  191. } catch (\Exception $e) {
  192. $this->logger->error($e->getMessage());
  193. $this->logger->error($e->getTraceAsString());
  194. }
  196. return $this->redirectToRoute('app_check_email');
  197. }
  198. }