src/Controller/ResetPasswordController.php line 47

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\User;
  6. use App\Form\ChangePasswordFormType;
  7. use App\Form\ResetPasswordRequestFormType;
  8. use App\Services\Emailing;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  11. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  12. use Symfony\Component\HttpFoundation\RedirectResponse;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpFoundation\Response;
  15. use Symfony\Component\Mailer\MailerInterface;
  16. use Symfony\Component\Mime\Address;
  17. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  18. use Symfony\Component\Routing\Annotation\Route;
  19. use Symfony\Contracts\Translation\TranslatorInterface;
  20. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  21. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  22. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  24. /**
  25. * @Route("/reset-password")
  26. */
  27. class ResetPasswordController extends AbstractController
  28. {
  29. use ResetPasswordControllerTrait;
  31. private ResetPasswordHelperInterface $resetPasswordHelper;
  32. private EntityManagerInterface $entityManager;
  33. private $emailing;
  35. public function __construct(ResetPasswordHelperInterface $resetPasswordHelper, EntityManagerInterface $entityManager,Emailing $emailing)
  36. {
  37. $this->resetPasswordHelper = $resetPasswordHelper;
  38. $this->entityManager = $entityManager;
  39. $this->emailing = $emailing;
  40. }
  42. /**
  43. * Display & process form to request a password reset.
  44. *
  45. * @Route("", name="app_forgot_password_request")
  46. */
  47. public function request(Request $request): Response
  48. {
  49. $form = $this->createForm(ResetPasswordRequestFormType::class);
  50. $form->handleRequest($request);
  52. if ($form->isSubmitted() && $form->isValid()) {
  53. return $this->processSendingPasswordResetEmail(
  54. $form->get('email')->getData(),
  55. );
  56. }
  58. return $this->render('reset_password/request.html.twig', [
  59. 'requestForm' => $form->createView(),
  60. ]);
  61. }
  63. /**
  64. * Confirmation page after a user has requested a password reset.
  65. *
  66. * @Route("/check-email", name="app_check_email")
  67. */
  68. public function checkEmail(): Response
  69. {
  70. // Generate a fake token if the user does not exist or someone hit this page directly.
  71. // This prevents exposing whether or not a user was found with the given email address or not
  72. if (null === ($resetToken = $this->getTokenObjectFromSession())) {
  73. $resetToken = $this->resetPasswordHelper->generateFakeResetToken();
  74. }
  76. return $this->render('reset_password/check_email.html.twig', [
  77. 'resetToken' => $resetToken,
  78. ]);
  79. }
  81. /**
  82. * Validates and process the reset URL that the user clicked in their email.
  83. *
  84. * @Route("/reset/{token}", name="app_reset_password")
  85. */
  86. public function reset(Request $request, UserPasswordHasherInterface $userPasswordHasher, TranslatorInterface $translator, string $token = null): Response
  87. {
  88. if ($token) {
  89. // We store the token in session and remove it from the URL, to avoid the URL being
  90. // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  91. $this->storeTokenInSession($token);
  93. return $this->redirectToRoute('app_reset_password');
  94. }
  96. $token = $this->getTokenFromSession();
  97. if (null === $token) {
  98. throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  99. }
  101. try {
  102. $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  103. } catch (ResetPasswordExceptionInterface $e) {
  104. $this->addFlash('reset_password_error', sprintf(
  105. '%s - %s',
  106. $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [], 'ResetPasswordBundle'),
  107. $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  108. ));
  110. return $this->redirectToRoute('app_forgot_password_request');
  111. }
  113. // The token is valid; allow the user to change their password.
  114. $form = $this->createForm(ChangePasswordFormType::class);
  115. $form->handleRequest($request);
  117. if ($form->isSubmitted() && $form->isValid()) {
  118. // A password reset token should be used only once, remove it.
  119. $this->resetPasswordHelper->removeResetRequest($token);
  121. // Encode(hash) the plain password, and set it.
  122. $encodedPassword = $userPasswordHasher->hashPassword(
  123. $user,
  124. $form->get('plainPassword')->getData()
  125. );
  127. $user->setPassword($encodedPassword);
  128. $this->entityManager->flush();
  130. // The session is cleaned up after the password has been changed.
  131. $this->cleanSessionAfterReset();
  133. return $this->redirectToRoute('app_login');
  134. }
  136. return $this->render('reset_password/reset.html.twig', [
  137. 'resetForm' => $form->createView(),
  138. ]);
  139. }
  141. private function processSendingPasswordResetEmail(string $emailFormData): RedirectResponse
  142. {
  144. $user = $this->entityManager->getRepository(User::class)->findOneBy([
  145. 'email' => $emailFormData,
  146. ]);
  148. // Do not reveal whether a user account was found or not.
  149. if (!$user) {
  150. return $this->redirectToRoute('app_check_email');
  151. }
  153. try {
  154. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  155. } catch (ResetPasswordExceptionInterface $e) {
  157. return $this->redirectToRoute('app_check_email');
  158. }
  160. $params = ['resetToken' => $resetToken, 'tokenLifetime' => $this->resetPasswordHelper->getTokenLifetime()];
  162. $this->emailing->resetPassword($user->getEmail(), $params);
  164. return $this->redirectToRoute('app_check_email');
  165. }
  166. }