src/Controller/ResetPasswordController.php line 52

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Controller;
  5. use Doctrine\ORM\EntityManagerInterface;
  6. use MedBrief\MSR\Entity\User;
  7. use MedBrief\MSR\Form\ChangePasswordFormType;
  8. use MedBrief\MSR\Form\ResetPasswordRequestFormType;
  9. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
  10. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  11. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  12. use Symfony\Component\HttpFoundation\RedirectResponse;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpFoundation\Response;
  15. use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
  16. use Symfony\Component\Mailer\MailerInterface;
  17. use Symfony\Component\Mime\Address;
  18. use Symfony\Component\Routing\Annotation\Route;
  19. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  20. use Symfony\Contracts\Translation\TranslatorInterface;
  21. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  22. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  23. use SymfonyCasts\Bundle\ResetPassword\Model\ResetPasswordToken;
  24. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  26. /**
  27. * @Route("/reset-password")
  28. */
  29. class ResetPasswordController extends AbstractController
  30. {
  31. use ResetPasswordControllerTrait;
  33. public function __construct(private ResetPasswordHelperInterface $resetPasswordHelper, private EntityManagerInterface $entityManager)
  34. {
  35. }
  37. /**
  38. * Display & process form to request a password reset.
  39. *
  40. * @Route("", name="forgot_password_request")
  41. *
  42. * @Template("reset_password/request.html.twig")
  43. *
  44. * @param Request $request
  45. * @param MailerInterface $mailer
  46. * @param TranslatorInterface $translator
  47. *
  48. * @throws TransportExceptionInterface
  49. *
  50. * @return Response|array
  51. */
  52. public function request(Request $request, MailerInterface $mailer, TranslatorInterface $translator): RedirectResponse|array
  53. {
  54. $form = $this->createForm(ResetPasswordRequestFormType::class);
  55. $form->handleRequest($request);
  57. if ($form->isSubmitted() && $form->isValid()) {
  58. return $this->processSendingPasswordResetEmail(
  59. $form->get('email')->getData(),
  60. $mailer
  61. );
  62. }
  64. return [
  65. 'requestForm' => $form->createView(),
  66. ];
  67. }
  69. /**
  70. * Confirmation page after a user has requested a password reset.
  71. *
  72. * @Route("/check-email", name="check_email")
  73. *
  74. * @Template("reset_password/check_email.html.twig")
  75. */
  76. public function checkEmail(): array
  77. {
  78. // Generate a fake token if the user does not exist or someone hit this page directly.
  79. // This prevents exposing whether a user was found with the given email address or not
  80. if (!($resetToken = $this->getTokenObjectFromSession()) instanceof ResetPasswordToken) {
  81. $resetToken = $this->resetPasswordHelper->generateFakeResetToken();
  82. }
  84. return [
  85. 'resetToken' => $resetToken,
  86. ];
  87. }
  89. /**
  90. * Validates and process the reset URL that the user clicked in their email.
  91. *
  92. * @Route("/reset/{token}", name="reset_password")
  93. *
  94. * @Template("reset_password/reset.html.twig")
  95. *
  96. * @param Request $request
  97. * @param UserPasswordEncoderInterface $userPasswordEncoder
  98. * @param TranslatorInterface $translator
  99. * @param ?string $token
  100. *
  101. * @return Response|array
  102. */
  103. public function reset(Request $request, UserPasswordEncoderInterface $userPasswordEncoder, TranslatorInterface $translator, ?string $token = null): RedirectResponse|array
  104. {
  105. if ($token) {
  106. // We store the token in session and remove it from the URL, to avoid the URL being
  107. // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  108. $this->storeTokenInSession($token);
  110. return $this->redirectToRoute('reset_password');
  111. }
  113. $token = $this->getTokenFromSession();
  114. if ($token === null) {
  115. throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  116. }
  118. try {
  119. /** @var User $user */
  120. $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  121. } catch (ResetPasswordExceptionInterface $e) {
  122. $this->addFlash('reset_password_error', sprintf(
  123. '%s - %s',
  124. $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [], 'ResetPasswordBundle'),
  125. $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  126. ));
  128. return $this->redirectToRoute('forgot_password_request');
  129. }
  131. // The token is valid; allow the user to change their password.
  132. $form = $this->createForm(ChangePasswordFormType::class);
  133. $form->handleRequest($request);
  135. if ($form->isSubmitted() && $form->isValid()) {
  136. // A password reset token should be used only once, remove it.
  137. $this->resetPasswordHelper->removeResetRequest($token);
  139. // Encode(hash) the plain password, and set it.
  140. $encodedPassword = $userPasswordEncoder->encodePassword(
  141. $user,
  142. $form->get('plainPassword')->getData()
  143. );
  145. $this->addFlash('success', 'Your password has been successfully reset.');
  147. $user->setPassword($encodedPassword);
  148. $user->setEnabled(true);
  149. $this->entityManager->flush();
  151. // The session is cleaned up after the password has been changed.
  152. $this->cleanSessionAfterReset();
  154. return $this->redirectToRoute('login');
  155. }
  157. return [
  158. 'resetForm' => $form->createView(),
  159. ];
  160. }
  162. /**
  163. *
  164. *
  165. *
  166. * @param string $emailFormData
  167. * @param MailerInterface $mailer
  168. *
  169. * @throws TransportExceptionInterface
  170. */
  171. private function processSendingPasswordResetEmail(string $emailFormData, MailerInterface $mailer): RedirectResponse
  172. {
  173. $user = $this->entityManager->getRepository(User::class)->findOneBy([
  174. 'email' => $emailFormData,
  175. ]);
  177. // Do not reveal whether a user account was found or not.
  178. if (!$user) {
  179. return $this->redirectToRoute('check_email');
  180. }
  182. try {
  183. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  184. } catch (ResetPasswordExceptionInterface) {
  185. // If you want to tell the user why a reset email was not sent, uncomment
  186. // the lines below and change the redirect to 'forgot_password_request'.
  187. // Caution: This may reveal if a user is registered or not.
  188. //
  189. // $this->addFlash('reset_password_error', sprintf(
  190. // '%s - %s',
  191. // $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE, [], 'ResetPasswordBundle'),
  192. // $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  193. // ));
  195. return $this->redirectToRoute('check_email');
  196. }
  198. $email = (new TemplatedEmail())
  199. ->from(new Address($this->getParameter('mailer_from_address'), $this->getParameter('mailer_from_name')))
  200. ->to($user->getEmail())
  201. ->subject('Your password reset request')
  202. ->htmlTemplate('reset_password/email.html.twig')
  203. ->context([
  204. 'resetToken' => $resetToken,
  205. 'user' => $user,
  206. ])
  207. ;
  209. $mailer->send($email);
  211. // Store the token object in session for retrieval in check-email route.
  212. $this->setTokenObjectInSession($resetToken);
  214. return $this->redirectToRoute('check_email');
  215. }
  216. }