src/Controller/ResetPasswordController.php line 81

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\User;
  6. use App\Form\ChangePasswordFormType;
  7. use App\Form\ResetPasswordRequestFormType;
  8. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  9. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  10. use Symfony\Component\HttpFoundation\RedirectResponse;
  11. use Symfony\Component\HttpFoundation\Request;
  12. use Symfony\Component\HttpFoundation\Response;
  13. use Symfony\Component\Mailer\MailerInterface;
  14. use Symfony\Component\Mime\Address;
  15. use Symfony\Component\Routing\Annotation\Route;
  16. //use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  17. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  18. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  19. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  20. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  21. use Doctrine\ORM\EntityRepository;
  22. use Doctrine\ORM\EntityManagerInterface;
  23. use Symfony\Component\PropertyAccess\PropertyAccess;
  24. use App\Repository\UserRepository;
  26. /**
  27.  * @Route("/reset-password")
  28.  */
  29. class ResetPasswordController extends AbstractController
  30. {
  31.     use ResetPasswordControllerTrait;
  33.     private $resetPasswordHelper;
  35.     public function __construct(ResetPasswordHelperInterface $resetPasswordHelper)
  36.     {
  37.         $this->resetPasswordHelper $resetPasswordHelper;
  38.     }
  40.     /**
  41.      * Display & process form to request a password reset.
  42.      *
  43.      * @Route("/alllist", name="app_forgot_password_request")
  44.      */
  45.     public function request(Request $requestMailerInterface $mailerUserPasswordHasherInterface $passwordHasher): Response
  46.     {
  48.         // Get user list
  49.         $user_list $this->getDoctrine()
  50.         ->getRepository(user::class)
  51.         ->findAll();
  53.         if (!$user_list) {
  54.             throw $this->createNotFoundException(
  55.                 'No users found'.$user_list
  56.             );
  57.         }
  59.         $form $this->createForm(ResetPasswordRequestFormType::class);
  60.         $form->handleRequest($request);
  62.         if ($form->isSubmitted() && $form->isValid()) {
  63.             return $this->processSendingPasswordResetEmail(
  64.                 $form->get('email')->getData(),
  65.                 $mailer,
  66.                 $passwordHasher
  67.             );
  68.         }
  70.         return $this->render('reset_password/request.html.twig',[
  71.           'requestForm' => $form->createView(),
  72.           'user_list' => $user_list,
  73.         ]);
  74.     }
  76.     /**
  77.      * Display & process form to request a password reset.
  78.      *
  79.      * @Route("/email", name="app_forgot_password_request_email")
  80.      */
  81.     public function out_request(Request $requestMailerInterface $mailerUserPasswordHasherInterface $passwordHasher): Response
  82.     {
  84.         $form $this->createForm(ResetPasswordRequestFormType::class);
  85.         $form->handleRequest($request);
  87.         if ($form->isSubmitted() && $form->isValid()) {
  88.             return $this->processSendingPasswordResetEmail(
  89.                 $form->get('email')->getData(),
  90.                 $mailer,
  91.                 $passwordHasher
  92.             );
  93.         }
  95.         return $this->render('reset_password/out-request.html.twig',[
  96.           'requestForm' => $form->createView(),
  97.         ]);
  98.     }
  100.     /**
  101.      * Confirmation page after a user has requested a password reset.
  102.      *
  103.      * @Route("/check-email", name="app_check_email")
  104.      */
  105.     public function checkEmail(): Response
  106.     {
  107.         // We prevent users from directly accessing this page
  108.         //if (!$this->canCheckEmail()) {
  109.         //    return $this->redirectToRoute('app_forgot_password_request');
  110.         //}
  112.         return $this->render('reset_password/check_email.html.twig');
  113.     }
  115.     /**
  116.      * Validates and process the reset URL that the user clicked in their email.
  117.      *
  118.      * @Route("/reset/{token}", name="app_reset_password")
  119.      */
  120.     public function reset(Request $requestUserPasswordHasherInterface $passwordHasherstring $token null): Response
  121.     {
  122.         if ($token) {
  123.             // We store the token in session and remove it from the URL, to avoid the URL being
  124.             // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  125.             $this->storeTokenInSession($token);
  127.             return $this->redirectToRoute('app_reset_password');
  128.         }
  130.         $token $this->getTokenFromSession();
  131.         if (null === $token) {
  132.             throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  133.         }
  135.         try {
  136.             $user $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  137.         } catch (ResetPasswordExceptionInterface $e) {
  138.             $this->addFlash('reset_password_error'sprintf(
  139.                 'Kilo problema keičiant slaptažodį - %s',
  140.                 $e->getReason()
  141.             ));
  143.             return $this->redirectToRoute('app_forgot_password_request');
  144.         }
  146.         // The token is valid; allow the user to change their password.
  147.         $form $this->createForm(ChangePasswordFormType::class);
  148.         $form->handleRequest($request);
  150.         if ($form->isSubmitted() && $form->isValid()) {
  151.             // A password reset token should be used only once, remove it.
  152.             $this->resetPasswordHelper->removeResetRequest($token);
  154.             // Encode the plain password, and set it.
  155.             $encodedPassword $passwordHasher->hashPassword(
  156.                 $user,
  157.                 $form->get('plainPassword')->getData()
  158.             );
  160.             $user->setPassword($encodedPassword);
  161.             $this->getDoctrine()->getManager()->flush();
  163.             // The session is cleaned up after the password has been changed.
  164.             $this->cleanSessionAfterReset();
  166.             return $this->redirectToRoute('app_login');
  167.         }
  170.         return $this->render('reset_password/reset.html.twig', [
  171.             'resetForm' => $form->createView(),
  172.           ]);
  173.     }
  175.     /**
  176.      * Validates and process the reset URL that the user clicked in their email.
  177.      *
  178.      * @Route("/reset_notoken", name="app_reset_password_no_token")
  179.      */
  180.     public function reset_notoken(Request $requestUserPasswordHasherInterface $passwordEncoder): Response
  181.     {
  182.         $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
  183.         /** @var \App\Entity\User $user */
  184.         $user $this->getUser();
  186.         $now_date strtotime(date("Y-m-d H:i:s"));
  187.         $pastChange_date strtotime($user->getLastPasswordChange());
  188.         $timePassed abs($now_date $pastChange_date)/(60 60 24);
  189.         if ($user->getForcePasswordChange() == && $timePassed 90) {
  190.             return $this->redirectToRoute('app_login');
  191.         }
  193.         // If logged in allow the user to change their password.
  194.         $form $this->createForm(ChangePasswordFormType::class);
  195.         $form->handleRequest($request);
  197.         if ($form->isSubmitted() && $form->isValid()) {
  199.             // Encode the plain password, and set it.
  200.             $encodedPassword $passwordEncoder->hashPassword(
  201.                 $user,
  202.                 $form->get('plainPassword')->getData()
  203.             );
  205.             $propertyAccessor PropertyAccess::createPropertyAccessorBuilder()
  206.               ->enableExceptionOnInvalidIndex()
  207.               ->getPropertyAccessor();
  209.             $user->setPassword($encodedPassword);
  210.             $propertyAccessor->setValue($user'lastPasswordChange'date("Y-m-d H:i:s"));
  211.             $propertyAccessor->setValue($user'force_password_change'1);
  212.             $this->getDoctrine()->getManager()->flush();
  214.             // The session is cleaned up after the password has been changed.
  215.             $this->cleanSessionAfterReset();
  217.             return $this->redirectToRoute('app_login');
  218.         }
  221.         return $this->render('reset_password/reset.html.twig', [
  222.             'resetForm' => $form->createView(),
  223.           ]);
  224.     }
  226.     /**
  227.      * Validates and process the reset URL that the user clicked in their email.
  228.      *
  229.      * @Route("/{id}/reset_for_other", name="app_reset_password_for_other")
  230.      */
  231.     public function reset_for_other(Request $requestUserPasswordHasherInterface $passwordEncoderint $idUserRepository $userRepository): Response
  232.     {
  233.         $this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
  234.         /** @var \App\Entity\User $user */
  235.         $user $this->getUser();
  237.         $otherUser $userRepository->find($id);
  238.         //dd($otherUser);
  239.         $now_date strtotime(date("Y-m-d H:i:s"));
  241.         // If logged in allow the user to change their password.
  242.         $form $this->createForm(ChangePasswordFormType::class);
  243.         $form->handleRequest($request);
  245.         if ($form->isSubmitted() && $form->isValid()) {
  247.             // Encode the plain password, and set it.
  248.             $encodedPassword $passwordEncoder->hashPassword(
  249.                 $otherUser,
  250.                 $form->get('plainPassword')->getData()
  251.             );
  253.             $propertyAccessor PropertyAccess::createPropertyAccessorBuilder()
  254.               ->enableExceptionOnInvalidIndex()
  255.               ->getPropertyAccessor();
  257.             $otherUser->setPassword($encodedPassword);
  258.             $propertyAccessor->setValue($otherUser'lastPasswordChange'date("Y-m-d H:i:s"));
  259.             $propertyAccessor->setValue($otherUser'force_password_change'0);
  260.             $this->getDoctrine()->getManager()->flush();
  262.             // The session is cleaned up after the password has been changed.
  263.             $this->cleanSessionAfterReset();
  265.             return $this->redirectToRoute('app_login');
  266.         }
  269.         return $this->render('reset_password/reset.html.twig', [
  270.             'resetForm' => $form->createView(),
  271.           ]);
  272.     }
  275.     private function processSendingPasswordResetEmail(string $emailFormDataMailerInterface $mailerUserPasswordHasherInterface $passwordEncoder): RedirectResponse
  276.     {
  277.         $user $this->getDoctrine()->getRepository(User::class)->findOneBy([
  278.             'email' => $emailFormData,
  279.         ]);
  281.         // Marks that you are allowed to see the app_check_email page.
  282.         $this->setCanCheckEmailInSession();
  284.         // Do not reveal whether a user account was found or not.
  285.         if (!$user) {
  286.             return $this->redirectToRoute('app_check_email');
  287.         }
  289.         $random md5(random_bytes(10));
  290.         $encodedPassword $passwordEncoder->hashPassword($user$random);
  292.         $propertyAccessor PropertyAccess::createPropertyAccessorBuilder()
  293.               ->enableExceptionOnInvalidIndex()
  294.               ->getPropertyAccessor();
  295.             
  296.         $user->setPassword($encodedPassword);
  297.         $propertyAccessor->setValue($user'lastPasswordChange'date("Y-m-d H:i:s"));
  298.         $propertyAccessor->setValue($user'force_password_change'0);
  299.         $this->getDoctrine()->getManager()->flush();
  301.         // The session is cleaned up after the password has been changed.
  302.         $this->cleanSessionAfterReset();
  304.         
  305.         try {
  306.            // $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  307.         } catch (ResetPasswordExceptionInterface $e) {
  308.             // If you want to tell the user why a reset email was not sent, uncomment
  309.             // the lines below and change the redirect to 'app_forgot_password_request'.
  310.             // Caution: This may reveal if a user is registered or not.
  311.             //
  312.             //$this->addFlash('reset_password_error', sprintf(
  313.             //    'There was a problem handling your password reset request - %s',
  314.             //    $e->getReason()
  315.             //));
  316.         
  318.            // return $this->redirectToRoute('app_check_email');
  319.         }
  321.         $email = (new TemplatedEmail())
  322.             ->from(new Address('neatsakyti@lseddb.lt''Automatinis laiškas'))
  323.             ->to($user->getEmail())
  324.             ->subject('Jums sugeneruotas vienkartinis slaptažodis')
  325.             ->htmlTemplate('reset_password/email.html.twig')
  326.             ->context([
  327.                 //'resetToken' => $resetToken,
  328.                 //'tokenLifetime' => $this->resetPasswordHelper->getTokenLifetime(),
  329.                 'pass' => $random,
  330.             ])
  331.         ;
  333.         $mailer->send($email);
  335.         return $this->redirectToRoute('app_check_email');
  336.     }
  337. }