src/Controller/ResetPasswordController.php line 57

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\User;
  6. use App\Form\ChangePasswordFormType;
  7. use App\Form\ResetPasswordRequestFormType;
  8. use App\Service\EmailService;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  11. use Symfony\Component\HttpFoundation\RedirectResponse;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpFoundation\Response;
  14. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  15. use Symfony\Component\Routing\Annotation\Route;
  16. use Symfony\Contracts\Translation\TranslatorInterface;
  17. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  18. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  19. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  21. /**
  22. * @Route("/reset-password")
  23. */
  24. class ResetPasswordController extends AbstractController
  25. {
  26. use ResetPasswordControllerTrait;
  28. private $resetPasswordHelper;
  29. private $entityManager;
  31. public function __construct(
  32. ResetPasswordHelperInterface $resetPasswordHelper,
  33. EntityManagerInterface $entityManager,
  34. ) {
  35. $this->resetPasswordHelper = $resetPasswordHelper;
  36. $this->entityManager = $entityManager;
  37. }
  39. /**
  40. * Display & process form to request a password reset.
  41. *
  42. * @Route("", name="app_forgot_password_request")
  43. */
  44. public function request(Request $request, EmailService $emailService, TranslatorInterface $translator): Response
  45. {
  46. $form = $this->createForm(ResetPasswordRequestFormType::class);
  47. $form->handleRequest($request);
  49. if ($form->isSubmitted() && $form->isValid()) {
  50. return $this->processSendingPasswordResetEmail(
  51. $form->get('email')->getData(),
  52. $emailService,
  53. $translator,
  54. );
  55. }
  57. return $this->render('reset_password/request.html.twig', [
  58. 'requestForm' => $form->createView(),
  59. ]);
  60. }
  62. /**
  63. * Confirmation page after a user has requested a password reset.
  64. *
  65. * @Route("/check-email", name="app_check_email")
  66. */
  67. public function checkEmail(): Response
  68. {
  69. // Generate a fake token if the user does not exist or someone hit this page directly.
  70. // This prevents exposing whether or not a user was found with the given email address or not
  71. if (null === ($resetToken = $this->getTokenObjectFromSession())) {
  72. $resetToken = $this->resetPasswordHelper->generateFakeResetToken();
  73. }
  75. return $this->render('reset_password/check_email.html.twig', [
  76. 'resetToken' => $resetToken,
  77. ]);
  78. }
  80. /**
  81. * Validates and process the reset URL that the user clicked in their email.
  82. *
  83. * @Route("/reset/{token}", name="app_reset_password")
  84. */
  85. public function reset(
  86. Request $request,
  87. UserPasswordHasherInterface $userPasswordHasher,
  88. TranslatorInterface $translator,
  89. ?string $token = null,
  90. ): Response {
  91. if ($token) {
  92. // We store the token in session and remove it from the URL, to avoid the URL being
  93. // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  94. $this->storeTokenInSession($token);
  96. return $this->redirectToRoute('app_reset_password');
  97. }
  99. $token = $this->getTokenFromSession();
  100. if (null === $token) {
  101. throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  102. }
  104. try {
  105. $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  106. } catch (ResetPasswordExceptionInterface $e) {
  107. $this->addFlash('reset_password_error', sprintf(
  108. '%s - %s',
  109. $translator->trans(
  110. ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE,
  111. [],
  112. 'ResetPasswordBundle',
  113. ),
  114. $translator->trans($e->getReason(), [], 'ResetPasswordBundle'),
  115. ));
  117. return $this->redirectToRoute('app_forgot_password_request');
  118. }
  120. // The token is valid; allow the user to change their password.
  121. $form = $this->createForm(ChangePasswordFormType::class);
  122. $form->handleRequest($request);
  124. if ($form->isSubmitted() && $form->isValid()) {
  125. // A password reset token should be used only once, remove it.
  126. $this->resetPasswordHelper->removeResetRequest($token);
  128. // Encode(hash) the plain password, and set it.
  129. $encodedPassword = $userPasswordHasher->hashPassword(
  130. $user,
  131. $form->get('plainPassword')->getData(),
  132. );
  134. $user->setPassword($encodedPassword);
  135. $this->entityManager->flush();
  137. // The session is cleaned up after the password has been changed.
  138. $this->cleanSessionAfterReset();
  140. return $this->redirectToRoute('homepage');
  141. }
  143. return $this->render('reset_password/reset.html.twig', [
  144. 'resetForm' => $form->createView(),
  145. ]);
  146. }
  148. private function processSendingPasswordResetEmail(
  149. string $emailFormData,
  150. EmailService $emailService,
  151. ): RedirectResponse {
  152. $user = $this->entityManager->getRepository(User::class)->findOneBy([
  153. 'email' => $emailFormData,
  154. ]);
  156. // Do not reveal whether a user account was found or not.
  157. if (!$user) {
  158. return $this->redirectToRoute('app_check_email');
  159. }
  161. try {
  162. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  163. } catch (ResetPasswordExceptionInterface $e) {
  164. // If you want to tell the user why a reset email was not sent, uncomment
  165. // the lines below and change the redirect to 'app_forgot_password_request'.
  166. // Caution: This may reveal if a user is registered or not.
  167. //
  168. // $this->addFlash('reset_password_error', sprintf(
  169. // '%s - %s',
  170. // $translator->trans(
  171. // ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE,
  172. // [],
  173. // 'ResetPasswordBundle',
  174. // ),
  175. // $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  176. // ));
  178. return $this->redirectToRoute('app_check_email');
  179. }
  181. $emailService->resetPasswordEmail($user, $resetToken);
  183. // Store the token object in session for retrieval in check-email route.
  184. $this->setTokenObjectInSession($resetToken);
  186. return $this->redirectToRoute('app_check_email');
  187. }
  188. }