src/Controller/ResetPasswordController.php line 40

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\User;
  6. use App\Form\ChangePasswordFormType;
  7. use App\Form\ResetPasswordRequestFormType;
  8. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  9. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  10. use Symfony\Component\HttpFoundation\RedirectResponse;
  11. use Symfony\Component\HttpFoundation\Request;
  12. use Symfony\Component\HttpFoundation\Response;
  13. use Symfony\Component\Mailer\MailerInterface;
  14. use Symfony\Component\Mime\Address;
  15. use Symfony\Component\Routing\Annotation\Route;
  16. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  17. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  18. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  19. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  20. use Rollerworks\Component\PasswordStrength\Validator\Constraints as RollerworksPassword;
  21. use Symfony\Component\Validator\Validator\ValidatorInterface;
  23. #[Route(path'/reset-password')]
  24. class ResetPasswordController extends AbstractController
  25. {
  27.     use ResetPasswordControllerTrait;
  29.     private $resetPasswordHelper;
  31.     public function __construct(ResetPasswordHelperInterface $resetPasswordHelper)
  32.     {
  33.         $this->resetPasswordHelper $resetPasswordHelper;
  34.     }
  36.     /**
  37.      * Display & process form to request a password reset.
  38.      */
  39.     #[Route(path''name'app_forgot_password_request')]
  40.     public function request(Request $requestMailerInterface $mailer): Response
  41.     {
  42.         $form $this->createForm(ResetPasswordRequestFormType::class);
  43.         $form->handleRequest($request);
  45.         if ($form->isSubmitted() && $form->isValid()) {
  46.             return $this->processSendingPasswordResetEmail(
  47.                 $form->get('username')->getData(),
  48.                 $mailer
  49.             );
  50.         }
  52.         return $this->render(
  53.             'reset_password/request.html.twig', [
  54.                     'requestForm' => $form->createView(),
  55.                         ]
  56.         );
  57.     }
  59.     /**
  60.      * Confirmation page after a user has requested a password reset.
  61.      */
  62.     #[Route(path'/check-email'name'app_check_email')]
  63.     public function checkEmail(): Response
  64.     {
  65.         // We prevent users from directly accessing this page
  66.         if (null === ($resetToken $this->getTokenObjectFromSession())) {
  67.             return $this->redirectToRoute('app_forgot_password_request');
  68.         }
  70.         return $this->render(
  71.             'reset_password/check_email.html.twig', [
  72.                     'resetToken' => $resetToken,
  73.                         ]
  74.         );
  75.     }
  77.     /**
  78.      * Reset after init
  79.      */
  80.     #[Route(path'/reset/changePassword'name'changepassword')]
  81.     public function changePassword(Request $requestUserPasswordEncoderInterface $passwordEncoder)
  82.     {
  83.         $user $this->getUser();
  84.         $form $this->createForm(ChangePasswordFormType::class);
  85.         $form->handleRequest($request);
  87.         if ($form->isSubmitted() && $form->isValid()) {
  88.             $plainPassword $form->get('plainPassword')->getData();
  89.             if(preg_match('/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[a-zA-Z]).{8,}$/'$plainPassword)) {
  91.                 $encodedPassword $passwordEncoder->encodePassword(
  92.                     $user,
  93.                     $form->get('plainPassword')->getData()
  94.                 );
  96.                 $user->setPassword($encodedPassword);
  97.                 $user->setForcePasswordChange(false);
  98.                 $this->getDoctrine()->getManager()->flush();
  100.                 // The session is cleaned up after the password has been changed.
  101.                 $this->cleanSessionAfterReset();
  103.                 return $this->redirectToRoute('app_login');
  104.             } else{
  105.                 //TODO: translate
  106.                 $this->addFlash('error''mot de passe trop faible');
  107.             }
  108.         }
  110.         return $this->render(
  111.             'reset_password/reset.html.twig', [
  112.                     'resetForm' => $form->createView(),
  113.                         ]
  114.         );
  115.     }
  117.     /**
  118.      * Validates and process the reset URL that the user clicked in their email.
  119.      */
  120.     #[Route(path'/reset/{token}'name'app_reset_password')]
  121.     public function reset(Request $requestUserPasswordEncoderInterface $passwordEncoderstring $token null): Response
  122.     {
  123.         if ($token) {
  124.             // We store the token in session and remove it from the URL, to avoid the URL being
  125.             // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  126.             $this->storeTokenInSession($token);
  128.             return $this->redirectToRoute('app_reset_password');
  129.         }
  131.         $token $this->getTokenFromSession();
  132.         if (null === $token) {
  133.             throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  134.         }
  136.         try {
  137.             $user $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  138.         } catch (ResetPasswordExceptionInterface $e) {
  139.             $this->addFlash(
  140.                     //TODO: translate
  141.                 'reset_password_error',
  142.                 'Problème lors de la validation du lien. Réeffectuez un demande de mot de passe.'
  143.                     
  144.                 
  145.             );
  147.             return $this->redirectToRoute('app_forgot_password_request');
  148.         }
  150.         // The token is valid; allow the user to change their password.
  151.         $form $this->createForm(ChangePasswordFormType::class);
  152.         $form->handleRequest($request);
  154.         if ($form->isSubmitted() && $form->isValid()) {
  155.             if(preg_match('/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[a-zA-Z]).{8,}$/'$form->get('plainPassword')->getData())) {
  156.                 // A password reset token should be used only once, remove it.
  157.                 $this->resetPasswordHelper->removeResetRequest($token);
  159.                 // Encode the plain password, and set it.
  160.                 $encodedPassword $passwordEncoder->encodePassword(
  161.                     $user,
  162.                     $form->get('plainPassword')->getData()
  163.                 );
  165.                 $user->setPassword($encodedPassword);
  166.                 $this->getDoctrine()->getManager()->flush();
  168.                 // The session is cleaned up after the password has been changed.
  169.                 $this->cleanSessionAfterReset();
  170.                 //TODO: translate
  171.                 $this->addFlash('success''Mot de passe mis à jour, veuillez vous connecter');
  172.                 return $this->redirectToRoute('app_login');
  173.             }else{
  174.                 $this->addFlash('error''Mot de passe incorrect');
  175.             }
  176.         }
  178.         return $this->render(
  179.             'reset_password/reset.html.twig', [
  180.                     'resetForm' => $form->createView(),
  181.                         ]
  182.         );
  183.     }
  185.     private function processSendingPasswordResetEmail(string $emailFormDataMailerInterface $mailer): RedirectResponse
  186.     {
  187.         $user $this->getDoctrine()->getRepository(User::class)->findOneBy(
  188.             [
  189.                     'username' => $emailFormData,
  190.                     'isActive' => true
  191.                 ]
  192.         );
  194.         // Do not reveal whether a user account was found or not.
  195.         if (!$user instanceof \App\Entity\User) {
  196.             return $this->redirectToRoute('app_check_email');
  197.         }
  199.         try {
  200.             $resetToken $this->resetPasswordHelper->generateResetToken($user);
  201.         } catch (ResetPasswordExceptionInterface $e) {
  202. //             If you want to tell the user why a reset email was not sent, uncomment
  203. //             the lines below and change the redirect to 'app_forgot_password_request'.
  204. //             Caution: This may reveal if a user is registered or not.
  205.             
  206.              $this->addFlash('reset_password_error'sprintf(
  207.                  'Une demande de réinitialisation vient d\'être faite. Vous ne pouvez en refaire une avant une heure.',
  208.                  $e->getReason()
  209.              ));
  211.             return $this->redirectToRoute('app_check_email');
  212.         }
  214.         $email = (new TemplatedEmail())
  215.             ->from(new Address($this->getParameter('emailSender')['address'],  $this->getParameter('emailSender')['adressName']))
  216.             ->to($user->getEmail())
  217.                 //TODO: titre translation
  218.             ->subject('Réinitialisation du mot de passe')
  219.             ->htmlTemplate('email/fr/requestChange.html.twig')
  220.             ->context(
  221.                 [
  222.                     'resetToken' => $resetToken,
  223.                     ]
  224.             );
  226.         $mailer->send($email);
  228.         // Store the token object in session for retrieval in check-email route.
  229.         $this->setTokenObjectInSession($resetToken);
  231.         return $this->redirectToRoute('app_check_email');
  232.     }
  234. }