src/Controller/ResetPasswordController.php line 53

  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Controller;
  7. use App\Entity\Admin;
  8. use App\Form\ChangePasswordFormType;
  9. use App\Form\ResetPasswordRequestFormType;
  10. use App\Service\CodeService;
  11. use App\Service\MailService;
  12. use App\Service\SmsService;
  13. use Doctrine\ORM\EntityManagerInterface;
  14. use Doctrine\Persistence\ManagerRegistry;
  15. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  16. use Symfony\Component\HttpFoundation\RedirectResponse;
  17. use Symfony\Component\HttpFoundation\Request;
  18. use Symfony\Component\HttpFoundation\Response;
  19. use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
  20. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  21. use Symfony\Component\Routing\Annotation\Route;
  22. use Symfony\Contracts\Translation\TranslatorInterface;
  23. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  24. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  25. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  27. #[Route('/reset-password')]
  28. class ResetPasswordController extends AbstractController
  29. {
  30.     use ResetPasswordControllerTrait;
  32.     private ResetPasswordHelperInterface $resetPasswordHelper;
  33.     private SmsService $smsService;
  34.     private CodeService $codeService;
  35.     private UserPasswordHasherInterface $userPasswordHasher;
  36.     private EntityManagerInterface $em;
  39.     public function __construct(private readonly ManagerRegistry $doctrineEntityManagerInterface $emResetPasswordHelperInterface $resetPasswordHelperSmsService $smsServiceCodeService $codeServiceUserPasswordHasherInterface $userPasswordHasher)
  40.     {
  41.         $this->resetPasswordHelper $resetPasswordHelper;
  42.         $this->em $em;
  43.         $this->smsService $smsService;
  44.         $this->codeService $codeService;
  45.         $this->userPasswordHasher $userPasswordHasher;
  46.     }
  48.     /**
  49.      * Display & process form to request a password reset.
  50.      * @throws TransportExceptionInterface
  51.      */
  52.     #[Route('/'name'app_forgot_password_request'methods: ['GET''POST'])]
  53.     public function request(Request $requestMailService $mailer): Response
  54.     {
  55.         $form $this->createForm(ResetPasswordRequestFormType::class);
  56.         $form->handleRequest($request);
  58.         if ($form->isSubmitted() && $form->isValid()) {
  59.             return $this->processSendingPasswordResetEmail(
  60.                 $form->get('email')->getData(), $form->get('username')->getData(),
  61.                 $mailer
  62.             );
  63.         }
  65.         return $this->render('reset_password/request.html.twig', [
  66.             'requestForm' => $form->createView(),
  67.         ]);
  68.     }
  70.     /**
  71.      * Confirmation page after a user has requested a password reset.
  72.      */
  73.     #[Route('/check-email'name'app_check_email'methods: ['GET'])]
  74.     public function checkEmail(): Response
  75.     {
  76.         // We prevent users from directly accessing this page
  77.         if (null === ($resetToken $this->getTokenObjectFromSession())) {
  78.             return $this->redirectToRoute('app_forgot_password_request');
  79.         }
  81.         return $this->render('reset_password/check_email.html.twig', [
  82.             'resetToken' => $resetToken,
  83.         ]);
  84.     }
  86.     /**
  87.      * Validates and process the reset URL that the user clicked in their email.
  88.      */
  89.     #[Route('/reset/{token}'name'app_reset_password'methods: ['GET''POST'])]
  90.     public function reset(Request $requestUserPasswordHasherInterface $passwordHasherstring $token null): Response
  91.     {
  92.         if ($token) {
  93.             // We store the token in session and remove it from the URL, to avoid the URL being
  94.             // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  95.             $this->storeTokenInSession($token);
  97.             return $this->redirectToRoute('app_reset_password');
  98.         }
  100.         $token $this->getTokenFromSession();
  101.         if (null === $token) {
  102.             throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  103.         }
  105.         try {
  107.             $user $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  108.         } catch (ResetPasswordExceptionInterface $e) {
  109.             $this->addFlash('reset_password_error'sprintf(
  110.                 'There was a problem validating your reset request - %s',
  111.                 $e->getReason()
  112.             ));
  114.             return $this->redirectToRoute('app_forgot_password_request');
  115.         }
  117.         $this->em->initializeObject($user);     // forces hydration
  119.         // The token is valid; allow the user to change their password.
  120.         $form $this->createForm(ChangePasswordFormType::class);
  121.         $form->handleRequest($request);
  123.         if ($form->isSubmitted() && $form->isValid()) {
  124.             // A password reset token should be used only once, remove it.
  125.             $this->resetPasswordHelper->removeResetRequest($token);
  127.             // Encode the plain password, and set it.
  128.             $encodedPassword $passwordHasher->hashPassword(
  129.                 $user,
  130.                 $form->get('plainPassword')->getData()
  131.             );
  133.             $user->setPassword($encodedPassword);
  134.             $this->doctrine->getManager()->flush();
  136.             // The session is cleaned up after the password has been changed.
  137.             $this->cleanSessionAfterReset();
  139.             return $this->redirectToRoute('app_dashboard');
  140.         }
  142.         return $this->render('reset_password/reset.html.twig', [
  143.             'resetForm' => $form->createView(),
  144.         ]);
  145.     }
  147.     /**
  148.      * @throws TransportExceptionInterface
  149.      */
  150.     private function processSendingPasswordResetEmail(string $emailFormDatastring $usernameFormDataMailService $mailService): RedirectResponse
  151.     {
  153.         $user $this->em->getRepository(Admin::class)->findOneBy(['email' => $emailFormData'username' => $usernameFormData]);
  154.         $this->em->initializeObject($user);     // forces hydration
  156.         // Do not reveal whether a user account was found or not.
  157.         if (!$user) {
  158.             return $this->redirectToRoute('app_check_email');
  159.         }
  162.         try {
  163.             $resetToken $this->resetPasswordHelper->generateResetToken($user);
  164.         } catch (ResetPasswordExceptionInterface $e) {
  165.             // If you want to tell the user why a reset email was not sent, uncomment
  166.             // the lines below and change the redirect to 'app_forgot_password_request'.
  167.             // Caution: This may reveal if a user is registered or not.
  168.             //
  169.             $this->addFlash('reset_password_error'sprintf(
  170.                'There was a problem handling your password reset request - %s',
  171.                 $e->getReason()
  172.              ));
  174.             return $this->redirectToRoute('app_check_email');
  175.         }
  177.         try {
  178.             //New password
  179.             $p strtoupper($this->codeService->PasswordCode(5));
  180.             $user->setPassword(
  181.                 $this->userPasswordHasher->hashPassword(
  182.                     $user$p
  183.                 )
  184.             );
  185.             $message 'Votre mot de passe '$user->getName().' est: '.$p;
  186.             $this->smsService->smsService($user->getPhone(), $message);
  188.             $em $this->doctrine->getManager();
  189.             $em->flush();
  191.             $mailService->sendTemplatedMail(
  192.                 $user->getEmail(),
  193.                 'Votre demande de rĂ©initialisation de mot de passe du compte administrateur',
  194.                 'reset_password/email.html.twig',
  195.                 ['resetToken' => $resetToken]
  196.             );
  197.         }catch (ResetPasswordExceptionInterface $e) {
  198.             $this->addFlash('reset_password_error'sprintf(
  199.                 'There was a problem handling your password reset request - %s',
  200.                 $e->getReason()
  201.             ));
  203.             return $this->redirectToRoute('app_check_email');
  204.         }
  207.         // Store the token object in session for retrieval in check-email route.
  208.         $this->setTokenObjectInSession($resetToken);
  210.         return $this->redirectToRoute('app_check_email');
  211.     }
  212. }