src/Controller/ResetPasswordController.php line 50

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\ResetPasswordRequest;
  6. use App\Entity\User;
  7. use App\Enum\SiteEnum;
  8. use App\Form\ChangePasswordFormType;
  9. use App\Form\ResetPasswordRequestFormType;
  10. use Doctrine\ORM\EntityManagerInterface;
  11. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  12. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  13. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  14. use Symfony\Component\HttpFoundation\RedirectResponse;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\Mailer\MailerInterface;
  18. use Symfony\Component\Mime\Address;
  19. use Symfony\Component\Routing\Annotation\Route;
  20. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  21. use Symfony\Contracts\Translation\TranslatorInterface;
  22. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  23. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  24. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelper;
  25. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  27. /**
  28.  * @Route("/reset-password")
  29.  */
  30. class ResetPasswordController extends AbstractController
  31. {
  32.     use ResetPasswordControllerTrait;
  34.     private array $fromAddress = [];
  36.     public function __construct(
  37.         private ResetPasswordHelperInterface $resetPasswordHelper,
  38.         private EntityManagerInterface $entityManager,
  39.         private ParameterBagInterface $parameterBag,
  40.     ) {
  41.         if ($parameterBag->has('email_from')) {
  42.             $this->fromAddress $parameterBag->get('email_from');
  43.         }
  44.     }
  46.     /**
  47.      * Display & process form to request a password reset.
  48.      * @Route("", name="app_forgot_password_request")
  49.      */
  50.     public function request(Request $requestMailerInterface $mailerTranslatorInterface $translator): Response
  51.     {
  52.         $form $this->createForm(ResetPasswordRequestFormType::class);
  53.         $form->handleRequest($request);
  55.         if ($form->isSubmitted() && $form->isValid()) {
  56.             /** @var string $email */
  57.             $email $form->get('email')->getData();
  59.             return $this->processSendingPasswordResetEmail($email$mailer$translator$request);
  60.         }
  62.         return $this->render('reset_password/request.html.twig', [
  63.             'requestForm' => $form->createView(),
  64.         ]);
  65.     }
  67.     /**
  68.      * Confirmation page after a user has requested a password reset.
  69.      * @Route("/check-email", name="app_check_email")
  70.      */
  71.     public function checkEmail(): Response
  72.     {
  73.         // Generate a fake token if the user does not exist or someone hit this page directly.
  74.         // This prevents exposing whether or not a user was found with the given email address or not
  75.         if (null === ($resetToken $this->getTokenObjectFromSession())) {
  76.             $resetToken $this->resetPasswordHelper->generateFakeResetToken();
  77.         }
  79.         return $this->render('reset_password/check_email.html.twig', [
  80.             'resetToken' => $resetToken,
  81.         ]);
  82.     }
  84.     /**
  85.      * Validates and process the reset URL that the user clicked in their email.
  86.      * @Route("/reset/{token}", name="app_reset_password")
  87.      */
  88.     public function reset(Request $requestUserPasswordHasherInterface $passwordHasherTranslatorInterface $translator, ?string $token null): Response
  89.     {
  90.         if ($token) {
  91.             // We store the token in session and remove it from the URL, to avoid the URL being
  92.             // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  93.             $this->storeTokenInSession($token);
  95.             return $this->redirectToRoute('app_reset_password');
  96.         }
  98.         $token $this->getTokenFromSession();
  100.         if (null === $token) {
  101.             throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  102.         }
  104.         try {
  105.             /** @var User $user */
  106.             $user $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  107.         } catch (ResetPasswordExceptionInterface $e) {
  108.             $this->addFlash('warning'sprintf(
  109.                 '%s - %s',
  110.                 $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [], 'ResetPasswordBundle'),
  111.                 $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  112.             ));
  114.             return $this->redirectToRoute('app_forgot_password_request');
  115.         }
  117.         // The token is valid; allow the user to change their password.
  118.         $form $this->createForm(ChangePasswordFormType::class);
  119.         $form->handleRequest($request);
  121.         if ($form->isSubmitted() && $form->isValid()) {
  122.             // A password reset token should be used only once, remove it.
  123.             $this->resetPasswordHelper->removeResetRequest($token);
  125.             /** @var string $plainPassword */
  126.             $plainPassword $form->get('plainPassword')->getData();
  128.             // Encode(hash) the plain password, and set it.
  129.             $user->setPassword($passwordHasher->hashPassword($user$plainPassword));
  130.             $this->entityManager->flush();
  132.             // The session is cleaned up after the password has been changed.
  133.             $this->cleanSessionAfterReset();
  135.             $this->addFlash('success''reset_password.reset.success');
  136.             return $this->redirectToRoute('admin_dashboard');
  137.         }
  139.         return $this->render('reset_password/reset.html.twig', [
  140.             'resetForm' => $form->createView(),
  141.         ]);
  142.     }
  144.     private function processSendingPasswordResetEmail(
  145.         string $emailFormData,
  146.         MailerInterface $mailer,
  147.         TranslatorInterface $translator,
  148.         Request $request): RedirectResponse
  149.     {
  150.         $user $this->entityManager->getRepository(User::class)->findOneBy([
  151.             'email' => $emailFormData,
  152.         ]);
  154.         // Do not reveal whether a user account was found or not.
  155.         if (!$user) {
  156.             return $this->redirectToRoute('app_check_email');
  157.         }
  159.         try {
  160.             $resetToken $this->resetPasswordHelper->generateResetToken($user);
  161.         } catch (ResetPasswordExceptionInterface $e) {
  162.             // If you want to tell the user why a reset email was not sent, uncomment
  163.             // the lines below and change the redirect to 'app_forgot_password_request'.
  164.             // Caution: This may reveal if a user is registered or not.
  165.             //
  166.             // $this->addFlash('reset_password_error', sprintf(
  167.             //     '%s - %s',
  168.             //     $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE, [], 'ResetPasswordBundle'),
  169.             //     $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  170.             // ));
  172.             return $this->redirectToRoute('app_check_email');
  173.         }
  175.         $from $this->fromAddress['no_reply_'.$request->getLocale()];
  177.         $email = (new TemplatedEmail())
  178.             ->from(new Address($from$from))
  179.             ->to((string) $user->getEmail())
  180.             ->subject($translator->trans('reset_password.email.subject'))
  181.             ->htmlTemplate('reset_password/email.html.twig')
  182.             ->context([
  183.                 'resetToken' => $resetToken,
  184.             ])
  185.         ;
  187.         if (SiteEnum::SITE_STR_ES !== $request->getLocale() && array_key_exists($request->getLocale(), SiteEnum::getReversedLanguages())) {
  188.             $email->getHeaders()->addTextHeader('X-Transport'$request->getLocale());
  189.         }
  190.         $mailer->send($email);
  192.         // Store the token object in session for retrieval in check-email route.
  193.         $this->setTokenObjectInSession($resetToken);
  195.         return $this->redirectToRoute('app_check_email');
  196.     }
  197. }