src/Controller/Web/SecurityController.php line 31

Open in your IDE?
  1. <?php
  3. namespace App\Controller\Web;
  5. use App\Entity\User;
  6. use App\Form\Resetting\ResetPasswordFormType;
  7. use App\Form\Resetting\ResetPasswordRequestFormType;
  8. use DateTime;
  9. use Exception;
  10. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  11. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpFoundation\Response;
  14. use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
  15. use Symfony\Component\Mailer\MailerInterface;
  16. use Symfony\Component\Mime\Address;
  17. use Symfony\Component\Routing\Annotation\Route;
  18. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  19. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  20. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  21. use Symfony\Contracts\Translation\TranslatorInterface;
  23. class SecurityController extends AbstractController
  24. {
  25.     /**
  26.      * @Route("/login", name="app_login")
  27.      * @param Request $request
  28.      * @param AuthenticationUtils $authenticationUtils
  29.      * @return Response
  30.      */
  31.     public function login(Request $requestAuthenticationUtils $authenticationUtils): Response
  32.     {
  33.         if ($this->getUser()) {
  34.             return $this->redirectToRoute('index_presentation');
  35.         }
  37.         // get the login error if there is one
  38.         $error $authenticationUtils->getLastAuthenticationError();
  39.         // last username entered by the user
  40.         $lastUsername $authenticationUtils->getLastUsername();
  41.         return $this->render('Security/login.html.twig', [
  42.             'last_username' => $lastUsername,
  43.             'error' => $error
  44.         ]);
  45.     }
  47.     /**
  48.      * @Route("/logout", name="app_logout", options = { "expose" = true }, methods={"GET","HEAD"})
  49.      */
  50.     public function logout()
  51.     {
  52.         throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
  53.     }
  55.     /**
  56.      * @Route("/resetting/request", name="app_password_reset_request", options={"expose":true})
  57.      * @param Request $request
  58.      * @param MailerInterface $mailer
  59.      * @param TranslatorInterface $translator
  60.      * @return Response
  61.      */
  62.     public function resetPasswordRequest(Request $requestMailerInterface $mailerTranslatorInterface $translator) : Response {
  63.         $form $this->createForm(ResetPasswordRequestFormType::class);
  64.         $form->handleRequest($request);
  66.         if ($form->isSubmitted() && $form->isValid()) {
  67.             $em $this->getDoctrine()->getManager();
  68.             $user $em->getRepository(User::class)->findOneBy(array('email' => $form->get('email')->getData()));
  69.             if ($user) {
  70.                 if (empty($user->getConfirmationToken())) {
  71.                     try {
  72.                         $user->setConfirmationToken(md5(random_bytes(random_int(4050))));
  73.                     } catch (Exception $e) {
  74.                     }
  75.                 }
  76.                 $latestRequestDate $user->getPasswordRequestedAt();
  77.                 $now = new DateTime();
  78.                 $diff $now->getTimestamp() - ($latestRequestDate $latestRequestDate->getTimestamp() : 0);
  79.                 if (is_null($latestRequestDate) || $diff >= 86400) {
  80.                     $user->setPasswordRequestedAt(new DateTime());
  81.                     if ($this->SendResetPasswordEmail($mailer$translator$user)) {
  82.                         // TODO change email with the link
  83.                         $em->flush();
  84.                     } else {
  85.                         // TODO display if there is an error for the sending of the mail
  86.                     }
  87.                 } else if ($diff 86400) {
  88.                     return $this->render('Resetting/passwordAlreadyRequested.html.twig', [
  89.                         'email' => $form->get('email')->getData(),
  90.                     ]);
  91.                 }
  92.             }
  93.             return $this->render('Resetting/check_email.html.twig', [
  94.                 'email' => $form->get('email')->getData(),
  95.             ]);
  96.         }
  98.         return $this->render('Resetting/request.html.twig', [
  99.             'form' => $form->createView(),
  100.         ]);
  102.     }
  104.     /**
  105.      * @Route("/resetting/password", name="app_password_reset", options={"expose":true})
  106.      * @param Request $request
  107.      * @param UserPasswordEncoderInterface $passwordEncoder
  108.      * @return Response
  109.      */
  110.     public function resetPassword(Request $requestUserPasswordEncoderInterface $passwordEncoder) : Response {
  111.         $form $this->createForm(ResetPasswordFormType::class);
  112.         $em $this->getDoctrine()->getManager();
  113.         $form->handleRequest($request);
  114.         $user null;
  116.         if ($form->isSubmitted() && $form->isValid()) {
  117.             $user $em->getRepository(User::class)->findOneBy(array('confirmationToken' => $request->get('token')));
  118.             if ($user && $user->getPasswordRequestedAt()) {
  119.                 $now = new DateTime();
  120.                 if (($now->getTimestamp() - $user->getPasswordRequestedAt()->getTimestamp()) > 86400) {
  121.                     return $this->render('Resetting/passwordRequestError.html.twig', [
  122.                     ]);
  123.                 }
  124.                 $user->setPassword(
  125.                     $passwordEncoder->encodePassword(
  126.                         $user,
  127.                         $form->get('plainPassword')->getData()
  128.                     )
  129.                 );
  130.                 $user->setPasswordRequestedAt(null);
  131.                 $em->flush();
  132.             } else {
  133.                 return $this->render('Resetting/passwordRequestError.html.twig', [
  134.                 ]);
  135.             }
  136.             return $this->redirectToRoute('app_login');
  137.         } else if (!$form->isSubmitted()) {
  138.             $user $em->getRepository(User::class)->findOneBy(array('confirmationToken' => $request->get('token')));
  139.             if ($user && $user->getPasswordRequestedAt()) {
  140.                 $now = new DateTime();
  141.                 if (($now->getTimestamp() - $user->getPasswordRequestedAt()->getTimestamp()) > 86400) {
  142.                     return $this->render('Resetting/passwordRequestError.html.twig', [
  143.                     ]);
  144.                 }
  145.             } else {
  146.                 return $this->render('Resetting/passwordRequestError.html.twig', [
  147.                 ]);
  148.             }
  149.         }
  151.         return $this->render('Resetting/reset.html.twig', [
  152.             'form' => $form->createView(), 'token' => $request->get('token')
  153.         ]);
  154.     }
  156.     private function SendResetPasswordEmail(MailerInterface $mailerTranslatorInterface $translatorUser $user) : bool {
  157.         $message = (new TemplatedEmail())
  158.             ->subject($translator->trans('resetting.email.subject', array(), 'FOSUserBundle'))
  159.             ->from(new Address($this->getParameter('NOREPLY_EMAIL'), 'No-Reply'))
  160.             ->to(new Address($user->getEmail(), ($user->getFirstName() . " " $user->getLastName())))
  161.             ->htmlTemplate('Resetting/emailResetting.html.twig')
  162.             ->textTemplate('Resetting/emailResetting.txt.twig')
  163.             ->context([
  164.                 'datamail' => [
  165.                     'user' => $user,
  166.                     'confirmationUrl' => $this->generateUrl('app_password_reset', [], UrlGeneratorInterface::ABSOLUTE_URL).'?token='.$user->getConfirmationToken()
  167.                 ]
  168.             ])
  169.         ;
  170.         try {
  171.             $mailer->send($message);
  172.         } catch (TransportExceptionInterface $e) {
  173.             return false;
  174.         }
  175.         return true;
  176.     }
  177. }