src/Controller/ResetPasswordController.php line 74

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\User;
  6. use App\Form\ChangePasswordFormType;
  7. use App\Form\ResetPasswordRequestFormType;
  8. use App\Service\EmailManager;
  9. use App\Service\User\UserDomainHelper;
  10. use Doctrine\ORM\EntityManagerInterface;
  11. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  12. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  13. use Symfony\Component\HttpFoundation\RedirectResponse;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpFoundation\Response;
  16. use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
  17. use Symfony\Component\Mime\Address;
  18. use Symfony\Component\Routing\Annotation\Route;
  19. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  20. use Symfony\Contracts\Translation\TranslatorInterface;
  21. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  22. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  23. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  25. /**
  26. * @Route("/reset-password")
  27. */
  28. class ResetPasswordController extends AbstractController
  29. {
  30. use ResetPasswordControllerTrait;
  32. /**
  33. * @var ResetPasswordHelperInterface
  34. */
  35. private ResetPasswordHelperInterface $resetPasswordHelper;
  37. /**
  38. * @var TranslatorInterface
  39. */
  40. private TranslatorInterface $translator;
  41. /**
  42. * @var EmailManager
  43. */
  44. private EmailManager $emailManager;
  45. private EntityManagerInterface $manager;
  47. /**
  48. * ResetPasswordController constructor.
  49. * @param ResetPasswordHelperInterface $resetPasswordHelper
  50. * @param TranslatorInterface $translator
  51. * @param EmailManager $emailManager
  52. * @param EntityManagerInterface $manager
  53. */
  54. public function __construct(
  55. ResetPasswordHelperInterface $resetPasswordHelper,
  56. TranslatorInterface $translator,
  57. EmailManager $emailManager,
  58. EntityManagerInterface $manager
  59. ) {
  60. $this->resetPasswordHelper = $resetPasswordHelper;
  61. $this->translator = $translator;
  62. $this->emailManager = $emailManager;
  63. $this->manager = $manager;
  64. }
  66. /**
  67. * Display & process form to request a password reset.
  68. *
  69. * @Route("", name="app_forgot_password_request")
  70. * @param Request $request
  71. * @return Response
  72. * @throws TransportExceptionInterface
  73. */
  74. public function request(Request $request): Response
  75. {
  76. $form = $this->createForm(ResetPasswordRequestFormType::class);
  77. $form->handleRequest($request);
  79. if ($form->isSubmitted() && $form->isValid()) {
  80. return $this->processSendingPasswordResetEmail(
  81. $form->get('email')->getData()
  82. );
  83. }
  85. return $this->render('reset_password/request.html.twig', [
  86. 'requestForm' => $form->createView(),
  87. ]);
  88. }
  90. /**
  91. * Confirmation page after a user has requested a password reset.
  92. *
  93. * @Route("/check-email", name="app_check_email")
  94. */
  95. public function checkEmail(): Response
  96. {
  97. // We prevent users from directly accessing this page
  98. if (!$this->canCheckEmail()) {
  99. return $this->redirectToRoute('app_forgot_password_request');
  100. }
  102. return $this->render('reset_password/check_email.html.twig', [
  103. 'tokenLifetime' => $this->resetPasswordHelper->getTokenLifetime(),
  104. ]);
  105. }
  107. /**
  108. * Validates and process the reset URL that the user clicked in their email.
  109. *
  110. * @Route("/reset/{token}", name="app_reset_password")
  111. * @param Request $request
  112. * @param UserPasswordEncoderInterface $passwordEncoder
  113. * @param string|null $token
  114. * @param UserDomainHelper $userDomainHelper
  115. * @return Response
  116. */
  117. public function reset(
  118. Request $request,
  119. UserPasswordEncoderInterface $passwordEncoder,
  120. string $token = null,
  121. UserDomainHelper $userDomainHelper
  122. ): Response {
  123. try {
  124. $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  125. } catch (ResetPasswordExceptionInterface $e) {
  126. $this->addFlash('reset_password_error', sprintf(
  127. 'There was a problem validating your reset request - %s',
  128. $e->getReason()
  129. ));
  131. return $this->redirectToRoute('app_forgot_password_request');
  132. }
  134. // The token is valid; allow the user to change their password.
  135. $form = $this->createForm(ChangePasswordFormType::class);
  136. $form->handleRequest($request);
  138. if ($form->isSubmitted() && $form->isValid()) {
  139. // A password reset token should be used only once, remove it.
  140. $this->resetPasswordHelper->removeResetRequest($token);
  142. // Encode the plain password, and set it.
  143. $encodedPassword = $passwordEncoder->encodePassword(
  144. $user,
  145. $form->get('plainPassword')->getData()
  146. );
  148. $user->setPassword($encodedPassword);
  149. $this->manager->flush();
  151. // The session is cleaned up after the password has been changed.
  152. $this->cleanSessionAfterReset();
  154. $this->addFlash(
  155. 'success',
  156. $this->translator->trans('resetPassword.success', [], 'security')
  157. );
  159. return $this->redirect($userDomainHelper->getHomeUrlForUser($user));
  160. }
  162. return $this->render('reset_password/reset.html.twig', [
  163. 'resetForm' => $form->createView(),
  164. ]);
  165. }
  167. /**
  168. * @param string $emailFormData
  169. * @return RedirectResponse
  170. * @throws TransportExceptionInterface
  171. */
  172. private function processSendingPasswordResetEmail(string $emailFormData): RedirectResponse
  173. {
  174. $user = $this->manager->getRepository(User::class)->findOneBy([
  175. 'email' => $emailFormData,
  176. ]);
  178. // Marks that you are allowed to see the app_check_email page.
  179. $this->setCanCheckEmailInSession();
  181. // Do not reveal whether a user account was found or not.
  182. if (!$user) {
  183. return $this->redirectToRoute('app_check_email');
  184. }
  186. try {
  187. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  188. } catch (ResetPasswordExceptionInterface $e) {
  189. // If you want to tell the user why a reset email was not sent, uncomment
  190. // the lines below and change the redirect to 'app_forgot_password_request'.
  191. // Caution: This may reveal if a user is registered or not.
  192. //
  193. // $this->addFlash('reset_password_error', sprintf(
  194. // 'There was a problem handling your password reset request - %s',
  195. // $e->getReason()
  196. // ));
  198. return $this->redirectToRoute('app_check_email');
  199. }
  201. $email = (new TemplatedEmail())
  202. ->from(new Address('registrace@e-manazer.cz', 'E-manažer'))
  203. ->to($user->getEmail())
  204. ->subject($this->translator->trans('resetRequestEmail.subject', [], 'security'))
  205. ->htmlTemplate('reset_password/email.html.twig')
  206. ->textTemplate('reset_password/email.txt.twig')
  207. ->context([
  208. 'resetToken' => $resetToken,
  209. 'tokenLifetime' => $this->resetPasswordHelper->getTokenLifetime(),
  210. ]);
  212. $this->emailManager->sendMail($email);
  214. return $this->redirectToRoute('app_check_email');
  215. }
  216. }