src/Controller/ResetPasswordController.php line 39

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Controller;
  7. use App\Entity\User;
  8. use App\Form\ChangePasswordFormType;
  9. use App\Form\ResetPasswordRequestFormType;
  10. use Doctrine\Persistence\ManagerRegistry;
  11. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  12. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  13. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  14. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  15. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  16. use Symfony\Component\HttpFoundation\RedirectResponse;
  17. use Symfony\Component\HttpFoundation\Request;
  18. use Symfony\Component\HttpFoundation\Response;
  19. use Symfony\Component\Mailer\MailerInterface;
  20. use Symfony\Component\Mime\Address;
  21. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  22. use Symfony\Component\Routing\Annotation\Route;
  24. #[Route(path: '/reset-password')]
  25. class ResetPasswordController extends AbstractController
  26. {
  27. use ResetPasswordControllerTrait;
  29. public function __construct(
  30. private readonly ResetPasswordHelperInterface $resetPasswordHelper,
  31. private readonly ManagerRegistry $managerRegistry)
  32. {
  33. }
  35. /**
  36. * Display & process form to request a password reset.
  37. */
  38. #[Route(path: '', name: 'app_forgot_password_request')]
  39. public function request(Request $request, MailerInterface $mailer): Response
  40. {
  41. $form = $this->createForm(ResetPasswordRequestFormType::class);
  42. $form->handleRequest($request);
  44. if ($form->isSubmitted() && $form->isValid()) {
  45. return $this->processSendingPasswordResetEmail(
  46. $form->get('email')->getData(),
  47. $mailer
  48. );
  49. }
  51. return $this->render('reset_password/request.html.twig', [
  52. 'requestForm' => $form->createView(),
  53. ]);
  54. }
  56. /**
  57. * Confirmation page after a user has requested a password reset.
  58. */
  59. #[Route(path: '/check-email', name: 'app_check_email')]
  60. public function checkEmail(): Response
  61. {
  62. // We prevent users from directly accessing this page
  63. if (!$this->canCheckEmail()) {
  64. return $this->redirectToRoute('app_forgot_password_request');
  65. }
  67. return $this->render('reset_password/check_email.html.twig', [
  68. 'tokenLifetime' => $this->resetPasswordHelper->getTokenLifetime(),
  69. ]);
  70. }
  72. /**
  73. * Validates and process the reset URL that the user clicked in their email.
  74. */
  75. #[Route(path: '/reset/{token}', name: 'app_reset_password')]
  76. public function reset(Request $request, UserPasswordHasherInterface $userPasswordHasher, ?string $token = null): Response
  77. {
  78. if ($token) {
  79. // We store the token in session and remove it from the URL, to avoid the URL being
  80. // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  81. $this->storeTokenInSession($token);
  83. return $this->redirectToRoute('app_reset_password');
  84. }
  86. $token = $this->getTokenFromSession();
  87. if (null === $token) {
  88. throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  89. }
  91. try {
  92. $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  93. } catch (ResetPasswordExceptionInterface $resetPasswordException) {
  94. $this->addFlash('reset_password_error', sprintf(
  95. 'There was a problem validating your reset request - %s',
  96. $resetPasswordException->getReason()
  97. ));
  99. return $this->redirectToRoute('app_forgot_password_request');
  100. }
  102. // The token is valid; allow the user to change their password.
  103. $form = $this->createForm(ChangePasswordFormType::class);
  104. $form->handleRequest($request);
  106. if ($form->isSubmitted() && $form->isValid()) {
  107. // A password reset token should be used only once, remove it.
  108. $this->resetPasswordHelper->removeResetRequest($token);
  110. // Encode the plain password, and set it.
  111. $encodedPassword = $userPasswordHasher->hashPassword(
  112. $user,
  113. $form->get('plainPassword')->getData()
  114. );
  116. $user->setPassword($encodedPassword);
  117. $this->managerRegistry->getManager()->flush();
  119. // The session is cleaned up after the password has been changed.
  120. $this->cleanSessionAfterReset();
  122. return $this->redirectToRoute('dashboard');
  123. }
  125. return $this->render('reset_password/reset.html.twig', [
  126. 'resetForm' => $form->createView(),
  127. ]);
  128. }
  130. private function processSendingPasswordResetEmail(string $emailFormData, MailerInterface $mailer): RedirectResponse
  131. {
  132. $user = $this->managerRegistry->getRepository(User::class)->findOneBy([
  133. 'email' => $emailFormData,
  134. ]);
  136. // Marks that you are allowed to see the app_check_email page.
  137. $this->setCanCheckEmailInSession();
  139. // Do not reveal whether a user account was found or not.
  140. if (!$user) {
  141. return $this->redirectToRoute('app_check_email');
  142. }
  144. try {
  145. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  146. } catch (ResetPasswordExceptionInterface $resetPasswordException) {
  147. // If you want to tell the user why a reset email was not sent, uncomment
  148. // the lines below and change the redirect to 'app_forgot_password_request'.
  149. // Caution: This may reveal if a user is registered or not.
  151. $this->addFlash('reset_password_error', sprintf(
  152. 'There was a problem handling your password reset request - %s',
  153. $resetPasswordException->getReason()
  154. ));
  156. return $this->redirectToRoute('app_check_email');
  157. }
  159. $templatedEmail = new TemplatedEmail()
  160. ->from(new Address('noreply@opfer-notruf.at', 'Opfer-Notruf'))
  161. ->to($user->getEmail())
  162. ->subject('Passwort zurücksetzten')
  163. ->htmlTemplate('reset_password/email.html.twig')
  164. ->context([
  165. 'resetToken' => $resetToken,
  166. 'tokenLifetime' => $this->resetPasswordHelper->getTokenLifetime(),
  167. ])
  168. ;
  170. $mailer->send($templatedEmail);
  172. return $this->redirectToRoute('app_check_email');
  173. }
  174. }