removed encoder, set hasher
This commit is contained in:
parent
a5e665cbe4
commit
613605ef92
|
|
@ -12,8 +12,9 @@ use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\Mailer\MailerInterface;
|
use Symfony\Component\Mailer\MailerInterface;
|
||||||
use Symfony\Component\Mime\Address;
|
use Symfony\Component\Mime\Address;
|
||||||
|
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
|
||||||
use Symfony\Component\Routing\Annotation\Route;
|
use Symfony\Component\Routing\Annotation\Route;
|
||||||
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
|
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
|
||||||
use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
|
use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
|
||||||
use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
|
use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
|
||||||
use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
|
use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
|
||||||
|
|
@ -25,152 +26,154 @@ use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
|
||||||
#[Route('/reset-password')]
|
#[Route('/reset-password')]
|
||||||
class ResetPasswordController extends AbstractController
|
class ResetPasswordController extends AbstractController
|
||||||
{
|
{
|
||||||
use ResetPasswordControllerTrait;
|
use ResetPasswordControllerTrait;
|
||||||
|
|
||||||
private $resetPasswordHelper;
|
private $resetPasswordHelper;
|
||||||
|
|
||||||
public function __construct(ResetPasswordHelperInterface $resetPasswordHelper)
|
public function __construct(ResetPasswordHelperInterface $resetPasswordHelper)
|
||||||
{
|
{
|
||||||
$this->resetPasswordHelper = $resetPasswordHelper;
|
$this->resetPasswordHelper = $resetPasswordHelper;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Display & process form to request a password reset.
|
* Display & process form to request a password reset.
|
||||||
*/
|
*/
|
||||||
#[Route('', name: 'app_forgot_password_request')]
|
#[Route('', name: 'app_forgot_password_request')]
|
||||||
public function request(Request $request, MailerInterface $mailer): Response
|
public function request(Request $request, MailerInterface $mailer): Response
|
||||||
{
|
{
|
||||||
$form = $this->createForm(ResetPasswordRequestFormType::class);
|
$form = $this->createForm(ResetPasswordRequestFormType::class);
|
||||||
$form->handleRequest($request);
|
$form->handleRequest($request);
|
||||||
|
|
||||||
if ($form->isSubmitted() && $form->isValid()) {
|
if ($form->isSubmitted() && $form->isValid()) {
|
||||||
return $this->processSendingPasswordResetEmail(
|
return $this->processSendingPasswordResetEmail(
|
||||||
$form->get('email')->getData(),
|
$form->get('email')->getData(),
|
||||||
$mailer
|
$mailer
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->render('security/request.html.twig', [
|
return $this->render('security/request.html.twig', [
|
||||||
'requestForm' => $form->createView(),
|
'requestForm' => $form->createView(),
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Confirmation page after a user has requested a password reset.
|
* Confirmation page after a user has requested a password reset.
|
||||||
*/
|
*/
|
||||||
#[Route('/check-email', name: 'app_check_email')]
|
#[Route('/check-email', name: 'app_check_email')]
|
||||||
public function checkEmail(): Response
|
public function checkEmail(): Response
|
||||||
{
|
{
|
||||||
// Generate a fake token if the user does not exist or someone hit this page directly.
|
// Generate a fake token if the user does not exist or someone hit this page directly.
|
||||||
// This prevents exposing whether or not a user was found with the given email address or not
|
// This prevents exposing whether or not a user was found with the given email address or not
|
||||||
if (null === ($resetToken = $this->getTokenObjectFromSession())) {
|
if (null === ($resetToken = $this->getTokenObjectFromSession())) {
|
||||||
$resetToken = $this->resetPasswordHelper->generateFakeResetToken();
|
$resetToken = $this->resetPasswordHelper->generateFakeResetToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->render('security/check_email.html.twig', [
|
return $this->render('security/check_email.html.twig', [
|
||||||
'resetToken' => $resetToken,
|
'resetToken' => $resetToken,
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Validates and process the reset URL that the user clicked in their email.
|
* Validates and process the reset URL that the user clicked in their email.
|
||||||
*/
|
*/
|
||||||
#[Route('/reset/{token}', name: 'app_reset_password')]
|
#[Route('/reset/{token}', name: 'app_reset_password')]
|
||||||
public function reset(Request $request, UserPasswordEncoderInterface $passwordEncoder, string $token = null): Response
|
public function reset(Request $request, UserPasswordHasherInterface $passwordHasher, string $token = null): Response
|
||||||
{
|
{
|
||||||
if ($token) {
|
if ($token) {
|
||||||
// We store the token in session and remove it from the URL, to avoid the URL being
|
// We store the token in session and remove it from the URL, to avoid the URL being
|
||||||
// loaded in a browser and potentially leaking the token to 3rd party JavaScript.
|
// loaded in a browser and potentially leaking the token to 3rd party JavaScript.
|
||||||
$this->storeTokenInSession($token);
|
$this->storeTokenInSession($token);
|
||||||
|
|
||||||
return $this->redirectToRoute('app_reset_password');
|
return $this->redirectToRoute('app_reset_password');
|
||||||
}
|
}
|
||||||
|
|
||||||
$token = $this->getTokenFromSession();
|
$token = $this->getTokenFromSession();
|
||||||
if ($token === null) {
|
if ($token === null) {
|
||||||
throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
|
throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
|
$user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
|
||||||
} catch (ResetPasswordExceptionInterface $e) {
|
} catch (ResetPasswordExceptionInterface $e) {
|
||||||
$this->addFlash('reset_password_error', sprintf(
|
$this->addFlash('reset_password_error', sprintf(
|
||||||
'There was a problem validating your reset request - %s',
|
'There was a problem validating your reset request - %s',
|
||||||
$e->getReason()
|
$e->getReason()
|
||||||
));
|
));
|
||||||
|
|
||||||
return $this->redirectToRoute('app_forgot_password_request');
|
return $this->redirectToRoute('app_forgot_password_request');
|
||||||
}
|
}
|
||||||
|
|
||||||
// The token is valid; allow the user to change their password.
|
// The token is valid; allow the user to change their password.
|
||||||
$form = $this->createForm(ChangePasswordFormType::class);
|
$form = $this->createForm(ChangePasswordFormType::class);
|
||||||
$form->handleRequest($request);
|
$form->handleRequest($request);
|
||||||
|
|
||||||
if ($form->isSubmitted() && $form->isValid()) {
|
if ($form->isSubmitted() && $form->isValid()) {
|
||||||
// A password reset token should be used only once, remove it.
|
// A password reset token should be used only once, remove it.
|
||||||
$this->resetPasswordHelper->removeResetRequest($token);
|
$this->resetPasswordHelper->removeResetRequest($token);
|
||||||
|
|
||||||
// Encode the plain password, and set it.
|
// Hash the plain password, and set it.
|
||||||
$encodedPassword = $passwordEncoder->encodePassword(
|
/*
|
||||||
$user,
|
** @var PasswordAuthenticatedUserInterface $user
|
||||||
$form->get('plainPassword')->getData()
|
*/
|
||||||
);
|
$hashedPassword = $passwordHasher->hashPassword(
|
||||||
|
$user,
|
||||||
|
$form->get('plainPassword')->getData()
|
||||||
|
);
|
||||||
|
|
||||||
$user->setPassword($encodedPassword);
|
$user->setPassword($hashedPassword);
|
||||||
$this->getDoctrine()->getManager()->flush();
|
$this->getDoctrine()->getManager()->flush();
|
||||||
|
|
||||||
// The session is cleaned up after the password has been changed.
|
// The session is cleaned up after the password has been changed.
|
||||||
$this->cleanSessionAfterReset();
|
$this->cleanSessionAfterReset();
|
||||||
|
|
||||||
return $this->redirectToRoute('blogs');
|
return $this->redirectToRoute('blogs');
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->render('security/reset.html.twig', [
|
return $this->render('security/reset.html.twig', [
|
||||||
'resetForm' => $form->createView(),
|
'resetForm' => $form->createView(),
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
private function processSendingPasswordResetEmail(string $emailFormData, MailerInterface $mailer): RedirectResponse
|
private function processSendingPasswordResetEmail(string $emailFormData, MailerInterface $mailer): RedirectResponse
|
||||||
{
|
{
|
||||||
$user = $this->getDoctrine()->getRepository(User::class)->findOneBy([
|
$user = $this->getDoctrine()->getRepository(User::class)->findOneBy([
|
||||||
'email' => $emailFormData,
|
'email' => $emailFormData,
|
||||||
]);
|
]);
|
||||||
|
|
||||||
// Do not reveal whether a user account was found or not.
|
// Do not reveal whether a user account was found or not.
|
||||||
if (!$user) {
|
if (!$user) {
|
||||||
return $this->redirectToRoute('app_check_email');
|
return $this->redirectToRoute('app_check_email');
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$resetToken = $this->resetPasswordHelper->generateResetToken($user);
|
$resetToken = $this->resetPasswordHelper->generateResetToken($user);
|
||||||
} catch (ResetPasswordExceptionInterface $e) {
|
} catch (ResetPasswordExceptionInterface $e) {
|
||||||
// If you want to tell the user why a reset email was not sent, uncomment
|
// If you want to tell the user why a reset email was not sent, uncomment
|
||||||
// the lines below and change the redirect to 'app_forgot_password_request'.
|
// the lines below and change the redirect to 'app_forgot_password_request'.
|
||||||
// Caution: This may reveal if a user is registered or not.
|
// Caution: This may reveal if a user is registered or not.
|
||||||
//
|
//
|
||||||
// $this->addFlash('reset_password_error', sprintf(
|
// $this->addFlash('reset_password_error', sprintf(
|
||||||
// 'There was a problem handling your password reset request - %s',
|
// 'There was a problem handling your password reset request - %s',
|
||||||
// $e->getReason()
|
// $e->getReason()
|
||||||
// ));
|
// ));
|
||||||
|
|
||||||
return $this->redirectToRoute('app_check_email');
|
return $this->redirectToRoute('app_check_email');
|
||||||
}
|
}
|
||||||
|
|
||||||
$email = (new TemplatedEmail())
|
$email = (new TemplatedEmail())
|
||||||
->from(new Address('tracer@24unix.net', '24unix.net'))
|
->from(new Address('tracer@24unix.net', '24unix.net'))
|
||||||
->to($user->getEmail())
|
->to($user->getEmail())
|
||||||
->subject('Your password reset request')
|
->subject('Your password reset request')
|
||||||
->htmlTemplate('security/email.html.twig')
|
->htmlTemplate('security/email.html.twig')
|
||||||
->context([
|
->context([
|
||||||
'resetToken' => $resetToken,
|
'resetToken' => $resetToken,
|
||||||
])
|
]);
|
||||||
;
|
|
||||||
|
|
||||||
$mailer->send($email);
|
$mailer->send($email);
|
||||||
|
|
||||||
// Store the token object in session for retrieval in check-email route.
|
// Store the token object in session for retrieval in check-email route.
|
||||||
$this->setTokenObjectInSession($resetToken);
|
$this->setTokenObjectInSession($resetToken);
|
||||||
|
|
||||||
return $this->redirectToRoute('app_check_email');
|
return $this->redirectToRoute('app_check_email');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue