Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 150 |
|
0.00% |
0 / 13 |
CRAP | |
0.00% |
0 / 1 |
SecurityController | |
0.00% |
0 / 150 |
|
0.00% |
0 / 13 |
1190 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
index | |
0.00% |
0 / 7 |
|
0.00% |
0 / 1 |
6 | |||
logout | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
register | |
0.00% |
0 / 19 |
|
0.00% |
0 / 1 |
20 | |||
verifyUserEmail | |
0.00% |
0 / 12 |
|
0.00% |
0 / 1 |
20 | |||
request | |
0.00% |
0 / 10 |
|
0.00% |
0 / 1 |
12 | |||
checkEmail | |
0.00% |
0 / 5 |
|
0.00% |
0 / 1 |
6 | |||
reset | |
0.00% |
0 / 30 |
|
0.00% |
0 / 1 |
42 | |||
processSendingPasswordResetEmail | |
0.00% |
0 / 28 |
|
0.00% |
0 / 1 |
20 | |||
sendEmailConfirmation | |
0.00% |
0 / 14 |
|
0.00% |
0 / 1 |
6 | |||
handleEmailConfirmation | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |||
generateSignedUrlAndEmailToTheUser | |
0.00% |
0 / 10 |
|
0.00% |
0 / 1 |
2 | |||
resendVerifyEmail | |
0.00% |
0 / 9 |
|
0.00% |
0 / 1 |
12 |
1 | <?php |
2 | |
3 | namespace App\Controller; |
4 | |
5 | use App\Entity\User; |
6 | use App\Form\ChangePasswordFormType; |
7 | use App\Form\RegistrationFormType; |
8 | use App\Form\ResetPasswordRequestFormType; |
9 | use App\Repository\UserRepository; |
10 | use Doctrine\ORM\EntityManagerInterface; |
11 | use Exception; |
12 | use Symfony\Bridge\Twig\Mime\TemplatedEmail; |
13 | use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; |
14 | use Symfony\Component\HttpFoundation\RedirectResponse; |
15 | use Symfony\Component\HttpFoundation\Request; |
16 | use Symfony\Component\HttpFoundation\Response; |
17 | use Symfony\Component\Mailer\Exception\TransportExceptionInterface; |
18 | use Symfony\Component\Mailer\MailerInterface; |
19 | use Symfony\Component\Mime\Address; |
20 | use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface; |
21 | use Symfony\Component\Routing\Annotation\Route; |
22 | use Symfony\Component\Security\Http\Authentication\AuthenticationUtils; |
23 | use Symfony\Contracts\Translation\TranslatorInterface; |
24 | use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait; |
25 | use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface; |
26 | use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface; |
27 | use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface; |
28 | use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface; |
29 | |
30 | class SecurityController extends AbstractController |
31 | { |
32 | use ResetPasswordControllerTrait; |
33 | |
34 | public function __construct(private readonly ResetPasswordHelperInterface $resetPasswordHelper, |
35 | private readonly EntityManagerInterface $entityManager, |
36 | private readonly VerifyEmailHelperInterface $verifyEmailHelper, |
37 | private readonly MailerInterface $mailer, |
38 | ) |
39 | { |
40 | // empty body |
41 | } |
42 | |
43 | #[Route(path: '/security/login', name: 'security_login')] |
44 | public function index(AuthenticationUtils $authenticationUtils): Response |
45 | { |
46 | // get the login error if there is one |
47 | if ($error = $authenticationUtils->getLastAuthenticationError()) { |
48 | $this->addFlash(type: 'error', message: $error->getMessageKey()); |
49 | } |
50 | |
51 | // last username entered by the user |
52 | $lastUsername = $authenticationUtils->getLastUsername(); |
53 | |
54 | return $this->render(view: '@default/security/login.html.twig', parameters: [ |
55 | 'last_username' => $lastUsername, |
56 | 'error' => '', |
57 | ]); |
58 | } |
59 | |
60 | /** |
61 | * @throws Exception |
62 | */ |
63 | #[Route(path: '/security/logout', name: 'security_logout')] |
64 | public function logout(): never |
65 | { |
66 | throw new Exception(message: 'Logout should never be reached.'); |
67 | } |
68 | |
69 | #[Route(path: '/security/register', name: 'security_register')] |
70 | public function register(Request $request, UserPasswordHasherInterface $userPasswordHasher, EntityManagerInterface $entityManager): Response |
71 | { |
72 | $form = $this->createForm(type: RegistrationFormType::class); |
73 | $form->handleRequest(request: $request); |
74 | |
75 | if ($form->isSubmitted() && $form->isValid()) { |
76 | $user = $form->getData(); |
77 | // hash the plain password |
78 | $user->setPassword( |
79 | password: $userPasswordHasher->hashPassword( |
80 | user: $user, |
81 | plainPassword: $form->get(name: 'password')->getData() |
82 | ) |
83 | ); |
84 | |
85 | if ($form->get(name: 'agreeTerms')->getData()) { |
86 | $user->agreeTerms(); |
87 | } // no else, we already confirmed in the form itself |
88 | $entityManager->persist(entity: $user); |
89 | $entityManager->flush(); |
90 | $this->generateSignedUrlAndEmailToTheUser($user); |
91 | |
92 | return $this->render(view: '@default/security/registration_finished.html.twig'); |
93 | } |
94 | |
95 | return $this->renderForm(view: '@default/security/register.html.twig', parameters: [ |
96 | 'registrationForm' => $form, |
97 | ]); |
98 | } |
99 | |
100 | #[Route(path: '/security/verify/email', name: 'security_verify_email')] |
101 | public function verifyUserEmail(Request $request, TranslatorInterface $translator, UserRepository $userRepository): Response |
102 | { |
103 | $id = $request->get(key: 'id'); |
104 | |
105 | if ($id === null) { |
106 | return $this->redirectToRoute(route: 'app_register'); |
107 | } |
108 | |
109 | $user = $userRepository->find($id); |
110 | |
111 | if ($user === null) { |
112 | return $this->redirectToRoute(route: 'app_register'); |
113 | } |
114 | |
115 | // validate email confirmation link, sets User::isVerified=true and persists |
116 | try { |
117 | $this->handleEmailConfirmation(request: $request, user: $user); |
118 | } catch (VerifyEmailExceptionInterface $exception) { |
119 | $this->addFlash(type: 'error', message: $translator->trans(id: $exception->getReason(), parameters: [], domain: 'VerifyEmailBundle')); |
120 | |
121 | return $this->redirectToRoute(route: 'app_main'); |
122 | } |
123 | |
124 | $this->addFlash(type: 'success', message: 'Your email address has been verified.'); |
125 | |
126 | return $this->redirectToRoute(route: 'app_main'); |
127 | } |
128 | |
129 | /** |
130 | * Display & process form to request a password reset. |
131 | */ |
132 | #[Route(path: '/security/forgot/password', name: 'security_forgot_password')] |
133 | public function request(Request $request, MailerInterface $mailer): Response |
134 | { |
135 | $form = $this->createForm(type: ResetPasswordRequestFormType::class); |
136 | $form->handleRequest(request: $request); |
137 | |
138 | if ($form->isSubmitted() && $form->isValid()) { |
139 | return $this->processSendingPasswordResetEmail( |
140 | formData: $form->get(name: 'account')->getData(), |
141 | mailer: $mailer |
142 | ); |
143 | } |
144 | |
145 | return $this->renderForm(view: '@default/security/forgot_password.html.twig', parameters: [ |
146 | 'requestForm' => $form, |
147 | ]); |
148 | } |
149 | |
150 | /** |
151 | * Confirmation page after a user has requested a password reset. |
152 | */ |
153 | #[Route(path: '/security/recovery/mail/sent', name: 'security_recovery_mail_sent')] |
154 | public function checkEmail(): Response |
155 | { |
156 | // Generate a fake token if the user does not exist or someone hit this page directly. |
157 | // This prevents exposing whether a user was found with the given email address or username or not |
158 | if (null === ($resetToken = $this->getTokenObjectFromSession())) { |
159 | $resetToken = $this->resetPasswordHelper->generateFakeResetToken(); |
160 | } |
161 | |
162 | return $this->render(view: '@default/security/recovery_mail_sent.html.twig', parameters: [ |
163 | 'resetToken' => $resetToken, |
164 | ]); |
165 | } |
166 | |
167 | /** |
168 | * Validates and process the reset URL that the user clicked in their email. |
169 | */ |
170 | #[Route(path: '/security/recovery/reset/{token}', name: 'security_recovery_reset')] |
171 | public function reset(Request $request, UserPasswordHasherInterface $passwordHasher, TranslatorInterface $translator, string $token = null): Response |
172 | { |
173 | if ($token) { |
174 | // We store the token in session and remove it from the URL, to avoid the URL being |
175 | // loaded in a browser and potentially leaking the token to 3rd party JavaScript. |
176 | $this->storeTokenInSession(token: $token); |
177 | |
178 | return $this->redirectToRoute(route: 'security_recovery_reset'); |
179 | } |
180 | |
181 | $token = $this->getTokenFromSession(); |
182 | if (null === $token) { |
183 | throw $this->createNotFoundException(message: 'No reset password token found in the URL or in the session.'); |
184 | } |
185 | |
186 | try { |
187 | $user = $this->resetPasswordHelper->validateTokenAndFetchUser(fullToken: $token); |
188 | } catch (ResetPasswordExceptionInterface $e) { |
189 | $this->addFlash(type: 'reset_password_error', message: sprintf( |
190 | '%s - %s', |
191 | $translator->trans(id: ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, parameters: [], domain: 'ResetPasswordBundle'), |
192 | $translator->trans(id: $e->getReason(), parameters: [], domain: 'ResetPasswordBundle') |
193 | )); |
194 | |
195 | return $this->redirectToRoute(route: 'app_forgot_password_request'); |
196 | } |
197 | |
198 | // The token is valid; allow the user to change their password. |
199 | $form = $this->createForm(type: ChangePasswordFormType::class); |
200 | $form->handleRequest(request: $request); |
201 | |
202 | if ($form->isSubmitted() && $form->isValid()) { |
203 | // A password reset token should be used only once, remove it. |
204 | $this->resetPasswordHelper->removeResetRequest(fullToken: $token); |
205 | |
206 | // Encode(hash) the plain password, and set it. |
207 | $encodedPassword = $passwordHasher->hashPassword( |
208 | user: $user, |
209 | plainPassword: $form->get(name: 'plainPassword')->getData() |
210 | ); |
211 | |
212 | $user->setPassword($encodedPassword); |
213 | $this->entityManager->flush(); |
214 | |
215 | // The session is cleaned up after the password has been changed. |
216 | $this->cleanSessionAfterReset(); |
217 | |
218 | $this->addFlash(type: 'success', message: 'Your password has been changed.'); |
219 | |
220 | return $this->redirectToRoute(route: 'app_main'); |
221 | } |
222 | |
223 | return $this->renderForm(view: '@default/security/reset_password.html.twig', parameters: [ |
224 | 'resetForm' => $form, |
225 | ]); |
226 | } |
227 | |
228 | private function processSendingPasswordResetEmail(string $formData, MailerInterface $mailer): RedirectResponse |
229 | { |
230 | $user = $this->entityManager->getRepository(entityName: User::class)->findOneBy(criteria: [ |
231 | 'email' => $formData, |
232 | ]); |
233 | |
234 | if (!$user) { |
235 | $user = $this->entityManager->getRepository(entityName: User::class)->findOneBy(criteria: [ |
236 | 'username' => $formData, |
237 | ]); |
238 | } |
239 | |
240 | // Do not reveal whether a user account was found or not. |
241 | // if (!$user) { |
242 | // return $this->redirectToRoute(route: 'app_check_email'); |
243 | // } |
244 | |
245 | try { |
246 | $resetToken = $this->resetPasswordHelper->generateResetToken(user: $user); |
247 | } catch (ResetPasswordExceptionInterface $e) { |
248 | $this->addFlash(type: 'reset_password_error', message: sprintf( |
249 | '%s - %s', |
250 | ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE, |
251 | $e->getReason() |
252 | )); |
253 | |
254 | return $this->redirectToRoute(route: 'security_forgot_password'); |
255 | } |
256 | |
257 | $email = (new TemplatedEmail()) |
258 | ->from(new Address(address: 'tracer@24unix.net', name: '24unix.net')) |
259 | ->to($user->getEmail()) |
260 | ->subject(subject: 'Your password reset request') |
261 | ->htmlTemplate(template: '@default/security/mail/recovery.html.twig') |
262 | ->context(context: [ |
263 | 'resetToken' => $resetToken, |
264 | ]); |
265 | |
266 | try { |
267 | $mailer->send(message: $email); |
268 | } catch (TransportExceptionInterface $e) { |
269 | $this->addFlash(type: 'error', message: $e->getMessage()); |
270 | } |
271 | |
272 | // Store the token object in session for retrieval in check-email route. |
273 | $this->setTokenObjectInSession(token: $resetToken); |
274 | |
275 | return $this->redirectToRoute(route: 'security_recovery_mail_sent'); |
276 | } |
277 | |
278 | |
279 | public function sendEmailConfirmation(string $verifyEmailRouteName, User /* UserInterface */ $user, TemplatedEmail $email): void |
280 | { |
281 | $signatureComponents = $this->verifyEmailHelper->generateSignature( |
282 | routeName: $verifyEmailRouteName, |
283 | userId: $user->getId(), |
284 | userEmail: $user->getEmail(), |
285 | extraParams: ['id' => $user->getId()] |
286 | ); |
287 | |
288 | $context = $email->getContext(); |
289 | $context['signedUrl'] = $signatureComponents->getSignedUrl(); |
290 | $context['expiresAtMessageKey'] = $signatureComponents->getExpirationMessageKey(); |
291 | $context['expiresAtMessageData'] = $signatureComponents->getExpirationMessageData(); |
292 | |
293 | $email->context(context: $context); |
294 | |
295 | try { |
296 | $this->mailer->send(message: $email); |
297 | } catch (TransportExceptionInterface $e) { |
298 | die($e->getMessage()); |
299 | } |
300 | } |
301 | |
302 | /** |
303 | * @throws VerifyEmailExceptionInterface |
304 | */ |
305 | public function handleEmailConfirmation(Request $request, User /*UserInterface*/ $user): void |
306 | { |
307 | $this->verifyEmailHelper->validateEmailConfirmation(signedUrl: $request->getUri(), userId: $user->getId(), userEmail: $user->getEmail()); |
308 | $user->setIsVerified(isVerified: true); |
309 | $this->entityManager->persist(entity: $user); |
310 | $this->entityManager->flush(); |
311 | } |
312 | |
313 | /** |
314 | * @param mixed $user |
315 | * @return void |
316 | */ |
317 | public function generateSignedUrlAndEmailToTheUser(mixed $user): void |
318 | { |
319 | $this->sendEmailConfirmation(verifyEmailRouteName: 'security_verify_email', user: $user, |
320 | email: (new TemplatedEmail()) |
321 | ->from(new Address(address: 'info@24unix.net', name: '24unix.net')) |
322 | ->to($user->getEmail()) |
323 | ->subject(subject: 'Please Confirm your Email') |
324 | ->htmlTemplate(template: '@default/security/mail/registration.html.twig') |
325 | ->context(context: [ |
326 | 'username' => $user->getUsername() |
327 | ]) |
328 | ); |
329 | } |
330 | |
331 | |
332 | #[Route('/security/resend/verify_email', name: 'security_resend_verify_email')] |
333 | public function resendVerifyEmail(Request $request, UserRepository $userRepository): Response |
334 | { |
335 | |
336 | if ($request->isMethod('POST')) { |
337 | |
338 | $email = $request->getSession()->get('non_verified_email'); |
339 | $user = $userRepository->findOneBy(['email' => $email]); |
340 | if (!$user) { |
341 | throw $this->createNotFoundException('user not found for email'); |
342 | } |
343 | |
344 | $this->generateSignedUrlAndEmailToTheUser(user: $user); |
345 | $this->addFlash('success', 'eMail has been sent.'); |
346 | |
347 | return $this->redirectToRoute('app_main'); |
348 | } |
349 | return $this->render('@default/security/resend_activation.html.twig'); |
350 | } |
351 | } |