src/Controller/SecurityController.php line 111

  1. <?php
  3. namespace App\Controller;
  5. use App\Event\AppEvents;
  6. use App\Event\UserResetPasswordEvent;
  7. use App\Model\Form\ChangePasswordForm;
  8. use App\Model\Form\ResetPasswordForm;
  9. use App\Repository\UserRepository;
  10. use DateTime;
  11. use App\Entity\User;
  12. use Doctrine\ORM\EntityManagerInterface;
  13. use Ecommerce121\UtilBundle\Controller\ControllerBase;
  14. use Ecommerce121\UtilBundle\Controller\ControllerUtil;
  15. use Symfony\Component\HttpKernel\Attribute\AsController;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpFoundation\Session\Session;
  18. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  19. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  20. use Symfony\Component\HttpFoundation\Response;
  21. use Symfony\Component\Routing\Attribute\Route;
  22. use Twig\Error\LoaderError;
  23. use Twig\Error\RuntimeError;
  24. use Twig\Error\SyntaxError;
  26. #[AsController]
  27. class SecurityController extends ControllerBase
  28. {
  30. public function __construct(
  31. ControllerUtil $controllerUtil,
  32. private readonly AuthenticationUtils $authenticationUtils,
  33. private readonly UserPasswordHasherInterface $passwordHasher,
  34. private readonly EntityManagerInterface $entityManager,
  35. private readonly UserRepository $userRepository
  36. ) {
  37. parent::__construct($controllerUtil);
  38. }
  40. /**
  41. * @throws SyntaxError
  42. * @throws RuntimeError
  43. * @throws LoaderError
  44. */
  45. #[Route('/login', name: 'app_login')]
  46. public function loginAction(): Response
  47. {
  48. if ($this->getUser() instanceof User) {
  49. $dashboardPath = $this->generateUrl('app_home');
  50. return $this->redirect($dashboardPath);
  51. }
  53. // Pass the last username and error to the template
  54. return $this->render('Security/login.html.twig', [
  55. 'last_username' => $this->authenticationUtils->getLastUsername(),
  56. 'error' => $this->authenticationUtils->getLastAuthenticationError(),
  57. ]);
  58. }
  60. #[Route('/loginCheck', name: 'app_login_check')]
  61. public function loginCheckAction()
  62. {
  63. throw new \RuntimeException('This should never be reached!');
  64. }
  66. #[Route('/logout', name: 'app_logout')]
  67. public function logoutAction()
  68. {
  69. throw new \RuntimeException('This should never be reached!');
  70. }
  72. /**
  73. * @throws SyntaxError
  74. * @throws RuntimeError
  75. * @throws LoaderError
  76. */
  77. #[Route('/resetPassword', name: 'app_reset_password')]
  78. public function resetPasswordAction(Request $request): Response
  79. {
  80. $form = $this->createForm(ResetPasswordForm::class);
  81. $form->handleRequest($request);
  83. if ($form->isSubmitted() && $form->isValid()) {
  84. $email = $form->get('email')->getData();
  85. $user = $this->userRepository->findOneBy(['email' => $email]);
  87. if ($user instanceof User) {
  88. $user->setForgetPasswordValidUntil(new DateTime('+7 days'));
  89. $user->setForgetPasswordCode(uniqid());
  91. $this->entityManager->persist($user);
  92. $this->entityManager->flush();
  94. $this->dispatchEvent(AppEvents::USER_RESET_PASSWORD, new UserResetPasswordEvent($user));
  95. }
  96. }
  98. return $this->render('Security/resetPassword.html.twig', [
  99. 'form' => $form->createView(),
  100. 'formIsValid' => $form->isSubmitted() && $form->isValid(),
  101. ]);
  102. }
  104. /**
  105. * @throws SyntaxError
  106. * @throws RuntimeError
  107. * @throws LoaderError
  108. */
  109. #[Route('/changePassword/{code}', name: 'app_change_password')]
  110. public function changePasswordAction(string $code, Request $request): Response
  111. {
  112. return $this->handlePasswordChange($code, $request, 'resetPassword');
  113. }
  115. /**
  116. * @throws SyntaxError
  117. * @throws RuntimeError
  118. * @throws LoaderError
  119. */
  120. #[Route('/update-password/{code}', name: 'app_update_user_password')]
  121. public function updateUserPassword(string $code, Request $request): Response
  122. {
  123. return $this->handlePasswordChange($code, $request, 'updatePassword');
  124. }
  126. /**
  127. * @throws SyntaxError
  128. * @throws RuntimeError
  129. * @throws LoaderError
  130. */
  131. private function handlePasswordChange(string $code, Request $request, string $passwordAction): Response
  132. {
  133. $this->forward404Unless($code);
  135. $user = $this->userRepository->findOneBy(['forgetPasswordCode' => $code]);
  136. $oldPassword = $user?->getPassword();
  137. $session = $request->getSession();
  138. $homeUrl = $this->generateUrl('app_home');
  139. $updatePassUrl = $this->generateUrl('app_update_user_password', ['code' => $code]);
  141. if (!$user instanceof User) {
  142. /** @var Session $session */
  143. $session = $request->getSession();
  144. $session->getFlashBag()->add('message_password', 'Your code has been already used or expired.');
  146. return $this->redirect($homeUrl);
  147. }
  149. $form = $this->createForm(ChangePasswordForm::class);
  150. $form->handleRequest($request);
  152. if ($form->isSubmitted() && $form->isValid()) {
  153. $newPassword = $form['newPassword']->getData();
  154. if ($this->passwordHasher->isPasswordValid($user, $newPassword)) {
  155. $session->getFlashBag()->add('message_password', 'Please use a different password. Old and new passwords are the same.');
  156. return $this->redirect($updatePassUrl);
  157. }
  159. $encodedPassword = $this->passwordHasher->hashPassword($user, $newPassword);
  160. $user->changePassword($encodedPassword);
  161. $user->setForgetPasswordCode(null);
  162. $user->setForgetPasswordValidUntil(null);
  163. $user->setPasswordValidUntil(new \DateTime('+90 days'));
  165. $this->entityManager->persist($user);
  166. $this->entityManager->flush();
  168. $session->getFlashBag()->add('message_password', 'Your password has been updated.');
  169. return $this->redirect($homeUrl);
  170. }
  172. return $this->render('Security/changePassword.html.twig', [
  173. 'form' => $form->createView(),
  174. 'code' => $code,
  175. 'user' => $user,
  176. 'updatePassword' => ($passwordAction === 'updatePassword'),
  177. ]);
  178. }
  179. }