vendor/boldr/users-bundle/src/Controller/SecurityController.php line 54

Open in your IDE?
  1. <?php
  3. namespace Boldr\Cms\UsersBundle\Controller;
  5. use Boldr\Cms\UsersBundle\Form\{ ForgotPasswordType, ResetPasswordType };
  6. use Boldr\Cms\UsersBundle\Entity\User;
  7. use Boldr\Cms\UsersBundle\EmailFactory;
  8. use Boldr\Cms\UsersBundle\Event\UserPasswordChangedEvent;
  10. use Symfony\Component\HttpFoundation\{ Request, Response };
  11. use Symfony\Component\Routing\Annotation\Route;
  12. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  13. use Symfony\Component\Mailer\MailerInterface;
  14. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  15. use Symfony\Component\Form\FormError;
  16. use Symfony\Component\Form\Extension\Core\Type\{ FormType, TextType, PasswordType, CheckboxType };
  17. use Symfony\Contracts\Translation\TranslatorInterface;
  18. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  20. use Psr\EventDispatcher\EventDispatcherInterface;
  22. use DateTimeImmutable;
  23. use DateInterval;
  25. class SecurityController extends AbstractController
  26. {
  28. public static function getSubscribedServices(): array
  29. {
  30. return array_merge(parent::getSubscribedServices(), [
  31. MailerInterface::class,
  32. AuthenticationUtils::class,
  33. UserPasswordHasherInterface::class,
  34. EmailFactory::class,
  35. TranslatorInterface::class,
  36. EventDispatcherInterface::class
  37. ]);
  38. }
  40. /**
  41. * @Route({
  42. * "nl": "/inloggen",
  43. * "de": "/anmelden",
  44. * "en": "/login"
  45. * }, name="boldr_users_login")
  46. */
  47. public function login(Request $request): Response
  48. {
  49. if ($this->getUser())
  50. {
  51. return $this->redirectToRoute('cms_home');
  52. }
  54. $form = $this->get('form.factory')->createNamedBuilder('', FormType::class, null, [
  55. 'translation_domain' => 'BoldrUsersBundle',
  56. 'csrf_field_name' => '_csrf_token',
  57. 'csrf_token_id' => 'authenticate'
  58. ])
  59. ->add('_username', TextType::class, [
  60. 'label' => 'username',
  61. 'attr' => [
  62. 'autofocus' => 'autofocus'
  63. ]
  64. ])
  65. ->add('_password', PasswordType::class, [
  66. 'label' => 'password'
  67. ])
  68. ->add('_remember_me', CheckboxType::class, [
  69. 'label' => 'remember_me',
  70. 'required' => false
  71. ])
  72. ->getForm();
  74. $authenticationUtils = $this->get(AuthenticationUtils::class);
  75. $error = $authenticationUtils->getLastAuthenticationError();
  76. $lastUsername = $authenticationUtils->getLastUsername();
  78. $form->get('_username')->setData($lastUsername);
  80. if ($error)
  81. {
  82. $form->addError(new FormError($this->get(TranslatorInterface::class)->trans($error->getMessageKey(), $error->getMessageData(), 'security')));
  83. }
  85. return $this->render('@BoldrUsers/login.html.twig', [
  86. 'error' => $error,
  87. 'form' => $form->createView()
  88. ]);
  89. }
  91. /**
  92. * @Route({
  93. * "nl": "/uitloggen",
  94. * "de": "/abmelden",
  95. * "en": "/logout"
  96. * }, name="boldr_users_logout")
  97. */
  98. public function logout()
  99. {
  100. throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
  101. }
  103. /**
  104. * @Route({
  105. * "en": "/forgot-password",
  106. * "nl": "/wachtwoord-vergeten",
  107. * "de": "/passwort-vergessen"
  108. * }, name="boldr_users_forgot_password")
  109. * @Route("/boldr-api/boldr-users/forgot-password", name="boldr_users_api_forgot_password")
  110. */
  111. public function forgotPassword(Request $request)
  112. {
  113. if ($this->getUser() !== null)
  114. {
  115. return $this->redirectToRoute('cms_home');
  116. }
  118. $form = $this->createForm(ForgotPasswordType::class);
  119. $form->handleRequest($request);
  121. if ($form->isSubmitted() && $form->isValid())
  122. {
  123. $userRepository = $this->getDoctrine()->getRepository(User::class);
  124. $user = $userRepository->createQueryBuilder('u')
  125. ->andWhere('u.username = ?1 OR u.emailAddress = ?1')
  126. ->setMaxResults(1)
  127. ->setParameter(1, $form['usernameOrEmailAddress']->getData())
  128. ->getQuery()
  129. ->getOneOrNullResult();
  131. if ($user !== null)
  132. {
  133. if ($user->getForgotPasswordToken() === null || $user->getTimeForgotPasswordTokenExpires() < new DateTimeImmutable)
  134. {
  135. $forgotPasswordToken = bin2hex(random_bytes(32));
  136. $timeForgotPasswordTokenExpires = (new DateTimeImmutable)->add(new DateInterval('PT24H'));
  138. $user->setForgotPasswordToken($forgotPasswordToken);
  139. $user->setTimeForgotPasswordTokenExpires($timeForgotPasswordTokenExpires);
  141. $this->getDoctrine()->getManager()->flush();
  142. }
  144. $email = $this->get(EmailFactory::class)->createForgotPasswordEmail($user);
  145. try
  146. {
  147. $this->get(MailerInterface::class)->send($email);
  148. }
  149. catch (\Exception $ex)
  150. {
  151. // could not send
  152. }
  153. }
  155. if (in_array('application/json', $request->getAcceptableContentTypes()))
  156. {
  157. return $this->json(['success' => true]);
  158. }
  160. return $this->render('@BoldrUsers/password-link-sent.html.twig');
  161. }
  163. return $this->render('@BoldrUsers/forgot-password.html.twig', [
  164. 'form' => $form->createView()
  165. ]);
  166. }
  168. /**
  169. * @Route({
  170. * "en": "/reset-password/{token}",
  171. * "nl": "/wachtwoord-opnieuw-instellen/{token}",
  172. * "de": "/passwort-zurucksetzen/{token}"
  173. * }, name="boldr_users_reset_password")
  174. * @Route("/boldr-api/boldr-users/reset-password", name="boldr_users_api_reset_password", methods={"POST"})
  175. */
  176. public function resetPassword(Request $request, ?string $token = null)
  177. {
  178. $isJsonRequest = in_array('application/json', $request->getAcceptableContentTypes());
  180. if ($token === null)
  181. {
  182. if (!$request->request->has('token'))
  183. {
  184. return $this->json(['success' => false, 'error' => 'missing_token_parameter']);
  185. }
  186. $token = $request->request->get('token');
  187. }
  189. $userRepository = $this->getDoctrine()->getRepository(User::class);
  190. $user = $userRepository->createQueryBuilder('u')
  191. ->andWhere('u.forgotPasswordToken = :token AND u.timeForgotPasswordTokenExpires >= :now')
  192. ->setParameter('token', $token)
  193. ->setParameter('now', new DateTimeImmutable)
  194. ->setMaxResults(1)
  195. ->getQuery()
  196. ->getOneOrNullResult();
  198. if ($user === null)
  199. {
  200. if ($isJsonRequest)
  201. {
  202. return $this->json(['success' => false, 'error' => 'invalid_or_expired_token']);
  203. }
  205. return $this->render('@BoldrUsers/reset-link-expired.html.twig');
  206. }
  208. $form = $this->createForm(ResetPasswordType::class, null, ['allow_extra_fields' => true]);
  209. $form->handleRequest($request);
  211. $newPassword = null;
  212. if ($form->isSubmitted() && $form->isValid())
  213. {
  214. $newPassword = $form['newPassword']->getData();
  215. }
  217. if ($request->request->has('new_password'))
  218. {
  219. $newPassword = $request->request->get('new_password');
  220. }
  222. if ($newPassword !== null)
  223. {
  224. $passwordHash = $this->get(UserPasswordHasherInterface::class)->hashPassword($user, $newPassword);
  225. $user->setPasswordHash($passwordHash);
  227. $user->setForgotPasswordToken(null);
  228. $user->setTimeForgotPasswordTokenExpires(null);
  230. $this->getDoctrine()->getManager()->flush();
  232. $event = new UserPasswordChangedEvent($user, $newPassword, true);
  233. $this->get(EventDispatcherInterface::class)->dispatch($event);
  235. $email = $this->get(EmailFactory::class)->createPasswordResetEmail($user);
  237. try
  238. {
  239. $this->get(MailerInterface::class)->send($email);
  240. }
  241. catch (\Exception $ex)
  242. {
  243. // could not send email
  244. }
  246. if ($isJsonRequest)
  247. {
  248. return $this->json(['success' => true]);
  249. }
  251. return $this->render('@BoldrUsers/password-reset.html.twig');
  252. }
  254. if ($isJsonRequest)
  255. {
  256. return $this->json(['success' => false, 'error' => 'missing_fields']);
  257. }
  259. return $this->render('@BoldrUsers/reset-password.html.twig', [
  260. 'form' => $form->createView()
  261. ]);
  262. }
  264. /**
  265. * @Route({
  266. * "en": "/confirm-email-address/{token}",
  267. * "nl": "/bevestig-email-adres/{token}",
  268. * "de": "/bestatige-email-adresse/{token}"
  269. * }, name="boldr_users_confirm_email_address")
  270. */
  271. public function confirmEmailAddress(Request $request, string $token): Response
  272. {
  273. $userRepository = $this->getDoctrine()->getRepository(User::class);
  274. $user = $userRepository->findOneBy([
  275. 'emailAddressIsConfirmed' => false,
  276. 'confirmEmailAddressToken' => $token
  277. ]);
  279. if ($user === null)
  280. {
  281. return $this->render('@BoldrUsers/invalid-confirm-token.html.twig');
  282. }
  284. $user->setEmailAddressIsConfirmed(true);
  285. $user->setConfirmEmailAddressToken(null);
  287. $this->getDoctrine()->getManager()->flush();
  289. if (in_array('application/json', $request->getAcceptableContentTypes()))
  290. {
  291. return $this->json(['success' => true]);
  292. }
  294. /** @FIXME Make sure it does not redirect to outside URL */
  295. if ($request->query->has('redirect'))
  296. {
  297. return $this->redirect($request->query->get('redirect'));
  298. }
  300. return $this->render('@BoldrUsers/confirmed.html.twig', [
  301. 'user' => $user
  302. ]);
  303. }
  305. /**
  306. * @Route({
  307. * "en": "/resend-confirmation-email",
  308. * "nl": "/verstuur-bevestigingsemail-opnieuw",
  309. * "de": "/bestatigungsmail-erneut-senden"
  310. * }, name="boldr_users_resend_confirmation_email")
  311. * @Route("/boldr-api/boldr-users/resend-confirmation-email", name="boldr_users_api_resend_confirmation_email")
  312. */
  313. public function resendConfirmationEmail(Request $request): Response
  314. {
  315. $this->denyAccessUnlessGranted('ROLE_USER');
  316. $isJsonRequest = in_array('application/json', $request->getAcceptableContentTypes());
  318. /** @var User */
  319. $user = $this->getUser();
  321. if ($user->getEmailAddressIsConfirmed())
  322. {
  323. if ($isJsonRequest)
  324. {
  325. return $this->json(['success' => false, 'error' => 'already_confirmed']);
  326. }
  328. return $this->render('@BoldrUsers/already-confirmed.html.twig');
  329. }
  331. // Generate a confirmation token if it does not exist yet
  332. if ($user->getConfirmEmailAddressToken() === null)
  333. {
  334. $confirmEmailAddressToken = bin2hex(random_bytes(32));
  335. $user->setConfirmEmailAddressToken($confirmEmailAddressToken);
  337. $this->getDoctrine()->getManager()->flush();
  338. }
  340. $email = $this->get(EmailFactory::class)->createResendConfirmationEmail($user);
  341. try
  342. {
  343. $this->get(MailerInterface::class)->send($email);
  344. }
  345. catch (\Exception $ex)
  346. {
  347. // could not send email
  348. }
  350. if ($isJsonRequest)
  351. {
  352. return $this->json(['success' => true]);
  353. }
  355. /** @FIXME Make sure it does not redirect to outside URL */
  356. if ($request->query->has('redirect'))
  357. {
  358. return $this->redirect($request->query->get('redirect'));
  359. }
  361. return $this->render('@BoldrUsers/confirmation-email-resent.html.twig');
  362. }
  364. }