src/Controller/SecurityController.php line 58

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Form\UserPasswordType;
  6. use App\Service\EmailService;
  7. use GuzzleHttp\Client;
  8. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  9. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  10. use Symfony\Component\Form\Extension\Core\Type\SubmitType;
  11. use Symfony\Component\HttpFoundation\Request;
  12. use Symfony\Component\HttpFoundation\Response;
  13. use Symfony\Component\Routing\Annotation\Route;
  14. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  15. use Symfony\Component\Form\Extension\Core\Type\EmailType;
  16. use Symfony\Component\Form\FormError;
  17. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  18. use Doctrine\ORM\EntityManagerInterface;
  19. use App\Entity\User;
  20. use Symfony\Contracts\Translation\TranslatorInterface;
  22. class SecurityController extends AbstractController
  23. {
  24.     private $em;
  25.     private $parameter;
  26.     private $encoder;
  27.     private $emailService;
  28.     private $translator;
  30.     public function __construct(
  31.         EntityManagerInterface $em,
  32.         ParameterBagInterface $parameter,
  33.         UserPasswordEncoderInterface $encoder,
  34.         EmailService $emailService,
  35.         TranslatorInterface $translator
  36.     )
  37.     {
  38.         $this->em $em;
  39.         $this->parameter $parameter;
  40.         $this->encoder $encoder;
  41.         $this->emailService $emailService;
  42.         $this->translator $translator;
  43.     }
  45.     /**
  46.      * @Route("/{_locale}/login", name="login")
  47.      */
  48.     public function login(Request $requestAuthenticationUtils $authUtils)
  49.     {
  50.         // get the login error if there is one
  51.         $error $authUtils->getLastAuthenticationError();
  53.         // last username entered by the user
  54.         $lastUsername $authUtils->getLastUsername();
  55.         return $this->render('security/login.html.twig', array(
  56.             'last_username' => $lastUsername,
  57.             'error'         => $error,
  58.             'redirect' => $request->getSession()->get('redirect_uri')
  59.         ));
  60.     }
  62.     /**
  63.      * @Route("/json_login", name="json_login", methods={"POST"})
  64.      */
  65.     public function loginJson(Request $request)
  66.     {
  67.         return $this->json([
  68.                 'user' => $this->getUser() ? $this->getUser()->getId() : null]
  69.         );
  70.     }
  72.     /**
  73.      * Oops, I forgot my password!
  74.      * @Route("/{_locale}/forgot_password", name="forgot_password")
  75.      */
  76.     public function forgotPassword(Request $request)
  77.     {
  78.         // make form
  79.         $form $this->createFormBuilder()
  80.             ->add('email'EmailType::class, array(
  81.                 'label' => 'label.email',
  82.                 'label_attr' => [
  83.                     'class' => 'visually-hidden'
  84.                 ],
  85.                 'attr' => [
  86.                     'placeholder' => 'label.email',
  87.                     'class' => 'form-control',
  88.                     'autofocus' => true
  89.                 ]
  90.             ))
  91.             ->getForm()
  92.         ;
  94.         $form->handleRequest($request);
  96.         if ($form->isSubmitted() && $form->isValid()) {
  98.             // get corresponding user
  99.             $email $form->getData()["email"];
  100.             $user $this->em->getRepository(User::class)->findOneBy(['email' => $email]);
  102.             if ($user) {
  103.                 // if user exists then send mail for resetting password
  104.                 $this->emailService->sendNouveauMDPMail($user$request->getLocale());
  105.                 return $this->render("default/simple.html.twig", array(
  106.                     "content" => "connect.mail.sent",
  107.                 ));
  108.             }
  110.             // get back to email form, maybe it's a typo
  111.             $form->get('email')->addError(new FormError($this->translator->trans('connect.no.user.found')));
  113.         }
  115.         // form rendering
  116.         return $this->render('security/forgot_password.html.twig', array(
  117.             'form' => $form->createView(),
  118.         ));
  119.     }
  121.     /**
  122.      * Reset a password, given a token and an email. (see forgotPassword function)
  123.      * @Route("/{_locale}/adduser_password", name="adduser_password")
  124.      */
  125.     public function addUserPassword(Request $request)
  126.     {
  127.         $pass $this->randomPassword();
  128.         return $this->genPassword($request,$pass, [
  129.             'route' => 'adduser_password',
  130.             'content_captcha_valide' => $this->translator->trans('connect.your.password.is') . ' : ' $pass
  131.         ]);
  132.     }
  134.     /**
  135.      * Reset a password, given a token and an email. (see forgotPassword function)
  136.      * @Route("/{_locale}/reset_password", name="reset_password")
  137.      */
  138.     public function resetPassword(Request $request)
  139.     {
  140.         $generatePassOnReset getenv("GENERATE_PASS_ON_RESET") === "false" false true;
  142.         if ($generatePassOnReset) {
  144.             // User is given a random password
  145.             $pass $this->randomPassword();
  146.             return $this->genPassword($request$pass, [
  147.                 'route' => 'reset_password',
  148.                 'content_captcha_valide' => $this->translator->trans('connect.your.new.password.is') . ' : ' $pass
  149.             ]);
  150.         } else {
  152.             // User can write its own new password
  153.             return $this->formChangePassword($request);
  154.         }
  155.     }
  157.     private function genPassword($request$password$options){
  158.         $email $request->query->get('email'); // no use urlencode if you need your url is redirect bad
  159.         $token $request->query->get('token');
  160.         $captcha_token $request->request->get("g-recaptcha-response");
  162.         if ($captcha_token && $this->isValid($captcha_token)) {
  163.             // reset password
  164.             // get user
  165.             /** @var User $user */
  166.             $user $this->em->getRepository(User::class)->findByTokenAndEmail($token$email);
  168.             // aucun utilisateur correspondant
  169.             if (!$user) {
  170.                 return $this->render("security/client-error.html.twig", ["error_message" => "connect.invalid.link"]);
  171.             }
  173.             // Changement mdp
  174.             $user->setPassword($this->encoder->encodePassword($user$password));
  175.             $user->setResetToken(null);
  176.             $user->setResetDate(new \DateTime());
  177.             if ($user->getActivatedAt() == null) {
  178.                 $user->setActivatedAt(new \DateTime());
  179.                 $user->setIsActive(true);
  180.             }
  181.             if ($options['route'] === 'adduser_password') {
  182.                 $user->setIsActive(true);
  183.             }
  185.             $this->em->flush();
  187.             // On redirige vers la page d'accueil
  188.             return $this->render("default/simple.html.twig", array(
  189.                 "content" => $options['content_captcha_valide'],
  190.                 "redirect_url" => getenv("RESET_PASS_URL_REDIRECT"),
  191.             ));
  192.         }
  194.         // show captcha
  195.         return $this->render("security/reset_password_captcha.html.twig", array(
  196.             "email" => $email,
  197.             "token" => $token,
  198.             "key" => $this->parameter->get('captcha_key'),
  199.             "route" => $options['route']
  200.         ));
  201.     }
  203.     private function formChangePassword(Request $request): Response
  204.     {
  205.         $email $request->query->get('email');
  206.         $token $request->query->get('token');
  208.         // Given a token & mail, check if an user corresponds
  209.         /** @var User $user */
  210.         $user $this->em->getRepository(User::class)->findByTokenAndEmail($token$email);
  212.         // No user found, token is invalid
  213.         if (!$user) {
  214.             return $this->render("security/client-error.html.twig", ["error_message" => "connect.invalid.link"]);
  215.         }
  217.         // Build form
  218.         $form $this->createForm(UserPasswordType::class, $user, [
  219.             "action" => $request->getUri(),
  220.         ]);
  222.         $form->handleRequest($request);
  224.         // Form processing
  225.         if ($form->isSubmitted() && $form->isValid()) {
  227.             $user->setPassword($this->encoder->encodePassword($user$user->getPlainPassword()));
  228.             if ($user->getActivatedAt() == null) {
  229.                 $user->setActivatedAt(new \DateTime());
  230.                 $user->setIsActive(true);
  231.             }
  232.             $this->em->persist($user);
  233.             $this->em->flush();
  237.             $customRedirectUrl getenv("RESET_PASS_URL_REDIRECT");
  239.             if ($customRedirectUrl) {
  240.                 // On redirige vers l'url personnalisée
  241.                 return $this->redirect($customRedirectUrl);
  242.             } else {
  243.                 // On redirige vers le login
  244.                 return $this->render("security/login.html.twig", [
  245.                     "success_msg" => "security.label.password_changed_success",
  246.                     "error" => false,
  247.                     "last_username" => "",
  248.                 ]);
  249.             }
  250.         }
  252.         return $this->render("security/change_password.html.twig", [
  253.            "form" => $form->createView(),
  254.         ]);
  255.     }
  257.     /**
  258.      * Generates random password.
  259.      * @see https://stackoverflow.com/questions/4356289/php-random-string-generator/31107425#31107425
  260.      */
  261.     private function randomPassword()
  262.     {
  263.         $keyspace "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ&*";
  264.         $pieces = [];
  265.         $max mb_strlen($keyspace'8bit') - 1;
  266.         for ($i 0$i 10; ++$i) {
  267.             $pieces []= $keyspace[random_int(0$max)];
  268.         }
  269.         return implode(''$pieces);
  270.     }
  272.     private function isValid($token)
  273.     {
  274.         $client = new Client();
  276.         $url "https://www.google.com/recaptcha/api/siteverify?secret=" $this->parameter->get('captcha_secret') . "&response=" $token;
  277.         $response $client->get($url);
  278.         $json json_decode($response->getBody(),true);
  279.         return $json["success"];
  280.     }
  281. }