src/AppBundle/Controller/Customer/PasswordResetController.php line 27

Open in your IDE?
  1. <?php
  3. namespace AppBundle\Controller\Customer;
  5. use AppBundle\Email\ResetConfirmMail;
  6. use AppBundle\Email\ResetMail;
  7. use AppBundle\Form\Customer\ResetConfirmType;
  8. use AppBundle\Form\Customer\ResetType;
  9. use AppBundle\Repository\CustomerRepository;
  10. use Doctrine\ORM\EntityManagerInterface;
  11. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  12. use Symfony\Component\HttpFoundation\RedirectResponse;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  15. use Symfony\Component\Routing\Annotation\Route;
  17. class PasswordResetController extends AbstractController
  18. {
  19.     public function __construct(
  20.         private string $passwordResetTokenTimespan,
  21.         private EntityManagerInterface $entityManager,
  22.         private CustomerRepository $customerRepository
  23.     ) {
  24.     }
  26.     #[Route(path'/password/reset'name'reset')]
  27.     public function editAction(Request $requestResetMail $resetMail)
  28.     {
  29.         $form $this->createForm(ResetType::class);
  30.         $form->handleRequest($request);
  31.         if ($form->isSubmitted() && $form->isValid()) {
  32.             $customer $this->customerRepository->findOneBy(['email' => $form->get('email')->getData()]);
  33.             if ($customer) {
  34.                 // reset token if invalid
  35.                 if (
  36.                     null != $customer->getPasswordResetTokenValidDate() &&
  37.                     (new \DateTime(date('Y-m-d H:i:s')))->format('Y-m-d H:i:s') > $customer->getPasswordResetTokenValidDate()->format('Y-m-d H:i:s')) {
  38.                     $customer->setPasswordResetToken(null);
  39.                     $customer->setPasswordResetTokenValidDate(null);
  40.                 }
  42.                 // send reset mail if no valid token is set
  43.                 if (
  44.                     null == $customer->getPasswordResetToken() &&
  45.                     null == $customer->getPasswordResetTokenValidDate()
  46.                 ) {
  47.                     // token is only 30 minutes valid
  48.                     $customer->setPasswordResetToken(bin2hex(random_bytes(20)));
  49.                     $customer->setPasswordResetTokenValidDate(
  50.                         (new \DateTime(date('Y-m-d H:i:s')))
  51.                             ->add(\DateInterval::createFromDateString('+'.$this->passwordResetTokenTimespan.' minutes'))
  52.                     );
  53.                     // dont update the timestamps
  54.                     // these changes are only technical and not explicitlly done by the user
  55.                     $customer->disableUpdateTimestamps();
  57.                     // save user
  58.                     $this->entityManager->persist($customer);
  59.                     $this->entityManager->flush();
  61.                     // send reset mail
  62.                     $resetMail
  63.                         ->setTo([$customer->getEmail() => $customer->getEmail()])
  64.                         ->addMessage(
  65.                             'Gericke Buchungsassistent - Passwort ändern / zurücksetzen',
  66.                             ['customer' => $customer]
  67.                         )
  68.                         ->send();
  69.                 }
  70.             }
  72.             // show the success page, always
  73.             // we don't want the customer to know which email addresses exist at this point
  74.             $this->addFlash('info''security.password.reset_send');
  76.             return new RedirectResponse($this->generateUrl('login'));
  77.         }
  79.         return $this->render('Customer/reset.html.twig', [
  80.             'form' => $form->createView(),
  81.         ]);
  82.     }
  84.     #[Route(path'/password/reset/confirm'name'reset.confirm')]
  85.     public function saveAction(
  86.         Request $request,
  87.         ResetConfirmMail $resetConfirmMail,
  88.         UserPasswordHasherInterface $userPasswordEncoder
  89.     ) {
  90.         $customer null;
  91.         if (
  92.             $this->isGranted('IS_AUTHENTICATED_FULLY') ||
  93.             $this->isGranted('ROLE_USER')
  94.         ) {
  95.             $customer $this->getUser();
  96.         } else {
  97.             // if a customer submits a valid token -> use this user
  98.             if ($request->query->has('token')) {
  99.                 $customer $this->customerRepository->findOneBy(['passwordResetToken' => $request->query->get('token')]);
  100.                 if ($customer) {
  101.                     if (
  102.                         null != $customer->getPasswordResetTokenValidDate() &&
  103.                         (new \DateTime(date('Y-m-d H:i:s')))->format('Y-m-d H:i:s') > $customer->getPasswordResetTokenValidDate()->format('Y-m-d H:i:s')
  104.                     ) {
  105.                         $customer->setPasswordResetToken(null);
  106.                         $customer->setPasswordResetTokenValidDate(null);
  107.                         $this->entityManager->persist($customer);
  108.                         $this->entityManager->flush();
  109.                         $customer null;
  110.                     }
  111.                 } else {
  112.                     $customer null;
  113.                 }
  114.             }
  115.         }
  116.         // customer could be found
  117.         if ($customer) {
  118.             $form $this->createForm(ResetConfirmType::class, $customer);
  119.             $form->handleRequest($request);
  120.             if ($form->isSubmitted() && $form->isValid()) {
  121.                 // change password
  122.                 $password $userPasswordEncoder
  123.                     ->hashPassword(
  124.                         $customer,
  125.                         $form->get('plainPassword')->getData()
  126.                     );
  127.                 $customer->setPassword($password);
  129.                 // reset password_reset
  130.                 $customer->setPasswordResetToken(null);
  131.                 $customer->setPasswordResetTokenValidDate(null);
  133.                 // save customer
  135.                 $this->entityManager->persist($customer);
  136.                 $this->entityManager->flush();
  138.                 // send confirm mail
  139.                 $resetConfirmMail
  140.                     ->setTo([$customer->getEmail() => $customer->getEmail()])
  141.                     ->addMessage(
  142.                         'Gericke Buchungsassistenten - Passwort erfolgreich geändert',
  143.                         ['customer' => $customer]
  144.                     )
  145.                     ->send();
  147.                 $this->addFlash('success''security.password.reset_success');
  149.                 if (
  150.                     $this->isGranted('IS_AUTHENTICATED_FULLY') ||
  151.                     $this->isGranted('ROLE_USER')
  152.                 ) {
  153.                     return new RedirectResponse($this->generateUrl('dashboard'));
  154.                 }
  156.                 return new RedirectResponse($this->generateUrl('login'));
  157.             }
  159.             return $this->render('Customer/resetConfirm.html.twig', [
  160.                 'form' => $form->createView(),
  161.             ]);
  162.         }
  163.         // show error page
  164.         $this->addFlash('error''Es ist ein Fehler aufgetreten.');
  166.         return new RedirectResponse($this->generateUrl('dashboard'));
  167.     }
  168. }