src/Controller/ResetPasswordController.php line 38

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\User;
  6. use App\Form\ChangePasswordFormType;
  7. use App\Form\ResetPasswordRequestFormType;
  8. use Doctrine\ORM\EntityManagerInterface;
  9. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  10. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  11. use Symfony\Component\HttpFoundation\RedirectResponse;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpFoundation\Response;
  14. use Symfony\Component\Mailer\MailerInterface;
  15. use Symfony\Component\Mime\Address;
  16. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  17. use Symfony\Component\Routing\Annotation\Route;
  18. use Symfony\Contracts\Translation\TranslatorInterface;
  19. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  20. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  21. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  23. #[Route('/reset-password')]
  24. class ResetPasswordController extends AbstractController
  25. {
  26. use ResetPasswordControllerTrait;
  28. public function __construct(
  29. private ResetPasswordHelperInterface $resetPasswordHelper,
  30. private EntityManagerInterface $entityManager
  31. ) {
  32. }
  34. /**
  35. * Display & process form to request a password reset.
  36. */
  37. #[Route('', name: 'app_forgot_password_request')]
  38. public function request(Request $request, MailerInterface $mailer, TranslatorInterface $translator): Response
  39. {
  40. $form = $this->createForm(ResetPasswordRequestFormType::class);
  41. $form->handleRequest($request);
  43. if ($form->isSubmitted() && $form->isValid()) {
  44. return $this->processSendingPasswordResetEmail(
  45. $form->get('email')->getData(),
  46. $mailer,
  47. $translator
  48. );
  49. }
  51. return $this->render('reset_password/request.html.twig', [
  52. 'requestForm' => $form->createView(),
  53. ]);
  54. }
  56. /**
  57. * Confirmation page after a user has requested a password reset.
  58. */
  59. #[Route('/check-email', name: 'app_check_email')]
  60. public function checkEmail(): Response
  61. {
  62. // Generate a fake token if the user does not exist or someone hit this page directly.
  63. // This prevents exposing whether or not a user was found with the given email address or not
  64. if (null === ($resetToken = $this->getTokenObjectFromSession())) {
  65. $resetToken = $this->resetPasswordHelper->generateFakeResetToken();
  66. }
  68. return $this->render('reset_password/check_email.html.twig', [
  69. 'resetToken' => $resetToken,
  70. ]);
  71. }
  73. /**
  74. * Validates and process the reset URL that the user clicked in their email.
  75. */
  76. #[Route('/reset/{token}', name: 'app_reset_password')]
  77. public function reset(Request $request, UserPasswordHasherInterface $passwordHasher, TranslatorInterface $translator, string $token = null): Response
  78. {
  79. if ($token) {
  80. // We store the token in session and remove it from the URL, to avoid the URL being
  81. // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  82. $this->storeTokenInSession($token);
  84. return $this->redirectToRoute('app_reset_password');
  85. }
  87. $token = $this->getTokenFromSession();
  88. if (null === $token) {
  89. throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  90. }
  92. try {
  93. $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  94. } catch (ResetPasswordExceptionInterface $e) {
  95. $this->addFlash('reset_password_error', sprintf(
  96. '%s - %s',
  97. $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [], 'ResetPasswordBundle'),
  98. $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  99. ));
  101. return $this->redirectToRoute('app_forgot_password_request');
  102. }
  104. // The token is valid; allow the user to change their password.
  105. $form = $this->createForm(ChangePasswordFormType::class);
  106. $form->handleRequest($request);
  108. if ($form->isSubmitted() && $form->isValid()) {
  109. // A password reset token should be used only once, remove it.
  110. $this->resetPasswordHelper->removeResetRequest($token);
  112. // Encode(hash) the plain password, and set it.
  113. $encodedPassword = $passwordHasher->hashPassword(
  114. $user,
  115. $form->get('plainPassword')->getData()
  116. );
  118. $user->setPassword($encodedPassword);
  119. $this->entityManager->flush();
  121. // The session is cleaned up after the password has been changed.
  122. $this->cleanSessionAfterReset();
  124. return $this->redirectToRoute('app_dashboard');
  125. }
  127. return $this->render('reset_password/reset.html.twig', [
  128. 'resetForm' => $form->createView(),
  129. ]);
  130. }
  132. private function processSendingPasswordResetEmail(string $emailFormData, MailerInterface $mailer, TranslatorInterface $translator): RedirectResponse
  133. {
  134. $user = $this->entityManager->getRepository(User::class)->findOneBy([
  135. 'email' => $emailFormData,
  136. ]);
  138. // Do not reveal whether a user account was found or not.
  139. if (!$user) {
  140. return $this->redirectToRoute('app_check_email');
  141. }
  143. try {
  144. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  145. } catch (ResetPasswordExceptionInterface $e) {
  146. // If you want to tell the user why a reset email was not sent, uncomment
  147. // the lines below and change the redirect to 'app_forgot_password_request'.
  148. // Caution: This may reveal if a user is registered or not.
  149. //
  150. // $this->addFlash('reset_password_error', sprintf(
  151. // '%s - %s',
  152. // $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE, [], 'ResetPasswordBundle'),
  153. // $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  154. // ));
  156. return $this->redirectToRoute('app_check_email');
  157. }
  159. $email = (new TemplatedEmail())
  160. ->from(new Address('info@happylauncher.com', 'Happy Launcher'))
  161. ->to($user->getEmail())
  162. ->subject('Your password reset request')
  163. ->htmlTemplate('reset_password/email.html.twig')
  164. ->context([
  165. 'resetToken' => $resetToken,
  166. ])
  167. ;
  169. $mailer->send($email);
  171. // Store the token object in session for retrieval in check-email route.
  172. $this->setTokenObjectInSession($resetToken);
  174. return $this->redirectToRoute('app_check_email');
  175. }
  176. }