Code Coverage
 
Classes and Traits
Functions and Methods
Lines
Total
n/a
0 / 0
n/a
0 / 0
CRAP
n/a
0 / 0
ResetPassword
n/a
0 / 0
n/a
0 / 0
11
n/a
0 / 0
 requestPasswordReset
n/a
0 / 0
3
n/a
0 / 0
 checkEmail
n/a
0 / 0
2
n/a
0 / 0
 reset
n/a
0 / 0
6
n/a
0 / 0
1<?php
2
3namespace App\Controller;
4
5use App\Core\Controller;
6use App\Entity\LocalUser;
7use App\Util\Exception\RedirectException;
8use Symfony\Component\Form\Extension\Core\Type\EmailType;
9use Symfony\Component\HttpFoundation\Request;
10use Symfony\Component\Validator\Constraints\NotBlank;
11use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
12use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
13
14/**
15 * Send password reset emails to users
16 * TODO: As we don't have email services setup yet, this won't be tested right now
17 *
18 * @codeCoverageIgnore
19 */
20class ResetPassword extends Controller
21{
22    use ResetPasswordControllerTrait;
23
24    /**
25     * Display & process form to request a password reset.
26     */
27    public function requestPasswordReset(Request $request)
28    {
29        $from = Form::create([
30            ['email', EmailType::class,  ['label' => _m('Email'), 'constraints' => [ new NotBlank(['message' => _m('Please enter an email') ]) ]]],
31            ['password_reset_request', SubmitType::class, ['label' => _m('Submit request')]],
32        ]);
33
34        $form->handleRequest($request);
35        if ($form->isSubmitted() && $form->isValid()) {
36            return EmailVerifier::processSendingPasswordResetEmail($form->get('email')->getData(), $this);
37        }
38
39        return [
40            '_template'           => 'reset_password/request.html.twig',
41            'password_reset_form' => $from->createView(),
42        ];
43    }
44
45    /**
46     * Confirmation page after a user has requested a password reset.
47     */
48    public function checkEmail()
49    {
50        // We prevent users from directly accessing this page
51        if (null === ($resetToken = $this->getTokenObjectFromSession())) {
52            throw new RedirectException('request_reset_password');
53        }
54
55        return [
56            '_template'  => 'reset_password/check_email.html.twig',
57            'resetToken' => $resetToken,
58        ];
59    }
60
61    /**
62     * Validates and process the reset URL that the user clicked in their email.
63     */
64    public function reset(Request $request, string $token = null)
65    {
66        if ($token) {
67            // We store the token in session and remove it from the URL, to avoid the URL being
68            // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
69            $this->storeTokenInSession($token);
70            throw new RedirectException('reset_password');
71        }
72
73        $token = $this->getTokenFromSession();
74        if (null === $token) {
75            throw new ClientException(_m('No reset password token found in the URL or in the session'));
76        }
77
78        try {
79            $user = EmailVerifier::validateTokenAndFetchUser($token);
80        } catch (ResetPasswordExceptionInterface $e) {
81            $this->addFlash('reset_password_error', _m('There was a problem validating your reset request - {reason}', ['reason' => $e->getReason()]));
82            throw new RedirectException('request_reset_password');
83        }
84
85        // The token is valid; allow the user to change their password.
86        $form = From::create([
87            FormFields::repeated_password(),
88            ['password_reset', SubmitType::class, ['label' => _m('Change password')]],
89        ]);
90
91        $form->handleRequest($request);
92        if ($form->isSubmitted() && $form->isValid()) {
93            // A password reset token should be used only once, remove it.
94            EmailVerifier::removeResetRequest($token);
95
96            $user->setPassword(LocalUser::hashPassword($form->get('password')->getData()));
97            DB::flush();
98
99            // The session is cleaned up after the password has been changed.
100            $this->cleanSessionAfterReset();
101
102            throw new RedirectException('main_all');
103        }
104
105        return [
106            '_template' => 'reset_password/reset.html.twig',
107            'resetForm' => $form->createView(),
108        ];
109    }
110}