src/Controller/ResetPasswordController.php line 66

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\Users;
  6. use App\Entity\PublisherCabinet\MafoPublisherCabinetManager;
  7. use App\Entity\AdvertiserCabinet\MafoAdvertiserCabinetManager;
  8. use App\Form\ChangePasswordFormType;
  9. use App\Form\ResetPasswordRequestFormType;
  10. use Doctrine\ORM\EntityManagerInterface;
  11. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  12. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  13. use Symfony\Component\Form\Extension\Core\Type\PasswordType;
  14. use Symfony\Component\HttpFoundation\RedirectResponse;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\Mailer\MailerInterface;
  18. use Symfony\Component\Mime\Address;
  19. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  20. use Symfony\Component\Routing\Annotation\Route;
  21. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  22. use Symfony\Contracts\Translation\TranslatorInterface;
  23. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  24. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  25. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  26. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  29. /**
  30. * @Route("/reset-password", name="reset_password_")
  31. */
  32. class ResetPasswordController extends AbstractController
  33. {
  34. use ResetPasswordControllerTrait;
  36. private ResetPasswordHelperInterface $userResetPasswordHelper;
  37. private ResetPasswordHelperInterface $mafoPublisherResetPasswordHelper;
  38. private ResetPasswordHelperInterface $mafoAdvertiserResetPasswordHelper;
  39. private EntityManagerInterface $entityManager;
  40. private $params;
  41. private string $publisherDomain;
  42. private string $advertiserDomain;
  45. public function __construct(
  46. ResetPasswordHelperInterface $userResetPasswordHelper,
  47. ResetPasswordHelperInterface $mafoPublisherResetPasswordHelper,
  48. ResetPasswordHelperInterface $mafoAdvertiserResetPasswordHelper,
  49. EntityManagerInterface $entityManager,
  50. ParameterBagInterface $params,
  51. ) {
  52. $this->userResetPasswordHelper = $userResetPasswordHelper;
  53. $this->mafoPublisherResetPasswordHelper = $mafoPublisherResetPasswordHelper;
  54. $this->mafoAdvertiserResetPasswordHelper = $mafoAdvertiserResetPasswordHelper;
  55. $this->entityManager = $entityManager;
  56. $this->params = $params;
  57. $this->publisherDomain = $params->get('publishers_subdomain');
  58. $this->advertiserDomain = $params->get('advertisers_subdomain');
  59. }
  61. /**
  62. * Display & process form to request a password reset.
  63. *
  64. * @Route("", name="app_forgot_password_request")
  65. */
  66. public function request(Request $request, MailerInterface $mailer, TranslatorInterface $translator): Response
  67. {
  69. $form = $this->createForm(ResetPasswordRequestFormType::class);
  70. $form->handleRequest($request);
  72. // Get the current domain from the request
  73. $domain = $request->getHost();
  75. $domainTemplates = [
  76. $this->publisherDomain => 'publisher/login/index.html.twig',
  77. $this->advertiserDomain => 'advertiser/login/index.html.twig',
  78. ];
  80. $layoutTemplate = $domainTemplates[$domain] ?? 'form_login.html.twig';
  83. if ($form->isSubmitted() && $form->isValid()) {
  84. return $this->processSendingPasswordResetEmail(
  85. $form->get('email')->getData(),
  86. $mailer,
  87. $translator,
  88. $request
  89. );
  90. }
  91. return $this->render('reset_password/request.html.twig', [
  92. 'requestForm' => $form->createView(),
  93. 'layoutTemplate' => $layoutTemplate,
  94. 'domain' => $domain,
  95. 'publisherDomain' => $this->publisherDomain,
  96. 'advertiserDomain' => $this->advertiserDomain,
  97. ]);
  98. }
  100. /**
  101. * Confirmation page after a user has requested a password reset.
  102. *
  103. * @Route("/check-email", name="app_check_email")
  104. */
  105. public function checkEmail(Request $request): Response
  106. {
  107. // Get the domain from the request
  108. $domain = $request->getHost();
  110. // Generate a fake token if the user does not exist or someone hit this page directly.
  111. // This prevents exposing whether or not a user was found with the given email address or not
  112. if (null === ($resetToken = $this->getTokenObjectFromSession())) {
  113. $resetToken = $this->userResetPasswordHelper->generateFakeResetToken();
  114. }
  116. return $this->render('reset_password/check_email.html.twig', [
  117. 'resetToken' => $resetToken,
  118. 'domain' => $domain,
  119. 'publisherDomain' => $this->publisherDomain,
  120. 'advertiserDomain' => $this->advertiserDomain,
  121. ]);
  122. }
  124. /**
  125. * Validates and process the reset URL that the user clicked in their email.
  126. *
  127. * @Route("/reset/{token}", name="app_reset_password")
  128. */
  129. public function reset(Request $request, UserPasswordHasherInterface $userPasswordHasher, TranslatorInterface $translator, string $token = null): Response
  130. {
  132. if ($token) {
  133. // We store the token in session and remove it from the URL, to avoid the URL being
  134. // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  135. $this->storeTokenInSession($token);
  137. return $this->redirectToRoute('reset_password_app_reset_password');
  138. }
  140. $token = $this->getTokenFromSession();
  141. if (null === $token) {
  142. throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  143. }
  145. $host = $request->getHost();
  147. $resetPasswordHelpers = [
  148. $this->publisherDomain => $this->mafoPublisherResetPasswordHelper,
  149. $this->advertiserDomain => $this->mafoAdvertiserResetPasswordHelper,
  150. 'default' => $this->userResetPasswordHelper,
  151. ];
  153. $resetPasswordHelper = $resetPasswordHelpers[$host] ?? $resetPasswordHelpers['default'];
  156. try {
  157. $user = $resetPasswordHelper->validateTokenAndFetchUser($token);
  158. } catch (ResetPasswordExceptionInterface $e) {
  159. $this->addFlash('reset_password_error', sprintf(
  160. '%s - %s',
  161. $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [], 'ResetPasswordBundle'),
  162. $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  163. ));
  165. return $this->redirectToRoute('reset_password_app_forgot_password_request');
  166. }
  168. // The token is valid; allow the user to change their password.
  169. $form = $this->createForm(ChangePasswordFormType::class);
  170. $form->handleRequest($request);
  172. if ($form->isSubmitted() && $form->isValid()) {
  173. // A password reset token should be used only once, remove it.
  174. $resetPasswordHelper->removeResetRequest($token);
  176. // Encode(hash) the plain password, and set it.
  177. $encodedPassword = $userPasswordHasher->hashPassword(
  178. $user,
  179. $form->get('plainPassword')->getData()
  180. );
  182. $user->setPassword($encodedPassword);
  183. $this->entityManager->flush();
  185. // The session is cleaned up after the password has been changed.
  186. $this->cleanSessionAfterReset();
  188. return $this->redirectToRoute('homepage');
  189. }
  191. return $this->render('reset_password/reset.html.twig', [
  192. 'resetForm' => $form->createView(),
  193. ]);
  194. }
  196. private function processSendingPasswordResetEmail(string $emailFormData, MailerInterface $mailer, TranslatorInterface $translator, Request $request): RedirectResponse
  197. {
  198. // $user = $this->entityManager->getRepository(Users::class)->findOneBy([
  199. // 'email' => $emailFormData,
  200. // ]);
  202. // Get the domain of the request
  203. $domain = $request->getHost();
  205. $entityMapping = [
  206. $this->publisherDomain => MafoPublisherCabinetManager::class,
  207. $this->advertiserDomain => MafoAdvertiserCabinetManager::class,
  208. 'default' => Users::class
  209. ];
  211. $helperMapping = [
  212. $this->publisherDomain => $this->mafoPublisherResetPasswordHelper,
  213. $this->advertiserDomain => $this->mafoAdvertiserResetPasswordHelper,
  214. 'default' => $this->userResetPasswordHelper
  215. ];
  217. $entityClass = $entityMapping[$domain] ?? $entityMapping['default'];
  218. $user = $this->entityManager->getRepository($entityClass)->findOneBy([
  219. 'email' => $emailFormData,
  220. ]);
  224. // Do not reveal whether a user account was found or not.
  225. if (!$user) {
  226. return $this->redirectToRoute('reset_password_app_check_email');
  227. }
  230. try {
  231. $resetHelper = $helperMapping[$domain] ?? $helperMapping['default'];
  233. $resetToken = $resetHelper->generateResetToken($user);
  234. } catch (ResetPasswordExceptionInterface $e) {
  235. // If you want to tell the user why a reset email was not sent, uncomment
  236. // the lines below and change the redirect to 'reset_password_app_forgot_password_request'.
  237. // Caution: This may reveal if a user is registered or not.
  238. //
  239. // $this->addFlash('reset_password_error', sprintf(
  240. // '%s - %s',
  241. // $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE, [], 'ResetPasswordBundle'),
  242. // $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  243. // ));
  245. return $this->redirectToRoute('reset_password_app_check_email');
  246. }
  248. $host = $request->getSchemeAndHttpHost();
  250. $email = (new TemplatedEmail())
  251. ->from(new Address('mafo@mobupps.com', 'MAFO Password Reset'))
  252. ->to($user->getEmail())
  253. ->subject('Your password reset request')
  254. ->htmlTemplate('reset_password/email.html.twig')
  255. ->context([
  256. 'resetToken' => $resetToken,
  257. 'host' => $host // Pass the host dynamically to the email template
  258. ]);
  260. $mailer->send($email);
  262. // Store the token object in session for retrieval in check-email route.
  263. $this->setTokenObjectInSession($resetToken);
  265. return $this->redirectToRoute('reset_password_app_check_email');
  266. }
  267. }