src/Controller/SecurityController.php line 57

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\User;
  6. use App\Event\UserForgotPasswordEvent;
  7. use App\Event\UserResetPasswordEvent;
  8. use Doctrine\ODM\MongoDB\DocumentManager;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  11. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  12. use Symfony\Component\HttpFoundation\JsonResponse;
  13. use Symfony\Component\HttpFoundation\RedirectResponse;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpFoundation\Response;
  16. use Symfony\Component\Routing\Annotation\Route;
  17. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  18. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  19. use Symfony\Component\Security\Core\Security;
  20. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  22. class SecurityController extends AbstractController
  23. {
  24.     /**
  25.      * @Route("/login", name="login", methods={"GET", "POST"})
  26.      * @param AuthenticationUtils $authenticationUtils
  27.      * @param AuthorizationCheckerInterface $authorizationChecker
  28.      * @return RedirectResponse|Response
  29.      */
  30.     public function login(AuthenticationUtils $authenticationUtilsAuthorizationCheckerInterface $authorizationChecker)
  31.     {
  32.         if ($authorizationChecker->isGranted('IS_AUTHENTICATED_FULLY')) {
  33.             return $this->redirectToRoute("index");
  34.         }
  36.         // get the login error if there is one
  37.         $error $authenticationUtils->getLastAuthenticationError();
  39.         // last username entered by the user
  40.         $lastUsername $authenticationUtils->getLastUsername();
  43.         $view $this->renderView('administration/security/login.html.twig', [
  44.             'last_username' => $lastUsername,
  45.             'error'         => $error,
  46.         ]);
  48.         return new Response($viewResponse::HTTP_OK, ['X-login-page' => '1']);
  49.     }
  51.     /**
  52.      * @Route("/recovery", name="recovery", methods={"GET", "POST"})
  53.      * @return RedirectResponse|Response
  54.      */
  55.     public function recovery()
  56.     {
  57.         $view $this->renderView('administration/security/recovery.html.twig');
  58.         return new Response($view);
  59.     }
  61.     /**
  62.      * @Route("/password_recovery",
  63.      *     condition="request.isXmlHttpRequest()",
  64.      *     name="password_recovery",
  65.      *     methods={"POST"},
  66.      *     options = { "expose" = true }
  67.      * )
  68.      *
  69.      * @param Request $request
  70.      * @param EntityManagerInterface $dm
  71.      * @param EventDispatcherInterface $eventDispatcher
  72.      * @return JsonResponse
  73.      * @throws \Exception
  74.      */
  75.     public function passwordRecovery(Request $requestEntityManagerInterface $dmEventDispatcherInterface $eventDispatcher)
  76.     {
  77.         $email $request->get('_username'false);
  78.         if (false === $email || !filter_var($emailFILTER_VALIDATE_EMAIL)) {
  79.             return new JsonResponse ([
  80.                 'status' => 'error',
  81.                 'messages' => 'INVALID_MAIL_ERROR'
  82.             ]);
  83.         }
  85.         if (!$user $dm->getRepository(User::class)->findOneBy(['email' => $email])) {
  86.             return new JsonResponse ([
  87.                 'status' => 'error',
  88.                 'messages' => 'MAIL_NOT_FOUND_ERROR'
  89.             ]);
  90.         }
  92.         $token rtrim(chunk_split(strtolower(md5(uniqid(random_bytes(32), true))), 8'-'), '-');
  94.         $user->setRegeneratePasswordToken($token);
  95.         $dm->persist($user);
  96.         $dm->flush();
  98.         $eventDispatcher->dispatch(new UserForgotPasswordEvent($user), UserForgotPasswordEvent::NAME);
  100.         return new JsonResponse([
  101.                 'status' => 'ok'
  102.             ]
  103.         );
  104.     }
  106.     /**
  107.      * @Route("/password_reset/{token}",
  108.      *     name="reset_user_password_with_token",
  109.      *     methods={"GET"},
  110.      *     options = { "expose" = true }
  111.      * )
  112.      *
  113.      * @param Request $request
  114.      * @param EntityManagerInterface $dm
  115.      * @return Response
  116.      * @throws \Exception
  117.      */
  118.     public function passwordReset(Request $requestEntityManagerInterface $dm$token)
  119.     {
  120.         $tokenExists true;
  121.         if (!$user $dm->getRepository(User::class)->findOneBy(['regeneratePasswordToken' => $token])) {
  122.             $tokenExists false;
  123.         }
  125.         $view $this->renderView('administration/security/reset.html.twig', ['token'=> $token'tokenExists' => $tokenExists]);
  127.         return new Response($view);
  128.     }
  130.     /**
  131.      * @Route("/password_reset_action/{token}",
  132.      *     condition="request.isXmlHttpRequest()",
  133.      *     name="password_reset_action",
  134.      *     methods={"POST"},
  135.      *     options = { "expose" = true }
  136.      * )
  137.      *
  138.      * @param Request $request
  139.      * @param EntityManagerInterface $dm
  140.      * @param EventDispatcherInterface $eventDispatcher
  141.      * @return JsonResponse
  142.      * @throws \Exception
  143.      */
  144.     public function passwordResetAction(Request $requestEntityManagerInterface $dmEventDispatcherInterface $eventDispatcherUserPasswordEncoderInterface $passwordEncoder,  $token)
  145.     {
  146.         $passwordOne $request->get('_password_1'false);
  147.         $passwordTwo $request->get('_password_2'false);
  149.         if ($passwordOne !== $passwordTwo){
  150.             return new JsonResponse ([
  151.                 'status' => 'error',
  152.                 'messages' => 'PASSWORD_MISMATCH'
  153.             ]);
  154.         }
  156.         if (!$user $dm->getRepository(User::class)->findOneBy(['regeneratePasswordToken' => $token])) {
  157.             return new JsonResponse ([
  158.                 'status' => 'error',
  159.                 'messages' => 'USER_NOT_FOUND_ERROR'
  160.             ]);
  161.         }
  163.         $user->setRegeneratePasswordToken('');
  164.         $user->setPassword($passwordEncoder->encodePassword($user$passwordOne));
  165.         $dm->persist($user);
  166.         $dm->flush();
  168.         $eventDispatcher->dispatch(new UserResetPasswordEvent($user), UserResetPasswordEvent::NAME);
  170.         return new JsonResponse([
  171.                 'status' => 'ok'
  172.             ]
  173.         );
  174.     }
  176.     /**
  177.      * @Route("/admin/change_password",
  178.      *     condition="request.isXmlHttpRequest()",
  179.      *     name="password_change_action",
  180.      *     methods={"POST"},
  181.      *     options = { "expose" = true }
  182.      * )
  183.      *
  184.      * @param Request $request
  185.      * @param EntityManagerInterface $dm
  186.      * @param EventDispatcherInterface $eventDispatcher
  187.      * @param UserPasswordEncoderInterface $passwordEncoder
  188.      * @param Security $security
  189.      * @return JsonResponse
  190.      */
  191.     public function passwordChangeAction(Request $requestEntityManagerInterface $dmEventDispatcherInterface $eventDispatcherUserPasswordEncoderInterface $passwordEncoderSecurity $security)
  192.     {
  193.         $oldPassword $request->get('_oldPassword'false);
  194.         $passwordOne $request->get('_password_1'false);
  195.         $passwordTwo $request->get('_password_2'false);
  197.         $user $security->getToken()->getUser();
  199.         if (!$passwordEncoder->isPasswordValid($user$oldPassword)){
  200.             return new JsonResponse ([
  201.                 'status' => 'error',
  202.                 'messages' => 'CURRENT_PASSWORD_INVALID'
  203.             ]);
  204.         }
  206.         if ($passwordOne !== $passwordTwo){
  207.             return new JsonResponse ([
  208.                 'status' => 'error',
  209.                 'messages' => 'PASSWORD_MISMATCH'
  210.             ]);
  211.         }
  213.         $user->setPassword($passwordEncoder->encodePassword($user$passwordOne));
  214.         $dm->persist($user);
  215.         $dm->flush();
  217.         $eventDispatcher->dispatch(new UserResetPasswordEvent($user), UserResetPasswordEvent::NAME);
  219.         return new JsonResponse([
  220.                 'status' => 'ok'
  221.             ]
  222.         );
  223.     }
  224. }