src/Controller/ResetPasswordController.php line 45

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Repository\UserRepository;
  6. use App\Form\ChangePasswordFormType;
  7. use App\Form\ResetPasswordRequestFormType;
  8. use App\Service\EmailService;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  11. use Symfony\Component\HttpFoundation\Request;
  12. use Symfony\Component\HttpFoundation\Response;
  13. use Symfony\Component\Routing\Annotation\Route;
  14. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  15. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  16. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  17. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  18. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  19. use SymfonyCasts\Bundle\ResetPassword\Exception\TooManyPasswordRequestsException;
  22. #[Route('/reset-password')]
  23. class ResetPasswordController extends AbstractController
  24. {
  25. use ResetPasswordControllerTrait;
  27. private ResetPasswordHelperInterface $resetPasswordHelper;
  28. private EntityManagerInterface $entityManager;
  29. private EmailService $emailService;
  31. public function __construct(
  32. ResetPasswordHelperInterface $resetPasswordHelper,
  33. EntityManagerInterface $entityManager,
  34. EmailService $emailService
  35. ) {
  36. $this->resetPasswordHelper = $resetPasswordHelper;
  37. $this->entityManager = $entityManager;
  38. $this->emailService = $emailService;
  39. }
  41. /**
  42. * Demande de reset password
  43. */
  44. #[Route('', name: 'app_forgot_password_request')]
  45. public function request(
  46. Request $request,
  47. UserRepository $userRepository
  48. ): Response {
  50. $form = $this->createForm(
  51. ResetPasswordRequestFormType::class
  52. );
  54. $form->handleRequest($request);
  56. if (
  57. $form->isSubmitted()
  58. && $form->isValid()
  59. ) {
  61. $email = $form
  62. ->get('email')
  63. ->getData();
  65. $user = $userRepository->findOneBy([
  66. 'email' => $email
  67. ]);
  69. // sécurité : ne jamais dire si email existe ou non
  70. // sécurité : ne jamais dire si email existe ou non
  71. if (!$user) {
  72. return $this->redirectToRoute('app_check_email');
  73. }
  75. // Générer token (AVEC PROTECTION)
  76. try {
  78. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  80. } catch (TooManyPasswordRequestsException $e) {
  82. $this->addFlash(
  83. 'error',
  84. 'Vous avez déjà demandé un lien récemment. Veuillez attendre avant de réessayer.'
  85. );
  87. return $this->redirectToRoute('app_forgot_password_request');
  88. }
  90. // Générer lien absolu
  91. $link = $this->generateUrl(
  92. 'app_reset_password',
  93. [
  94. 'token' => $resetToken->getToken()
  95. ],
  96. UrlGeneratorInterface::ABSOLUTE_URL
  97. );
  99. // Envoi email via PHPMailer
  100. $this->emailService
  101. ->EnvoiResetPassword(
  102. $user->getEmail(),
  103. $user->getPrenom().' '.$user->getNom(),
  104. $link
  105. );
  107. // stocker token en session
  108. $this->setTokenObjectInSession(
  109. $resetToken
  110. );
  112. return $this->redirectToRoute(
  113. 'app_check_email'
  114. );
  115. }
  117. return $this->render(
  118. 'reset_password/request.html.twig',
  119. [
  120. 'requestForm' => $form->createView(),
  121. ]
  122. );
  123. }
  125. /**
  126. * Message après demande
  127. */
  128. #[Route('/check-email', name: 'app_check_email')]
  129. public function checkEmail(): Response
  130. {
  131. return $this->render(
  132. 'reset_password/check_email.html.twig'
  133. );
  134. }
  136. /**
  137. * Réinitialisation mot de passe
  138. */
  139. #[Route('/reset/{token}', name: 'app_reset_password')]
  140. public function reset(
  141. Request $request,
  142. UserPasswordHasherInterface $passwordHasher,
  143. ?string $token = null
  144. ): Response {
  146. if ($token) {
  148. $this->storeTokenInSession(
  149. $token
  150. );
  152. return $this->redirectToRoute(
  153. 'app_reset_password'
  154. );
  155. }
  157. $token = $this
  158. ->getTokenFromSession();
  160. if (null === $token) {
  161. throw $this
  162. ->createNotFoundException(
  163. 'No reset token found.'
  164. );
  165. }
  167. try {
  169. $user = $this
  170. ->resetPasswordHelper
  171. ->validateTokenAndFetchUser(
  172. $token
  173. );
  175. } catch (
  176. ResetPasswordExceptionInterface $e
  177. ) {
  179. $this->addFlash(
  180. 'reset_password_error',
  181. sprintf(
  182. '%s - %s',
  183. $e->getReason(),
  184. $e->getReasonData()
  185. )
  186. );
  188. return $this->redirectToRoute(
  189. 'app_forgot_password_request'
  190. );
  191. }
  193. $form = $this->createForm(
  194. ChangePasswordFormType::class
  195. );
  197. $form->handleRequest($request);
  199. if (
  200. $form->isSubmitted()
  201. && $form->isValid()
  202. ) {
  204. // supprimer token
  205. $this
  206. ->resetPasswordHelper
  207. ->removeResetRequest(
  208. $token
  209. );
  211. $plainPassword = $form
  212. ->get('plainPassword')
  213. ->getData();
  215. // hash password
  216. $user->setPassword(
  217. $passwordHasher
  218. ->hashPassword(
  219. $user,
  220. $plainPassword
  221. )
  222. );
  224. // nettoyage ancien FOSUser
  225. /* if (
  226. method_exists(
  227. $user,
  228. 'setSalt'
  229. )
  230. ) {
  231. $user->setSalt(null);
  232. }*/
  234. $this
  235. ->entityManager
  236. ->flush();
  238. // vider session token
  239. $this
  240. ->cleanSessionAfterReset();
  242. $this->addFlash(
  243. 'success',
  244. 'Mot de passe modifié avec succès.'
  245. );
  247. return $this->redirectToRoute(
  248. 'login'
  249. );
  250. }
  252. return $this->render(
  253. 'reset_password/reset.html.twig',
  254. [
  255. 'resetForm' => $form->createView(),
  256. ]
  257. );
  258. }
  259. }