src/OceanExpertBundle/Controller/ResettingController.php line 61

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the FOSUserBundle package.
  5.  *
  6.  * (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace OceanExpertBundle\Controller;
  14. use DateTime;
  15. use FOS\UserBundle\Event\FilterUserResponseEvent;
  16. use FOS\UserBundle\Event\FormEvent;
  17. use FOS\UserBundle\Event\GetResponseUserEvent;
  18. use FOS\UserBundle\Form\Factory\FactoryInterface;
  19. use FOS\UserBundle\Form\Factory\FormFactory;
  20. use FOS\UserBundle\FOSUserEvents;
  21. use FOS\UserBundle\Mailer\MailerInterface;
  22. use FOS\UserBundle\Model\UserInterface;
  23. use FOS\UserBundle\Model\UserManagerInterface;
  24. use FOS\UserBundle\Util\TokenGenerator;
  25. use FOS\UserBundle\Util\TokenGeneratorInterface;
  26. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  27. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  28. use Symfony\Component\HttpFoundation\JsonResponse;
  29. use Symfony\Component\HttpFoundation\RedirectResponse;
  30. use Symfony\Component\HttpFoundation\Request;
  31. use Symfony\Component\HttpFoundation\Response;
  33. /**
  34.  * Controller managing the resetting of the password
  35.  *
  36.  * @author Thibault Duplessis <thibault.duplessis@gmail.com>
  37.  * @author Christophe Coevoet <stof@notk.org>
  38.  */
  39. class ResettingController extends AbstractController
  40. {
  41.     private TokenGenerator $fosTokenGenerator;
  42.     private MailerInterface $fosMailer;
  43.     private UserManagerInterface $fosUserManager;
  44.     private FormFactory $fosResettingFormFactory;
  46.     public function __construct(
  47.         TokenGenerator       $fosTokenGenerator,
  48.         MailerInterface      $fosMailer,
  49.         UserManagerInterface $fosUserManager,
  50.         FormFactory $fosResettingFormFactory
  51.     ) {
  52.         $this->fosTokenGenerator $fosTokenGenerator;
  53.         $this->fosMailer $fosMailer;
  54.         $this->fosUserManager $fosUserManager;
  55.         $this->fosResettingFormFactory $fosResettingFormFactory;
  56.     }
  58.     /**
  59.      * Request reset user password: show form
  60.      */
  61.     public function requestAction(): Response
  62.     {
  63.         return $this->render('Resetting/request.html.twig');
  64.     }
  66.     /**
  67.      * Request reset user password: submit form and send email
  68.      */
  69.     public function sendEmailAction(Request $request): Response
  70.     {
  71.         $username $request->request->get('username');
  73.         /** @var $user UserInterface */
  74.         $user $this->fosUserManager->findUserByUsernameOrEmail($username);
  76.         if (null === $user) {
  77.             return $this->render(
  78.                 'Resetting/request.html.twig',
  79.                 array(
  80.                     'invalid_username' => $username
  81.                 )
  82.             );
  83.         }
  85.         if ($user->isPasswordRequestNonExpired($this->container->getParameter('fos_user.resetting.token_ttl'))) {
  86.             return $this->render(
  87.                 'Default/error.html.twig',
  88.                 array(
  89.                     'message' => 'The password for this user has already been requested within the last 30 minutes.'
  90.                 )
  91.             );
  92.         }
  94.         if (null === $user->getConfirmationToken()) {
  95.             /**
  96.              * @var $tokenGenerator TokenGeneratorInterface
  97.              */
  98. //            $tokenGenerator = $this->get('fos_user.util.token_generator');
  99.             $tokenGenerator $this->fosTokenGenerator;
  100.             $user->setConfirmationToken($tokenGenerator->generateToken());
  101.         }
  104. //        $this->get('fos_user.mailer')->sendResettingEmailMessage($user);
  105.         $this->fosMailer->sendResettingEmailMessage($user);
  106.         $user->setPasswordRequestedAt(new DateTime());
  107. //        $this->get('fos_user.user_manager')->updateUser($user);
  108.         $this->fosUserManager->updateUser($user);
  110.         return new RedirectResponse($this->generateUrl('fos_user_resetting_check_email',
  111.             array('email' => $this->getObfuscatedEmail($user))
  112.         ));
  113.     }
  115.     /**
  116.      * Get the truncated email displayed when requesting the resetting.
  117.      *
  118.      * The default implementation only keeps the part following @ in the address.
  119.      *
  120.      * @param UserInterface $user
  121.      *
  122.      * @return string
  123.      */
  124.     protected function getObfuscatedEmail(UserInterface $user)
  125.     {
  126.         $email $user->getEmail();
  127.         if (false !== $pos strpos($email'@')) {
  128.             $email '...' substr($email$pos);
  129.         }
  131.         return $email;
  132.     }
  134.     /**
  135.      * Tell the user to check his email provider
  136.      */
  137.     public function checkEmailAction(Request $request): Response
  138.     {
  139.         $email $request->query->get('email');
  141.         if (empty($email)) {
  142.             // the user does not come from the sendEmail action
  143.             return new RedirectResponse($this->generateUrl('fos_user_resetting_request'));
  144.         }
  146.         return $this->render('Resetting/checkEmail.html.twig', array(
  147.             'email' => $email,
  148.         ));
  149.     }
  151.     /**
  152.      * Reset user password
  153.      */
  154.     public function resetAction(Request $request$token): Response
  155.     {
  156.         /**
  157.          * @var $dispatcher EventDispatcherInterface
  158.          */
  159.         $dispatcher $this->get('event_dispatcher');
  161.         $user $this->fosUserManager->findUserByConfirmationToken($token);
  163.         if (null === $user) {
  164.             return $this->render(
  165.                 'Default/error.html.twig',
  166.                 array(
  167.                     'message' => 'Invalid token or the token already has been used to reset the password. 
  168.                     Please try resetting password again.'
  169.                 )
  170.             );
  171.         }
  173.         $event = new GetResponseUserEvent($user$request);
  174.         $dispatcher->dispatch(FOSUserEvents::RESETTING_RESET_INITIALIZE$event);
  176.         if (null !== $event->getResponse()) {
  177.             return $event->getResponse();
  178.         }
  180.         $form $this->fosResettingFormFactory->createForm();
  181.         $form->setData($user);
  182.         $form->handleRequest($request);
  184.         if ($form->isSubmitted()
  185.             && $form->isValid()
  186.         ) {
  187.             $event = new FormEvent($form$request);
  188.             $dispatcher->dispatch(FOSUserEvents::RESETTING_RESET_SUCCESS$event);
  190.             $this->fosUserManager->updateUser($user);
  192.             if (null === $response $event->getResponse()) {
  193.                 $url $this->generateUrl(
  194.                     'view_profile',
  195.                     array(
  196.                         'user' => $user->getId()
  197.                     )
  198.                 );
  199.                 $response = new RedirectResponse($url);
  200.             }
  202.             $dispatcher->dispatch(
  203.                 FOSUserEvents::RESETTING_RESET_COMPLETED, new
  204.                 FilterUserResponseEvent(
  205.                     $user,
  206.                     $request,
  207.                     $response
  208.                 )
  209.             );
  210.             return $response;
  211.         }
  213.         return $this->render(
  214.             'Resetting/reset.html.twig',
  215.             array(
  216.                 'token' => $token,
  217.                 'form' => $form->createView(),
  218.                 'firstlogin'=> $request->query->get('firstlogin')
  219.             )
  220.         );
  221.     }
  223.     /**
  224.      * reset the username of an expert
  225.      *
  226.      * @param Request $request
  227.      *
  228.      * @return Response string
  229.      */
  230.     public function changeUsernameAction(Request $request): Response
  231.     {
  232.         $security_context $this->get('security.token_storage');
  233.         $username $request->request->get('username');
  234.         $loggedUser $security_context->getToken()->getUsername();
  235.         $message '';
  236.         if ($this->get('security.authorization_checker')->isGranted('ROLE_GLOBAL_EDITOR')
  237.             || $username == $loggedUser
  238.         ) {
  239.             $em $this->getDoctrine()->getManager();
  240.             $newusername $request->request->get('newusername');
  241.             $user $this->fosUserManager->findUserByUsername($username);
  242.             $existing $this->fosUserManager->findUserByUsername($newusername);
  244.             if ($existing) {
  245.                 $message "A user with username '$newusername' already exists.$existing";
  246.             } elseif ($user) {
  247.                 $changeUser $em->getRepository('OceanExpertBundle:FosUser')->findOneById($user->getId());
  248.                 if ($changeUser) {
  249.                     $changeUser->setUsername($newusername);
  250.                     $changeUser->setUsernameCanonical($newusername);
  251.                     $em->persist($changeUser);
  252.                     $em->flush();
  253.                     $message 'success';
  254.                 }
  255.             } else {
  256.                 $message 'Username does not exists.';
  257.             }
  258.         } else {
  259.             $message 'Invalid credentials';
  260.         }
  261.         return new Response($message);
  262.     }
  264.     /**
  265.      * reset the email address of an expert
  266.      *
  267.      * @param Request $request
  268.      *
  269.      * @return JsonResponse
  270.      */
  271.     public function changeEmailAction(Request $request): Response
  272.     {
  273.         $security_context $this->get('security.token_storage');
  274.         $loggedUser $security_context->getToken()->getUser();
  275.         if (!is_object($loggedUser)
  276.             || !($loggedUserEmail $loggedUser->getEmail())) {
  277.             $message = array(
  278.                 'status' => 0,
  279.                 'message' => "Are you logged in as valid user?"
  280.             );
  281.             return new JsonResponse($message);
  282.         }
  284.         $currentEmail trim($request->request->get('currentEmail'));
  285.         $newEmail trim($request->request->get('newEmail'));
  287.         //$currentEmail = 'w.appeltans@unesco.org';
  288.         //$newEmail = 'a.lambert@unesco.org';
  289.         //dump($currentEmail);
  290.         //dump($newEmail);
  291.         //die();
  293.         if (is_null($currentEmail)
  294.             || is_null($newEmail)
  295.             || $currentEmail === ''
  296.             || $newEmail === ''
  297.         ) {
  298.             $message = array(
  299.                 'status' => 0,
  300.                 'message' => "We need both a current and a new email address."
  301.             );
  302.             return new JsonResponse($message);
  303.         }
  305.         //get the user for whom we want to change the address
  306.         //this is not always the logged in user!!!
  307.         $em $this->getDoctrine()->getManager();
  308.         $user $this->fosUserManager->findUserByUsernameOrEmail($currentEmail);
  310.         //check if current email is valid
  311.         if (!filter_var($currentEmailFILTER_VALIDATE_EMAIL)) {
  312.             $message = array(
  313.                 'status' => 0,
  314.                 'message' => "Email ($currentEmail) is not a valid email address."
  315.             );
  316.             return new JsonResponse($message);
  317.         } else {
  318.             //sanitize current email
  319.             $currentEmail filter_var($currentEmailFILTER_SANITIZE_EMAIL);
  320.         }
  322.         //check if new email is valid
  323.         if (!filter_var($newEmailFILTER_VALIDATE_EMAIL)) {
  324.             $message = array(
  325.                 'status' => 0,
  326.                 'message' => "Email ($newEmail) is not a valid email address."
  327.             );
  328.             return new JsonResponse($message);
  329.         } else {
  330.             //sanitize new email
  331.             $newEmail filter_var($newEmailFILTER_SANITIZE_EMAIL);
  332.         }
  334.         //check if email already exists
  335.         //this is also done in RegistrationController.php:checkEmailAvailableAction
  336.         $existingUsername $this->fosUserManager->findUserByUsername($newEmail);
  337.         $existingEmail $this->fosUserManager->findUserByEmail($newEmail);
  338.         if ($existingEmail) {
  339.             $message = array(
  340.                 'status' => 0,
  341.                 'message' => 'A user (' $existingEmail->getId() . ') with email (' $newEmail ') already exists.'
  342.             );
  343.             return new JsonResponse($message);
  344.         } elseif ($existingUsername) {
  345.             $message = array(
  346.                 'status' => 0,
  347.                 'message' => 'A user (' $existingUsername->getId() . ') with username (' $newEmail ') already exists.'
  348.             );
  349.             return new JsonResponse($message);
  350.         }
  352.         if ($this->get('security.authorization_checker')->isGranted('ROLE_GLOBAL_EDITOR') ){
  353.             $changeUser $em->getRepository('OceanExpertBundle:FosUser')->findOneById($user->getId());
  354.             //we already checked the validity of the new email
  355.             $changeUser->setEmail($newEmail);
  356.             $changeUser->setEmailCanonical($newEmail);
  357.             $em->persist($changeUser);
  358.             $em->flush();
  359.             $indiv $em->getRepository('OceanExpertBundle:Indiv')->findOneByIdInd($user->getId());
  360.             if ($indiv) {
  361.                 //we already checked the validity of the new email
  362.                 $indiv->setEmail1($newEmail);
  363.                 $em->persist($indiv);
  364.                 $em->flush();
  365.             }
  367.             $message = array(
  368.                 'status' => 1,
  369.                 'message' => "Email changed successfully."
  370.             );
  371.         } elseif ($currentEmail == $loggedUserEmail) {
  372.             $confirmCode $request->request->get('confirmCode');
  373.             $emailToken sha1($confirmCode '' $newEmail);
  374.             $findCode $em->getRepository('OceanExpertBundle:ConfirmationTokens')->findOneByConfirmationToken($emailToken);
  375.             if (count($findCode) > 0) {
  376.                 $changeUser $em->getRepository('OceanExpertBundle:FosUser')->findOneById($user->getId());
  377.                 if ($changeUser) {
  378.                     $changeUser->setEmail($newEmail);
  379.                     $changeUser->setEmailCanonical($newEmail);
  380.                     $em->persist($changeUser);
  381.                     $em->flush();
  382.                     $indiv $em->getRepository('OceanExpertBundle:Indiv')->findOneByIdInd($user->getId());
  383.                     if ($indiv) {
  384.                         //we already checked the validity of the new email
  385.                         $indiv->setEmail1($newEmail);
  386.                         $em->persist($indiv);
  387.                         $em->flush();
  388.                     }
  390.                     $message = array(
  391.                         'status' => 1,
  392.                         'message' => "Email changed successfully."
  393.                     );
  394.                 }
  395.                 $em->remove($findCode);
  396.                 $em->flush();
  397.             } else {
  398.                 $message = array(
  399.                     'status' => 0,
  400.                     'message' => "Invalid token provided."
  401.                 );
  402.             }
  403.         } else {
  404.             $message = array(
  405.                 'status' => 0,
  406.                 'message' => "Invalid credentials."
  407.             );
  408.         }
  409.         return new JsonResponse($message);
  410.     }
  411. }