2021-03-16 10:37:12 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace App\Controller\Auth;
|
|
|
|
|
|
2021-03-16 10:38:11 +01:00
|
|
|
use App\Event\Account\PasswordRequestEvent;
|
|
|
|
|
use App\Manager\EntityManager;
|
2021-03-16 10:37:12 +01:00
|
|
|
use App\Repository\UserRepository;
|
|
|
|
|
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
2021-03-16 10:38:11 +01:00
|
|
|
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
2021-03-16 10:37:12 +01:00
|
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
|
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
|
use Symfony\Component\Routing\Annotation\Route;
|
2021-03-16 10:38:11 +01:00
|
|
|
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
|
2021-03-16 10:37:12 +01:00
|
|
|
use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
|
2021-03-16 10:38:11 +01:00
|
|
|
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
|
2021-03-16 10:37:12 +01:00
|
|
|
use ZxcvbnPhp\Zxcvbn;
|
|
|
|
|
|
|
|
|
|
class AuthController extends AbstractController
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @Route("/login", name="auth_login")
|
|
|
|
|
*/
|
|
|
|
|
public function login(AuthenticationUtils $authenticationUtils): Response
|
|
|
|
|
{
|
|
|
|
|
if ($this->getUser()) {
|
|
|
|
|
return $this->redirectToRoute('admin_dashboard_index');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$error = $authenticationUtils->getLastAuthenticationError();
|
|
|
|
|
$lastUsername = $authenticationUtils->getLastUsername();
|
|
|
|
|
|
|
|
|
|
return $this->render('auth/login.html.twig', [
|
|
|
|
|
'last_username' => $lastUsername,
|
|
|
|
|
'error' => $error,
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @Route("/resetting/request", name="auth_resetting_request")
|
|
|
|
|
*/
|
|
|
|
|
public function requestResetting(
|
|
|
|
|
Request $request,
|
|
|
|
|
UserRepository $repository,
|
|
|
|
|
TokenGeneratorInterface $tokenGenerator,
|
|
|
|
|
EntityManager $entityManager,
|
|
|
|
|
EventDispatcherInterface $eventDispatcher
|
2021-03-16 10:38:11 +01:00
|
|
|
): Response {
|
2021-03-16 10:37:12 +01:00
|
|
|
if ($this->getUser()) {
|
|
|
|
|
return $this->redirectToRoute('admin_dashboard_index');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$emailSent = false;
|
|
|
|
|
|
|
|
|
|
if ($request->isMethod('POST')) {
|
|
|
|
|
$csrfToken = $request->request->get('_csrf_token');
|
|
|
|
|
|
|
|
|
|
if ($this->isCsrfTokenValid('resetting_request', $csrfToken)) {
|
|
|
|
|
$username = trim((string) $request->request->get('username'));
|
|
|
|
|
|
|
|
|
|
if ($username) {
|
|
|
|
|
$account = $repository->findOneByEmail($username);
|
|
|
|
|
|
|
|
|
|
if ($account) {
|
|
|
|
|
$passwordRequestedAt = $account->getPasswordRequestedAt();
|
|
|
|
|
|
|
|
|
|
if (null !== $passwordRequestedAt && $passwordRequestedAt->getTimestamp() > (time() - 3600 / 2)) {
|
|
|
|
|
$emailSent = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!$emailSent) {
|
|
|
|
|
$account->setConfirmationToken($tokenGenerator->generateToken());
|
|
|
|
|
$account->setPasswordRequestedAt(new \DateTime('now'));
|
|
|
|
|
|
2021-03-17 15:57:07 +01:00
|
|
|
$entityManager->update($account);
|
2021-03-16 10:37:12 +01:00
|
|
|
$eventDispatcher->dispatch(new PasswordRequestEvent($account), PasswordRequestEvent::EVENT);
|
|
|
|
|
|
|
|
|
|
$emailSent = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $this->render('auth/resetting_request.html.twig', [
|
|
|
|
|
'email_sent' => $emailSent,
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @Route("/resetting/update/{token}", name="auth_resetting_update")
|
|
|
|
|
*/
|
|
|
|
|
public function requestUpdate(
|
|
|
|
|
string $token,
|
|
|
|
|
Request $request,
|
|
|
|
|
UserRepository $repository,
|
|
|
|
|
TokenGeneratorInterface $tokenGenerator,
|
|
|
|
|
UserPasswordEncoderInterface $encoder,
|
|
|
|
|
EntityManager $entityManager
|
2021-03-16 10:38:11 +01:00
|
|
|
): Response {
|
2021-03-16 10:37:12 +01:00
|
|
|
if ($this->getUser()) {
|
2021-03-17 17:17:43 +01:00
|
|
|
return $this->redirectToRoute('admin_dashboard_index');
|
2021-03-16 10:37:12 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$account = $repository->findOneByConfirmationToken($token);
|
|
|
|
|
$passwordUpdated = false;
|
|
|
|
|
$expired = false;
|
|
|
|
|
|
|
|
|
|
if ($account) {
|
|
|
|
|
$passwordRequestedAt = $account->getPasswordRequestedAt();
|
|
|
|
|
|
|
|
|
|
if (null !== $passwordRequestedAt && $passwordRequestedAt->getTimestamp() < (time() - 3600 * 2)) {
|
|
|
|
|
$expired = true;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$expired = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($request->isMethod('POST') && !$expired) {
|
|
|
|
|
$csrfToken = $request->request->get('_csrf_token');
|
|
|
|
|
|
|
|
|
|
if ($this->isCsrfTokenValid('resetting_update', $csrfToken)) {
|
|
|
|
|
$password = $request->request->get('password');
|
|
|
|
|
$password2 = $request->request->get('password2');
|
|
|
|
|
|
|
|
|
|
$zxcvbn = new Zxcvbn();
|
|
|
|
|
$strength = $zxcvbn->passwordStrength($password, []);
|
|
|
|
|
|
|
|
|
|
if (4 === $strength['score'] && $password === $password2) {
|
|
|
|
|
$account
|
|
|
|
|
->setPassword($encoder->encodePassword(
|
|
|
|
|
$account,
|
|
|
|
|
$password
|
|
|
|
|
))
|
|
|
|
|
->setConfirmationToken($tokenGenerator->generateToken())
|
|
|
|
|
->setPasswordRequestedAt(new \DateTime('now'))
|
|
|
|
|
;
|
|
|
|
|
|
2021-03-17 15:57:07 +01:00
|
|
|
$entityManager->update($account);
|
2021-03-16 10:37:12 +01:00
|
|
|
|
|
|
|
|
$passwordUpdated = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $this->render('auth/resetting_update.html.twig', [
|
|
|
|
|
'password_updated' => $passwordUpdated,
|
|
|
|
|
'token' => $token,
|
|
|
|
|
'expired' => $expired,
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @Route("/logout", name="auth_logout")
|
|
|
|
|
*/
|
|
|
|
|
public function logout()
|
|
|
|
|
{
|
|
|
|
|
throw new \Exception('This method can be blank - it will be intercepted by the logout key on your firewall');
|
|
|
|
|
}
|
|
|
|
|
}
|
