refactoring password resetting request
This commit is contained in:
parent
8e5363c2a4
commit
eb93d1369a
|
@ -123,10 +123,7 @@ class AccountAdminController extends AdminController
|
|||
|
||||
if (4 === $strength['score'] && $password1 === $password2) {
|
||||
$account
|
||||
->setPassword($encoder->encodePassword(
|
||||
$account,
|
||||
$password1
|
||||
))
|
||||
->setPassword($encoder->encodePassword($account, $password1))
|
||||
->setConfirmationToken($tokenGenerator->generateToken())
|
||||
;
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ namespace App\Core\Controller\Auth;
|
|||
|
||||
use App\Core\Event\Account\PasswordRequestEvent;
|
||||
use App\Core\Manager\EntityManager;
|
||||
use App\Core\Repository\UserRepository;
|
||||
use App\Repository\UserRepository;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
@ -38,51 +38,38 @@ class AuthController extends AbstractController
|
|||
/**
|
||||
* @Route("/resetting/request", name="auth_resetting_request")
|
||||
*/
|
||||
public function requestResetting(
|
||||
Request $request,
|
||||
UserRepository $repository,
|
||||
TokenGeneratorInterface $tokenGenerator,
|
||||
EntityManager $entityManager,
|
||||
EventDispatcherInterface $eventDispatcher
|
||||
): Response {
|
||||
public function requestResetting(Request $request, UserRepository $repository, EventDispatcherInterface $eventDispatcher): Response
|
||||
{
|
||||
if ($this->getUser()) {
|
||||
return $this->redirectToRoute('admin_dashboard_index');
|
||||
}
|
||||
|
||||
$emailSent = false;
|
||||
|
||||
if ($request->isMethod('POST')) {
|
||||
$csrfToken = $request->request->get('_csrf_token');
|
||||
|
||||
if ($this->isCsrfTokenValid('resetting_request', $csrfToken)) {
|
||||
$username = trim((string) $request->request->get('username'));
|
||||
if (!$this->isCsrfTokenValid('resetting_request', $csrfToken)) {
|
||||
throw $this->createAccessDeniedException();
|
||||
}
|
||||
|
||||
if ($username) {
|
||||
$account = $repository->findOneByEmail($username);
|
||||
$username = trim((string) $request->request->get('username'));
|
||||
|
||||
if ($account) {
|
||||
$passwordRequestedAt = $account->getPasswordRequestedAt();
|
||||
if (!$username) {
|
||||
throw $this->createAccessDeniedException();
|
||||
}
|
||||
|
||||
if (null !== $passwordRequestedAt && $passwordRequestedAt->getTimestamp() > (time() - 3600 / 2)) {
|
||||
$emailSent = true;
|
||||
}
|
||||
$account = $repository->findOneByEmail($username);
|
||||
|
||||
if (!$emailSent) {
|
||||
$account->setConfirmationToken($tokenGenerator->generateToken());
|
||||
$account->setPasswordRequestedAt(new \DateTime('now'));
|
||||
if ($account) {
|
||||
$requestedAt = $account->getPasswordRequestedAt();
|
||||
|
||||
$entityManager->update($account);
|
||||
$eventDispatcher->dispatch(new PasswordRequestEvent($account), PasswordRequestEvent::EVENT);
|
||||
|
||||
$emailSent = true;
|
||||
}
|
||||
}
|
||||
if (null === $requestedAt || $requestedAt->getTimestamp() < (time() - 3600 / 2)) {
|
||||
$eventDispatcher->dispatch(new PasswordRequestEvent($account), PasswordRequestEvent::EVENT);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $this->render('@Core/auth/resetting_request.html.twig', [
|
||||
'email_sent' => $emailSent,
|
||||
'email_sent' => $request->isMethod('POST'),
|
||||
]);
|
||||
}
|
||||
|
||||
|
@ -103,16 +90,11 @@ class AuthController extends AbstractController
|
|||
|
||||
$account = $repository->findOneByConfirmationToken($token);
|
||||
$passwordUpdated = false;
|
||||
$expired = false;
|
||||
$expired = true;
|
||||
|
||||
if ($account) {
|
||||
$passwordRequestedAt = $account->getPasswordRequestedAt();
|
||||
|
||||
if (null !== $passwordRequestedAt && $passwordRequestedAt->getTimestamp() < (time() - 3600 * 2)) {
|
||||
$expired = true;
|
||||
}
|
||||
} else {
|
||||
$expired = true;
|
||||
$requestedAt = $account->getPasswordRequestedAt();
|
||||
$expired = (null === $requestedAt || ($requestedAt->getTimestamp() < (time() - 3600 * 2)));
|
||||
}
|
||||
|
||||
if ($request->isMethod('POST') && !$expired) {
|
||||
|
|
|
@ -3,18 +3,17 @@
|
|||
namespace App\Core\Controller\User;
|
||||
|
||||
use App\Core\Controller\Admin\AdminController;
|
||||
use App\Entity\User as Entity;
|
||||
use App\Core\Event\Account\PasswordRequestEvent;
|
||||
use App\Core\Factory\UserFactory as EntityFactory;
|
||||
use App\Core\Form\UserType as EntityType;
|
||||
use App\Core\Manager\EntityManager;
|
||||
use App\Entity\User as Entity;
|
||||
use App\Repository\UserRepositoryQuery as RepositoryQuery;
|
||||
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\Routing\Annotation\Route;
|
||||
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
|
||||
use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
|
||||
|
||||
/**
|
||||
* @Route("/admin/user")
|
||||
|
@ -105,18 +104,9 @@ class UserAdminController extends AdminController
|
|||
/**
|
||||
* @Route("/resetting_request/{entity}", name="admin_user_resetting_request", methods={"POST"})
|
||||
*/
|
||||
public function requestResetting(
|
||||
Entity $entity,
|
||||
EntityManager $entityManager,
|
||||
TokenGeneratorInterface $tokenGenerator,
|
||||
EventDispatcherInterface $eventDispatcher,
|
||||
Request $request
|
||||
): Response {
|
||||
public function requestResetting(Entity $entity, EventDispatcherInterface $eventDispatcher, Request $request): Response
|
||||
{
|
||||
if ($this->isCsrfTokenValid('resetting_request'.$entity->getId(), $request->request->get('_token'))) {
|
||||
$entity->setConfirmationToken($tokenGenerator->generateToken());
|
||||
$entity->setPasswordRequestedAt(new \DateTime('now'));
|
||||
|
||||
$entityManager->update($entity);
|
||||
$eventDispatcher->dispatch(new PasswordRequestEvent($entity), PasswordRequestEvent::EVENT);
|
||||
|
||||
$this->addFlash('success', 'Demande envoyée.');
|
||||
|
|
|
@ -3,9 +3,11 @@
|
|||
namespace App\Core\EventSuscriber\Account;
|
||||
|
||||
use App\Core\Event\Account\PasswordRequestEvent;
|
||||
use App\Core\Manager\EntityManager;
|
||||
use App\Core\Notification\MailNotifier;
|
||||
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
|
||||
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
||||
use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
|
||||
|
||||
/**
|
||||
* class EventListener.
|
||||
|
@ -16,11 +18,19 @@ class PasswordRequestEventSubscriber implements EventSubscriberInterface
|
|||
{
|
||||
protected MailNotifier $notifier;
|
||||
protected UrlGeneratorInterface $urlGenerator;
|
||||
protected EntityManager $entityManager;
|
||||
protected TokenGeneratorInterface $tokenGenerator;
|
||||
|
||||
public function __construct(MailNotifier $notifier, UrlGeneratorInterface $urlGenerator)
|
||||
{
|
||||
public function __construct(
|
||||
MailNotifier $notifier,
|
||||
UrlGeneratorInterface $urlGenerator,
|
||||
EntityManager $entityManager,
|
||||
TokenGeneratorInterface $tokenGenerator
|
||||
) {
|
||||
$this->notifier = $notifier;
|
||||
$this->urlGenerator = $urlGenerator;
|
||||
$this->entityManager = $entityManager;
|
||||
$this->tokenGenerator = $tokenGenerator;
|
||||
}
|
||||
|
||||
public static function getSubscribedEvents()
|
||||
|
@ -32,15 +42,21 @@ class PasswordRequestEventSubscriber implements EventSubscriberInterface
|
|||
|
||||
public function onRequest(PasswordRequestEvent $event)
|
||||
{
|
||||
$user = $event->getUser();
|
||||
$user->setConfirmationToken($this->tokenGenerator->generateToken());
|
||||
$user->setPasswordRequestedAt(new \DateTime('now'));
|
||||
|
||||
$this->entityManager->update($user);
|
||||
|
||||
$this->notifier
|
||||
->setFrom('system@tinternet.net')
|
||||
->setSubject('[Tinternet & cie] Mot de passe perdu')
|
||||
->addRecipient($event->getUser()->getEmail())
|
||||
->notify('resetting_request', [
|
||||
->addRecipient($user->getEmail())
|
||||
->notify('@Core/mail/account/resetting_request.html.twig', [
|
||||
'reseting_update_link' => $this->urlGenerator->generate(
|
||||
'auth_resetting_update',
|
||||
[
|
||||
'token' => $event->getUser()->getConfirmationToken(),
|
||||
'token' => $user->getConfirmationToken(),
|
||||
],
|
||||
UrlGeneratorInterface::ABSOLUTE_URL
|
||||
),
|
||||
|
|
Loading…
Reference in a new issue