]>
Commit | Line | Data |
---|---|---|
c3235553 NL |
1 | <?php |
2 | ||
3 | namespace Wallabag\CoreBundle\Controller; | |
4 | ||
6894d48e J |
5 | use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; |
6 | use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method; | |
c3235553 NL |
7 | use Symfony\Bundle\FrameworkBundle\Controller\Controller; |
8 | use Symfony\Component\HttpFoundation\Request; | |
9 | use Symfony\Component\Security\Core\SecurityContext; | |
6894d48e | 10 | use Wallabag\CoreBundle\Form\Type\ResetPasswordType; |
c3235553 NL |
11 | |
12 | class SecurityController extends Controller | |
13 | { | |
14 | public function loginAction(Request $request) | |
15 | { | |
16 | $session = $request->getSession(); | |
17 | // get the login error if there is one | |
18 | if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) { | |
19 | $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR); | |
20 | } else { | |
21 | $error = $session->get(SecurityContext::AUTHENTICATION_ERROR); | |
22 | $session->remove(SecurityContext::AUTHENTICATION_ERROR); | |
23 | } | |
7df80cb3 | 24 | |
c3235553 NL |
25 | return $this->render('WallabagCoreBundle:Security:login.html.twig', array( |
26 | // last username entered by the user | |
27 | 'last_username' => $session->get(SecurityContext::LAST_USERNAME), | |
8ce32af6 | 28 | 'error' => $error, |
c3235553 NL |
29 | )); |
30 | } | |
6894d48e J |
31 | |
32 | /** | |
4346a860 | 33 | * Request forgot password: show form. |
6894d48e J |
34 | * |
35 | * @Route("/forgot-password", name="forgot_password") | |
4346a860 | 36 | * |
6894d48e J |
37 | * @Method({"GET", "POST"}) |
38 | */ | |
39 | public function forgotPasswordAction(Request $request) | |
40 | { | |
41 | $form = $this->createForm('forgot_password'); | |
42 | $form->handleRequest($request); | |
43 | ||
44 | if ($form->isValid()) { | |
45 | $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByEmail($form->get('email')->getData()); | |
46 | ||
47 | // generate "hard" token | |
48 | $user->setConfirmationToken(rtrim(strtr(base64_encode(hash('sha256', uniqid(mt_rand(), true), true)), '+/', '-_'), '=')); | |
49 | $user->setPasswordRequestedAt(new \DateTime()); | |
50 | ||
51 | $em = $this->getDoctrine()->getManager(); | |
52 | $em->persist($user); | |
53 | $em->flush(); | |
54 | ||
55 | $message = \Swift_Message::newInstance() | |
56 | ->setSubject('Reset Password') | |
57 | ->setFrom($this->container->getParameter('from_email')) | |
58 | ->setTo($user->getEmail()) | |
59 | ->setBody($this->renderView('WallabagCoreBundle:Mail:forgotPassword.txt.twig', array( | |
60 | 'username' => $user->getUsername(), | |
61 | 'confirmationUrl' => $this->generateUrl('forgot_password_reset', array('token' => $user->getConfirmationToken()), true), | |
62 | ))) | |
63 | ; | |
64 | $this->get('mailer')->send($message); | |
65 | ||
66 | return $this->redirect($this->generateUrl('forgot_password_check_email', | |
67 | array('email' => $this->getObfuscatedEmail($user->getEmail())) | |
68 | )); | |
69 | } | |
70 | ||
71 | return $this->render('WallabagCoreBundle:Security:forgotPassword.html.twig', array( | |
72 | 'form' => $form->createView(), | |
73 | )); | |
74 | } | |
75 | ||
76 | /** | |
4346a860 | 77 | * Tell the user to check his email provider. |
6894d48e J |
78 | * |
79 | * @Route("/forgot-password/check-email", name="forgot_password_check_email") | |
4346a860 | 80 | * |
6894d48e J |
81 | * @Method({"GET"}) |
82 | */ | |
83 | public function checkEmailAction(Request $request) | |
84 | { | |
85 | $email = $request->query->get('email'); | |
86 | ||
87 | if (empty($email)) { | |
88 | // the user does not come from the forgotPassword action | |
89 | return $this->redirect($this->generateUrl('forgot_password')); | |
90 | } | |
91 | ||
92 | return $this->render('WallabagCoreBundle:Security:checkEmail.html.twig', array( | |
93 | 'email' => $email, | |
94 | )); | |
95 | } | |
96 | ||
97 | /** | |
4346a860 | 98 | * Reset user password. |
6894d48e J |
99 | * |
100 | * @Route("/forgot-password/{token}", name="forgot_password_reset") | |
4346a860 | 101 | * |
6894d48e J |
102 | * @Method({"GET", "POST"}) |
103 | */ | |
104 | public function resetAction(Request $request, $token) | |
105 | { | |
106 | $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByConfirmationToken($token); | |
107 | ||
108 | if (null === $user) { | |
d0c2243b | 109 | throw $this->createNotFoundException(sprintf('No user found with token "%s"', $token)); |
6894d48e J |
110 | } |
111 | ||
112 | $form = $this->createForm(new ResetPasswordType()); | |
113 | $form->handleRequest($request); | |
114 | ||
115 | if ($form->isValid()) { | |
116 | $user->setPassword($form->get('new_password')->getData()); | |
117 | ||
118 | $em = $this->getDoctrine()->getManager(); | |
119 | $em->persist($user); | |
120 | $em->flush(); | |
121 | ||
122 | $this->get('session')->getFlashBag()->add( | |
123 | 'notice', | |
124 | 'The password has been reset successfully' | |
125 | ); | |
126 | ||
127 | return $this->redirect($this->generateUrl('login')); | |
128 | } | |
129 | ||
130 | return $this->render('WallabagCoreBundle:Security:reset.html.twig', array( | |
131 | 'token' => $token, | |
132 | 'form' => $form->createView(), | |
133 | )); | |
134 | } | |
135 | ||
136 | /** | |
137 | * Get the truncated email displayed when requesting the resetting. | |
138 | * | |
139 | * Keeping only the part following @ in the address. | |
140 | * | |
141 | * @param string $email | |
142 | * | |
143 | * @return string | |
144 | */ | |
145 | protected function getObfuscatedEmail($email) | |
146 | { | |
147 | if (false !== $pos = strpos($email, '@')) { | |
148 | $email = '...'.substr($email, $pos); | |
149 | } | |
150 | ||
151 | return $email; | |
152 | } | |
7df80cb3 | 153 | } |