[github/wallabag/wallabag.git] / src / Wallabag / CoreBundle / Controller / SecurityController.php

<?php

namespace Wallabag\CoreBundle\Controller;

use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\SecurityContext;
use Wallabag\CoreBundle\Form\Type\ResetPasswordType;

class SecurityController extends Controller
{
    public function loginAction(Request $request)
    {
        $session = $request->getSession();
        // get the login error if there is one
        if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
            $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
        } else {
            $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
            $session->remove(SecurityContext::AUTHENTICATION_ERROR);
        }

        return $this->render('WallabagCoreBundle:Security:login.html.twig', array(
            // last username entered by the user
            'last_username' => $session->get(SecurityContext::LAST_USERNAME),
            'error'         => $error,
        ));
    }

    /**
     * Request forgot password: show form.
     *
     * @Route("/forgot-password", name="forgot_password")
     *
     * @Method({"GET", "POST"})
     */
    public function forgotPasswordAction(Request $request)
    {
        $form = $this->createForm('forgot_password');
        $form->handleRequest($request);

        if ($form->isValid()) {
            $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByEmail($form->get('email')->getData());

            // generate "hard" token
            $user->setConfirmationToken(rtrim(strtr(base64_encode(hash('sha256', uniqid(mt_rand(), true), true)), '+/', '-_'), '='));
            $user->setPasswordRequestedAt(new \DateTime());

            $em = $this->getDoctrine()->getManager();
            $em->persist($user);
            $em->flush();

            $message = \Swift_Message::newInstance()
                ->setSubject('Reset Password')
                ->setFrom($this->container->getParameter('from_email'))
                ->setTo($user->getEmail())
                ->setBody($this->renderView('WallabagCoreBundle:Mail:forgotPassword.txt.twig', array(
                    'username' => $user->getUsername(),
                    'confirmationUrl' => $this->generateUrl('forgot_password_reset', array('token' => $user->getConfirmationToken()), true),
                )))
            ;
            $this->get('mailer')->send($message);

            return $this->redirect($this->generateUrl('forgot_password_check_email',
                array('email' => $this->getObfuscatedEmail($user->getEmail()))
            ));
        }

        return $this->render('WallabagCoreBundle:Security:forgotPassword.html.twig', array(
            'form' => $form->createView(),
        ));
    }

    /**
     * Tell the user to check his email provider.
     *
     * @Route("/forgot-password/check-email", name="forgot_password_check_email")
     *
     * @Method({"GET"})
     */
    public function checkEmailAction(Request $request)
    {
        $email = $request->query->get('email');

        if (empty($email)) {
            // the user does not come from the forgotPassword action
            return $this->redirect($this->generateUrl('forgot_password'));
        }

        return $this->render('WallabagCoreBundle:Security:checkEmail.html.twig', array(
            'email' => $email,
        ));
    }

    /**
     * Reset user password.
     *
     * @Route("/forgot-password/{token}", name="forgot_password_reset")
     *
     * @Method({"GET", "POST"})
     */
    public function resetAction(Request $request, $token)
    {
        $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByConfirmationToken($token);

        if (null === $user) {
            throw $this->createNotFoundException(sprintf('No user found with token "%s"', $token));
        }

        $form = $this->createForm(new ResetPasswordType());
        $form->handleRequest($request);

        if ($form->isValid()) {
            $user->setPassword($form->get('new_password')->getData());

            $em = $this->getDoctrine()->getManager();
            $em->persist($user);
            $em->flush();

            $this->get('session')->getFlashBag()->add(
                'notice',
                'The password has been reset successfully'
            );

            return $this->redirect($this->generateUrl('login'));
        }

        return $this->render('WallabagCoreBundle:Security:reset.html.twig', array(
            'token' => $token,
            'form' => $form->createView(),
        ));
    }

    /**
     * Get the truncated email displayed when requesting the resetting.
     *
     * Keeping only the part following @ in the address.
     *
     * @param string $email
     *
     * @return string
     */
    protected function getObfuscatedEmail($email)
    {
        if (false !== $pos = strpos($email, '@')) {
            $email = '...'.substr($email, $pos);
        }

        return $email;
    }
}
Commit	Line	Data
c3235553 NL	1	<?php
	2
	3	namespace Wallabag\CoreBundle\Controller;
	4
6894d48e J	5	use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
6894d48e J	6	use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
c3235553 NL	7	use Symfony\Bundle\FrameworkBundle\Controller\Controller;
	8	use Symfony\Component\HttpFoundation\Request;
	9	use Symfony\Component\Security\Core\SecurityContext;
6894d48e	10	use Wallabag\CoreBundle\Form\Type\ResetPasswordType;
c3235553 NL	11
	12	class SecurityController extends Controller
	13	{
	14	public function loginAction(Request $request)
	15	{
	16	$session = $request->getSession();
	17	// get the login error if there is one
	18	if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
	19	$error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
	20	} else {
	21	$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
	22	$session->remove(SecurityContext::AUTHENTICATION_ERROR);
	23	}
7df80cb3	24
c3235553 NL	25	return $this->render('WallabagCoreBundle:Security:login.html.twig', array(
	26	// last username entered by the user
	27	'last_username' => $session->get(SecurityContext::LAST_USERNAME),
	28	'error' => $error,
	29	));
	30	}
6894d48e J	31
6894d48e J	32	/**
4346a860	33	* Request forgot password: show form.
6894d48e J	34	*
6894d48e J	35	* @Route("/forgot-password", name="forgot_password")
4346a860	36	*
6894d48e J	37	* @Method({"GET", "POST"})
	38	*/
	39	public function forgotPasswordAction(Request $request)
	40	{
	41	$form = $this->createForm('forgot_password');
	42	$form->handleRequest($request);
	43
	44	if ($form->isValid()) {
	45	$user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByEmail($form->get('email')->getData());
	46
	47	// generate "hard" token
	48	$user->setConfirmationToken(rtrim(strtr(base64_encode(hash('sha256', uniqid(mt_rand(), true), true)), '+/', '-_'), '='));
	49	$user->setPasswordRequestedAt(new \DateTime());
	50
	51	$em = $this->getDoctrine()->getManager();
	52	$em->persist($user);
	53	$em->flush();
	54
	55	$message = \Swift_Message::newInstance()
	56	->setSubject('Reset Password')
	57	->setFrom($this->container->getParameter('from_email'))
	58	->setTo($user->getEmail())
	59	->setBody($this->renderView('WallabagCoreBundle:Mail:forgotPassword.txt.twig', array(
	60	'username' => $user->getUsername(),
	61	'confirmationUrl' => $this->generateUrl('forgot_password_reset', array('token' => $user->getConfirmationToken()), true),
	62	)))
	63	;
	64	$this->get('mailer')->send($message);
	65
	66	return $this->redirect($this->generateUrl('forgot_password_check_email',
	67	array('email' => $this->getObfuscatedEmail($user->getEmail()))
	68	));
	69	}
	70
	71	return $this->render('WallabagCoreBundle:Security:forgotPassword.html.twig', array(
	72	'form' => $form->createView(),
	73	));
	74	}
	75
	76	/**
4346a860	77	* Tell the user to check his email provider.
6894d48e J	78	*
6894d48e J	79	* @Route("/forgot-password/check-email", name="forgot_password_check_email")
4346a860	80	*
6894d48e J	81	* @Method({"GET"})
	82	*/
	83	public function checkEmailAction(Request $request)
	84	{
	85	$email = $request->query->get('email');
	86
	87	if (empty($email)) {
	88	// the user does not come from the forgotPassword action
	89	return $this->redirect($this->generateUrl('forgot_password'));
	90	}
	91
	92	return $this->render('WallabagCoreBundle:Security:checkEmail.html.twig', array(
	93	'email' => $email,
	94	));
	95	}
	96
	97	/**
4346a860	98	* Reset user password.
6894d48e J	99	*
6894d48e J	100	* @Route("/forgot-password/{token}", name="forgot_password_reset")
4346a860	101	*
6894d48e J	102	* @Method({"GET", "POST"})
	103	*/
	104	public function resetAction(Request $request, $token)
	105	{
	106	$user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByConfirmationToken($token);
	107
	108	if (null === $user) {
d0c2243b	109	throw $this->createNotFoundException(sprintf('No user found with token "%s"', $token));
6894d48e J	110	}
	111
	112	$form = $this->createForm(new ResetPasswordType());
	113	$form->handleRequest($request);
	114
	115	if ($form->isValid()) {
	116	$user->setPassword($form->get('new_password')->getData());
	117
	118	$em = $this->getDoctrine()->getManager();
	119	$em->persist($user);
	120	$em->flush();
	121
	122	$this->get('session')->getFlashBag()->add(
	123	'notice',
	124	'The password has been reset successfully'
	125	);
	126
	127	return $this->redirect($this->generateUrl('login'));
	128	}
	129
	130	return $this->render('WallabagCoreBundle:Security:reset.html.twig', array(
	131	'token' => $token,
	132	'form' => $form->createView(),
	133	));
	134	}
	135
	136	/**
	137	* Get the truncated email displayed when requesting the resetting.
	138	*
	139	* Keeping only the part following @ in the address.
	140	*
	141	* @param string $email
	142	*
	143	* @return string
	144	*/
	145	protected function getObfuscatedEmail($email)
	146	{
	147	if (false !== $pos = strpos($email, '@')) {
	148	$email = '...'.substr($email, $pos);
	149	}
	150
	151	return $email;
	152	}
7df80cb3	153	}