src/Wallabag/CoreBundle/Controller/SecurityController.php

   1 <?php
   2
   3 namespace Wallabag\CoreBundle\Controller;
   4
   5 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
   6 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
   7 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
   8 use Symfony\Component\HttpFoundation\Request;
   9 use Symfony\Component\Security\Core\SecurityContext;
  10 use Wallabag\CoreBundle\Form\Type\ResetPasswordType;
  11
  12 class SecurityController extends Controller
  13 {
  14     public function loginAction(Request $request)
  15     {
  16         $session = $request->getSession();
  17         // get the login error if there is one
  18         if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
  19             $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
  20         } else {
  21             $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
  22             $session->remove(SecurityContext::AUTHENTICATION_ERROR);
  23         }
  24
  25         return $this->render('WallabagCoreBundle:Security:login.html.twig', array(
  26             // last username entered by the user
  27             'last_username' => $session->get(SecurityContext::LAST_USERNAME),
  28             'error'         => $error,
  29         ));
  30     }
  31
  32     /**
  33      * Request forgot password: show form
  34      *
  35      * @Route("/forgot-password", name="forgot_password")
  36      * @Method({"GET", "POST"})
  37      */
  38     public function forgotPasswordAction(Request $request)
  39     {
  40         $form = $this->createForm('forgot_password');
  41         $form->handleRequest($request);
  42
  43         if ($form->isValid()) {
  44             $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByEmail($form->get('email')->getData());
  45
  46             // generate "hard" token
  47             $user->setConfirmationToken(rtrim(strtr(base64_encode(hash('sha256', uniqid(mt_rand(), true), true)), '+/', '-_'), '='));
  48             $user->setPasswordRequestedAt(new \DateTime());
  49
  50             $em = $this->getDoctrine()->getManager();
  51             $em->persist($user);
  52             $em->flush();
  53
  54             $message = \Swift_Message::newInstance()
  55                 ->setSubject('Reset Password')
  56                 ->setFrom($this->container->getParameter('from_email'))
  57                 ->setTo($user->getEmail())
  58                 ->setBody($this->renderView('WallabagCoreBundle:Mail:forgotPassword.txt.twig', array(
  59                     'username' => $user->getUsername(),
  60                     'confirmationUrl' => $this->generateUrl('forgot_password_reset', array('token' => $user->getConfirmationToken()), true),
  61                 )))
  62             ;
  63             $this->get('mailer')->send($message);
  64
  65             return $this->redirect($this->generateUrl('forgot_password_check_email',
  66                 array('email' => $this->getObfuscatedEmail($user->getEmail()))
  67             ));
  68         }
  69
  70         return $this->render('WallabagCoreBundle:Security:forgotPassword.html.twig', array(
  71             'form' => $form->createView(),
  72         ));
  73     }
  74
  75     /**
  76      * Tell the user to check his email provider
  77      *
  78      * @Route("/forgot-password/check-email", name="forgot_password_check_email")
  79      * @Method({"GET"})
  80      */
  81     public function checkEmailAction(Request $request)
  82     {
  83         $email = $request->query->get('email');
  84
  85         if (empty($email)) {
  86             // the user does not come from the forgotPassword action
  87             return $this->redirect($this->generateUrl('forgot_password'));
  88         }
  89
  90         return $this->render('WallabagCoreBundle:Security:checkEmail.html.twig', array(
  91             'email' => $email,
  92         ));
  93     }
  94
  95     /**
  96      * Reset user password
  97      *
  98      * @Route("/forgot-password/{token}", name="forgot_password_reset")
  99      * @Method({"GET", "POST"})
 100      */
 101     public function resetAction(Request $request, $token)
 102     {
 103         $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByConfirmationToken($token);
 104
 105         if (null === $user) {
 106             throw $this->createNotFoundException(sprintf('No user found with token "%s"', $token));
 107         }
 108
 109         $form = $this->createForm(new ResetPasswordType());
 110         $form->handleRequest($request);
 111
 112         if ($form->isValid()) {
 113             $user->setPassword($form->get('new_password')->getData());
 114
 115             $em = $this->getDoctrine()->getManager();
 116             $em->persist($user);
 117             $em->flush();
 118
 119             $this->get('session')->getFlashBag()->add(
 120                 'notice',
 121                 'The password has been reset successfully'
 122             );
 123
 124             return $this->redirect($this->generateUrl('login'));
 125         }
 126
 127         return $this->render('WallabagCoreBundle:Security:reset.html.twig', array(
 128             'token' => $token,
 129             'form' => $form->createView(),
 130         ));
 131     }
 132
 133     /**
 134      * Get the truncated email displayed when requesting the resetting.
 135      *
 136      * Keeping only the part following @ in the address.
 137      *
 138      * @param string $email
 139      *
 140      * @return string
 141      */
 142     protected function getObfuscatedEmail($email)
 143     {
 144         if (false !== $pos = strpos($email, '@')) {
 145             $email = '...'.substr($email, $pos);
 146         }
 147
 148         return $email;
 149     }
 150 }