X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FCoreBundle%2FController%2FSecurityController.php;h=a61a898bf1d07598fb9f54d36c5b0519db7b1dab;hb=a15692b1b736a6a1d3c50a5daffe08c16e6cc93b;hp=c2901da2eb2ccfc9b9cbdd4515a05c1c4ebeadef;hpb=8394ab46191f717dc9c32fecfa6809f958951dca;p=github%2Fwallabag%2Fwallabag.git

diff --git a/src/Wallabag/CoreBundle/Controller/SecurityController.php b/src/Wallabag/CoreBundle/Controller/SecurityController.php
index c2901da2..a61a898b 100644
--- a/src/Wallabag/CoreBundle/Controller/SecurityController.php
+++ b/src/Wallabag/CoreBundle/Controller/SecurityController.php
@@ -2,9 +2,12 @@
 
 namespace Wallabag\CoreBundle\Controller;
 
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\SecurityContext;
+use Wallabag\CoreBundle\Form\Type\ResetPasswordType;
 
 class SecurityController extends Controller
 {
@@ -25,4 +28,126 @@ class SecurityController extends Controller
             'error'         => $error,
         ));
     }
+
+    /**
+     * Request forgot password: show form.
+     *
+     * @Route("/forgot-password", name="forgot_password")
+     *
+     * @Method({"GET", "POST"})
+     */
+    public function forgotPasswordAction(Request $request)
+    {
+        $form = $this->createForm('forgot_password');
+        $form->handleRequest($request);
+
+        if ($form->isValid()) {
+            $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByEmail($form->get('email')->getData());
+
+            // generate "hard" token
+            $user->setConfirmationToken(rtrim(strtr(base64_encode(hash('sha256', uniqid(mt_rand(), true), true)), '+/', '-_'), '='));
+            $user->setPasswordRequestedAt(new \DateTime());
+
+            $em = $this->getDoctrine()->getManager();
+            $em->persist($user);
+            $em->flush();
+
+            $message = \Swift_Message::newInstance()
+                ->setSubject('Reset Password')
+                ->setFrom($this->container->getParameter('from_email'))
+                ->setTo($user->getEmail())
+                ->setBody($this->renderView('WallabagCoreBundle:Mail:forgotPassword.txt.twig', array(
+                    'username' => $user->getUsername(),
+                    'confirmationUrl' => $this->generateUrl('forgot_password_reset', array('token' => $user->getConfirmationToken()), true),
+                )))
+            ;
+            $this->get('mailer')->send($message);
+
+            return $this->redirect($this->generateUrl('forgot_password_check_email',
+                array('email' => $this->getObfuscatedEmail($user->getEmail()))
+            ));
+        }
+
+        return $this->render('WallabagCoreBundle:Security:forgotPassword.html.twig', array(
+            'form' => $form->createView(),
+        ));
+    }
+
+    /**
+     * Tell the user to check his email provider.
+     *
+     * @Route("/forgot-password/check-email", name="forgot_password_check_email")
+     *
+     * @Method({"GET"})
+     */
+    public function checkEmailAction(Request $request)
+    {
+        $email = $request->query->get('email');
+
+        if (empty($email)) {
+            // the user does not come from the forgotPassword action
+            return $this->redirect($this->generateUrl('forgot_password'));
+        }
+
+        return $this->render('WallabagCoreBundle:Security:checkEmail.html.twig', array(
+            'email' => $email,
+        ));
+    }
+
+    /**
+     * Reset user password.
+     *
+     * @Route("/forgot-password/{token}", name="forgot_password_reset")
+     *
+     * @Method({"GET", "POST"})
+     */
+    public function resetAction(Request $request, $token)
+    {
+        $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByConfirmationToken($token);
+
+        if (null === $user) {
+            throw $this->createNotFoundException(sprintf('No user found with token "%s"', $token));
+        }
+
+        $form = $this->createForm(new ResetPasswordType());
+        $form->handleRequest($request);
+
+        if ($form->isValid()) {
+            $user->setPassword($form->get('new_password')->getData());
+
+            $em = $this->getDoctrine()->getManager();
+            $em->persist($user);
+            $em->flush();
+
+            $this->get('session')->getFlashBag()->add(
+                'notice',
+                'The password has been reset successfully'
+            );
+
+            return $this->redirect($this->generateUrl('login'));
+        }
+
+        return $this->render('WallabagCoreBundle:Security:reset.html.twig', array(
+            'token' => $token,
+            'form' => $form->createView(),
+        ));
+    }
+
+    /**
+     * Get the truncated email displayed when requesting the resetting.
+     *
+     * Keeping only the part following @ in the address.
+     *
+     * @param string $email
+     *
+     * @return string
+     */
+    protected function getObfuscatedEmail($email)
+    {
+        if (false !== $pos = strpos($email, '@')) {
+            $email = '...'.substr($email, $pos);
+        }
+
+        return $email;
+    }
 }