aboutsummaryrefslogblamecommitdiffhomepage
path: root/src/Wallabag/CoreBundle/Controller/SecurityController.php
blob: a61a898bf1d07598fb9f54d36c5b0519db7b1dab (plain) (tree) 
c3235553




6894d48e


c3235553



6894d48e

c3235553













7df80cb3

c3235553






6894d48e


4346a860

6894d48e


4346a860

6894d48e








































4346a860

6894d48e


4346a860

6894d48e

















4346a860

6894d48e


4346a860

6894d48e







d0c2243b

6894d48e











































7df80cb3

1
2
3
4

5
6

7
8
9

10

11
12
13
14
15
16
17
18
19
20
21
22
23

24

25
26
27
28
29
30

31
32

33

34
35

36

37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

77

78
79

80

81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

98

99
100

101

102
103
104
105
106
107
108

109

110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

153




                                         

                                                            


                                                         
                                                    












                                                                                      
 





                                                                                  

       
                                          

                                                         
      







































                                                                                                                                            
                                                 

                                                                                 
      
















                                                                                       
                           

                                                                       
      






                                                                                                                   
                                                                                                   










































                                                                                  
 
<?php

namespace Wallabag\CoreBundle\Controller;

use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\SecurityContext;
use Wallabag\CoreBundle\Form\Type\ResetPasswordType;

class SecurityController extends Controller
{
    public function loginAction(Request $request)
    {
        $session = $request->getSession();
        // get the login error if there is one
        if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
            $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
        } else {
            $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
            $session->remove(SecurityContext::AUTHENTICATION_ERROR);
        }

        return $this->render('WallabagCoreBundle:Security:login.html.twig', array(
            // last username entered by the user
            'last_username' => $session->get(SecurityContext::LAST_USERNAME),
            'error'         => $error,
        ));
    }

    /**
     * Request forgot password: show form.
     *
     * @Route("/forgot-password", name="forgot_password")
     *
     * @Method({"GET", "POST"})
     */
    public function forgotPasswordAction(Request $request)
    {
        $form = $this->createForm('forgot_password');
        $form->handleRequest($request);

        if ($form->isValid()) {
            $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByEmail($form->get('email')->getData());

            // generate "hard" token
            $user->setConfirmationToken(rtrim(strtr(base64_encode(hash('sha256', uniqid(mt_rand(), true), true)), '+/', '-_'), '='));
            $user->setPasswordRequestedAt(new \DateTime());

            $em = $this->getDoctrine()->getManager();
            $em->persist($user);
            $em->flush();

            $message = \Swift_Message::newInstance()
                ->setSubject('Reset Password')
                ->setFrom($this->container->getParameter('from_email'))
                ->setTo($user->getEmail())
                ->setBody($this->renderView('WallabagCoreBundle:Mail:forgotPassword.txt.twig', array(
                    'username' => $user->getUsername(),
                    'confirmationUrl' => $this->generateUrl('forgot_password_reset', array('token' => $user->getConfirmationToken()), true),
                )))
            ;
            $this->get('mailer')->send($message);

            return $this->redirect($this->generateUrl('forgot_password_check_email',
                array('email' => $this->getObfuscatedEmail($user->getEmail()))
            ));
        }

        return $this->render('WallabagCoreBundle:Security:forgotPassword.html.twig', array(
            'form' => $form->createView(),
        ));
    }

    /**
     * Tell the user to check his email provider.
     *
     * @Route("/forgot-password/check-email", name="forgot_password_check_email")
     *
     * @Method({"GET"})
     */
    public function checkEmailAction(Request $request)
    {
        $email = $request->query->get('email');

        if (empty($email)) {
            // the user does not come from the forgotPassword action
            return $this->redirect($this->generateUrl('forgot_password'));
        }

        return $this->render('WallabagCoreBundle:Security:checkEmail.html.twig', array(
            'email' => $email,
        ));
    }

    /**
     * Reset user password.
     *
     * @Route("/forgot-password/{token}", name="forgot_password_reset")
     *
     * @Method({"GET", "POST"})
     */
    public function resetAction(Request $request, $token)
    {
        $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByConfirmationToken($token);

        if (null === $user) {
            throw $this->createNotFoundException(sprintf('No user found with token "%s"', $token));
        }

        $form = $this->createForm(new ResetPasswordType());
        $form->handleRequest($request);

        if ($form->isValid()) {
            $user->setPassword($form->get('new_password')->getData());

            $em = $this->getDoctrine()->getManager();
            $em->persist($user);
            $em->flush();

            $this->get('session')->getFlashBag()->add(
                'notice',
                'The password has been reset successfully'
            );

            return $this->redirect($this->generateUrl('login'));
        }

        return $this->render('WallabagCoreBundle:Security:reset.html.twig', array(
            'token' => $token,
            'form' => $form->createView(),
        ));
    }

    /**
     * Get the truncated email displayed when requesting the resetting.
     *
     * Keeping only the part following @ in the address.
     *
     * @param string $email
     *
     * @return string
     */
    protected function getObfuscatedEmail($email)
    {
        if (false !== $pos = strpos($email, '@')) {
            $email = '...'.substr($email, $pos);
        }

        return $email;
    }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 12:50:39 +0000