1 files changed, 122 insertions, 0 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/SecurityController.php b/src/Wallabag/CoreBundle/Controller/SecurityController.php
index c2901da2..5007307a 100644
--- a/src/Wallabag/CoreBundle/Controller/SecurityController.php
+++ b/src/Wallabag/CoreBundle/Controller/SecurityController.php
@@ -2,9 +2,12 @@
 namespace Wallabag\CoreBundle\Controller;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\SecurityContext;
+use Wallabag\CoreBundle\Form\Type\ResetPasswordType;
 class SecurityController extends Controller
 {
@@ -25,4 +28,123 @@ class SecurityController extends Controller
            'error'         => $error,
        ));
    }
+    /**
+     * Request forgot password: show form
+     *
+     * @Route("/forgot-password", name="forgot_password")
+     * @Method({"GET", "POST"})
+     */
+    public function forgotPasswordAction(Request $request)
+    {
+        $form = $this->createForm('forgot_password');
+        $form->handleRequest($request);
+        if ($form->isValid()) {
+            $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByEmail($form->get('email')->getData());
+            // generate "hard" token
+            $user->setConfirmationToken(rtrim(strtr(base64_encode(hash('sha256', uniqid(mt_rand(), true), true)), '+/', '-_'), '='));
+            $user->setPasswordRequestedAt(new \DateTime());
+            $em = $this->getDoctrine()->getManager();
+            $em->persist($user);
+            $em->flush();
+            $message = \Swift_Message::newInstance()
+                ->setSubject('Reset Password')
+                ->setFrom($this->container->getParameter('from_email'))
+                ->setTo($user->getEmail())
+                ->setBody($this->renderView('WallabagCoreBundle:Mail:forgotPassword.txt.twig', array(
+                    'username' => $user->getUsername(),
+                    'confirmationUrl' => $this->generateUrl('forgot_password_reset', array('token' => $user->getConfirmationToken()), true),
+                )))
+            ;
+            $this->get('mailer')->send($message);
+            return $this->redirect($this->generateUrl('forgot_password_check_email',
+                array('email' => $this->getObfuscatedEmail($user->getEmail()))
+            ));
+        }
+        return $this->render('WallabagCoreBundle:Security:forgotPassword.html.twig', array(
+            'form' => $form->createView(),
+        ));
+    }
+    /**
+     * Tell the user to check his email provider
+     *
+     * @Route("/forgot-password/check-email", name="forgot_password_check_email")
+     * @Method({"GET"})
+     */
+    public function checkEmailAction(Request $request)
+    {
+        $email = $request->query->get('email');
+        if (empty($email)) {
+            // the user does not come from the forgotPassword action
+            return $this->redirect($this->generateUrl('forgot_password'));
+        }
+        return $this->render('WallabagCoreBundle:Security:checkEmail.html.twig', array(
+            'email' => $email,
+        ));
+    }
+    /**
+     * Reset user password
+     *
+     * @Route("/forgot-password/{token}", name="forgot_password_reset")
+     * @Method({"GET", "POST"})
+     */
+    public function resetAction(Request $request, $token)
+    {
+        $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByConfirmationToken($token);
+        if (null === $user) {
+            $this->createNotFoundException(sprintf('No user found with token "%s"', $token));
+        }
+        $form = $this->createForm(new ResetPasswordType());
+        $form->handleRequest($request);
+        if ($form->isValid()) {
+            $user->setPassword($form->get('new_password')->getData());
+            $em = $this->getDoctrine()->getManager();
+            $em->persist($user);
+            $em->flush();
+            $this->get('session')->getFlashBag()->add(
+                'notice',
+                'The password has been reset successfully'
+            );
+            return $this->redirect($this->generateUrl('login'));
+        }
+        return $this->render('WallabagCoreBundle:Security:reset.html.twig', array(
+            'token' => $token,
+            'form' => $form->createView(),
+        ));
+    }
+    /**
+     * Get the truncated email displayed when requesting the resetting.
+     *
+     * Keeping only the part following @ in the address.
+     *
+     * @param string $email
+     *
+     * @return string
+     */
+    protected function getObfuscatedEmail($email)
+    {
+        if (false !== $pos = strpos($email, '@')) {
+            $email = '...'.substr($email, $pos);
+        }
+        return $email;
+    }
 }

diff --git a/src/Wallabag/CoreBundle/Controller/SecurityController.php b/src/Wallabag/CoreBundle/Controller/SecurityController.php index c2901da2..5007307a 100644 --- a/src/Wallabag/CoreBundle/Controller/SecurityController.php +++ b/src/Wallabag/CoreBundle/Controller/SecurityController.php
@@ -2,9 +2,12 @@
2		2
3	namespace Wallabag\CoreBundle\Controller;	3	namespace Wallabag\CoreBundle\Controller;
4		4
		5	use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
		6	use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
5	use Symfony\Bundle\FrameworkBundle\Controller\Controller;	7	use Symfony\Bundle\FrameworkBundle\Controller\Controller;
6	use Symfony\Component\HttpFoundation\Request;	8	use Symfony\Component\HttpFoundation\Request;
7	use Symfony\Component\Security\Core\SecurityContext;	9	use Symfony\Component\Security\Core\SecurityContext;
		10	use Wallabag\CoreBundle\Form\Type\ResetPasswordType;
8		11
9	class SecurityController extends Controller	12	class SecurityController extends Controller
10	{	13	{
@@ -25,4 +28,123 @@ class SecurityController extends Controller
25	'error' => $error,	28	'error' => $error,
26	));	29	));
27	}	30	}
		31
		32	/**
		33	* Request forgot password: show form
		34	*
		35	* @Route("/forgot-password", name="forgot_password")
		36	* @Method({"GET", "POST"})
		37	*/
		38	public function forgotPasswordAction(Request $request)
		39	{
		40	$form = $this->createForm('forgot_password');
		41	$form->handleRequest($request);
		42
		43	if ($form->isValid()) {
		44	$user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByEmail($form->get('email')->getData());
		45
		46	// generate "hard" token
		47	$user->setConfirmationToken(rtrim(strtr(base64_encode(hash('sha256', uniqid(mt_rand(), true), true)), '+/', '-_'), '='));
		48	$user->setPasswordRequestedAt(new \DateTime());
		49
		50	$em = $this->getDoctrine()->getManager();
		51	$em->persist($user);
		52	$em->flush();
		53
		54	$message = \Swift_Message::newInstance()
		55	->setSubject('Reset Password')
		56	->setFrom($this->container->getParameter('from_email'))
		57	->setTo($user->getEmail())
		58	->setBody($this->renderView('WallabagCoreBundle:Mail:forgotPassword.txt.twig', array(
		59	'username' => $user->getUsername(),
		60	'confirmationUrl' => $this->generateUrl('forgot_password_reset', array('token' => $user->getConfirmationToken()), true),
		61	)))
		62	;
		63	$this->get('mailer')->send($message);
		64
		65	return $this->redirect($this->generateUrl('forgot_password_check_email',
		66	array('email' => $this->getObfuscatedEmail($user->getEmail()))
		67	));
		68	}
		69
		70	return $this->render('WallabagCoreBundle:Security:forgotPassword.html.twig', array(
		71	'form' => $form->createView(),
		72	));
		73	}
		74
		75	/**
		76	* Tell the user to check his email provider
		77	*
		78	* @Route("/forgot-password/check-email", name="forgot_password_check_email")
		79	* @Method({"GET"})
		80	*/
		81	public function checkEmailAction(Request $request)
		82	{
		83	$email = $request->query->get('email');
		84
		85	if (empty($email)) {
		86	// the user does not come from the forgotPassword action
		87	return $this->redirect($this->generateUrl('forgot_password'));
		88	}
		89
		90	return $this->render('WallabagCoreBundle:Security:checkEmail.html.twig', array(
		91	'email' => $email,
		92	));
		93	}
		94
		95	/**
		96	* Reset user password
		97	*
		98	* @Route("/forgot-password/{token}", name="forgot_password_reset")
		99	* @Method({"GET", "POST"})
		100	*/
		101	public function resetAction(Request $request, $token)
		102	{
		103	$user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByConfirmationToken($token);
		104
		105	if (null === $user) {
		106	$this->createNotFoundException(sprintf('No user found with token "%s"', $token));
		107	}
		108
		109	$form = $this->createForm(new ResetPasswordType());
		110	$form->handleRequest($request);
		111
		112	if ($form->isValid()) {
		113	$user->setPassword($form->get('new_password')->getData());
		114
		115	$em = $this->getDoctrine()->getManager();
		116	$em->persist($user);
		117	$em->flush();
		118
		119	$this->get('session')->getFlashBag()->add(
		120	'notice',
		121	'The password has been reset successfully'
		122	);
		123
		124	return $this->redirect($this->generateUrl('login'));
		125	}
		126
		127	return $this->render('WallabagCoreBundle:Security:reset.html.twig', array(
		128	'token' => $token,
		129	'form' => $form->createView(),
		130	));
		131	}
		132
		133	/**
		134	* Get the truncated email displayed when requesting the resetting.
		135	*
		136	* Keeping only the part following @ in the address.
		137	*
		138	* @param string $email
		139	*
		140	* @return string
		141	*/
		142	protected function getObfuscatedEmail($email)
		143	{
		144	if (false !== $pos = strpos($email, '@')) {
		145	$email = '...'.substr($email, $pos);
		146	}
		147
		148	return $email;
		149	}
28	}	150	}