From 6894d48e03c397096bb64420373afa60c397fe97 Mon Sep 17 00:00:00 2001 From: Jeremy Date: Sat, 7 Mar 2015 23:25:36 +0100 Subject: Handle forgot password --- .../CoreBundle/Controller/SecurityController.php | 122 +++++++++++++++++++++ 1 file changed, 122 insertions(+) (limited to 'src/Wallabag/CoreBundle/Controller/SecurityController.php') diff --git a/src/Wallabag/CoreBundle/Controller/SecurityController.php b/src/Wallabag/CoreBundle/Controller/SecurityController.php index c2901da2..5007307a 100644 --- a/src/Wallabag/CoreBundle/Controller/SecurityController.php +++ b/src/Wallabag/CoreBundle/Controller/SecurityController.php @@ -2,9 +2,12 @@ namespace Wallabag\CoreBundle\Controller; +use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; +use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method; use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\SecurityContext; +use Wallabag\CoreBundle\Form\Type\ResetPasswordType; class SecurityController extends Controller { @@ -25,4 +28,123 @@ class SecurityController extends Controller 'error' => $error, )); } + + /** + * Request forgot password: show form + * + * @Route("/forgot-password", name="forgot_password") + * @Method({"GET", "POST"}) + */ + public function forgotPasswordAction(Request $request) + { + $form = $this->createForm('forgot_password'); + $form->handleRequest($request); + + if ($form->isValid()) { + $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByEmail($form->get('email')->getData()); + + // generate "hard" token + $user->setConfirmationToken(rtrim(strtr(base64_encode(hash('sha256', uniqid(mt_rand(), true), true)), '+/', '-_'), '=')); + $user->setPasswordRequestedAt(new \DateTime()); + + $em = $this->getDoctrine()->getManager(); + $em->persist($user); + $em->flush(); + + $message = \Swift_Message::newInstance() + ->setSubject('Reset Password') + ->setFrom($this->container->getParameter('from_email')) + ->setTo($user->getEmail()) + ->setBody($this->renderView('WallabagCoreBundle:Mail:forgotPassword.txt.twig', array( + 'username' => $user->getUsername(), + 'confirmationUrl' => $this->generateUrl('forgot_password_reset', array('token' => $user->getConfirmationToken()), true), + ))) + ; + $this->get('mailer')->send($message); + + return $this->redirect($this->generateUrl('forgot_password_check_email', + array('email' => $this->getObfuscatedEmail($user->getEmail())) + )); + } + + return $this->render('WallabagCoreBundle:Security:forgotPassword.html.twig', array( + 'form' => $form->createView(), + )); + } + + /** + * Tell the user to check his email provider + * + * @Route("/forgot-password/check-email", name="forgot_password_check_email") + * @Method({"GET"}) + */ + public function checkEmailAction(Request $request) + { + $email = $request->query->get('email'); + + if (empty($email)) { + // the user does not come from the forgotPassword action + return $this->redirect($this->generateUrl('forgot_password')); + } + + return $this->render('WallabagCoreBundle:Security:checkEmail.html.twig', array( + 'email' => $email, + )); + } + + /** + * Reset user password + * + * @Route("/forgot-password/{token}", name="forgot_password_reset") + * @Method({"GET", "POST"}) + */ + public function resetAction(Request $request, $token) + { + $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByConfirmationToken($token); + + if (null === $user) { + $this->createNotFoundException(sprintf('No user found with token "%s"', $token)); + } + + $form = $this->createForm(new ResetPasswordType()); + $form->handleRequest($request); + + if ($form->isValid()) { + $user->setPassword($form->get('new_password')->getData()); + + $em = $this->getDoctrine()->getManager(); + $em->persist($user); + $em->flush(); + + $this->get('session')->getFlashBag()->add( + 'notice', + 'The password has been reset successfully' + ); + + return $this->redirect($this->generateUrl('login')); + } + + return $this->render('WallabagCoreBundle:Security:reset.html.twig', array( + 'token' => $token, + 'form' => $form->createView(), + )); + } + + /** + * Get the truncated email displayed when requesting the resetting. + * + * Keeping only the part following @ in the address. + * + * @param string $email + * + * @return string + */ + protected function getObfuscatedEmail($email) + { + if (false !== $pos = strpos($email, '@')) { + $email = '...'.substr($email, $pos); + } + + return $email; + } } -- cgit v1.2.3 From d0c2243b1099303be961c9d4b33eaaa95e663bef Mon Sep 17 00:00:00 2001 From: Jeremy Date: Sun, 8 Mar 2015 22:47:32 +0100 Subject: Add some tests --- src/Wallabag/CoreBundle/Controller/SecurityController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/Wallabag/CoreBundle/Controller/SecurityController.php') diff --git a/src/Wallabag/CoreBundle/Controller/SecurityController.php b/src/Wallabag/CoreBundle/Controller/SecurityController.php index 5007307a..fe511db5 100644 --- a/src/Wallabag/CoreBundle/Controller/SecurityController.php +++ b/src/Wallabag/CoreBundle/Controller/SecurityController.php @@ -103,7 +103,7 @@ class SecurityController extends Controller $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByConfirmationToken($token); if (null === $user) { - $this->createNotFoundException(sprintf('No user found with token "%s"', $token)); + throw $this->createNotFoundException(sprintf('No user found with token "%s"', $token)); } $form = $this->createForm(new ResetPasswordType()); -- cgit v1.2.3