src/Wallabag/CoreBundle/Controller/SecurityController.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

<?php

namespace Wallabag\CoreBundle\Controller;

use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\SecurityContext;
use Wallabag\CoreBundle\Form\Type\ResetPasswordType;

class SecurityController extends Controller
{
    public function loginAction(Request $request)
    {
        $session = $request->getSession();
        // get the login error if there is one
        if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
            $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
        } else {
            $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
            $session->remove(SecurityContext::AUTHENTICATION_ERROR);
        }

        return $this->render('WallabagCoreBundle:Security:login.html.twig', array(
            // last username entered by the user
            'last_username' => $session->get(SecurityContext::LAST_USERNAME),
            'error'         => $error,
        ));
    }

    /**
     * Request forgot password: show form.
     *
     * @Route("/forgot-password", name="forgot_password")
     *
     * @Method({"GET", "POST"})
     */
    public function forgotPasswordAction(Request $request)
    {
        $form = $this->createForm('forgot_password');
        $form->handleRequest($request);

        if ($form->isValid()) {
            $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByEmail($form->get('email')->getData());

            // generate "hard" token
            $user->setConfirmationToken(rtrim(strtr(base64_encode(hash('sha256', uniqid(mt_rand(), true), true)), '+/', '-_'), '='));
            $user->setPasswordRequestedAt(new \DateTime());

            $em = $this->getDoctrine()->getManager();
            $em->persist($user);
            $em->flush();

            $message = \Swift_Message::newInstance()
                ->setSubject('Reset Password')
                ->setFrom($this->container->getParameter('from_email'))
                ->setTo($user->getEmail())
                ->setBody($this->renderView('WallabagCoreBundle:Mail:forgotPassword.txt.twig', array(
                    'username' => $user->getUsername(),
                    'confirmationUrl' => $this->generateUrl('forgot_password_reset', array('token' => $user->getConfirmationToken()), true),
                )))
            ;
            $this->get('mailer')->send($message);

            return $this->redirect($this->generateUrl('forgot_password_check_email',
                array('email' => $this->getObfuscatedEmail($user->getEmail()))
            ));
        }

        return $this->render('WallabagCoreBundle:Security:forgotPassword.html.twig', array(
            'form' => $form->createView(),
        ));
    }

    /**
     * Tell the user to check his email provider.
     *
     * @Route("/forgot-password/check-email", name="forgot_password_check_email")
     *
     * @Method({"GET"})
     */
    public function checkEmailAction(Request $request)
    {
        $email = $request->query->get('email');

        if (empty($email)) {
            // the user does not come from the forgotPassword action
            return $this->redirect($this->generateUrl('forgot_password'));
        }

        return $this->render('WallabagCoreBundle:Security:checkEmail.html.twig', array(
            'email' => $email,
        ));
    }

    /**
     * Reset user password.
     *
     * @Route("/forgot-password/{token}", name="forgot_password_reset")
     *
     * @Method({"GET", "POST"})
     */
    public function resetAction(Request $request, $token)
    {
        $user = $this->getDoctrine()->getRepository('WallabagCoreBundle:User')->findOneByConfirmationToken($token);

        if (null === $user) {
            throw $this->createNotFoundException(sprintf('No user found with token "%s"', $token));
        }

        $form = $this->createForm(new ResetPasswordType());
        $form->handleRequest($request);

        if ($form->isValid()) {
            $user->setPassword($form->get('new_password')->getData());

            $em = $this->getDoctrine()->getManager();
            $em->persist($user);
            $em->flush();

            $this->get('session')->getFlashBag()->add(
                'notice',
                'The password has been reset successfully'
            );

            return $this->redirect($this->generateUrl('login'));
        }

        return $this->render('WallabagCoreBundle:Security:reset.html.twig', array(
            'token' => $token,
            'form' => $form->createView(),
        ));
    }

    /**
     * Get the truncated email displayed when requesting the resetting.
     *
     * Keeping only the part following @ in the address.
     *
     * @param string $email
     *
     * @return string
     */
    protected function getObfuscatedEmail($email)
    {
        if (false !== $pos = strpos($email, '@')) {
            $email = '...'.substr($email, $pos);
        }

        return $email;
    }
}