src/Controller/ResetPasswordController.php line 67

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\Users;
  6. use App\Entity\MafoPublisher;
  7. use App\Entity\MafoAdvertiserCabinetManager;
  8. use App\Form\ChangePasswordFormType;
  9. use App\Form\ResetPasswordRequestFormType;
  10. use Doctrine\ORM\EntityManagerInterface;
  11. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  12. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  13. use Symfony\Component\Form\Extension\Core\Type\PasswordType;
  14. use Symfony\Component\HttpFoundation\RedirectResponse;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\Mailer\MailerInterface;
  18. use Symfony\Component\Mime\Address;
  19. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  20. use Symfony\Component\Routing\Annotation\Route;
  21. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  22. use Symfony\Contracts\Translation\TranslatorInterface;
  23. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  24. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  25. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  26. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  29. /**
  30.  * @Route("/reset-password")
  31.  */
  32. class ResetPasswordController extends AbstractController
  33. {
  34.     use ResetPasswordControllerTrait;
  36.     private ResetPasswordHelperInterface $userResetPasswordHelper;
  37.     private ResetPasswordHelperInterface $mafoPublisherResetPasswordHelper;
  38.     private ResetPasswordHelperInterface $mafoAdvertiserResetPasswordHelper;
  39.     private EntityManagerInterface $entityManager;
  40.     private $params;
  41.     private string $publisherDomain;
  42.     private string $advertiserDomain;
  45.     public function __construct(
  46.         ResetPasswordHelperInterface $userResetPasswordHelper,
  47.         ResetPasswordHelperInterface $mafoPublisherResetPasswordHelper,
  48.         ResetPasswordHelperInterface $mafoAdvertiserResetPasswordHelper,
  49.         EntityManagerInterface $entityManager,
  50.         ParameterBagInterface $params,
  51.     )
  52.     {
  53.         $this->userResetPasswordHelper $userResetPasswordHelper;
  54.         $this->mafoPublisherResetPasswordHelper $mafoPublisherResetPasswordHelper;
  55.         $this->mafoAdvertiserResetPasswordHelper $mafoAdvertiserResetPasswordHelper;
  56.         $this->entityManager $entityManager;
  57.         $this->params $params;
  58.         $this->publisherDomain $params->get('publishers_subdomain');
  59.         $this->advertiserDomain $params->get('advertisers_subdomain');
  60.     }
  62.     /**
  63.      * Display & process form to request a password reset.
  64.      *
  65.      * @Route("", name="app_forgot_password_request")
  66.      */
  67.     public function request(Request $requestMailerInterface $mailerTranslatorInterface $translator): Response
  68.     {
  70.         $form $this->createForm(ResetPasswordRequestFormType::class);
  71.         $form->handleRequest($request);
  73.         // Get the current domain from the request
  74.         $domain $request->getHost();
  76.         $domainTemplates = [
  77.             $this->publisherDomain => 'publisher/login/index.html.twig',
  78.             $this->advertiserDomain => 'advertiser/login/index.html.twig',
  79.         ];
  81.         $layoutTemplate $domainTemplates[$domain] ?? 'form_login.html.twig';
  84.         if ($form->isSubmitted() && $form->isValid()) {
  85.             return $this->processSendingPasswordResetEmail(
  86.                 $form->get('email')->getData(),
  87.                 $mailer,
  88.                 $translator,
  89.                 $request
  90.             );
  91.         }
  92.         return $this->render('reset_password/request.html.twig', [
  93.             'requestForm' => $form->createView(),
  94.             'layoutTemplate' => $layoutTemplate,
  95.             'domain' => $domain,
  96.             'publisherDomain' => $this->publisherDomain,
  97.             'advertiserDomain' => $this->advertiserDomain,
  98.         ]);
  99.     }
  101.     /**
  102.      * Confirmation page after a user has requested a password reset.
  103.      *
  104.      * @Route("/check-email", name="app_check_email")
  105.      */
  106.     public function checkEmail(Request $request): Response
  107.     {
  108.         // Get the domain from the request
  109.         $domain $request->getHost();
  111.         // Generate a fake token if the user does not exist or someone hit this page directly.
  112.         // This prevents exposing whether or not a user was found with the given email address or not
  113.         if (null === ($resetToken $this->getTokenObjectFromSession())) {
  114.             $resetToken $this->userResetPasswordHelper->generateFakeResetToken();
  115.         }
  117.         return $this->render('reset_password/check_email.html.twig', [
  118.             'resetToken' => $resetToken,
  119.             'domain' => $domain,
  120.             'publisherDomain' => $this->publisherDomain,
  121.             'advertiserDomain' => $this->advertiserDomain,
  122.         ]);
  123.     }
  125.     /**
  126.      * Validates and process the reset URL that the user clicked in their email.
  127.      *
  128.      * @Route("/reset/{token}", name="app_reset_password")
  129.      */
  130.     public function reset(Request $requestUserPasswordHasherInterface $userPasswordHasherTranslatorInterface $translatorstring $token null): Response
  131.     {
  133.         if ($token) {
  134.             // We store the token in session and remove it from the URL, to avoid the URL being
  135.             // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  136.             $this->storeTokenInSession($token);
  138.             return $this->redirectToRoute('app_reset_password');
  139.         }
  141.         $token $this->getTokenFromSession();
  142.         if (null === $token) {
  143.             throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  144.         }
  146.         $host $request->getHost();
  148.         $resetPasswordHelpers = [
  149.             $this->publisherDomain => $this->mafoPublisherResetPasswordHelper,
  150.             $this->advertiserDomain => $this->mafoAdvertiserResetPasswordHelper,
  151.             'default' => $this->userResetPasswordHelper,
  152.         ];
  154.         $resetPasswordHelper $resetPasswordHelpers[$host] ?? $resetPasswordHelpers['default'];
  157.         try {
  158.             $user $resetPasswordHelper->validateTokenAndFetchUser($token);
  159.         } catch (ResetPasswordExceptionInterface $e) {
  160.             $this->addFlash('reset_password_error'sprintf(
  161.                 '%s - %s',
  162.                 $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [], 'ResetPasswordBundle'),
  163.                 $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  164.             ));
  166.             return $this->redirectToRoute('app_forgot_password_request');
  167.         }
  169.         // The token is valid; allow the user to change their password.
  170.         $form $this->createForm(ChangePasswordFormType::class);
  171.         $form->handleRequest($request);
  173.         if ($form->isSubmitted() && $form->isValid()) {
  174.             // A password reset token should be used only once, remove it.
  175.             $resetPasswordHelper->removeResetRequest($token);
  177.             // Encode(hash) the plain password, and set it.
  178.             $encodedPassword $userPasswordHasher->hashPassword(
  179.                 $user,
  180.                 $form->get('plainPassword')->getData()
  181.             );
  183.             $user->setPassword($encodedPassword);
  184.             $this->entityManager->flush();
  186.             // The session is cleaned up after the password has been changed.
  187.             $this->cleanSessionAfterReset();
  189.             return $this->redirectToRoute('homepage');
  190.         }
  192.         return $this->render('reset_password/reset.html.twig', [
  193.             'resetForm' => $form->createView(),
  194.         ]);
  195.     }
  197.     private function processSendingPasswordResetEmail(string $emailFormDataMailerInterface $mailerTranslatorInterface $translatorRequest $request): RedirectResponse
  198.     {
  199. //        $user = $this->entityManager->getRepository(Users::class)->findOneBy([
  200. //            'email' => $emailFormData,
  201. //        ]);
  203.         // Get the domain of the request
  204.         $domain $request->getHost();
  206.         $entityMapping = [
  207.             $this->publisherDomain => MafoPublisher::class,
  208.             $this->advertiserDomain => MafoAdvertiserCabinetManager::class,
  209.             'default' => Users::class
  210.         ];
  212.         $helperMapping = [
  213.             $this->publisherDomain => $this->mafoPublisherResetPasswordHelper,
  214.             $this->advertiserDomain => $this->mafoAdvertiserResetPasswordHelper,
  215.             'default' => $this->userResetPasswordHelper
  216.         ];
  218.         $entityClass $entityMapping[$domain] ?? $entityMapping['default'];
  219.         $user $this->entityManager->getRepository($entityClass)->findOneBy([
  220.             'email' => $emailFormData,
  221.         ]);
  225.         // Do not reveal whether a user account was found or not.
  226.         if (!$user) {
  227.             return $this->redirectToRoute('app_check_email');
  228.         }
  231.         try {
  232.             $resetHelper $helperMapping[$domain] ?? $helperMapping['default'];
  234.             $resetToken $resetHelper->generateResetToken($user);
  235.         } catch (ResetPasswordExceptionInterface $e) {
  236.             // If you want to tell the user why a reset email was not sent, uncomment
  237.             // the lines below and change the redirect to 'app_forgot_password_request'.
  238.             // Caution: This may reveal if a user is registered or not.
  239.             //
  240.             // $this->addFlash('reset_password_error', sprintf(
  241.             //     '%s - %s',
  242.             //     $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE, [], 'ResetPasswordBundle'),
  243.             //     $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  244.             // ));
  246.             return $this->redirectToRoute('app_check_email');
  247.         }
  249.         $host $request->getSchemeAndHttpHost();
  251.         $email = (new TemplatedEmail())
  252.             ->from(new Address('mafo@mobupps.com''MAFO Password Reset'))
  253.             ->to($user->getEmail())
  254.             ->subject('Your password reset request')
  255.             ->htmlTemplate('reset_password/email.html.twig')
  256.             ->context([
  257.                 'resetToken' => $resetToken,
  258.                 'host' => $host // Pass the host dynamically to the email template
  259.             ]);
  261.         $mailer->send($email);
  263.         // Store the token object in session for retrieval in check-email route.
  264.         $this->setTokenObjectInSession($resetToken);
  266.         return $this->redirectToRoute('app_check_email');
  267.     }
  268. }