src/Controller/ResetPasswordController.php line 66

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\Users;
  6. use App\Entity\PublisherCabinet\MafoPublisherCabinetManager;
  7. use App\Entity\AdvertiserCabinet\MafoAdvertiserCabinetManager;
  8. use App\Form\ChangePasswordFormType;
  9. use App\Form\ResetPasswordRequestFormType;
  10. use Doctrine\ORM\EntityManagerInterface;
  11. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  12. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  13. use Symfony\Component\Form\Extension\Core\Type\PasswordType;
  14. use Symfony\Component\HttpFoundation\RedirectResponse;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\Mailer\MailerInterface;
  18. use Symfony\Component\Mime\Address;
  19. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  20. use Symfony\Component\Routing\Annotation\Route;
  21. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  22. use Symfony\Contracts\Translation\TranslatorInterface;
  23. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  24. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  25. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  26. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  29. /**
  30.  * @Route("/reset-password", name="reset_password_")
  31.  */
  32. class ResetPasswordController extends AbstractController
  33. {
  34.     use ResetPasswordControllerTrait;
  36.     private ResetPasswordHelperInterface $userResetPasswordHelper;
  37.     private ResetPasswordHelperInterface $mafoPublisherResetPasswordHelper;
  38.     private ResetPasswordHelperInterface $mafoAdvertiserResetPasswordHelper;
  39.     private EntityManagerInterface $entityManager;
  40.     private $params;
  41.     private string $publisherDomain;
  42.     private string $advertiserDomain;
  45.     public function __construct(
  46.         ResetPasswordHelperInterface $userResetPasswordHelper,
  47.         ResetPasswordHelperInterface $mafoPublisherResetPasswordHelper,
  48.         ResetPasswordHelperInterface $mafoAdvertiserResetPasswordHelper,
  49.         EntityManagerInterface $entityManager,
  50.         ParameterBagInterface $params,
  51.     ) {
  52.         $this->userResetPasswordHelper $userResetPasswordHelper;
  53.         $this->mafoPublisherResetPasswordHelper $mafoPublisherResetPasswordHelper;
  54.         $this->mafoAdvertiserResetPasswordHelper $mafoAdvertiserResetPasswordHelper;
  55.         $this->entityManager $entityManager;
  56.         $this->params $params;
  57.         $this->publisherDomain $params->get('publishers_subdomain');
  58.         $this->advertiserDomain $params->get('advertisers_subdomain');
  59.     }
  61.     /**
  62.      * Display & process form to request a password reset.
  63.      *
  64.      * @Route("", name="app_forgot_password_request")
  65.      */
  66.     public function request(Request $requestMailerInterface $mailerTranslatorInterface $translator): Response
  67.     {
  69.         $form $this->createForm(ResetPasswordRequestFormType::class);
  70.         $form->handleRequest($request);
  72.         // Get the current domain from the request
  73.         $domain $request->getHost();
  75.         $domainTemplates = [
  76.             $this->publisherDomain => 'publisher/login/index.html.twig',
  77.             $this->advertiserDomain => 'advertiser/login/index.html.twig',
  78.         ];
  80.         $layoutTemplate $domainTemplates[$domain] ?? 'form_login.html.twig';
  83.         if ($form->isSubmitted() && $form->isValid()) {
  84.             return $this->processSendingPasswordResetEmail(
  85.                 $form->get('email')->getData(),
  86.                 $mailer,
  87.                 $translator,
  88.                 $request
  89.             );
  90.         }
  91.         return $this->render('reset_password/request.html.twig', [
  92.             'requestForm' => $form->createView(),
  93.             'layoutTemplate' => $layoutTemplate,
  94.             'domain' => $domain,
  95.             'publisherDomain' => $this->publisherDomain,
  96.             'advertiserDomain' => $this->advertiserDomain,
  97.         ]);
  98.     }
  100.     /**
  101.      * Confirmation page after a user has requested a password reset.
  102.      *
  103.      * @Route("/check-email", name="app_check_email")
  104.      */
  105.     public function checkEmail(Request $request): Response
  106.     {
  107.         // Get the domain from the request
  108.         $domain $request->getHost();
  110.         // Generate a fake token if the user does not exist or someone hit this page directly.
  111.         // This prevents exposing whether or not a user was found with the given email address or not
  112.         if (null === ($resetToken $this->getTokenObjectFromSession())) {
  113.             $resetToken $this->userResetPasswordHelper->generateFakeResetToken();
  114.         }
  116.         return $this->render('reset_password/check_email.html.twig', [
  117.             'resetToken' => $resetToken,
  118.             'domain' => $domain,
  119.             'publisherDomain' => $this->publisherDomain,
  120.             'advertiserDomain' => $this->advertiserDomain,
  121.         ]);
  122.     }
  124.     /**
  125.      * Validates and process the reset URL that the user clicked in their email.
  126.      *
  127.      * @Route("/reset/{token}", name="app_reset_password")
  128.      */
  129.     public function reset(Request $requestUserPasswordHasherInterface $userPasswordHasherTranslatorInterface $translatorstring $token null): Response
  130.     {
  132.         if ($token) {
  133.             // We store the token in session and remove it from the URL, to avoid the URL being
  134.             // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  135.             $this->storeTokenInSession($token);
  137.             return $this->redirectToRoute('reset_password_app_reset_password');
  138.         }
  140.         $token $this->getTokenFromSession();
  141.         if (null === $token) {
  142.             throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  143.         }
  145.         $host $request->getHost();
  147.         $resetPasswordHelpers = [
  148.             $this->publisherDomain => $this->mafoPublisherResetPasswordHelper,
  149.             $this->advertiserDomain => $this->mafoAdvertiserResetPasswordHelper,
  150.             'default' => $this->userResetPasswordHelper,
  151.         ];
  153.         $resetPasswordHelper $resetPasswordHelpers[$host] ?? $resetPasswordHelpers['default'];
  156.         try {
  157.             $user $resetPasswordHelper->validateTokenAndFetchUser($token);
  158.         } catch (ResetPasswordExceptionInterface $e) {
  159.             $this->addFlash('reset_password_error'sprintf(
  160.                 '%s - %s',
  161.                 $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [], 'ResetPasswordBundle'),
  162.                 $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  163.             ));
  165.             return $this->redirectToRoute('reset_password_app_forgot_password_request');
  166.         }
  168.         // The token is valid; allow the user to change their password.
  169.         $form $this->createForm(ChangePasswordFormType::class);
  170.         $form->handleRequest($request);
  172.         if ($form->isSubmitted() && $form->isValid()) {
  173.             // A password reset token should be used only once, remove it.
  174.             $resetPasswordHelper->removeResetRequest($token);
  176.             // Encode(hash) the plain password, and set it.
  177.             $encodedPassword $userPasswordHasher->hashPassword(
  178.                 $user,
  179.                 $form->get('plainPassword')->getData()
  180.             );
  182.             $user->setPassword($encodedPassword);
  183.             $this->entityManager->flush();
  185.             // The session is cleaned up after the password has been changed.
  186.             $this->cleanSessionAfterReset();
  188.             return $this->redirectToRoute('homepage');
  189.         }
  191.         return $this->render('reset_password/reset.html.twig', [
  192.             'resetForm' => $form->createView(),
  193.         ]);
  194.     }
  196.     private function processSendingPasswordResetEmail(string $emailFormDataMailerInterface $mailerTranslatorInterface $translatorRequest $request): RedirectResponse
  197.     {
  198.         //        $user = $this->entityManager->getRepository(Users::class)->findOneBy([
  199.         //            'email' => $emailFormData,
  200.         //        ]);
  202.         // Get the domain of the request
  203.         $domain $request->getHost();
  205.         $entityMapping = [
  206.             $this->publisherDomain => MafoPublisherCabinetManager::class,
  207.             $this->advertiserDomain => MafoAdvertiserCabinetManager::class,
  208.             'default' => Users::class
  209.         ];
  211.         $helperMapping = [
  212.             $this->publisherDomain => $this->mafoPublisherResetPasswordHelper,
  213.             $this->advertiserDomain => $this->mafoAdvertiserResetPasswordHelper,
  214.             'default' => $this->userResetPasswordHelper
  215.         ];
  217.         $entityClass $entityMapping[$domain] ?? $entityMapping['default'];
  218.         $user $this->entityManager->getRepository($entityClass)->findOneBy([
  219.             'email' => $emailFormData,
  220.         ]);
  224.         // Do not reveal whether a user account was found or not.
  225.         if (!$user) {
  226.             return $this->redirectToRoute('reset_password_app_check_email');
  227.         }
  230.         try {
  231.             $resetHelper $helperMapping[$domain] ?? $helperMapping['default'];
  233.             $resetToken $resetHelper->generateResetToken($user);
  234.         } catch (ResetPasswordExceptionInterface $e) {
  235.             // If you want to tell the user why a reset email was not sent, uncomment
  236.             // the lines below and change the redirect to 'reset_password_app_forgot_password_request'.
  237.             // Caution: This may reveal if a user is registered or not.
  238.             //
  239.             // $this->addFlash('reset_password_error', sprintf(
  240.             //     '%s - %s',
  241.             //     $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE, [], 'ResetPasswordBundle'),
  242.             //     $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
  243.             // ));
  245.             return $this->redirectToRoute('reset_password_app_check_email');
  246.         }
  248.         $host $request->getSchemeAndHttpHost();
  250.         $email = (new TemplatedEmail())
  251.             ->from(new Address('mafo@mobupps.com''MAFO Password Reset'))
  252.             ->to($user->getEmail())
  253.             ->subject('Your password reset request')
  254.             ->htmlTemplate('reset_password/email.html.twig')
  255.             ->context([
  256.                 'resetToken' => $resetToken,
  257.                 'host' => $host // Pass the host dynamically to the email template
  258.             ]);
  260.         $mailer->send($email);
  262.         // Store the token object in session for retrieval in check-email route.
  263.         $this->setTokenObjectInSession($resetToken);
  265.         return $this->redirectToRoute('reset_password_app_check_email');
  266.     }
  267. }