vendor/ibexa/user/src/bundle/Controller/PasswordResetController.php line 81

Open in your IDE?
  1. <?php
  3. /**
  4.  * @copyright Copyright (C) Ibexa AS. All rights reserved.
  5.  * @license For full copyright and license information view LICENSE file distributed with this source code.
  6.  */
  7. declare(strict_types=1);
  9. namespace Ibexa\Bundle\User\Controller;
  11. use DateInterval;
  12. use DateTime;
  13. use Ibexa\Bundle\User\Type\UserForgotPasswordReason;
  14. use Ibexa\Contracts\Core\Repository\Exceptions\NotFoundException;
  15. use Ibexa\Contracts\Core\Repository\PermissionResolver;
  16. use Ibexa\Contracts\Core\Repository\UserService;
  17. use Ibexa\Contracts\Core\Repository\Values\User\User;
  18. use Ibexa\Contracts\Core\Repository\Values\User\UserTokenUpdateStruct;
  19. use Ibexa\Contracts\Core\SiteAccess\ConfigResolverInterface;
  20. use Ibexa\User\ExceptionHandler\ActionResultHandler;
  21. use Ibexa\User\Form\Data\UserPasswordResetData;
  22. use Ibexa\User\Form\Factory\FormFactory;
  23. use Ibexa\User\View\ForgotPassword\FormView;
  24. use Ibexa\User\View\ForgotPassword\LoginView;
  25. use Ibexa\User\View\ForgotPassword\SuccessView;
  26. use Ibexa\User\View\ResetPassword\FormView as UserResetPasswordFormView;
  27. use Ibexa\User\View\ResetPassword\InvalidLinkView;
  28. use Ibexa\User\View\ResetPassword\SuccessView as UserResetPasswordSuccessView;
  29. use Swift_Mailer;
  30. use Swift_Message;
  31. use Symfony\Component\HttpFoundation\Request;
  32. use Symfony\Component\HttpFoundation\Response;
  33. use Twig\Environment;
  35. class PasswordResetController extends Controller
  36. {
  37.     /** @var \Ibexa\User\Form\Factory\FormFactory */
  38.     private $formFactory;
  40.     /** @var \Ibexa\Contracts\Core\Repository\UserService */
  41.     private $userService;
  43.     /** @var \Swift_Mailer */
  44.     private $mailer;
  46.     /** @var \Twig\Environment */
  47.     private $twig;
  49.     /** @var \Ibexa\User\ExceptionHandler\ActionResultHandler */
  50.     private $actionResultHandler;
  52.     /** @var \Ibexa\Contracts\Core\Repository\PermissionResolver */
  53.     private $permissionResolver;
  55.     /** @var \Ibexa\Contracts\Core\SiteAccess\ConfigResolverInterface */
  56.     private $configResolver;
  58.     public function __construct(
  59.         FormFactory $formFactory,
  60.         UserService $userService,
  61.         Swift_Mailer $mailer,
  62.         Environment $twig,
  63.         ActionResultHandler $actionResultHandler,
  64.         PermissionResolver $permissionResolver,
  65.         ConfigResolverInterface $configResolver
  66.     ) {
  67.         $this->formFactory $formFactory;
  68.         $this->userService $userService;
  69.         $this->mailer $mailer;
  70.         $this->twig $twig;
  71.         $this->actionResultHandler $actionResultHandler;
  72.         $this->permissionResolver $permissionResolver;
  73.         $this->configResolver $configResolver;
  74.     }
  76.     /**
  77.      * @return \Ibexa\User\View\ForgotPassword\FormView|\Ibexa\User\View\ForgotPassword\SuccessView|\Symfony\Component\HttpFoundation\RedirectResponse
  78.      *
  79.      * @throws \Ibexa\Core\Base\Exceptions\InvalidArgumentType
  80.      */
  81.     public function userForgotPasswordAction(Request $request, ?string $reason null)
  82.     {
  83.         $form $this->formFactory->forgotUserPassword();
  84.         $form->handleRequest($request);
  86.         if ($form->isSubmitted() && $form->isValid()) {
  87.             $data $form->getData();
  88.             $users $this->userService->loadUsersByEmail($data->getEmail());
  90.             /** Because is is possible to have multiple user accounts with same email address we must gain a user login. */
  91.             if (\count($users) > 1) {
  92.                 return $this->redirectToRoute('ibexa.user.forgot_password.login');
  93.             }
  95.             if (!empty($users)) {
  96.                 $user reset($users);
  97.                 $token $this->updateUserToken($user);
  99.                 $this->sendResetPasswordMessage($user->email$token);
  100.             }
  102.             return new SuccessView(null);
  103.         }
  105.         return new FormView(null, [
  106.             'form_forgot_user_password' => $form->createView(),
  107.             'reason' => $reason,
  108.             'userForgotPasswordReasonMigration' => UserForgotPasswordReason::MIGRATION,
  109.         ]);
  110.     }
  112.     /**
  113.      * @param \Symfony\Component\HttpFoundation\Request $request
  114.      *
  115.      * @return \Ibexa\User\View\ForgotPassword\LoginView|\Ibexa\User\View\ForgotPassword\SuccessView
  116.      *
  117.      * @throws \Ibexa\Core\Base\Exceptions\InvalidArgumentType
  118.      */
  119.     public function userForgotPasswordLoginAction(Request $request)
  120.     {
  121.         $form $this->formFactory->forgotUserPasswordWithLogin();
  123.         $form->handleRequest($request);
  125.         if ($form->isSubmitted() && $form->isValid()) {
  126.             $data $form->getData();
  128.             try {
  129.                 $user $this->userService->loadUserByLogin($data->getLogin());
  130.             } catch (NotFoundException $e) {
  131.                 $user null;
  132.             }
  134.             if (!$user || \count($this->userService->loadUsersByEmail($user->email)) < 2) {
  135.                 return new SuccessView(null);
  136.             }
  138.             $token $this->updateUserToken($user);
  139.             $this->sendResetPasswordMessage($user->email$token);
  141.             return new SuccessView(null);
  142.         }
  144.         return new LoginView(null, [
  145.             'form_forgot_user_password_with_login' => $form->createView(),
  146.         ]);
  147.     }
  149.     /**
  150.      * @param \Symfony\Component\HttpFoundation\Request $request
  151.      * @param string $hashKey
  152.      *
  153.      * @return \Ibexa\User\View\ResetPassword\FormView|\Ibexa\User\View\ResetPassword\InvalidLinkView|\Ibexa\User\View\ResetPassword\SuccessView
  154.      *
  155.      * @throws \Ibexa\Core\Base\Exceptions\InvalidArgumentType
  156.      */
  157.     public function userResetPasswordAction(Request $requeststring $hashKey)
  158.     {
  159.         $response = new Response();
  160.         $response->headers->set('X-Robots-Tag''noindex');
  162.         try {
  163.             $user $this->userService->loadUserByToken($hashKey);
  164.         } catch (NotFoundException $e) {
  165.             $view = new InvalidLinkView(null);
  166.             $view->setResponse($response);
  168.             return $view;
  169.         }
  170.         $userPasswordResetData = new UserPasswordResetData();
  171.         $form $this->formFactory->resetUserPassword($userPasswordResetDatanull$user->getContentType());
  172.         $form->handleRequest($request);
  174.         if ($form->isSubmitted() && $form->isValid()) {
  175.             try {
  176.                 $currentUser $this->permissionResolver->getCurrentUserReference();
  177.                 $this->permissionResolver->setCurrentUserReference($user);
  178.             } catch (NotFoundException $e) {
  179.                 $view = new InvalidLinkView(null);
  180.                 $view->setResponse($response);
  182.                 return $view;
  183.             }
  185.             $data $form->getData();
  187.             try {
  188.                 $this->userService->updateUserPassword($user$data->getNewPassword());
  189.                 $this->userService->expireUserToken($hashKey);
  190.                 $this->permissionResolver->setCurrentUserReference($currentUser);
  192.                 $view = new UserResetPasswordSuccessView(null);
  193.                 $view->setResponse($response);
  195.                 return $view;
  196.             } catch (\Exception $e) {
  197.                 $this->actionResultHandler->error($e->getMessage());
  198.             }
  199.         }
  201.         $view = new UserResetPasswordFormView(null, [
  202.             'form_reset_user_password' => $form->createView(),
  203.         ]);
  204.         $view->setResponse($response);
  206.         return $view;
  207.     }
  209.     /**
  210.      * @param \Ibexa\Contracts\Core\Repository\Values\User\User $user
  211.      *
  212.      * @return string
  213.      *
  214.      * @throws \Exception
  215.      */
  216.     private function updateUserToken(User $user): string
  217.     {
  218.         $struct = new UserTokenUpdateStruct();
  219.         $struct->hashKey bin2hex(random_bytes(16));
  220.         $date = new DateTime();
  221.         $date->add(new DateInterval($this->configResolver->getParameter('security.token_interval_spec')));
  222.         $struct->time $date;
  223.         $this->userService->updateUserToken($user$struct);
  225.         return $struct->hashKey;
  226.     }
  228.     private function sendResetPasswordMessage(string $tostring $hashKey): void
  229.     {
  230.         $template $this->twig->load($this->configResolver->getParameter('user_forgot_password.templates.mail'));
  232.         $senderAddress $this->configResolver->hasParameter('sender_address''swiftmailer.mailer')
  233.             ? $this->configResolver->getParameter('sender_address''swiftmailer.mailer')
  234.             : '';
  236.         $subject $template->renderBlock('subject', []);
  237.         $from $template->renderBlock('from', []) ?: $senderAddress;
  238.         $body $template->renderBlock('body', ['hash_key' => $hashKey]);
  240.         $message = (new Swift_Message())
  241.             ->setSubject($subject)
  242.             ->setTo($to)
  243.             ->setBody($body'text/html');
  245.         if (empty($from) === false) {
  246.             $message->setFrom($from);
  247.         }
  249.         $this->mailer->send($message);
  250.     }
  251. }
  253. class_alias(PasswordResetController::class, 'EzSystems\EzPlatformUserBundle\Controller\PasswordResetController');