src/Controller/ResetPasswordController.php line 64

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\User;
  6. use App\Form\ChangePasswordFormType;
  7. use App\Form\ResetPasswordRequestFormType;
  8. use App\Form\RequestResetPasswordType;
  9. use App\Form\ResetPasswordWithSecurityQuestionType;
  10. use Symfony\Bridge\Twig\Mime\TemplatedEmail;
  11. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  12. use Symfony\Component\HttpFoundation\RedirectResponse;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpFoundation\Response;
  15. use Symfony\Component\Mailer\MailerInterface;
  16. use Symfony\Component\Mime\Address;
  17. use Symfony\Component\Routing\Annotation\Route;
  18. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  19. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  20. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  21. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  22. use Doctrine\ORM\EntityManagerInterface;
  25. /**
  26. * @Route("/reset-password")
  27. */
  28. class ResetPasswordController extends AbstractController
  29. {
  30. use ResetPasswordControllerTrait;
  32. private $resetPasswordHelper;
  34. public function __construct(ResetPasswordHelperInterface $resetPasswordHelper)
  35. {
  36. $this->resetPasswordHelper = $resetPasswordHelper;
  37. }
  41. /**
  42. * Display & process form to request a password reset.
  43. *
  44. * @Route("", name="app_forgot_password_request")
  45. */
  46. public function requestResetPassword(Request $request, EntityManagerInterface $em): Response
  47. {
  48. $form = $this->createForm(RequestResetPasswordType::class);
  49. $form->handleRequest($request);
  51. if ($form->isSubmitted() && $form->isValid()) {
  52. $email = $form->get('email')->getData();
  53. $user = $em->getRepository(User::class)->findOneBy(['email' => $email]);
  55. if (!$user) {
  56. $this->addFlash('error', 'No user found with this email.');
  57. return $this->redirectToRoute('app_reset_password');
  58. }
  60. // Rediriger vers l'étape de réponse à la question de sécurité
  61. return $this->redirectToRoute('app_verify_security_answer', ['id' => $user->getId()]);
  62. }
  64. return $this->render('reset_password/request.html.twig', [
  65. 'requestForm' => $form->createView(),
  66. ]);
  67. }
  68. /*public function request(Request $request, MailerInterface $mailer): Response
  69. {
  70. $form = $this->createForm(ResetPasswordRequestFormType::class);
  71. $form->handleRequest($request);
  73. if ($form->isSubmitted() && $form->isValid()) {
  74. return $this->processSendingPasswordResetEmail(
  75. $form->get('email')->getData(),
  76. $mailer
  77. );
  78. }
  80. return $this->render('reset_password/request.html.twig', [
  81. 'requestForm' => $form->createView(),
  82. ]);
  83. }*/
  85. /**
  86. * Confirmation page after a user has requested a password reset.
  87. *
  88. * @Route("/check-email", name="app_check_email")
  89. */
  90. public function checkEmail(): Response
  91. {
  92. // Generate a fake token if the user does not exist or someone hit this page directly.
  93. // This prevents exposing whether or not a user was found with the given email address or not
  94. if (null === ($resetToken = $this->getTokenObjectFromSession())) {
  95. $resetToken = $this->resetPasswordHelper->generateFakeResetToken();
  96. }
  98. return $this->render('reset_password/check_email.html.twig', [
  99. 'resetToken' => $resetToken,
  100. ]);
  101. }
  103. /**
  104. * Validates and process the reset URL that the user clicked in their email.
  105. *
  106. * @Route("/reset/{token}", name="app_reset_password")
  107. */
  108. public function reset(Request $request, UserPasswordEncoderInterface $userPasswordEncoderInterface, string $token = null): Response
  109. {
  110. if ($token) {
  111. // We store the token in session and remove it from the URL, to avoid the URL being
  112. // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  113. $this->storeTokenInSession($token);
  114. return $this->redirectToRoute('app_reset_password');
  115. }
  117. $token = $this->getTokenFromSession();
  118. if (null === $token) {
  119. throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  120. }
  122. try {
  123. $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  124. } catch (ResetPasswordExceptionInterface $e) {
  125. $this->addFlash('reset_password_error', sprintf(
  126. 'There was a problem validating your reset request - %s',
  127. $e->getReason()
  128. ));
  130. return $this->redirectToRoute('app_forgot_password_request');
  131. }
  133. // The token is valid; allow the user to change their password.
  134. $form = $this->createForm(ChangePasswordFormType::class);
  135. $form->handleRequest($request);
  137. if ($form->isSubmitted() && $form->isValid()) {
  138. // A password reset token should be used only once, remove it.
  139. $this->resetPasswordHelper->removeResetRequest($token);
  141. // Encode(hash) the plain password, and set it.
  142. $encodedPassword = $userPasswordEncoderInterface->encodePassword(
  143. $user,
  144. $form->get('plainPassword')->getData()
  145. );
  147. $user->setPassword($encodedPassword);
  148. $this->getDoctrine()->getManager()->flush();
  150. // The session is cleaned up after the password has been changed.
  151. $this->cleanSessionAfterReset();
  152. $this->addFlash('success', 'Your password has been successfully reset. You can log in with the new password');
  153. return $this->redirectToRoute('app_login');
  154. }
  156. return $this->render('reset_password/reset.html.twig', [
  157. 'resetForm' => $form->createView(),
  158. ]);
  159. }
  161. private function processSendingPasswordResetEmail(string $emailFormData, MailerInterface $mailer): RedirectResponse
  162. {
  163. $user = $this->getDoctrine()->getRepository(User::class)->findOneBy([
  164. 'email' => $emailFormData,
  165. ]);
  168. // Do not reveal whether a user account was found or not.
  169. if (!$user) {
  170. return $this->redirectToRoute('app_check_email');
  171. }
  173. try {
  174. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  175. } catch (ResetPasswordExceptionInterface $e) {
  176. // If you want to tell the user why a reset email was not sent, uncomment
  177. // the lines below and change the redirect to 'app_forgot_password_request'.
  178. // Caution: This may reveal if a user is registered or not.
  179. //
  180. $this->addFlash('reset_password_error', sprintf(
  181. 'There was a problem handling your password reset request - %s',
  182. $e->getReason()
  183. ));
  184. return $this->redirectToRoute('app_check_email');
  185. }
  187. $email = (new TemplatedEmail())
  188. ->from(new Address(
  189. $this->getParameter('app_mail_from_address'),
  190. $this->getParameter('app_mail_from_name')
  191. ))
  192. ->to($user->getEmail())
  193. ->subject('Your password reset request')
  194. ->htmlTemplate('reset_password/email.html.twig')
  195. ->context([
  196. 'resetToken' => $resetToken,
  197. 'tokenLifetime' => $this->resetPasswordHelper->getTokenLifetime(),
  198. ]);
  200. $mailer->send($email);
  201. // Store the token object in session for retrieval in check-email route.
  202. $this->setTokenObjectInSession($resetToken);
  203. return $this->redirectToRoute('app_check_email');
  204. }
  208. /**
  209. * @Route("/verify-security-answer/{id}", name="app_verify_security_answer")
  210. */
  211. public function verifySecurityAnswer(User $user, Request $request, EntityManagerInterface $em, UserPasswordEncoderInterface $passwordEncoder): Response
  212. {
  213. $form = $this->createForm(ResetPasswordWithSecurityQuestionType::class);
  214. $form->handleRequest($request);
  216. if ($form->isSubmitted() && $form->isValid()) {
  217. $securityAnswer = $form->get('securityAnswer')->getData();
  218. // Vérification de la réponse à la question de sécurité
  219. if ($user->getSecurityAnswer() !== $securityAnswer) {
  220. $this->addFlash('error', 'Incorrect answer to the security question.');
  221. return $this->redirectToRoute('app_verify_security_answer', ['id' => $user->getId()]);
  222. }
  224. // Si la réponse est correcte, réinitialiser le mot de passe
  225. $newPassword = $form->get('newPassword')->getData();
  226. $encodedPassword = $passwordEncoder->encodePassword($user, $newPassword);
  227. $user->setPassword($encodedPassword);
  229. $em->flush();
  231. $this->addFlash('success', 'Password successfully reset!');
  232. return $this->redirectToRoute('app_login');
  233. }
  235. switch ( $user->getSecurityQuestion()) {
  236. case "cin_number":
  237. $securityQuestion= 'Numero de CNI?';
  238. break;
  240. case "mother_birthplace":
  241. $securityQuestion ='Quelle est la ville de naissance de maman?';
  242. break;
  244. case "favorite_job":
  245. $securityQuestion ='Le metier dont tu reves d\'exercer depuis ton enfance?';
  246. break;
  247. case "residence":
  248. $securityQuestion = 'Quel est ton quartier de residence?';
  249. break;
  251. default:
  252. $securityQuestion =" Quel est le nom de l'etablisement ?";
  253. break;
  254. }
  256. return $this->render('reset_password/verify_security_answer.html.twig', [
  257. 'securityQuestion' => $securityQuestion,
  258. 'verifyForm' => $form->createView(),
  259. ]);
  260. }
  261. }