2019-03-14 18:01:41 +01:00
|
|
|
<?php
|
2020-02-22 18:14:36 +01:00
|
|
|
/**
|
|
|
|
|
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2019 - 2020 Jan Böhmer (https://github.com/jbtronics)
|
|
|
|
|
*
|
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU Affero General Public License as published
|
|
|
|
|
* by the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
2020-01-05 15:46:58 +01:00
|
|
|
|
|
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
2019-03-14 18:01:41 +01:00
|
|
|
/**
|
2019-11-09 00:47:20 +01:00
|
|
|
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
|
2019-03-14 18:01:41 +01:00
|
|
|
*
|
2019-11-01 13:40:30 +01:00
|
|
|
* Copyright (C) 2019 Jan Böhmer (https://github.com/jbtronics)
|
2019-03-14 18:01:41 +01:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace App\Controller;
|
|
|
|
|
|
2020-04-03 18:27:47 +02:00
|
|
|
use App\Entity\UserSystem\User;
|
|
|
|
|
use App\Events\SecurityEvent;
|
|
|
|
|
use App\Events\SecurityEvents;
|
2019-11-24 22:49:22 +01:00
|
|
|
use App\Services\PasswordResetManager;
|
2020-04-03 18:27:47 +02:00
|
|
|
use Doctrine\ORM\EntityManagerInterface;
|
2019-11-24 22:49:22 +01:00
|
|
|
use Gregwar\CaptchaBundle\Type\CaptchaType;
|
2020-01-05 22:49:00 +01:00
|
|
|
use RuntimeException;
|
2019-03-14 18:01:41 +01:00
|
|
|
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
2020-04-04 13:12:22 +02:00
|
|
|
use Symfony\Component\EventDispatcher\EventDispatcher;
|
2019-11-24 22:49:22 +01:00
|
|
|
use Symfony\Component\Form\Extension\Core\Type\PasswordType;
|
|
|
|
|
use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
|
|
|
|
|
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
|
|
|
|
|
use Symfony\Component\Form\Extension\Core\Type\TextType;
|
|
|
|
|
use Symfony\Component\HttpFoundation\Request;
|
2019-12-01 12:48:59 +01:00
|
|
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
2019-03-14 18:01:41 +01:00
|
|
|
use Symfony\Component\Routing\Annotation\Route;
|
|
|
|
|
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
|
2019-11-24 22:49:22 +01:00
|
|
|
use Symfony\Component\Validator\Constraints\Length;
|
|
|
|
|
use Symfony\Component\Validator\Constraints\NotBlank;
|
2020-04-03 18:27:47 +02:00
|
|
|
use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
|
2019-11-24 22:49:22 +01:00
|
|
|
use Symfony\Contracts\Translation\TranslatorInterface;
|
2019-03-14 18:01:41 +01:00
|
|
|
|
|
|
|
|
class SecurityController extends AbstractController
|
|
|
|
|
{
|
2019-11-24 22:49:22 +01:00
|
|
|
protected $translator;
|
2019-12-01 12:48:59 +01:00
|
|
|
protected $allow_email_pw_reset;
|
2019-11-24 22:49:22 +01:00
|
|
|
|
2019-12-01 12:48:59 +01:00
|
|
|
public function __construct(TranslatorInterface $translator, bool $allow_email_pw_reset)
|
2019-11-24 22:49:22 +01:00
|
|
|
{
|
|
|
|
|
$this->translator = $translator;
|
2019-12-01 12:48:59 +01:00
|
|
|
$this->allow_email_pw_reset = $allow_email_pw_reset;
|
2019-11-24 22:49:22 +01:00
|
|
|
}
|
|
|
|
|
|
2019-03-14 18:01:41 +01:00
|
|
|
/**
|
|
|
|
|
* @Route("/login", name="login", methods={"GET", "POST"})
|
|
|
|
|
*/
|
2020-02-02 14:05:36 +01:00
|
|
|
public function login(AuthenticationUtils $authenticationUtils): \Symfony\Component\HttpFoundation\Response
|
2019-03-14 18:01:41 +01:00
|
|
|
{
|
|
|
|
|
// get the login error if there is one
|
|
|
|
|
$error = $authenticationUtils->getLastAuthenticationError();
|
|
|
|
|
|
|
|
|
|
// last username entered by the user
|
|
|
|
|
$lastUsername = $authenticationUtils->getLastUsername();
|
|
|
|
|
|
|
|
|
|
return $this->render('security/login.html.twig', [
|
|
|
|
|
'last_username' => $lastUsername,
|
2019-03-20 23:16:07 +01:00
|
|
|
'error' => $error,
|
2019-03-14 18:01:41 +01:00
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-24 22:49:22 +01:00
|
|
|
/**
|
|
|
|
|
* @Route("/pw_reset/request", name="pw_reset_request")
|
2020-03-15 13:56:31 +01:00
|
|
|
*
|
2020-02-02 14:05:36 +01:00
|
|
|
* @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response
|
2019-11-24 22:49:22 +01:00
|
|
|
*/
|
|
|
|
|
public function requestPwReset(PasswordResetManager $passwordReset, Request $request)
|
|
|
|
|
{
|
2020-08-21 21:36:22 +02:00
|
|
|
if (!$this->allow_email_pw_reset) {
|
2020-01-04 20:14:42 +01:00
|
|
|
throw new AccessDeniedHttpException('The password reset via email is disabled!');
|
2019-12-01 12:48:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($this->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
|
2020-01-04 20:14:42 +01:00
|
|
|
throw new AccessDeniedHttpException('You are already logged in, so you can not reset your password!');
|
2019-12-01 12:48:59 +01:00
|
|
|
}
|
|
|
|
|
|
2019-11-24 22:49:22 +01:00
|
|
|
$builder = $this->createFormBuilder();
|
|
|
|
|
$builder->add('user', TextType::class, [
|
2019-12-01 13:50:43 +01:00
|
|
|
'label' => $this->translator->trans('pw_reset.user_or_email'),
|
2020-01-04 20:24:09 +01:00
|
|
|
'constraints' => [new NotBlank()],
|
2019-11-24 22:49:22 +01:00
|
|
|
]);
|
|
|
|
|
$builder->add('captcha', CaptchaType::class, [
|
|
|
|
|
'width' => 200,
|
|
|
|
|
'height' => 50,
|
|
|
|
|
'length' => 6,
|
|
|
|
|
]);
|
|
|
|
|
$builder->add('submit', SubmitType::class, [
|
2020-01-04 20:24:09 +01:00
|
|
|
'label' => 'pw_reset.submit',
|
2019-11-24 22:49:22 +01:00
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$form = $builder->getForm();
|
|
|
|
|
$form->handleRequest($request);
|
|
|
|
|
|
|
|
|
|
if ($form->isSubmitted() && $form->isValid()) {
|
|
|
|
|
$passwordReset->request($form->getData()['user']);
|
2019-12-26 14:53:13 +01:00
|
|
|
$this->addFlash('success', 'pw_reset.request.success');
|
2020-01-04 20:24:09 +01:00
|
|
|
|
2019-12-01 12:48:59 +01:00
|
|
|
return $this->redirectToRoute('login');
|
2019-11-24 22:49:22 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $this->render('security/pw_reset_request.html.twig', [
|
2020-01-04 20:24:09 +01:00
|
|
|
'form' => $form->createView(),
|
2019-11-24 22:49:22 +01:00
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @Route("/pw_reset/new_pw/{user}/{token}", name="pw_reset_new_pw")
|
2020-03-15 13:56:31 +01:00
|
|
|
*
|
2020-02-02 14:05:36 +01:00
|
|
|
* @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response
|
2019-11-24 22:49:22 +01:00
|
|
|
*/
|
2020-04-03 18:27:47 +02:00
|
|
|
public function pwResetNewPw(PasswordResetManager $passwordReset, Request $request, EntityManagerInterface $em, EventDispatcherInterface $eventDispatcher, ?string $user = null, ?string $token = null)
|
2019-11-24 22:49:22 +01:00
|
|
|
{
|
2020-08-21 21:36:22 +02:00
|
|
|
if (!$this->allow_email_pw_reset) {
|
2020-01-04 20:14:42 +01:00
|
|
|
throw new AccessDeniedHttpException('The password reset via email is disabled!');
|
2019-12-01 12:48:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($this->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
|
2020-01-04 20:14:42 +01:00
|
|
|
throw new AccessDeniedHttpException('You are already logged in, so you can not reset your password!');
|
2019-12-01 12:48:59 +01:00
|
|
|
}
|
|
|
|
|
|
2020-01-05 22:49:00 +01:00
|
|
|
$data = [
|
|
|
|
|
'username' => $user,
|
|
|
|
|
'token' => $token,
|
|
|
|
|
];
|
2019-11-24 22:49:22 +01:00
|
|
|
$builder = $this->createFormBuilder($data);
|
|
|
|
|
$builder->add('username', TextType::class, [
|
2020-01-04 20:24:09 +01:00
|
|
|
'label' => $this->translator->trans('pw_reset.username'),
|
2019-11-24 22:49:22 +01:00
|
|
|
]);
|
|
|
|
|
$builder->add('token', TextType::class, [
|
2020-01-04 20:24:09 +01:00
|
|
|
'label' => $this->translator->trans('pw_reset.token'),
|
2019-11-24 22:49:22 +01:00
|
|
|
]);
|
|
|
|
|
$builder->add('new_password', RepeatedType::class, [
|
|
|
|
|
'type' => PasswordType::class,
|
2020-01-05 22:49:00 +01:00
|
|
|
'first_options' => [
|
|
|
|
|
'label' => 'user.settings.pw_new.label',
|
|
|
|
|
],
|
|
|
|
|
'second_options' => [
|
|
|
|
|
'label' => 'user.settings.pw_confirm.label',
|
|
|
|
|
],
|
2019-11-24 22:49:22 +01:00
|
|
|
'invalid_message' => 'password_must_match',
|
|
|
|
|
'constraints' => [new Length([
|
|
|
|
|
'min' => 6,
|
|
|
|
|
'max' => 128,
|
|
|
|
|
])],
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$builder->add('submit', SubmitType::class, [
|
2020-01-04 20:24:09 +01:00
|
|
|
'label' => 'pw_reset.submit',
|
2019-11-24 22:49:22 +01:00
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$form = $builder->getForm();
|
|
|
|
|
$form->handleRequest($request);
|
|
|
|
|
|
|
|
|
|
if ($form->isSubmitted() && $form->isValid()) {
|
|
|
|
|
$data = $form->getData();
|
|
|
|
|
//Try to set the new password
|
|
|
|
|
$success = $passwordReset->setNewPassword($data['username'], $data['token'], $data['new_password']);
|
2020-08-21 21:36:22 +02:00
|
|
|
if (!$success) {
|
2019-12-26 14:53:13 +01:00
|
|
|
$this->addFlash('error', 'pw_reset.new_pw.error');
|
2019-11-24 22:49:22 +01:00
|
|
|
} else {
|
2019-12-26 14:53:13 +01:00
|
|
|
$this->addFlash('success', 'pw_reset.new_pw.success');
|
2020-01-04 20:24:09 +01:00
|
|
|
|
2020-04-03 18:27:47 +02:00
|
|
|
$repo = $em->getRepository(User::class);
|
|
|
|
|
$u = $repo->findOneBy(['name' => $data['username']]);
|
|
|
|
|
$event = new SecurityEvent($u);
|
2020-04-04 13:12:22 +02:00
|
|
|
/** @var EventDispatcher $eventDispatcher */
|
2020-04-03 18:27:47 +02:00
|
|
|
$eventDispatcher->dispatch($event, SecurityEvents::PASSWORD_RESET);
|
|
|
|
|
|
2019-11-24 22:49:22 +01:00
|
|
|
return $this->redirectToRoute('login');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $this->render('security/pw_reset_new_pw.html.twig', [
|
2020-01-04 20:24:09 +01:00
|
|
|
'form' => $form->createView(),
|
2019-11-24 22:49:22 +01:00
|
|
|
]);
|
|
|
|
|
}
|
2019-12-29 16:43:43 +01:00
|
|
|
|
2019-03-14 18:01:41 +01:00
|
|
|
/**
|
|
|
|
|
* @Route("/logout", name="logout")
|
|
|
|
|
*/
|
2020-01-05 15:46:58 +01:00
|
|
|
public function logout(): void
|
2019-03-14 18:01:41 +01:00
|
|
|
{
|
2020-01-05 22:49:00 +01:00
|
|
|
throw new RuntimeException('Will be intercepted before getting here');
|
2019-03-14 18:01:41 +01:00
|
|
|
}
|
2019-03-20 23:16:07 +01:00
|
|
|
}
|
