Part-DB.Part-DB-server/src/Command/User/SetPasswordCommand.php

<?php
/**
 * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
 *
 * Copyright (C) 2019 - 2022 Jan Böhmer (https://github.com/jbtronics)
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published
 * by the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace App\Command\User;

use Symfony\Component\Console\Attribute\AsCommand;
use App\Entity\UserSystem\User;
use App\Events\SecurityEvent;
use App\Events\SecurityEvents;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;

#[AsCommand('partdb:users:set-password|app:set-password|users:set-password|partdb:user:set-password', 'Sets the password of a user')]
class SetPasswordCommand extends Command
{
    public function __construct(protected EntityManagerInterface $entityManager, protected UserPasswordHasherInterface $encoder, protected EventDispatcherInterface $eventDispatcher)
    {
        parent::__construct();
    }

    protected function configure(): void
    {
        $this->setHelp('This password allows you to set the password of a user, without knowing the old password.')
            ->addArgument('user', InputArgument::REQUIRED, 'The username or email of the user')
        ;
    }

    protected function execute(InputInterface $input, OutputInterface $output): int
    {
        $io = new SymfonyStyle($input, $output);
        $user_name = $input->getArgument('user');

        $user = $this->entityManager->getRepository(User::class)->findByEmailOrName($user_name);

        if (!$user instanceof User) {
            $io->error(sprintf('No user with the given username %s found in the database!', $user_name));

            return Command::FAILURE;
        }

        $io->note('User found!');

        if ($user->isSamlUser()) {
            $io->error('This user is a SAML user, so you can not change the password!');
            return Command::FAILURE;
        }

        $proceed = $io->confirm(
            sprintf('You are going to change the password of %s with ID %d. Proceed?',
                $user->getFullName(true), $user->getID()));

        if (!$proceed) {
            return Command::FAILURE;
        }

        $success = false;
        $new_password = '';

        while (!$success) {
            $pw1 = $io->askHidden('Please enter new password:');

            if ($pw1 === null) {
                $io->error('No password entered! Please try again.');

                //If we are in non-interactive mode, we can not ask again
                if (!$input->isInteractive()) {
                    $io->warning('Non-interactive mode detected. No password can be entered that way! If you are using docker exec, please use -it flag.');
                    return Command::FAILURE;
                }

                continue;
            }

            $pw2 = $io->askHidden('Please confirm:');
            if ($pw1 !== $pw2) {
                $io->error('The entered password did not match! Please try again.');
            } else {
                //Exit loop
                $success = true;
                $new_password = $pw1;
            }
        }

        //Encode password
        $hash = $this->encoder->hashPassword($user, $new_password);
        $user->setPassword($hash);

        //And save it to databae
        $this->entityManager->persist($user);
        $this->entityManager->flush();

        $io->success('Password was set successful! You can now log in using the new password.');

        $security_event = new SecurityEvent($user);
        $this->eventDispatcher->dispatch($security_event, SecurityEvents::PASSWORD_CHANGED);

        return Command::SUCCESS;
    }
}
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`<?php`
Changed license to AGPL3+ 2020-02-22 18:14:36 +01:00			`/**`
			`* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).`
			`*`
Removed old GPLv2 copyright header 2022-11-29 22:28:53 +01:00			`* Copyright (C) 2019 - 2022 Jan Böhmer (https://github.com/jbtronics)`
Changed license to AGPL3+ 2020-02-22 18:14:36 +01:00			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as published`
			`* by the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
			`*/`
Applied code style rules to src/ 2020-01-05 15:46:58 +01:00
			`declare(strict_types=1);`

Moved all console comands to the partdb: namespace 2022-08-04 21:49:16 +02:00			`namespace App\Command\User;`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00
Use imports instead of FQNs 2023-06-11 14:55:06 +02:00			`use Symfony\Component\Console\Attribute\AsCommand;`
Added database migration for new entities. 2019-08-12 18:04:53 +02:00			`use App\Entity\UserSystem\User;`
Log security related events like password reset, 2FA method added, etc. 2020-04-03 18:27:47 +02:00			`use App\Events\SecurityEvent;`
			`use App\Events\SecurityEvents;`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`use Doctrine\ORM\EntityManagerInterface;`
			`use Symfony\Component\Console\Command\Command;`
			`use Symfony\Component\Console\Input\InputArgument;`
			`use Symfony\Component\Console\Input\InputInterface;`
			`use Symfony\Component\Console\Output\OutputInterface;`
			`use Symfony\Component\Console\Style\SymfonyStyle;`
Log security related events like password reset, 2FA method added, etc. 2020-04-03 18:27:47 +02:00			`use Symfony\Component\EventDispatcher\EventDispatcherInterface;`
Fixed some deprecations. 2021-10-02 20:41:14 +02:00			`use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00
Use imports instead of FQNs 2023-06-11 14:55:06 +02:00			`#[AsCommand('partdb:users:set-password\|app:set-password\|users:set-password\|partdb:user:set-password', 'Sets the password of a user')]`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`class SetPasswordCommand extends Command`
			`{`
Applied rector with PHP8.1 migration rules 2023-06-11 14:15:46 +02:00			`public function __construct(protected EntityManagerInterface $entityManager, protected UserPasswordHasherInterface $encoder, protected EventDispatcherInterface $eventDispatcher)`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`{`
			`parent::__construct();`
			`}`

Applied code style rules to src/ 2020-01-05 15:46:58 +01:00			`protected function configure(): void`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`{`
Applied rector rules up to symfony 6.2 2023-05-28 01:21:05 +02:00			`$this->setHelp('This password allows you to set the password of a user, without knowing the old password.')`
Allow to specify a user by username or email with set-password commannd 2023-02-23 23:39:29 +01:00			`->addArgument('user', InputArgument::REQUIRED, 'The username or email of the user')`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`;`
			`}`

Fixed some issues detected by PHPstan. 2020-02-01 17:00:03 +01:00			`protected function execute(InputInterface $input, OutputInterface $output): int`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`{`
			`$io = new SymfonyStyle($input, $output);`
			`$user_name = $input->getArgument('user');`

Allow to specify a user by username or email with set-password commannd 2023-02-23 23:39:29 +01:00			`$user = $this->entityManager->getRepository(User::class)->findByEmailOrName($user_name);`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00
Use imports instead of FQNs 2023-06-11 14:55:06 +02:00			`if (!$user instanceof User) {`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`$io->error(sprintf('No user with the given username %s found in the database!', $user_name));`
Used PHP_CS_Fixer with symfony preset on codebase. 2019-03-20 23:16:07 +01:00
Use imports instead of FQNs 2023-06-11 14:55:06 +02:00			`return Command::FAILURE;`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`}`

			`$io->note('User found!');`

Prevent change of password of SAML users via CLI 2023-02-21 21:58:27 +01:00			`if ($user->isSamlUser()) {`
			`$io->error('This user is a SAML user, so you can not change the password!');`
Use imports instead of FQNs 2023-06-11 14:55:06 +02:00			`return Command::FAILURE;`
Prevent change of password of SAML users via CLI 2023-02-21 21:58:27 +01:00			`}`

Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`$proceed = $io->confirm(`
			`sprintf('You are going to change the password of %s with ID %d. Proceed?',`
			`$user->getFullName(true), $user->getID()));`

Fixed code style. 2020-08-21 21:36:22 +02:00			`if (!$proceed) {`
Use imports instead of FQNs 2023-06-11 14:55:06 +02:00			`return Command::FAILURE;`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`}`

			`$success = false;`
Used PHP_CS_Fixer with symfony preset on codebase. 2019-03-20 23:16:07 +01:00			`$new_password = '';`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00
Fixed code style. 2020-08-21 21:36:22 +02:00			`while (!$success) {`
Used PHP_CS_Fixer with symfony preset on codebase. 2019-03-20 23:16:07 +01:00			`$pw1 = $io->askHidden('Please enter new password:');`
If user password set command is run in non-interactive mode, show a warning message if no password is inputted Related to issue #748 2024-11-03 23:38:43 +01:00
			`if ($pw1 === null) {`
			`$io->error('No password entered! Please try again.');`

			`//If we are in non-interactive mode, we can not ask again`
			`if (!$input->isInteractive()) {`
			`$io->warning('Non-interactive mode detected. No password can be entered that way! If you are using docker exec, please use -it flag.');`
			`return Command::FAILURE;`
			`}`

			`continue;`
			`}`

Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`$pw2 = $io->askHidden('Please confirm:');`
Used PHP_CS_Fixer with symfony preset on codebase. 2019-03-20 23:16:07 +01:00			`if ($pw1 !== $pw2) {`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`$io->error('The entered password did not match! Please try again.');`
			`} else {`
			`//Exit loop`
			`$success = true;`
			`$new_password = $pw1;`
			`}`
			`}`

			`//Encode password`
Fixed some deprecations. 2021-10-02 20:41:14 +02:00			`$hash = $this->encoder->hashPassword($user, $new_password);`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`$user->setPassword($hash);`

			`//And save it to databae`
			`$this->entityManager->persist($user);`
			`$this->entityManager->flush();`

			`$io->success('Password was set successful! You can now log in using the new password.');`
Fixed coding style. 2020-03-15 13:56:31 +01:00
Log security related events like password reset, 2FA method added, etc. 2020-04-03 18:27:47 +02:00			`$security_event = new SecurityEvent($user);`
			`$this->eventDispatcher->dispatch($security_event, SecurityEvents::PASSWORD_CHANGED);`

Use imports instead of FQNs 2023-06-11 14:55:06 +02:00			`return Command::SUCCESS;`
Added a console command to set the password of a user. 2019-03-20 12:27:11 +01:00			`}`
			`}`