Added form to allow a user to change its own password.

2025-06-20 17:15:51 +02:00 · 2019-03-15 18:38:45 +01:00 · 2019-03-15 18:38:45 +01:00 · 1b8b5d927f
commit 1b8b5d927f
parent 62fe4afd74
3 changed files with 73 additions and 2 deletions
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@ -37,8 +37,14 @@ use App\Form\UserSettingsType;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\Asset\Packages;
+use Symfony\Component\Form\Extension\Core\Type\PasswordType;
+use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
+use Symfony\Component\Form\Extension\Core\Type\SubmitType;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+use Symfony\Component\Security\Core\Validator\Constraints\UserPassword;
+use Symfony\Component\Validator\Constraints\Length;

 class UserController extends AbstractController
 {
@ -71,13 +77,19 @@ class UserController extends AbstractController
    /**
     * @Route("/user/settings", name="user_settings")
     */
-    public function userSettings(Request $request, EntityManagerInterface $em)
+    public function userSettings(Request $request, EntityManagerInterface $em, UserPasswordEncoderInterface $passwordEncoder)
    {
+        /**
+         * @var User
+         */
        $user = $this->getUser();

        //When user change its settings, he should be logged  in fully.
        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');

+        /***************************
+         * User settings form
+         ***************************/

        $form = $this->createForm(UserSettingsType::class, $user);

@ -89,8 +101,45 @@ class UserController extends AbstractController
            $this->addFlash('success', 'user.settings.saved_flash');
        }

+        /*****************************
+         * Password change form
+         ****************************/
+
+        $pw_form = $this->createFormBuilder()
+            ->add('old_password', PasswordType::class, [
+                'label' => 'user.settings.pw_old.label',
+                'constraints'=> [new UserPassword()]]) //This constraint checks, if the current user pw was inputted.
+            ->add('new_password', RepeatedType::class, [
+                'type' => PasswordType::class,
+                'first_options' => ['label'=> 'user.settings.pw_new.label'],
+                'second_options' => ['label'=> 'user.settings.pw_confirm.label'],
+                'invalid_message' => 'password_must_match',
+                'constraints' => [new Length([
+                    'min' => 6,
+                    'max' => 128
+                ])]
+            ])
+            ->add('submit', SubmitType::class)
+            ->getForm();
+
+        $pw_form->handleRequest($request);
+
+        //Check if password if everything was correct, then save it to User and DB
+        if($pw_form->isSubmitted() && $pw_form->isValid()) {
+            $password = $passwordEncoder->encodePassword($user, $pw_form['new_password']->getData());
+            $user->setPassword($password);
+            $em->persist($user);
+            $em->flush();
+            $this->addFlash('success', 'user.settings.pw_changed_flash');
+        }
+
+        /******************************
+         * Output both forms
+         *****************************/
+
        return $this->render('Users/user_settings.html.twig', [
-            "settings_form" => $form->createView()
+            "settings_form" => $form->createView(),
+            'pw_form' => $pw_form->createView()
        ]);
    }

--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@ -153,12 +153,18 @@ class User extends NamedDBElement implements UserInterface

    /**
     * @see UserInterface
+     * Gets the password hash for this entity.
     */
    public function getPassword(): string
    {
        return (string) $this->password;
    }

+    /**
+     * Sets the password hash for this user.
+     * @param string $password
+     * @return User
+     */
    public function setPassword(string $password): self
    {
        $this->password = $password;
--- a/templates/Users/user_settings.html.twig
+++ b/templates/Users/user_settings.html.twig
@ -37,4 +37,20 @@
    {{ form_row(settings_form.reset) }}

    {{ form_end(settings_form) }}
+{% endblock %}
+
+{% block content %}
+    {{ parent() }}
+
+    <div class="card mt-4">
+        <div class="card-header">
+            <i class="fa fa-key fa-fw" aria-hidden="true"></i>
+            {% trans %}user.settings.change_pw{% endtrans %}
+        </div>
+        <div class="card-body">
+            {{ form_start(pw_form) }}
+            {{ form_widget(pw_form) }}
+            {{ form_end(pw_form) }}
+        </div>
+    </div>
 {% endblock %}