mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 17:39:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Log security related events like password reset, 2FA method added, etc.

Browse source
This commit is contained in:
Jan Böhmer 2020-04-03 18:27:47 +02:00
parent 1b21bf5ddd
commit 470cd2af9e
13 changed files with 485 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/Controller/SecurityController.php
View file

@ -42,7 +42,11 @@ declare(strict_types=1);
namespace App\Controller;
use App\Entity\UserSystem\User;
use App\Events\SecurityEvent;
use App\Events\SecurityEvents;
use App\Services\PasswordResetManager;
use Doctrine\ORM\EntityManagerInterface;
use Gregwar\CaptchaBundle\Type\CaptchaType;
use RuntimeException;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@ -56,6 +60,7 @@ use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Symfony\Component\Validator\Constraints\Length;
use Symfony\Component\Validator\Constraints\NotBlank;
use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
use Symfony\Contracts\Translation\TranslatorInterface;
class SecurityController extends AbstractController
@ -137,7 +142,7 @@ class SecurityController extends AbstractController
*
* @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response
*/
public function pwResetNewPw(PasswordResetManager $passwordReset, Request $request, ?string $user = null, ?string $token = null)
public function pwResetNewPw(PasswordResetManager $passwordReset, Request $request, EntityManagerInterface $em, EventDispatcherInterface $eventDispatcher, ?string $user = null, ?string $token = null)
{
if (! $this->allow_email_pw_reset) {
throw new AccessDeniedHttpException('The password reset via email is disabled!');
@ -189,6 +194,11 @@ class SecurityController extends AbstractController
} else {
$this->addFlash('success', 'pw_reset.new_pw.success');
$repo = $em->getRepository(User::class);
$u = $repo->findOneBy(['name' => $data['username']]);
$event = new SecurityEvent($u);
$eventDispatcher->dispatch($event, SecurityEvents::PASSWORD_RESET);
return $this->redirectToRoute('login');
}
}