request->has('reset_2fa')) { //Check if the admin has the needed permissions $this->denyAccessUnlessGranted('set_password', $entity); if ($this->isCsrfTokenValid('reset_2fa'.$entity->getId(), $request->request->get('_token'))) { //Disable Google authenticator $entity->setGoogleAuthenticatorSecret(null); $entity->setBackupCodes([]); //Remove all U2F keys foreach ($entity->getU2FKeys() as $key) { $em->remove($key); } //Invalidate trusted devices $entity->invalidateTrustedDeviceTokens(); $em->flush(); $this->addFlash('success', 'user.edit.reset_success'); } else { $this->addFlash('danger', 'csfr_invalid'); } } return $this->_edit($entity, $request, $em); } /** * @Route("/new", name="user_new") * @Route("/") * * @return Response */ public function new(Request $request, EntityManagerInterface $em, EntityImporter $importer) { return $this->_new($request, $em, $importer); } /** * @Route("/{id}", name="user_delete", methods={"DELETE"}, requirements={"id"="\d+"}) */ public function delete(Request $request, User $entity, StructuralElementRecursionHelper $recursionHelper) { if (User::ID_ANONYMOUS === $entity->getID()) { throw new InvalidArgumentException('You can not delete the anonymous user! It is needed for permission checking without a logged in user'); } return $this->_delete($request, $entity, $recursionHelper); } /** * @Route("/export", name="user_export_all") * * @return Response */ public function exportAll(EntityManagerInterface $em, EntityExporter $exporter, Request $request) { return $this->_exportAll($em, $exporter, $request); } /** * @Route("/{id}/export", name="user_export") * * @param AttachmentType $entity * * @return Response */ public function exportEntity(User $entity, EntityExporter $exporter, Request $request) { return $this->_exportEntity($entity, $exporter, $request); } /** * @Route("/info", name="user_info_self") * @Route("/{id}/info") */ public function userInfo(?User $user, Packages $packages) { //If no user id was passed, then we show info about the current user if (null === $user) { $user = $this->getUser(); } else { //Else we must check, if the current user is allowed to access $user $this->denyAccessUnlessGranted('read', $user); } if ($this->getParameter('use_gravatar')) { $avatar = $this->getGravatar($user->getEmail(), 200, 'identicon'); } else { $avatar = $packages->getUrl('/img/default_avatar.png'); } //Show permissions to user $builder = $this->createFormBuilder()->add('permissions', PermissionsType::class, [ 'mapped' => false, 'disabled' => true, 'inherit' => true, 'data' => $user, ]); return $this->render('Users/user_info.html.twig', [ 'user' => $user, 'avatar' => $avatar, 'form' => $builder->getForm()->createView(), ]); } /** * Get either a Gravatar URL or complete image tag for a specified email address. * * @param string $email The email address * @param string $s Size in pixels, defaults to 80px [ 1 - 2048 ] * @param string $d Default imageset to use [ 404 | mm | identicon | monsterid | wavatar ] * @param string $r Maximum rating (inclusive) [ g | pg | r | x ] * @param bool $img True to return a complete IMG tag False for just the URL * @param array $atts Optional, additional key/value attributes to include in the IMG tag * * @return string containing either just a URL or a complete image tag * @source https://gravatar.com/site/implement/images/php/ */ public function getGravatar(?string $email, int $s = 80, string $d = 'mm', string $r = 'g', bool $img = false, array $atts = []) { if (null === $email) { return ''; } $url = 'https://www.gravatar.com/avatar/'; $url .= md5(strtolower(trim($email))); $url .= "?s=${s}&d=${d}&r=${r}"; if ($img) { $url = ' $val) { $url .= ' '.$key.'="'.$val.'"'; } $url .= ' />'; } return $url; } }