src/Controller/ResetPasswordController.php line 118

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\Interfaces\SpotHitCampaignInterface;
  6. use App\Entity\SmsSpotHitCampaign;
  7. use App\Entity\User;
  8. use App\Event\PortalUserEvent;
  9. use App\Factory\Platform\MailerFactory;
  10. use App\Form\Type\ChangePasswordFormType;
  11. use App\Form\Type\ResetPasswordRequestFormType;
  12. use App\Services\Common\Email\MailTypes;
  13. use App\Services\Common\MailerService;
  14. use App\Services\Common\Sms\SmsTypes;
  15. use App\Services\Common\User\WorkflowUser;
  16. use App\Services\DTV\YamlConfig\YamlReader;
  17. use App\Services\Portal\PortalService;
  18. use App\Services\SpotHitService;
  19. use Doctrine\ORM\EntityManagerInterface;
  20. use Exception;
  21. use Psr\Log\LoggerInterface;
  22. use ReflectionException;
  23. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  24. use Symfony\Component\HttpFoundation\RedirectResponse;
  25. use Symfony\Component\HttpFoundation\Request;
  26. use Symfony\Component\HttpFoundation\Response;
  27. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  28. use Symfony\Component\Routing\Annotation\Route;
  29. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  30. use Symfony\Contracts\HttpClient\Exception\ClientExceptionInterface;
  31. use Symfony\Contracts\HttpClient\Exception\RedirectionExceptionInterface;
  32. use Symfony\Contracts\HttpClient\Exception\ServerExceptionInterface;
  33. use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
  34. use Symfony\Contracts\Translation\TranslatorInterface;
  35. use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
  36. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  37. use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
  39. /**
  40. * Controller pour la gestion de la réinitialisation du mot de passe
  41. *
  42. * @Route("/reset-password")
  43. */
  44. class ResetPasswordController extends AbstractController
  45. {
  46. use ResetPasswordControllerTrait;
  48. private ResetPasswordHelperInterface $resetPasswordHelper;
  49. private LoggerInterface $logger;
  50. private MailerService $mailerService;
  51. private YamlReader $yamlReader;
  52. private EntityManagerInterface $em;
  53. private PortalService $portalService;
  54. private EventDispatcherInterface $dispatcher;
  55. private TranslatorInterface $translator;
  56. private WorkflowUser $workflowUser;
  57. private SpotHitService $spotHitService;
  60. public function __construct(
  61. ResetPasswordHelperInterface $resetPasswordHelper,
  62. LoggerInterface $logger,
  63. MailerService $mailerService,
  64. YamlReader $yamlReader,
  65. EntityManagerInterface $em,
  66. PortalService $portalService,
  67. EventDispatcherInterface $dispatcher,
  68. TranslatorInterface $translator,
  69. WorkflowUser $workflowUser,
  70. SpotHitService $spotHitService
  71. ) {
  72. $this->resetPasswordHelper = $resetPasswordHelper;
  73. $this->logger = $logger;
  74. $this->mailerService = $mailerService;
  75. $this->yamlReader = $yamlReader;
  76. $this->em = $em;
  77. $this->portalService = $portalService;
  78. $this->dispatcher = $dispatcher;
  79. $this->translator = $translator;
  80. $this->workflowUser = $workflowUser;
  81. $this->spotHitService = $spotHitService;
  82. }
  84. /**
  85. * Affiche et traite le formulaire de demande de réinitialisation du mot de passe.
  86. *
  87. * @Route("", name="app_forgot_password_request")
  88. *
  89. * @param Request $request
  90. *
  91. * @return Response
  92. *
  93. * @throws ClientExceptionInterface
  94. * @throws RedirectionExceptionInterface
  95. * @throws ReflectionException
  96. * @throws ServerExceptionInterface
  97. * @throws TransportExceptionInterface
  98. * @throws \Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface
  99. */
  100. public function request(Request $request): Response
  101. {
  102. $form = $this->createForm(ResetPasswordRequestFormType::class);
  103. $form->handleRequest($request);
  105. if ($form->isSubmitted() && $form->isValid()) {
  106. $sendResetPasswordRequestBySms = false;
  108. if($form->has('sendResetPasswordRequestBySms')) {
  109. $sendResetPasswordRequestBySms = $form->get('sendResetPasswordRequestBySms')->getData();
  110. }
  112. return $this->processSendingPasswordResetEmail(
  113. $form->get('email')->getData(),
  114. $sendResetPasswordRequestBySms
  115. );
  116. }
  118. return $this->render('security/request.html.twig', [
  119. 'requestForm' => $form->createView(),
  120. ]);
  121. }
  123. /**
  124. * Redirige vers la page de vérification de l'e-mail.
  125. *
  126. * @param string $emailFormData
  127. * @param bool $sendResetPasswordRequestBySms
  128. *
  129. * @return RedirectResponse
  130. *
  131. * @throws ReflectionException
  132. * @throws ClientExceptionInterface
  133. * @throws RedirectionExceptionInterface
  134. * @throws ServerExceptionInterface
  135. * @throws Exception
  136. * @throws \Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface|TransportExceptionInterface
  137. * @throws ResetPasswordExceptionInterface
  138. */
  139. private function processSendingPasswordResetEmail(string $emailFormData, bool $sendResetPasswordRequestBySms = false): RedirectResponse
  140. {
  141. $user = $this->em->getRepository(User::class)->findOneBy(
  142. [
  143. 'email' => $emailFormData,
  144. ],
  145. );
  147. // Do not reveal whether a user account was found or not.
  148. if ($user === NULL) {
  149. return $this->redirectToRoute('app_check_email');
  150. }
  152. $mailer = $this->yamlReader->getMailer();
  154. // Check les CGU
  155. if (is_null($user->getCguAt()) && $user->getStatus() === User::STATUS_CGU_PENDING) {
  156. $this->workflowUser->resendCGU($user);
  158. $this->addFlash(
  159. 'danger',
  160. $this->translator->trans(
  161. "cgu_pending_message %contact_email%",
  162. ["%contact_email%" => $mailer[ 'contact_email' ]]
  163. )
  164. );
  166. return $this->redirectToRoute('app_login');
  167. }
  169. try {
  170. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  171. } catch (ResetPasswordExceptionInterface $e) {
  172. // If you want to tell the user why a reset email was not sent, uncomment
  173. // the lines below and change the redirect to 'app_forgot_password_request'.
  174. // Caution: This may reveal if a user is registered or not.
  176. $this->addFlash(
  177. 'reset_password_error',
  178. 'il y a eu un problème lors du traitement de votre demande de réinitialisation du mot de passe - ' . $e->getReason(
  179. ),
  180. );
  182. return $this->redirectToRoute('app_check_email');
  183. }
  185. $this->mailerService->createApiMailRequest(MailTypes::RESET_PASSWORD)
  186. ->addRecipientToRequest(
  187. $user,
  188. MailerFactory::buildResetPassword($resetToken->getToken()),
  189. )
  190. ->send()
  191. ;
  193. if($sendResetPasswordRequestBySms)
  194. {
  195. $smsCampaign = $this->spotHitService->createSmsCampaign(
  196. SmsSpotHitCampaign::CAMPAIGN_TYPE_RESET_PASSWORD,
  197. $this->yamlReader->getMailer()['transactional_sms'][SmsTypes::RESET_PASSWORD],
  198. $user,
  199. 'SMS_' . SmsTypes::RESET_PASSWORD . '_' . $user->getId() . '_' . (new \DateTime())->format('YmdHis'),
  200. ['resetToken' => $resetToken->getToken()]
  201. );
  203. if(!$smsCampaign)
  204. {
  205. $this->addFlash('danger', "Une erreur est survenue lors de l'envoi du sms, le numéro fourni est invalide");
  206. // Store the token object in session for retrieval in check-email route.
  207. $this->setTokenObjectInSession($resetToken);
  209. return $this->redirectToRoute('app_check_email');
  210. }
  212. $smsCampaign->setStatut(SpotHitCampaignInterface::STATUT_EN_COURS);
  213. $this->em->flush();
  215. $return = $this->spotHitService->sendCampaign($smsCampaign);
  217. if(is_string($return)) {
  218. $smsCampaign->setStatut(SpotHitCampaignInterface::STATUT_EN_ERREUR);
  219. $smsCampaign->setErreur($return);
  220. $this->addFlash('danger', "Une erreur est survenue lors de l'envoi du sms");
  221. }
  222. else {
  223. $smsCampaign->setStatut(SpotHitCampaignInterface::STATUT_ENVOYEE);
  224. $this->addFlash('success', "Le sms de rénitialisation a bien été envoyé");
  225. }
  227. $this->em->flush();
  228. }
  230. // Store the token object in session for retrieval in check-email route.
  231. $this->setTokenObjectInSession($resetToken);
  233. return $this->redirectToRoute('app_check_email');
  234. }
  237. /**
  238. * Page de confirmation après qu'un utilisateur a demandé une réinitialisation du mot de passe.
  239. *
  240. * @Route("/check-email", name="app_check_email")
  241. */
  242. public function checkEmail(): Response
  243. {
  244. return $this->render('security/check_email.html.twig', [
  245. 'resetToken' => $this->getTokenObjectFromSession(),
  246. ]);
  247. }
  250. /**
  251. * Valide et traite l'URL de réinitialisation que l'utilisateur a cliqué dans son e-mail.
  252. *
  253. * @Route("/reset/{token}", name="app_reset_password")
  254. */
  255. public function reset(Request $request, UserPasswordHasherInterface $passwordEncoder, string $token = NULL): Response
  256. {
  257. if ($token) {
  258. // We store the token in session and remove it from the URL, to avoid the URL being
  259. // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
  260. $this->storeTokenInSession($token);
  262. return $this->redirectToRoute('app_reset_password');
  263. }
  265. $token = $this->getTokenFromSession();
  266. if (NULL === $token) {
  267. throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
  268. }
  270. try {
  271. /** @var User $user */
  272. $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
  273. } catch (ResetPasswordExceptionInterface $e) {
  274. $this->addFlash(
  275. 'reset_password_error',
  276. $this->translator->trans(
  277. 'il y a eu un problème lors de la validation de votre demande de réinitialisation - %s %reason%',
  278. ['%reason%' => $e->getReason()]
  279. ),
  280. );
  282. return $this->redirectToRoute('app_forgot_password_request');
  283. }
  285. // The token is valid; allow the user to change their password.
  286. $form = $this->createForm(ChangePasswordFormType::class);
  287. $form->handleRequest($request);
  289. if ($form->isSubmitted() && $form->isValid()) {
  290. $isPortal = $this->portalService->isOnPortal();
  292. // A password reset token should be used only once, remove it.
  293. $this->resetPasswordHelper->removeResetRequest($token);
  295. // Encode the plain password, and set it.
  296. $encodedPassword = $passwordEncoder->hashPassword(
  297. $user,
  298. $form->get('plainPassword')->getData(),
  299. );
  301. // Si on est sur un portail (parent), on propage le nouveau mot de passe sur tous les sites enfants
  302. if ($isPortal && $this->portalService->isAParent()) {
  303. $user->setPlainPassword($form->get('plainPassword')->getData());
  304. $portalUserEvent = new PortalUserEvent($user);
  305. $this->dispatcher->dispatch($portalUserEvent, $portalUserEvent::NAME);
  306. }
  308. $user->setPassword($encodedPassword);
  309. $user->setFailedAttempts(0);
  310. $user->setLastFailedAttempt(null);
  311. $this->em->flush();
  313. // The session is cleaned up after the password has been changed.
  314. $this->cleanSessionAfterReset();
  316. $this->addFlash(
  317. 'success',
  318. $this->translator->trans('votre nouveau mot de passe a bien été enregistré !')
  319. );
  321. return $this->redirectToRoute('app_login');
  322. }
  324. return $this->render('security/reset.html.twig', [
  325. 'resetForm' => $form->createView(),
  326. ]);
  327. }
  329. /**
  330. * Indique si on doit mettre à jour le mot de passe de l'utilisateur
  331. *
  332. * @Route("/{id}", name="app_need_refresh_password")
  333. *
  334. *
  335. * @param User $user
  336. *
  337. * @return Response
  338. *
  339. * @throws ClientExceptionInterface
  340. * @throws RedirectionExceptionInterface
  341. * @throws ReflectionException
  342. * @throws ServerExceptionInterface
  343. * @throws Exception
  344. * @throws Exception
  345. * @throws TransportExceptionInterface
  346. */
  347. public function needRefreshPassword(User $user): Response
  348. {
  349. try {
  350. $resetToken = $this->resetPasswordHelper->generateResetToken($user);
  351. } catch (ResetPasswordExceptionInterface $e) {
  352. return $this->render('security/need_refresh_password.html.twig');
  353. }
  355. $this->mailerService->createApiMailRequest(MailTypes::RESET_PASSWORD)
  356. ->addRecipientToRequest(
  357. $user,
  358. MailerFactory::buildResetPassword(
  359. $resetToken->getToken(),
  360. ),
  361. )
  362. ->send()
  363. ;
  365. // Store the token object in session for retrieval in check-email route.
  366. $this->setTokenObjectInSession($resetToken);
  368. return $this->render('security/need_refresh_password.html.twig', [
  369. 'resetToken' => $resetToken,
  370. ]);
  371. }
  372. }