groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-24 03:49:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added an mechanism to reset passwords via mail.

Browse source
This commit is contained in:
Jan Böhmer 2019-11-24 22:49:22 +01:00
parent 0716b8ff93
commit 6a0d027675
20 changed files with 2373 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

101
src/Controller/SecurityController.php
View file

@ -21,12 +21,31 @@
namespace App\Controller;
use App\Services\PasswordResetManager;
use Doctrine\ORM\EntityManagerInterface;
use Gregwar\CaptchaBundle\Type\CaptchaType;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Form\Extension\Core\Type\PasswordType;
use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Extension\Core\Type\TextType;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Mailer\MailerInterface;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Symfony\Component\Validator\Constraints\Length;
use Symfony\Component\Validator\Constraints\NotBlank;
use Symfony\Contracts\Translation\TranslatorInterface;
class SecurityController extends AbstractController
{
protected $translator;
public function __construct(TranslatorInterface $translator)
{
$this->translator = $translator;
}
/**
* @Route("/login", name="login", methods={"GET", "POST"})
*/
@ -44,6 +63,88 @@ class SecurityController extends AbstractController
]);
}
/**
* @Route("/pw_reset/request", name="pw_reset_request")
*/
public function requestPwReset(PasswordResetManager $passwordReset, Request $request)
{
$builder = $this->createFormBuilder();
$builder->add('user', TextType::class, [
'label' => $this->translator->trans('pw_reset.user_or_password'),
'constraints' => [new NotBlank()]
]);
$builder->add('captcha', CaptchaType::class, [
'width' => 200,
'height' => 50,
'length' => 6,
]);
$builder->add('submit', SubmitType::class, [
'label' => 'pw_reset.submit'
]);
$form = $builder->getForm();
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
$passwordReset->request($form->getData()['user']);
$this->addFlash('success', $this->translator->trans('pw_reset.request.success'));
//return $this->redirectToRoute('login');
}
return $this->render('security/pw_reset_request.html.twig', [
'form' => $form->createView()
]);
}
/**
* @Route("/pw_reset/new_pw/{user}/{token}", name="pw_reset_new_pw")
*/
public function pwResetNewPw(PasswordResetManager $passwordReset, Request $request, string $user = null, string $token = null)
{
$data = ['username' => $user, 'token' => $token];
$builder = $this->createFormBuilder($data);
$builder->add('username', TextType::class, [
'label' => $this->translator->trans('pw_reset.username')
]);
$builder->add('token', TextType::class, [
'label' => $this->translator->trans('pw_reset.token')
]);
$builder->add('new_password', RepeatedType::class, [
'type' => PasswordType::class,
'first_options' => ['label' => 'user.settings.pw_new.label'],
'second_options' => ['label' => 'user.settings.pw_confirm.label'],
'invalid_message' => 'password_must_match',
'constraints' => [new Length([
'min' => 6,
'max' => 128,
])],
]);
$builder->add('submit', SubmitType::class, [
'label' => 'pw_reset.submit'
]);
$form = $builder->getForm();
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
$data = $form->getData();
//Try to set the new password
$success = $passwordReset->setNewPassword($data['username'], $data['token'], $data['new_password']);
if (!$success) {
$this->addFlash('error', $this->translator->trans('pw_reset.new_pw.error'));
} else {
$this->addFlash('success', $this->translator->trans('pw_reset.new_pw.success'));
return $this->redirectToRoute('login');
}
}
return $this->render('security/pw_reset_new_pw.html.twig', [
'form' => $form->createView()
]);
}
/**
* @Route("/logout", name="logout")
*/

42
src/Entity/UserSystem/User.php
View file

@ -394,6 +394,48 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
return $this;
}
/**
* Returns the encrypted password reset token
* @return string|null
*/
public function getPwResetToken(): ?string
{
return $this->pw_reset_token;
}
/**
* Sets the encrypted password reset token
* @param string|null $pw_reset_token
* @return User
*/
public function setPwResetToken(?string $pw_reset_token): User
{
$this->pw_reset_token = $pw_reset_token;
return $this;
}
/**
* Gets the datetime when the password reset token expires
* @return \DateTime
*/
public function getPwResetExpires(): \DateTime
{
return $this->pw_reset_expires;
}
/**
* Sets the datetime when the password reset token expires
* @param \DateTime $pw_reset_expires
* @return User
*/
public function setPwResetExpires(\DateTime $pw_reset_expires): User
{
$this->pw_reset_expires = $pw_reset_expires;
return $this;
}
/************************************************
* Getters
************************************************/

58
src/EventSubscriber/MailFromListener.php Normal file
View file

@ -0,0 +1,58 @@
<?php
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
* Copyright (C) 2019 Jan Böhmer (https://github.com/jbtronics)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
namespace App\EventSubscriber;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Mailer\Event\MessageEvent;
use Symfony\Component\Mime\Address;
use Symfony\Component\Mime\Email;
class MailFromListener implements EventSubscriberInterface
{
protected $email;
protected $name;
public function __construct(string $email, string $name)
{
$this->email = $email;
$this->name = $name;
}
public function onMessage(MessageEvent $event): void
{
$address = new Address($this->email, $this->name);
$event->getEnvelope()->setSender($address);
$email = $event->getMessage();
if ($email instanceof Email) {
$email->from($address);
}
}
public static function getSubscribedEvents()
{
return [
// should be the last one to allow header changes by other listeners first
MessageEvent::class => ['onMessage'],
];
}
}

28
src/Repository/UserRepository.php
View file

@ -26,6 +26,7 @@ use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\ORM\EntityManagerInterface;
use Doctrine\ORM\EntityRepository;
use Doctrine\ORM\Mapping;
use Doctrine\ORM\NonUniqueResultException;
use Symfony\Bridge\Doctrine\RegistryInterface;
/**
@ -44,7 +45,7 @@ class UserRepository extends EntityRepository
*
* @return User|null
*/
public function getAnonymousUser()
public function getAnonymousUser() : ?User
{
if ($this->anonymous_user === null) {
$this->anonymous_user = $this->findOneBy([
@ -54,4 +55,29 @@ class UserRepository extends EntityRepository
return $this->anonymous_user;
}
/**
* Find a user by its name or its email. Useful for login or password reset purposes.
* @param string $name_or_password The username or the email of the user that should be found
* @return User|null The user if it is existing, null if no one matched the criteria
*/
public function findByEmailOrName(string $name_or_password) : ?User
{
if (empty($name_or_password)) {
return null;
}
$qb = $this->createQueryBuilder('u');
$qb->select('u')
->where('u.name = (:name)')
->orWhere('u.email = (:email)');
$qb->setParameters(['email' => $name_or_password, 'name' => $name_or_password]);
try {
return $qb->getQuery()->getOneOrNullResult();
} catch (NonUniqueResultException $exception) {
return null;
}
}
}

135
src/Services/PasswordResetManager.php Normal file
View file

@ -0,0 +1,135 @@
<?php
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
* Copyright (C) 2019 Jan Böhmer (https://github.com/jbtronics)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
namespace App\Services;
use App\Entity\UserSystem\User;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bridge\Twig\Mime\TemplatedEmail;
use Symfony\Component\Mailer\MailerInterface;
use Symfony\Component\Mime\Address;
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
use Symfony\Contracts\Translation\TranslatorInterface;
class PasswordResetManager
{
protected $mailer;
protected $em;
protected $passwordEncoder;
protected $translator;
protected $userPasswordEncoder;
public function __construct(MailerInterface $mailer, EntityManagerInterface $em,
TranslatorInterface $translator, UserPasswordEncoderInterface $userPasswordEncoder,
EncoderFactoryInterface $encoderFactory)
{
$this->em = $em;
$this->mailer = $mailer;
/** @var PasswordEncoderInterface passwordEncoder */
$this->passwordEncoder = $encoderFactory->getEncoder(User::class);
$this->translator = $translator;
$this->userPasswordEncoder = $userPasswordEncoder;
}
public function request(string $name_or_email) : void
{
$repo = $this->em->getRepository(User::class);
//Try to find a user by the given string
$user = $repo->findByEmailOrName($name_or_email);
//Do nothing if no user was found
if ($user === null) {
return;
}
$unencrypted_token = md5(random_bytes(32));
$user->setPwResetToken($this->passwordEncoder->encodePassword($unencrypted_token, null));
//Determine the expiration datetime of
$expiration_date = new \DateTime();
$expiration_date->add(date_interval_create_from_date_string('1 day'));
$user->setPwResetExpires($expiration_date);
if (!empty($user->getEmail())) {
$address = new Address($user->getEmail(), $user->getFullName());
$mail = new TemplatedEmail();
$mail->to($address);
$mail->subject($this->translator->trans('pw_reset.email.subject'));
$mail->htmlTemplate("mail/pw_reset.html.twig");
$mail->context([
'expiration_date' => $expiration_date,
'token' => $unencrypted_token,
'user' => $user
]);
//Send email
$this->mailer->send($mail);
}
//Save changes to DB
$this->em->flush();
}
/**
* Sets the new password of the user with the given name, if the token is valid.
* @param string $user The name of the user, which password should be reset
* @param string $token The token that should be used to reset the password
* @param string $new_password The new password that should be applied to user
* @return bool Returns true, if the new password was applied. False, if either the username is unknown or the
* token is invalid or expired.
*/
public function setNewPassword(string $user, string $token, string $new_password) : bool
{
//Try to find the user
$repo = $this->em->getRepository(User::class);
/** @var User $user */
$user = $repo->findOneBy(['name' => $user]);
//If no user matching the name, show an error message
if ($user === null) {
return false;
}
//Check if token is expired yet
if ($user->getPwResetExpires() < new \DateTime()) {
return false;
}
//Check if token is valid
if (!$this->passwordEncoder->isPasswordValid($user->getPwResetToken(), $token, null)) {
return false;
}
//When everything was valid, apply the new password
$user->setPassword($this->userPasswordEncoder->encodePassword($user, $new_password));
//Remove token
$user->setPwResetToken(null);
$user->setPwResetExpires(new \DateTime());
//Save to DB
$this->em->flush();
return true;
}
}