Update reset password

5 years ago · c007dec451
parent d30294da07
commit c007dec451
4 changed files with 26 additions and 29 deletions
--- a/config/packages/reset_password.yaml
+++ b/config/packages/reset_password.yaml
@ -1,2 +1,5 @@
 symfonycasts_reset_password:
    request_password_repository: Chamilo\CoreBundle\Repository\ResetPasswordRequestRepository
+    lifetime: 3600
+    throttle_limit: 3600
+    enable_garbage_collection: true
--- a/src/CoreBundle/Controller/ResetPasswordController.php
+++ b/src/CoreBundle/Controller/ResetPasswordController.php
@ -62,12 +62,12 @@ class ResetPasswordController extends AbstractController
    public function checkEmail(): Response
    {
        // We prevent users from directly accessing this page
-        if (!$this->canCheckEmail()) {
+        if (null === ($resetToken = $this->getTokenObjectFromSession())) {
            return $this->redirectToRoute('app_forgot_password_request');
        }

        return $this->render('@ChamiloCore/reset_password/check_email.html.twig', [
-            'tokenLifetime' => $this->resetPasswordHelper->getTokenLifetime(),
+            'resetToken' => $resetToken,
        ]);
    }

@ -136,9 +136,6 @@ class ResetPasswordController extends AbstractController
            'email' => $emailFormData,
        ]);

-        // Marks that you are allowed to see the app_check_email page.
-        $this->setCanCheckEmailInSession();
-
        // Do not reveal whether a user account was found or not.
        if (!$user) {
            return $this->redirectToRoute('app_check_email');
@ -147,27 +144,33 @@ class ResetPasswordController extends AbstractController
        try {
            $resetToken = $this->resetPasswordHelper->generateResetToken($user);
        } catch (ResetPasswordExceptionInterface $e) {
-            $this->addFlash('reset_password_error', sprintf(
-                'There was a problem handling your password reset request - %s',
-                $e->getReason()
-            ));
+            // If you want to tell the user why a reset email was not sent, uncomment
+            // the lines below and change the redirect to 'app_forgot_password_request'.
+            // Caution: This may reveal if a user is registered or not.
+            //
+            // $this->addFlash('reset_password_error', sprintf(
+            //     'There was a problem handling your password reset request - %s',
+            //     $e->getReason()
+            // ));

-            return $this->redirectToRoute('app_forgot_password_request');
+            return $this->redirectToRoute('app_check_email');
        }

        $email = (new TemplatedEmail())
-            ->from(new Address('test@test.com', 'test'))
+            ->from(new Address('admin@example.com', 'Admin'))
            ->to($user->getEmail())
            ->subject('Your password reset request')
            ->htmlTemplate('@ChamiloCore/reset_password/email.html.twig')
            ->context([
                'resetToken' => $resetToken,
-                'tokenLifetime' => $this->resetPasswordHelper->getTokenLifetime(),
            ])
        ;

        $mailer->send($email);

+        // Store the token object in session for retrieval in check-email route.
+        $this->setTokenObjectInSession($resetToken);
+
        return $this->redirectToRoute('app_check_email');
    }
 }
--- a/src/CoreBundle/Entity/ResetPasswordRequest.php
+++ b/src/CoreBundle/Entity/ResetPasswordRequest.php
@ -14,16 +14,16 @@ class ResetPasswordRequest implements ResetPasswordRequestInterface
    use ResetPasswordRequestTrait;

    /**
-     * @ORM\Id()
-     * @ORM\GeneratedValue()
+     * @ORM\Id
+     * @ORM\GeneratedValue
     * @ORM\Column(type="integer")
     */
-    protected $id;
+    private $id;

    /**
     * @ORM\ManyToOne(targetEntity="Chamilo\CoreBundle\Entity\User")
     */
-    protected $user;
+    private $user;

    public function __construct(object $user, \DateTimeInterface $expiresAt, string $selector, string $hashedToken)
    {
@ -31,7 +31,7 @@ class ResetPasswordRequest implements ResetPasswordRequestInterface
        $this->initialize($expiresAt, $selector, $hashedToken);
    }

-    public function getId()
+    public function getId(): ?int
    {
        return $this->id;
    }
--- a/src/CoreBundle/Repository/ResetPasswordRequestRepository.php
+++ b/src/CoreBundle/Repository/ResetPasswordRequestRepository.php
@ -24,17 +24,8 @@ class ResetPasswordRequestRepository extends ServiceEntityRepository implements
        parent::__construct($registry, ResetPasswordRequest::class);
    }

-    public function createResetPasswordRequest(
-        object $user,
-        \DateTimeInterface $expiresAt,
-        string $selector,
-        string $hashedToken
-    ): ResetPasswordRequestInterface {
-        return new ResetPasswordRequest(
-            $user,
-            $expiresAt,
-            $selector,
-            $hashedToken
-        );
+    public function createResetPasswordRequest(object $user, \DateTimeInterface $expiresAt, string $selector, string $hashedToken): ResetPasswordRequestInterface
+    {
+        return new ResetPasswordRequest($user, $expiresAt, $selector, $hashedToken);
    }
 }