Commit 7d2a135a authored by Hermann Mayer's avatar Hermann Mayer

Refactored the UserController and UserType. Added secure password change…

Refactored the UserController and UserType. Added secure password change (requires now current password to work).
parent 3feab4fa
......@@ -89,9 +89,18 @@ class DefaultController extends Controller
*/
public function overallProcessAction()
{
$this->get('session')->getFlashBag()->add('error',
'Achtung, diese Seite befindet sich zur Zeit noch in der Entwicklung.'
);
// Try to get showDevelWarning flag from session
$develWarningFlag = $this->get('session')->get('develWarningFlag');
// If we found not flag, print our warning
if (empty($develWarningFlag)) {
$this->get('session')->getFlashBag()->add('error',
'Achtung, diese Seite befindet sich zur Zeit noch in der Entwicklung.'
);
$this->get('session')->set('develWarningFlag', true);
}
return new Response();
}
......@@ -105,10 +114,6 @@ class DefaultController extends Controller
*/
public function showPageAction($slug)
{
// $this->get('session')->getFlashBag()->add('notice', 'Diese Seite befindet sich aktuell in der Entwicklung.');
// $this->get('session')->getFlashBag()->add('success', 'Diese Seite befindet sich aktuell in der Entwicklung.');
// $this->get('session')->getFlashBag()->add('error', 'Diese Seite befindet sich aktuell in der Entwicklung.');
// Get Entity Manager
$em = $this->getDoctrine()->getEntityManager();
......
......@@ -46,39 +46,20 @@ class UserController extends Controller
$em = $this->getDoctrine()->getEntityManager();
// Try to find a valid user object
$entity = $this->container->get('security.context')->getToken()->getUser();
if (!$entity) {
throw $this->createNotFoundException('Unable to find User entity.');
}
$editForm = $this->createForm(new UserType(), $entity, array(
// Generate the dynamic form
$editForm = $this->createForm(new UserType($mode), $entity, array(
// Validate '$mode' Group
'validation_groups' => array($mode)
'validation_groups' => array($mode),
));
if ('profile' == $mode) {
// We dont want to modify the Email and Password here
$editForm->remove('email');
$editForm->remove('password');
$editForm->remove('password_control');
} elseif ('email' == $mode) {
$editForm->remove('password');
$editForm->remove('password_control');
$editForm->remove('firstName');
$editForm->remove('lastName');
} elseif ('password' == $mode) {
$editForm->remove('email');
$editForm->remove('firstName');
$editForm->remove('lastName');
}
return $this->render('JityHomepageBundle:User:edit.html.twig', array(
'entity' => $entity,
'mode' => $mode,
......@@ -103,50 +84,52 @@ class UserController extends Controller
return $this->redirect($this->generateUrl('user_dashboard'));
}
$em = $this->getDoctrine()->getEntityManager();
// Try to find a valid user object
$entity = $this->container->get('security.context')->getToken()->getUser();
if (!$entity) {
throw $this->createNotFoundException('Unable to find User entity.');
}
$editForm = $this->createForm(new UserType(), $entity, array(
// Save current user for validation
$currentUser = clone $entity;
// Generate the dynamic form
$editForm = $this->createForm(new UserType($mode), $entity, array(
// Validate '$mode' Group
'validation_groups' => array($mode)
));
if ('profile' == $mode) {
$editForm->bind($this->getRequest());
$editForm->remove('email');
$editForm->remove('password');
$editForm->remove('password_control');
if ($editForm->isValid()) {
} elseif ('email' == $mode) {
$em = $this->getDoctrine()->getEntityManager();
$editForm->remove('password');
$editForm->remove('password_control');
$editForm->remove('firstName');
$editForm->remove('lastName');
if ('password' == $mode) {
} elseif ('password' == $mode) {
// Check the old password field to secure the
// password change. At this point the two new
// passwords are equal. (Checked by form)
$editForm->remove('email');
$editForm->remove('firstName');
$editForm->remove('lastName');
}
// Get Password Encoder (definded in app/config/security.yml)
$encoder = $this->get('security.encoder_factory')->getEncoder($entity);
$request = $this->getRequest();
// Get current password from form (password_old)
$currentPassword = $editForm->get('password_old')->getData();
$editForm->bind($request);
// Hash the current password for validation
$currentHash = $encoder->encodePassword($currentPassword, $currentUser->getSalt());
if ($editForm->isValid()) {
// Reject the request and redirect to form
if ($currentHash !== $currentUser->getPassword()) {
// Write flash message and redirect back
$this->get('session')->getFlashBag()->add('error', 'Das alte Password stimmt nicht mit ihrem aktuellen überein.');
if ('password' == $mode) {
// Get Password Encoder (definded in app/config/security.yml)
$encoder = $this->get('security.encoder_factory')->getEncoder($entity);
return $this->redirect($this->generateUrl('user_edit', array('mode' => 'password')));
}
// Regenerate Salt
$entity->setSalt();
......@@ -156,9 +139,13 @@ class UserController extends Controller
$entity->setPassword($password);
}
// Write current changes
$em->persist($entity);
$em->flush();
// Write flash message and redirect back
$this->get('session')->getFlashBag()->add('success', 'Ihr Password wurde erfolgreich geändert.');
return $this->redirect($this->generateUrl('user_dashboard'));
}
......
......@@ -15,6 +15,39 @@ use Symfony\Component\OptionsResolver\OptionsResolverInterface;
*/
class UserType extends AbstractType
{
const MODE_CHANGE_PASSWORD = 1;
const MODE_CHANGE_PROFILE = 2;
const MODE_CHANGE_EMAIL = 4;
private $mode;
/**
* __construct
*
* @param mixed $mode
* @access public
* @return void
*/
public function __construct($mode)
{
// Find the correct UserType mode for our view mode
// This is needed for the dynamic generation of the form
if ('profile' == $mode) {
$mode = UserType::MODE_CHANGE_PROFILE;
} elseif ('email' == $mode) {
$mode = UserType::MODE_CHANGE_EMAIL;
} elseif ('password' == $mode) {
$mode = UserType::MODE_CHANGE_PASSWORD;
}
$this->mode = $mode;
}
/**
* buildForm
*
......@@ -25,16 +58,46 @@ class UserType extends AbstractType
*/
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder->add('firstName', null, array('label' => 'Vorname'));
$builder->add('lastName', null, array('label' => 'Nachname'));
$builder->add('email', 'email', array('label' => 'Email Adresse'));
$builder->add('password', 'repeated', array(
'type' => 'password',
'invalid_message' => 'Die angegebenen Passwörten stimmen nicht überein.',
'options' => array('label' => 'Passwort'),
'first_options' => array('label' => 'Passwort'),
'second_options' => array('label' => 'Passwort Wiederholung'),
));
// Add the specific field on the matching modes
if (self::MODE_CHANGE_PROFILE & ($this->mode)) {
$builder->add('firstName', null, array(
'label' => 'Vorname'
));
$builder->add('lastName', null, array(
'label' => 'Nachname'
));
}
if (self::MODE_CHANGE_EMAIL & ($this->mode)) {
$builder->add('email', 'email', array(
'label' => 'Email Adresse'
));
}
if (self::MODE_CHANGE_PASSWORD & ($this->mode)) {
$builder->add('password_old', 'password', array(
'property_path' => false,
'label' => 'Altes Passwort'
));
$builder->add('password', 'repeated', array(
'type' => 'password',
'invalid_message' => 'Die angegebenen Passwörten stimmen nicht überein.',
'options' => array(
'label' => 'Neues Passwort'
),
'first_options' => array(
'label' => 'Neues Passwort'
),
'second_options' => array(
'label' => 'Wiederholung des neuen Passwort'
),
));
}
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment