Refactored the UserController and UserType. Added secure password change... (7d2a135a) · Commits · Jity / jity

src/Jity/HomepageBundle/Controller/DefaultController.php

+12 −7

Original line number	Diff line number	Diff line
		@@ -89,10 +89,19 @@ class DefaultController extends Controller
		*/
		public function overallProcessAction()
		{
		// Try to get showDevelWarning flag from session
		$develWarningFlag = $this->get('session')->get('develWarningFlag');

		// If we found not flag, print our warning
		if (empty($develWarningFlag)) {

		$this->get('session')->getFlashBag()->add('error',
		'Achtung, diese Seite befindet sich zur Zeit noch in der Entwicklung.'
		);

		$this->get('session')->set('develWarningFlag', true);
		}

		return new Response();
		}

		@@ -105,10 +114,6 @@ class DefaultController extends Controller
		*/
		public function showPageAction($slug)
		{
		// $this->get('session')->getFlashBag()->add('notice', 'Diese Seite befindet sich aktuell in der Entwicklung.');
		// $this->get('session')->getFlashBag()->add('success', 'Diese Seite befindet sich aktuell in der Entwicklung.');
		// $this->get('session')->getFlashBag()->add('error', 'Diese Seite befindet sich aktuell in der Entwicklung.');

		// Get Entity Manager
		$em = $this->getDoctrine()->getEntityManager();

src/Jity/HomepageBundle/Controller/UserController.php

+34 −47

Original line number	Diff line number	Diff line
		@@ -46,39 +46,20 @@ class UserController extends Controller

		$em = $this->getDoctrine()->getEntityManager();

		// Try to find a valid user object
		$entity = $this->container->get('security.context')->getToken()->getUser();

		if (!$entity) {
		throw $this->createNotFoundException('Unable to find User entity.');
		}

		$editForm = $this->createForm(new UserType(), $entity, array(
		// Generate the dynamic form
		$editForm = $this->createForm(new UserType($mode), $entity, array(

		// Validate '$mode' Group
		'validation_groups' => array($mode)
		'validation_groups' => array($mode),
		));

		if ('profile' == $mode) {

		// We dont want to modify the Email and Password here
		$editForm->remove('email');
		$editForm->remove('password');
		$editForm->remove('password_control');

		} elseif ('email' == $mode) {

		$editForm->remove('password');
		$editForm->remove('password_control');
		$editForm->remove('firstName');
		$editForm->remove('lastName');

		} elseif ('password' == $mode) {

		$editForm->remove('email');
		$editForm->remove('firstName');
		$editForm->remove('lastName');
		}

		return $this->render('JityHomepageBundle:User:edit.html.twig', array(
		'entity' => $entity,
		'mode' => $mode,
		@@ -103,50 +84,52 @@ class UserController extends Controller
		return $this->redirect($this->generateUrl('user_dashboard'));
		}

		$em = $this->getDoctrine()->getEntityManager();

		// Try to find a valid user object
		$entity = $this->container->get('security.context')->getToken()->getUser();

		if (!$entity) {
		throw $this->createNotFoundException('Unable to find User entity.');
		}

		$editForm = $this->createForm(new UserType(), $entity, array(
		// Save current user for validation
		$currentUser = clone $entity;

		// Generate the dynamic form
		$editForm = $this->createForm(new UserType($mode), $entity, array(

		// Validate '$mode' Group
		'validation_groups' => array($mode)
		));

		if ('profile' == $mode) {
		$editForm->bind($this->getRequest());

		$editForm->remove('email');
		$editForm->remove('password');
		$editForm->remove('password_control');
		if ($editForm->isValid()) {

		} elseif ('email' == $mode) {
		$em = $this->getDoctrine()->getEntityManager();

		$editForm->remove('password');
		$editForm->remove('password_control');
		$editForm->remove('firstName');
		$editForm->remove('lastName');
		if ('password' == $mode) {

		} elseif ('password' == $mode) {
		// Check the old password field to secure the
		// password change. At this point the two new
		// passwords are equal. (Checked by form)

		$editForm->remove('email');
		$editForm->remove('firstName');
		$editForm->remove('lastName');
		}
		// Get Password Encoder (definded in app/config/security.yml)
		$encoder = $this->get('security.encoder_factory')->getEncoder($entity);

		$request = $this->getRequest();
		// Get current password from form (password_old)
		$currentPassword = $editForm->get('password_old')->getData();

		$editForm->bind($request);
		// Hash the current password for validation
		$currentHash = $encoder->encodePassword($currentPassword, $currentUser->getSalt());

		if ($editForm->isValid()) {
		// Reject the request and redirect to form
		if ($currentHash !== $currentUser->getPassword()) {

		if ('password' == $mode) {
		// Write flash message and redirect back
		$this->get('session')->getFlashBag()->add('error', 'Das alte Password stimmt nicht mit ihrem aktuellen überein.');

		// Get Password Encoder (definded in app/config/security.yml)
		$encoder = $this->get('security.encoder_factory')->getEncoder($entity);
		return $this->redirect($this->generateUrl('user_edit', array('mode' => 'password')));
		}

		// Regenerate Salt
		$entity->setSalt();
		@@ -156,9 +139,13 @@ class UserController extends Controller
		$entity->setPassword($password);
		}

		// Write current changes
		$em->persist($entity);
		$em->flush();

		// Write flash message and redirect back
		$this->get('session')->getFlashBag()->add('success', 'Ihr Password wurde erfolgreich geändert.');

		return $this->redirect($this->generateUrl('user_dashboard'));
		}

src/Jity/HomepageBundle/Form/UserType.php

+73 −10

Original line number	Diff line number	Diff line
		@@ -15,6 +15,39 @@ use Symfony\Component\OptionsResolver\OptionsResolverInterface;
		*/
		class UserType extends AbstractType
		{
		const MODE_CHANGE_PASSWORD = 1;
		const MODE_CHANGE_PROFILE = 2;
		const MODE_CHANGE_EMAIL = 4;

		private $mode;

		/**
		* __construct
		*
		* @param mixed $mode
		* @access public
		* @return void
		*/
		public function __construct($mode)
		{
		// Find the correct UserType mode for our view mode
		// This is needed for the dynamic generation of the form
		if ('profile' == $mode) {

		$mode = UserType::MODE_CHANGE_PROFILE;

		} elseif ('email' == $mode) {

		$mode = UserType::MODE_CHANGE_EMAIL;

		} elseif ('password' == $mode) {

		$mode = UserType::MODE_CHANGE_PASSWORD;
		}

		$this->mode = $mode;
		}

		/**
		* buildForm
		*
		@@ -25,17 +58,47 @@ class UserType extends AbstractType
		*/
		public function buildForm(FormBuilderInterface $builder, array $options)
		{
		$builder->add('firstName', null, array('label' => 'Vorname'));
		$builder->add('lastName', null, array('label' => 'Nachname'));
		$builder->add('email', 'email', array('label' => 'Email Adresse'));
		// Add the specific field on the matching modes
		if (self::MODE_CHANGE_PROFILE & ($this->mode)) {

		$builder->add('firstName', null, array(
		'label' => 'Vorname'
		));

		$builder->add('lastName', null, array(
		'label' => 'Nachname'
		));
		}

		if (self::MODE_CHANGE_EMAIL & ($this->mode)) {

		$builder->add('email', 'email', array(
		'label' => 'Email Adresse'
		));
		}

		if (self::MODE_CHANGE_PASSWORD & ($this->mode)) {

		$builder->add('password_old', 'password', array(
		'property_path' => false,
		'label' => 'Altes Passwort'
		));

		$builder->add('password', 'repeated', array(
		'type' => 'password',
		'invalid_message' => 'Die angegebenen Passwörten stimmen nicht überein.',
		'options' => array('label' => 'Passwort'),
		'first_options' => array('label' => 'Passwort'),
		'second_options' => array('label' => 'Passwort Wiederholung'),
		'options' => array(
		'label' => 'Neues Passwort'
		),
		'first_options' => array(
		'label' => 'Neues Passwort'
		),
		'second_options' => array(
		'label' => 'Wiederholung des neuen Passwort'
		),
		));
		}
		}

		/**
		* getName