/** * @Method("GET|DELETE") * @Route("/{id}/delete", name="admin-user_delete") * @ParamConverter("user", class="Model:User") * @Template("admin/user/delete.html.twig") */ public function deleteAction(User $user, Request $request) { $deleteForm = $this->createFormBuilder(null, ['method' => 'DELETE'])->add('id', HiddenType::class, ['data' => $user->getId()])->getForm(); $deleteForm->handleRequest($request); if ($deleteForm->isValid()) { $this->em->remove($user); $this->em->flush($user); $this->addFlash('success', 'User removed.'); return $this->redirectToRoute('admin-user_list'); } return ['user' => $user, 'deleteForm' => $deleteForm->createView()]; }
/** * @Route("/set-password/{id}/{timestamp}/{hash}", name="web-set_password", requirements={"id"="^[a-z0-9-]{36}$", "timestamp"="^\d+$", "hash"="^[a-zA-Z0-9_-]+$"}) * @ParamConverter("resetUser", class="Model:User") * @Template("web/security/set-password.html.twig") */ public function setPassword(User $resetUser, $timestamp, $hash, Request $request) { $currentUser = $this->getUser(); if ($currentUser && $currentUser->getId() !== $resetUser->getId()) { // User is logged in as a different user. $this->addFlash('error', \Undine\Functions\format('Another user (%current_user) is already logged into the site on this computer, but you tried to use a one-time link for user %reset_user. Please <a href="!logout">logout</a> and try using the link again.', ['%current_user' => $currentUser->getName(), '%reset_user' => $resetUser->getName(), '!logout' => $this->container->get('security.logout_url_generator')->getLogoutUrl('web')])); return $this->redirectToRoute('web-reset_password'); } $timeout = 86400; // No time out for first time login. if ($resetUser->getLastLoginAt() && $timestamp + $timeout <= $this->currentTime->getTimestamp()) { $this->addFlash('error', 'You have tried to use a one-time login link that has expired. Please request a new one using the form below.'); return $this->redirectToRoute('web-reset_password'); } if ($resetUser->getLastLoginAt() && $resetUser->getLastLoginAt()->getTimestamp() >= $timestamp) { // The user was logged in after this login URL was generated. Show different message? $this->addFlash('error', 'You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below'); return $this->redirectToRoute('web-reset_password'); } if (!hash_equals($this->getLoginToken($resetUser, $timestamp), $hash)) { // The hash is plain wrong. This is a sign of attack. $this->dispatcher->dispatch(new UserResetPasswordFailedEvent($request, $resetUser), Events::USER_RESET_PASSWORD_FAILED); $this->logger->notice('Invalid reset password token used.', ['ip' => $request->getClientIp(), 'userId' => $resetUser->getId(), 'userName' => $resetUser->getName(), 'userEmail' => $resetUser->getEmail()]); $this->addFlash('error', 'You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'); return $this->redirectToRoute('web-reset_password'); } $form = $this->createFormBuilder(null, ['method' => 'POST', 'action' => $this->generateUrl('web-set_password', ['id' => $resetUser->getId(), 'timestamp' => $timestamp, 'hash' => $hash])])->add('password', 'password', ['attr' => ['autofocus' => true], 'constraints' => [new Type(['type' => 'string']), new NotBlank()]])->getForm(); $form->handleRequest($request); if ($form->isValid()) { $plainPassword = $form->getData()['password']; $password = $this->get('security.encoder_factory')->getEncoder(User::class)->encodePassword($plainPassword, ''); $resetUser->setPassword($password); $this->em->persist($resetUser); $this->em->flush($resetUser); $this->addFlash('success', 'You have successfully reset your password and have been logged in.'); // Log the user In. Check how UserAuthenticationProvider does it. $this->session->migrate(); $token = new UsernamePasswordToken($resetUser, $plainPassword, 'web', $resetUser->getRoles()); $this->get('security.token_storage')->setToken($token); // Dispatch the app event. $resetPasswordEvent = new UserResetPasswordEvent($resetUser); $this->dispatcher->dispatch(Events::USER_RESET_PASSWORD, $resetPasswordEvent); // Since we're logging the user in manually, we should also dispatch the appropriate event. $loginEvent = new InteractiveLoginEvent($request, $token); $this->dispatcher->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $loginEvent); return $this->redirectToRoute('web-home'); } return ['form' => $form->createView()]; }
public function includeSites(User $user, ParamBag $paramBag = null) { return $this->collection($user->getSites(), $this->transformers->get(Site::class)); }
public function getToken(User $user) { return $user->getId() . '-' . $user->getApiToken(); }