92 lines
2.5 KiB
PHP
92 lines
2.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Controller\Frontend\Account;
|
|
|
|
use App\Entity;
|
|
use App\Http\Response;
|
|
use App\Http\ServerRequest;
|
|
use App\Session\Flash;
|
|
use Doctrine\ORM\EntityManagerInterface;
|
|
use InvalidArgumentException;
|
|
use Psr\Http\Message\ResponseInterface;
|
|
use Throwable;
|
|
|
|
class RecoverAction
|
|
{
|
|
public function __invoke(
|
|
ServerRequest $request,
|
|
Response $response,
|
|
string $token,
|
|
Entity\Repository\UserLoginTokenRepository $loginTokenRepo,
|
|
EntityManagerInterface $em
|
|
): ResponseInterface {
|
|
$user = $loginTokenRepo->authenticate($token);
|
|
$flash = $request->getFlash();
|
|
|
|
if (!$user instanceof Entity\User) {
|
|
$flash->addMessage(
|
|
sprintf(
|
|
'<b>%s</b>',
|
|
__('Invalid token specified.'),
|
|
),
|
|
Flash::ERROR
|
|
);
|
|
|
|
return $response->withRedirect((string)$request->getRouter()->named('account:login'));
|
|
}
|
|
|
|
$csrf = $request->getCsrf();
|
|
$error = null;
|
|
|
|
if ($request->isPost()) {
|
|
try {
|
|
$data = $request->getParams();
|
|
|
|
$csrf->verify($data['csrf'] ?? null, 'recover');
|
|
|
|
if (empty($data['password'])) {
|
|
throw new InvalidArgumentException('Password required.');
|
|
}
|
|
|
|
$user = $request->getUser();
|
|
$user->setNewPassword($data['password']);
|
|
$user->setTwoFactorSecret();
|
|
|
|
$em->persist($user);
|
|
$em->flush();
|
|
|
|
$request->getAuth()->setUser($user);
|
|
|
|
$loginTokenRepo->revokeForUser($user);
|
|
|
|
$flash->addMessage(
|
|
sprintf(
|
|
'<b>%s</b><br>%s',
|
|
__('Logged in using account recovery token'),
|
|
__('Your password has been updated.')
|
|
),
|
|
Flash::SUCCESS
|
|
);
|
|
|
|
return $response->withRedirect((string)$request->getRouter()->named('dashboard'));
|
|
} catch (Throwable $e) {
|
|
$error = $e->getMessage();
|
|
}
|
|
}
|
|
|
|
return $request->getView()->renderVuePage(
|
|
response: $response,
|
|
component: 'Vue_Recover',
|
|
id: 'account-recover',
|
|
layout: 'minimal',
|
|
title: __('Recover Account'),
|
|
props: [
|
|
'csrf' => $csrf->generate('recover'),
|
|
'error' => $error,
|
|
]
|
|
);
|
|
}
|
|
}
|