AccountController::changePassword() - Code Metrics - Inspection of "Internal: Make password edition a single independe..." - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#5597)

unknown

created 2024-06-20 18:00 UTC

AccountController::changePassword() B

↳ Parent: AccountController

Complexity

Conditions	10
Paths	7

Size

Total Lines	44
Code Lines	30

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	10
eloc	30
nc	7
nop	3
dl	0
loc	44
rs	7.6666
c	0
b	0
f	0

How to fix Complexity

<?php

declare(strict_types=1);

/* For licensing terms, see /license.txt */

namespace Chamilo\CoreBundle\Controller;

use Chamilo\CoreBundle\Entity\User;
use Chamilo\CoreBundle\Form\ChangePasswordType;
use Chamilo\CoreBundle\Form\ProfileType;
use Chamilo\CoreBundle\Repository\Node\IllustrationRepository;
use Chamilo\CoreBundle\Repository\Node\UserRepository;
use Chamilo\CoreBundle\ServiceHelper\UserHelper;
use Chamilo\CoreBundle\Settings\SettingsManager;
use Chamilo\CoreBundle\Traits\ControllerTrait;
use Security;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Form\FormError;
use Symfony\Component\Security\Csrf\CsrfToken;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
use Symfony\Contracts\Translation\TranslatorInterface;

/**
 * @author Julio Montoya <[email protected]>
 */
#[Route('/account')]
class AccountController extends BaseController
{
    use ControllerTrait;

    public function __construct(
        private readonly UserHelper $userHelper,
        private readonly TranslatorInterface $translator
    ) {}

    #[Route('/edit', name: 'chamilo_core_account_edit', methods: ['GET', 'POST'])]
    public function edit(Request $request, UserRepository $userRepository, IllustrationRepository $illustrationRepo, SettingsManager $settingsManager): Response
    {
        $user = $this->userHelper->getCurrent();

        if (!\is_object($user) || !$user instanceof UserInterface) {
            throw $this->createAccessDeniedException('This user does not have access to this section');
        }

        /** @var User $user */
        $form = $this->createForm(ProfileType::class, $user);
        $form->setData($user);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
            $illustration = $form['illustration']->getData();
            if ($illustration) {
                $illustrationRepo->deleteIllustration($user);
                $illustrationRepo->addIllustration($user, $user, $illustration);
            }

            $showTermsIfProfileCompleted = ('true' === $settingsManager->getSetting('show_terms_if_profile_completed'));
            $user->setProfileCompleted($showTermsIfProfileCompleted);

            $userRepository->updateUser($user);
            $this->addFlash('success', $this->trans('Updated'));
            $url = $this->generateUrl('chamilo_core_account_home');

            $request->getSession()->set('_locale_user', $user->getLocale());

            return new RedirectResponse($url);
        }

        return $this->render('@ChamiloCore/Account/edit.html.twig', [
            'form' => $form,
            'user' => $user,
        ]);
    }

    #[Route('/change-password', name: 'chamilo_core_account_change_password', methods: ['GET', 'POST'])]
    public function changePassword(Request $request, UserRepository $userRepository, CsrfTokenManagerInterface $csrfTokenManager): Response
    {
        $user = $this->getUser();

        if (!\is_object($user) || !$user instanceof UserInterface) {
            throw $this->createAccessDeniedException('This user does not have access to this section');
        }

        $form = $this->createForm(ChangePasswordType::class);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
            $submittedToken = $request->request->get('_token');

            if (!$csrfTokenManager->isTokenValid(new CsrfToken('change_password', $submittedToken))) {
                $form->addError(new FormError($this->translator->trans('CSRF token is invalid. Please try again.')));
            } else {
                $currentPassword = $form->get('currentPassword')->getData();
                $newPassword = $form->get('newPassword')->getData();
                $confirmPassword = $form->get('confirmPassword')->getData();

                if (!$userRepository->isPasswordValid($user, $currentPassword)) {
                    $form->get('currentPassword')->addError(new FormError($this->translator->trans('Current password is incorrect.')));
                } elseif ($newPassword !== $confirmPassword) {
                    $form->get('confirmPassword')->addError(new FormError($this->translator->trans('Passwords do not match.')));
                } else {
                    $errors = $this->validatePassword($newPassword);
                    if (count($errors) > 0) {
                        foreach ($errors as $error) {
                            $form->get('newPassword')->addError(new FormError($error));
                        }
                    } else {
                        $user->setPlainPassword($newPassword);
                        $userRepository->updateUser($user);
                        $this->addFlash('success', $this->translator->trans('Password changed successfully.'));
                        return $this->redirectToRoute('chamilo_core_account_home');
                    }
                }
            }
        }

        return $this->render('@ChamiloCore/Account/change_password.html.twig', [
            'form' => $form->createView(),
        ]);
    }

    /**
     * Validate the password against the same requirements as the client-side validation.
     */
    private function validatePassword(string $password): array
    {
        $errors = [];
        $minRequirements = Security::getPasswordRequirements()['min'];

        if (strlen($password) < $minRequirements['length']) {
            $errors[] = $this->translator->trans('Password must be at least %length% characters long.', ['%length%' => $minRequirements['length']]);
        }
        if ($minRequirements['lowercase'] > 0 && !preg_match('/[a-z]/', $password)) {
            $errors[] = $this->translator->trans('Password must contain at least %count% lowercase characters.', ['%count%' => $minRequirements['lowercase']]);
        }
        if ($minRequirements['uppercase'] > 0 && !preg_match('/[A-Z]/', $password)) {
            $errors[] = $this->translator->trans('Password must contain at least %count% uppercase characters.', ['%count%' => $minRequirements['uppercase']]);
        }
        if ($minRequirements['numeric'] > 0 && !preg_match('/[0-9]/', $password)) {
            $errors[] = $this->translator->trans('Password must contain at least %count% numerical (0-9) characters.', ['%count%' => $minRequirements['numeric']]);
        }
        if ($minRequirements['specials'] > 0 && !preg_match('/[\W]/', $password)) {
            $errors[] = $this->translator->trans('Password must contain at least %count% special characters.', ['%count%' => $minRequirements['specials']]);
        }

        return $errors;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/* For licensing terms, see /license.txt */
6
7			namespace Chamilo\CoreBundle\Controller;
8
9			use Chamilo\CoreBundle\Entity\User;
10			use Chamilo\CoreBundle\Form\ChangePasswordType;
11			use Chamilo\CoreBundle\Form\ProfileType;
12			use Chamilo\CoreBundle\Repository\Node\IllustrationRepository;
13			use Chamilo\CoreBundle\Repository\Node\UserRepository;
14			use Chamilo\CoreBundle\ServiceHelper\UserHelper;
15			use Chamilo\CoreBundle\Settings\SettingsManager;
16			use Chamilo\CoreBundle\Traits\ControllerTrait;
17			use Security;
18			use Symfony\Component\HttpFoundation\RedirectResponse;
19			use Symfony\Component\HttpFoundation\Request;
20			use Symfony\Component\HttpFoundation\Response;
21			use Symfony\Component\Routing\Attribute\Route;
22			use Symfony\Component\Security\Core\User\UserInterface;
23			use Symfony\Component\Form\FormError;
24			use Symfony\Component\Security\Csrf\CsrfToken;
25			use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
26			use Symfony\Contracts\Translation\TranslatorInterface;
27
28			/**
29			* @author Julio Montoya <[email protected]>
30			*/
31			#[Route('/account')]
32			class AccountController extends BaseController
33			{
34			use ControllerTrait;
35
36			public function __construct(
37			private readonly UserHelper $userHelper,
38			private readonly TranslatorInterface $translator
39			) {}
40
41			#[Route('/edit', name: 'chamilo_core_account_edit', methods: ['GET', 'POST'])]
42			public function edit(Request $request, UserRepository $userRepository, IllustrationRepository $illustrationRepo, SettingsManager $settingsManager): Response
43			{
44			$user = $this->userHelper->getCurrent();
45
46			if (!\is_object($user) \|\| !$user instanceof UserInterface) {
47			throw $this->createAccessDeniedException('This user does not have access to this section');
48			}
49
50			/** @var User $user */
51			$form = $this->createForm(ProfileType::class, $user);
52			$form->setData($user);
53			$form->handleRequest($request);
54
55			if ($form->isSubmitted() && $form->isValid()) {
56			$illustration = $form['illustration']->getData();
57			if ($illustration) {
58			$illustrationRepo->deleteIllustration($user);
59			$illustrationRepo->addIllustration($user, $user, $illustration);
60			}
61
62			$showTermsIfProfileCompleted = ('true' === $settingsManager->getSetting('show_terms_if_profile_completed'));
63			$user->setProfileCompleted($showTermsIfProfileCompleted);
64
65			$userRepository->updateUser($user);
66			$this->addFlash('success', $this->trans('Updated'));
67			$url = $this->generateUrl('chamilo_core_account_home');
68
69			$request->getSession()->set('_locale_user', $user->getLocale());
70
71			return new RedirectResponse($url);
72			}
73
74			return $this->render('@ChamiloCore/Account/edit.html.twig', [
75			'form' => $form,
76			'user' => $user,
77			]);
78			}
79
80			#[Route('/change-password', name: 'chamilo_core_account_change_password', methods: ['GET', 'POST'])]
81			public function changePassword(Request $request, UserRepository $userRepository, CsrfTokenManagerInterface $csrfTokenManager): Response
82			{
83			$user = $this->getUser();
84
85			if (!\is_object($user) \|\| !$user instanceof UserInterface) {
86			throw $this->createAccessDeniedException('This user does not have access to this section');
87			}
88
89			$form = $this->createForm(ChangePasswordType::class);
90			$form->handleRequest($request);
91
92			if ($form->isSubmitted() && $form->isValid()) {
93			$submittedToken = $request->request->get('_token');
94
95			if (!$csrfTokenManager->isTokenValid(new CsrfToken('change_password', $submittedToken))) {
96			$form->addError(new FormError($this->translator->trans('CSRF token is invalid. Please try again.')));
97			} else {
98			$currentPassword = $form->get('currentPassword')->getData();
99			$newPassword = $form->get('newPassword')->getData();
100			$confirmPassword = $form->get('confirmPassword')->getData();
101
102			if (!$userRepository->isPasswordValid($user, $currentPassword)) {
103			$form->get('currentPassword')->addError(new FormError($this->translator->trans('Current password is incorrect.')));
104			} elseif ($newPassword !== $confirmPassword) {
105			$form->get('confirmPassword')->addError(new FormError($this->translator->trans('Passwords do not match.')));
106			} else {
107			$errors = $this->validatePassword($newPassword);
108			if (count($errors) > 0) {
109			foreach ($errors as $error) {
110			$form->get('newPassword')->addError(new FormError($error));
111			}
112			} else {
113			$user->setPlainPassword($newPassword);
114			$userRepository->updateUser($user);
115			$this->addFlash('success', $this->translator->trans('Password changed successfully.'));
116			return $this->redirectToRoute('chamilo_core_account_home');
117			}
118			}
119			}
120			}
121
122			return $this->render('@ChamiloCore/Account/change_password.html.twig', [
123			'form' => $form->createView(),
124			]);
125			}
126
127			/**
128			* Validate the password against the same requirements as the client-side validation.
129			*/
130			private function validatePassword(string $password): array
131			{
132			$errors = [];
133			$minRequirements = Security::getPasswordRequirements()['min'];
134
135			if (strlen($password) < $minRequirements['length']) {
136			$errors[] = $this->translator->trans('Password must be at least %length% characters long.', ['%length%' => $minRequirements['length']]);
137			}
138			if ($minRequirements['lowercase'] > 0 && !preg_match('/[a-z]/', $password)) {
139			$errors[] = $this->translator->trans('Password must contain at least %count% lowercase characters.', ['%count%' => $minRequirements['lowercase']]);
140			}
141			if ($minRequirements['uppercase'] > 0 && !preg_match('/[A-Z]/', $password)) {
142			$errors[] = $this->translator->trans('Password must contain at least %count% uppercase characters.', ['%count%' => $minRequirements['uppercase']]);
143			}
144			if ($minRequirements['numeric'] > 0 && !preg_match('/[0-9]/', $password)) {
145			$errors[] = $this->translator->trans('Password must contain at least %count% numerical (0-9) characters.', ['%count%' => $minRequirements['numeric']]);
146			}
147			if ($minRequirements['specials'] > 0 && !preg_match('/[\W]/', $password)) {
148			$errors[] = $this->translator->trans('Password must contain at least %count% special characters.', ['%count%' => $minRequirements['specials']]);
149			}
150
151			return $errors;
152			}
153			}
154

chamilo / chamilo-lms

Pull Request — master (#5597)

AccountController::changePassword() B

Complexity

Size

Duplication

Importance

How to fix Complexity

Long Method

Duplication Side-by-Side

Filter issues like