Issues in SecurityController.php (master) - Issues in master - julienj/twity - Measure and Improve Code Quality continuously with Scrutinizer

Issues (28)

src/Controller/SecurityController.php (2 issues)

Severity

Unknown 2

<?php

namespace App\Controller;

use App\Document\User;
use App\Form\ResetPasswordType;
use App\Mailer;
use App\Security\ResetPasswordTokenManager;
use Doctrine\ODM\MongoDB\DocumentManager;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;

class SecurityController extends AbstractController
{
    /**
     * @Route("/login", name="login")
     */
    public function login(AuthenticationUtils $authenticationUtils, $gitlabDomain): Response
    {
        // get the login error if there is one
        $error = $authenticationUtils->getLastAuthenticationError();
        // last username entered by the user
        $lastUsername = $authenticationUtils->getLastUsername();

        return $this->render('security/login.html.twig', [
            'hasGitlab' => null !== $gitlabDomain,
            'last_username' => $lastUsername,
            'error' => $error,
        ]);
    }

    /**
     * @Route("/password", name="forget_password")
     */
    public function forgetPassword(
        Request $request,
        DocumentManager $dm,
        Mailer $mailer,
        ResetPasswordTokenManager $passwordTokenManager): Response
    {
        if ('POST' === $request->getMethod()) {
            /** @var User $user */
            $user = $dm->getRepository('App:User')->findOneBy([
                'email' => $request->request->get('email'),
            ]);

            if ($user) {

                $user->setResetPasswordToken($passwordTokenManager->generate());
                $dm->flush();
                $mailer->sendResetPasswordEmail($user);
            }

            $this->addFlash('info', 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.');

            return $this->redirectToRoute('login');
        }

        return $this->render('security/forgetPassword.html.twig');
    }

    /**
     * @Route("/password/{token}", name="reset_password")
     */
    public function resetPassword(
        Request $request,
        $token,
        DocumentManager $dm,
        ResetPasswordTokenManager $passwordTokenManager,
        UserPasswordEncoderInterface $passwordEncoder): Response
    {
        /** @var User $user */
        $user = $dm->getRepository('App:User')->findOneBy([
            'resetPasswordToken' => $token,
        ]);

        if (!$user) {

            $this->addFlash('danger', 'Invalid token.');

            return $this->redirectToRoute('login');
        }

        if (!$passwordTokenManager->isValid($token)) {
            $this->addFlash('danger', 'Expired token.');

            return $this->redirectToRoute('login');
        }

        $form = $this->createForm(ResetPasswordType::class, $user);

        if ('POST' === $request->getMethod()) {
            $form->handleRequest($request);

            if ($form->isSubmitted() && $form->isValid()) {
                $user->setPassword($passwordEncoder->encodePassword($user, $user->getPlainPassword()));
                $dm->flush();

                $this->addFlash('info', 'Your password has been changed.');

                return $this->redirectToRoute('login');
            }
        }

        return $this->render('security/resetPassword.html.twig', [
            'form' => $form->createView(),
        ]);
    }
}


1			<?php
2
3			namespace App\Controller;
4
5			use App\Document\User;
6			use App\Form\ResetPasswordType;
7			use App\Mailer;
8			use App\Security\ResetPasswordTokenManager;
9			use Doctrine\ODM\MongoDB\DocumentManager;
10			use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
11			use Symfony\Component\HttpFoundation\Request;
12			use Symfony\Component\HttpFoundation\Response;
13			use Symfony\Component\Routing\Annotation\Route;
14			use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
15			use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
16
17			class SecurityController extends AbstractController
18			{
19			/**
20			* @Route("/login", name="login")
21			*/
22			public function login(AuthenticationUtils $authenticationUtils, $gitlabDomain): Response
23			{
24			// get the login error if there is one
25			$error = $authenticationUtils->getLastAuthenticationError();
26			// last username entered by the user
27			$lastUsername = $authenticationUtils->getLastUsername();
28
29			return $this->render('security/login.html.twig', [
30			'hasGitlab' => null !== $gitlabDomain,
31			'last_username' => $lastUsername,
32			'error' => $error,
33			]);
34			}
35
36			/**
37			* @Route("/password", name="forget_password")
38			*/
39			public function forgetPassword(
40			Request $request,
41			DocumentManager $dm,
42			Mailer $mailer,
43			ResetPasswordTokenManager $passwordTokenManager): Response
44			{
45			if ('POST' === $request->getMethod()) {
46			/** @var User $user */
47			$user = $dm->getRepository('App:User')->findOneBy([
48			'email' => $request->request->get('email'),
49			]);
50
51			if ($user) {
			0 ignored issues – show introduced 2019-01-27 14:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$user` is of type `App\Document\User`, thus it always evaluated to `true`. Loading history...
52			$user->setResetPasswordToken($passwordTokenManager->generate());
53			$dm->flush();
54			$mailer->sendResetPasswordEmail($user);
55			}
56
57			$this->addFlash('info', 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.');
58
59			return $this->redirectToRoute('login');
60			}
61
62			return $this->render('security/forgetPassword.html.twig');
63			}
64
65			/**
66			* @Route("/password/{token}", name="reset_password")
67			*/
68			public function resetPassword(
69			Request $request,
70			$token,
71			DocumentManager $dm,
72			ResetPasswordTokenManager $passwordTokenManager,
73			UserPasswordEncoderInterface $passwordEncoder): Response
74			{
75			/** @var User $user */
76			$user = $dm->getRepository('App:User')->findOneBy([
77			'resetPasswordToken' => $token,
78			]);
79
80			if (!$user) {
			0 ignored issues – show introduced 2019-01-27 14:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$user` is of type `App\Document\User`, thus it always evaluated to `true`. Loading history...
81			$this->addFlash('danger', 'Invalid token.');
82
83			return $this->redirectToRoute('login');
84			}
85
86			if (!$passwordTokenManager->isValid($token)) {
87			$this->addFlash('danger', 'Expired token.');
88
89			return $this->redirectToRoute('login');
90			}
91
92			$form = $this->createForm(ResetPasswordType::class, $user);
93
94			if ('POST' === $request->getMethod()) {
95			$form->handleRequest($request);
96
97			if ($form->isSubmitted() && $form->isValid()) {
98			$user->setPassword($passwordEncoder->encodePassword($user, $user->getPlainPassword()));
99			$dm->flush();
100
101			$this->addFlash('info', 'Your password has been changed.');
102
103			return $this->redirectToRoute('login');
104			}
105			}
106
107			return $this->render('security/resetPassword.html.twig', [
108			'form' => $form->createView(),
109			]);
110			}
111			}
112

julienj / twity

Issues (28)

src/Controller/SecurityController.php (2 issues)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like