SuperSeller3000/src/Infrastructure/Http/Controller/ChangePasswordController.php

<?php

declare(strict_types=1);

namespace App\Infrastructure\Http\Controller;

use App\Domain\Auth\Repository\UserRepositoryInterface;
use App\Domain\Auth\User;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;

#[IsGranted('ROLE_USER')]
final class ChangePasswordController extends AbstractController
{
    public function __construct(
        private readonly UserRepositoryInterface $users,
        private readonly UserPasswordHasherInterface $hasher,
    ) {
    }

    #[Route('/account/password', name: 'app_change_password', methods: ['GET', 'POST'])]
    public function __invoke(Request $request): Response
    {
        /** @var User $user */
        $user = $this->getUser();

        $error = null;

        if ($request->isMethod('POST')) {
            $token = $request->request->getString('_csrf_token');
            if (!$this->isCsrfTokenValid('change_password', $token)) {
                $error = 'Ungültiges Formular-Token. Bitte erneut versuchen.';
            } else {
                $current = $request->request->getString('current_password');
                $new = $request->request->getString('new_password');
                $confirm = $request->request->getString('confirm_password');

                if (!$this->hasher->isPasswordValid($user, $current)) {
                    $error = 'Das aktuelle Passwort ist falsch.';
                } elseif (mb_strlen($new) < 8) {
                    $error = 'Das neue Passwort muss mindestens 8 Zeichen lang sein.';
                } elseif ($new !== $confirm) {
                    $error = 'Die neuen Passwörter stimmen nicht überein.';
                } else {
                    $user->setPasswordHash($this->hasher->hashPassword($user, $new));
                    $this->users->save($user);

                    $this->addFlash('success', 'Passwort erfolgreich geändert.');

                    return $this->redirectToRoute('app_change_password');
                }
            }
        }

        return $this->render('security/change_password.html.twig', [
            'error' => $error,
        ]);
    }
}
feat: add self-service password change page at /account/password Validates current password, enforces 8-char minimum, links from EasyAdmin user menu. Also fixes route loader (attribute scan instead of broken easyadmin.routes type). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-17 18:41:45 +00:00			`<?php`

			`declare(strict_types=1);`

			`namespace App\Infrastructure\Http\Controller;`

			`use App\Domain\Auth\Repository\UserRepositoryInterface;`
			`use App\Domain\Auth\User;`
			`use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;`
			`use Symfony\Component\HttpFoundation\Request;`
			`use Symfony\Component\HttpFoundation\Response;`
			`use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;`
			`use Symfony\Component\Routing\Attribute\Route;`
			`use Symfony\Component\Security\Http\Attribute\IsGranted;`

			`#[IsGranted('ROLE_USER')]`
			`final class ChangePasswordController extends AbstractController`
			`{`
			`public function __construct(`
			`private readonly UserRepositoryInterface $users,`
			`private readonly UserPasswordHasherInterface $hasher,`
			`) {`
			`}`

			`#[Route('/account/password', name: 'app_change_password', methods: ['GET', 'POST'])]`
			`public function __invoke(Request $request): Response`
			`{`
			`/** @var User $user */`
			`$user = $this->getUser();`

			`$error = null;`

			`if ($request->isMethod('POST')) {`
			`$token = $request->request->getString('_csrf_token');`
			`if (!$this->isCsrfTokenValid('change_password', $token)) {`
			`$error = 'Ungültiges Formular-Token. Bitte erneut versuchen.';`
			`} else {`
			`$current = $request->request->getString('current_password');`
			`$new = $request->request->getString('new_password');`
			`$confirm = $request->request->getString('confirm_password');`

			`if (!$this->hasher->isPasswordValid($user, $current)) {`
			`$error = 'Das aktuelle Passwort ist falsch.';`
			`} elseif (mb_strlen($new) < 8) {`
			`$error = 'Das neue Passwort muss mindestens 8 Zeichen lang sein.';`
			`} elseif ($new !== $confirm) {`
			`$error = 'Die neuen Passwörter stimmen nicht überein.';`
			`} else {`
			`$user->setPasswordHash($this->hasher->hashPassword($user, $new));`
			`$this->users->save($user);`

			`$this->addFlash('success', 'Passwort erfolgreich geändert.');`

			`return $this->redirectToRoute('app_change_password');`
			`}`
			`}`
			`}`

			`return $this->render('security/change_password.html.twig', [`
			`'error' => $error,`
			`]);`
			`}`
			`}`