feat: add self-service password change page at /account/password
Validates current password, enforces 8-char minimum, links from EasyAdmin user menu. Also fixes route loader (attribute scan instead of broken easyadmin.routes type). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
2914d76b05
commit
0706fdad58
6 changed files with 188 additions and 2 deletions
|
|
@ -8,4 +8,7 @@
|
|||
# bin/console debug:router
|
||||
|
||||
controllers:
|
||||
resource: routing.controllers
|
||||
resource:
|
||||
path: ../src/Infrastructure/Http/Controller/
|
||||
namespace: App\Infrastructure\Http\Controller
|
||||
type: attribute
|
||||
|
|
|
|||
3
config/routes/easyadmin.yaml
Normal file
3
config/routes/easyadmin.yaml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
_security_logout:
|
||||
resource: security.route_loader.logout
|
||||
type: service
|
||||
|
|
@ -5,13 +5,16 @@ declare(strict_types=1);
|
|||
namespace App\Domain\Auth;
|
||||
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Scheb\TwoFactorBundle\Model\Totp\TotpConfiguration;
|
||||
use Scheb\TwoFactorBundle\Model\Totp\TotpConfigurationInterface;
|
||||
use Scheb\TwoFactorBundle\Model\Totp\TwoFactorInterface as TotpTwoFactorInterface;
|
||||
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Symfony\Component\Uid\Uuid;
|
||||
|
||||
#[ORM\Entity]
|
||||
#[ORM\Table(name: 'users', schema: 'app')]
|
||||
class User implements UserInterface, PasswordAuthenticatedUserInterface
|
||||
class User implements UserInterface, PasswordAuthenticatedUserInterface, TotpTwoFactorInterface
|
||||
{
|
||||
#[ORM\Id]
|
||||
#[ORM\Column(type: 'uuid')]
|
||||
|
|
@ -73,6 +76,27 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
|
|||
{
|
||||
}
|
||||
|
||||
public function isTotpAuthenticationEnabled(): bool
|
||||
{
|
||||
return null !== $this->totpSecret;
|
||||
}
|
||||
|
||||
public function getTotpAuthenticationUsername(): string
|
||||
{
|
||||
\assert('' !== $this->email);
|
||||
|
||||
return $this->email;
|
||||
}
|
||||
|
||||
public function getTotpAuthenticationConfiguration(): ?TotpConfigurationInterface
|
||||
{
|
||||
if (null === $this->totpSecret) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return new TotpConfiguration($this->totpSecret, TotpConfiguration::ALGORITHM_SHA1, 30, 6);
|
||||
}
|
||||
|
||||
public function getTotpSecret(): ?string
|
||||
{
|
||||
return $this->totpSecret;
|
||||
|
|
@ -88,6 +112,11 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
|
|||
return $this->isActive;
|
||||
}
|
||||
|
||||
public function setPasswordHash(string $passwordHash): void
|
||||
{
|
||||
$this->passwordHash = $passwordHash;
|
||||
}
|
||||
|
||||
public function setIsActive(bool $active): void
|
||||
{
|
||||
$this->isActive = $active;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,51 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Infrastructure\Http\Controller\Admin;
|
||||
|
||||
use EasyCorp\Bundle\EasyAdminBundle\Config\Dashboard;
|
||||
use EasyCorp\Bundle\EasyAdminBundle\Config\MenuItem;
|
||||
use EasyCorp\Bundle\EasyAdminBundle\Config\UserMenu;
|
||||
use EasyCorp\Bundle\EasyAdminBundle\Controller\AbstractDashboardController;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\Routing\Attribute\Route;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Symfony\Component\Security\Http\Attribute\IsGranted;
|
||||
|
||||
#[IsGranted('ROLE_USER')]
|
||||
final class DashboardController extends AbstractDashboardController
|
||||
{
|
||||
#[Route('/admin', name: 'easyadmin')]
|
||||
public function index(): Response
|
||||
{
|
||||
return $this->render('admin/dashboard.html.twig');
|
||||
}
|
||||
|
||||
public function configureUserMenu(UserInterface $user): UserMenu
|
||||
{
|
||||
return parent::configureUserMenu($user)
|
||||
->addMenuItems([
|
||||
MenuItem::linkToRoute('Passwort ändern', 'fa fa-key', 'app_change_password'),
|
||||
]);
|
||||
}
|
||||
|
||||
public function configureDashboard(): Dashboard
|
||||
{
|
||||
return Dashboard::new()->setTitle('SuperSeller3000');
|
||||
}
|
||||
|
||||
public function configureMenuItems(): iterable
|
||||
{
|
||||
yield MenuItem::linkToDashboard('Dashboard', 'fa fa-home');
|
||||
yield MenuItem::linkTo(ArticleCrudController::class, 'Articles', 'fa fa-box');
|
||||
yield MenuItem::linkTo(ArticleTypeCrudController::class, 'Article Types', 'fa fa-tags');
|
||||
yield MenuItem::linkTo(AIPipelineJobCrudController::class, 'AI Pipeline Jobs', 'fa fa-robot');
|
||||
yield MenuItem::linkTo(UserCrudController::class, 'Users', 'fa fa-users');
|
||||
yield MenuItem::linkTo(LogEntryCrudController::class, 'Logs', 'fa fa-list');
|
||||
yield MenuItem::section('Verkauf');
|
||||
yield MenuItem::linkTo(OrderCrudController::class, 'Bestellungen', 'fa fa-shopping-cart');
|
||||
yield MenuItem::linkTo(CustomerCrudController::class, 'Kunden', 'fa fa-users');
|
||||
yield MenuItem::linkTo(InvoiceCrudController::class, 'Rechnungen', 'fa fa-file-invoice');
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Infrastructure\Http\Controller;
|
||||
|
||||
use App\Domain\Auth\Repository\UserRepositoryInterface;
|
||||
use App\Domain\Auth\User;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
|
||||
use Symfony\Component\Routing\Attribute\Route;
|
||||
use Symfony\Component\Security\Http\Attribute\IsGranted;
|
||||
|
||||
#[IsGranted('ROLE_USER')]
|
||||
final class ChangePasswordController extends AbstractController
|
||||
{
|
||||
public function __construct(
|
||||
private readonly UserRepositoryInterface $users,
|
||||
private readonly UserPasswordHasherInterface $hasher,
|
||||
) {
|
||||
}
|
||||
|
||||
#[Route('/account/password', name: 'app_change_password', methods: ['GET', 'POST'])]
|
||||
public function __invoke(Request $request): Response
|
||||
{
|
||||
/** @var User $user */
|
||||
$user = $this->getUser();
|
||||
|
||||
$error = null;
|
||||
|
||||
if ($request->isMethod('POST')) {
|
||||
$token = $request->request->getString('_csrf_token');
|
||||
if (!$this->isCsrfTokenValid('change_password', $token)) {
|
||||
$error = 'Ungültiges Formular-Token. Bitte erneut versuchen.';
|
||||
} else {
|
||||
$current = $request->request->getString('current_password');
|
||||
$new = $request->request->getString('new_password');
|
||||
$confirm = $request->request->getString('confirm_password');
|
||||
|
||||
if (!$this->hasher->isPasswordValid($user, $current)) {
|
||||
$error = 'Das aktuelle Passwort ist falsch.';
|
||||
} elseif (mb_strlen($new) < 8) {
|
||||
$error = 'Das neue Passwort muss mindestens 8 Zeichen lang sein.';
|
||||
} elseif ($new !== $confirm) {
|
||||
$error = 'Die neuen Passwörter stimmen nicht überein.';
|
||||
} else {
|
||||
$user->setPasswordHash($this->hasher->hashPassword($user, $new));
|
||||
$this->users->save($user);
|
||||
|
||||
$this->addFlash('success', 'Passwort erfolgreich geändert.');
|
||||
|
||||
return $this->redirectToRoute('app_change_password');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $this->render('security/change_password.html.twig', [
|
||||
'error' => $error,
|
||||
]);
|
||||
}
|
||||
}
|
||||
37
templates/security/change_password.html.twig
Normal file
37
templates/security/change_password.html.twig
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
{% extends 'base.html.twig' %}
|
||||
|
||||
{% block title %}Passwort ändern{% endblock %}
|
||||
|
||||
{% block body %}
|
||||
<div style="max-width:400px;margin:4rem auto;font-family:sans-serif">
|
||||
<h1>Passwort ändern</h1>
|
||||
|
||||
{% for message in app.flashes('success') %}
|
||||
<div style="color:green;margin-bottom:1rem">{{ message }}</div>
|
||||
{% endfor %}
|
||||
|
||||
{% if error %}
|
||||
<div style="color:red;margin-bottom:1rem">{{ error }}</div>
|
||||
{% endif %}
|
||||
|
||||
<form method="post">
|
||||
<div style="margin-bottom:1rem">
|
||||
<label for="current_password">Aktuelles Passwort</label><br>
|
||||
<input id="current_password" type="password" name="current_password" required autofocus style="width:100%;padding:.5rem">
|
||||
</div>
|
||||
<div style="margin-bottom:1rem">
|
||||
<label for="new_password">Neues Passwort</label><br>
|
||||
<input id="new_password" type="password" name="new_password" required minlength="8" style="width:100%;padding:.5rem">
|
||||
</div>
|
||||
<div style="margin-bottom:1rem">
|
||||
<label for="confirm_password">Neues Passwort bestätigen</label><br>
|
||||
<input id="confirm_password" type="password" name="confirm_password" required minlength="8" style="width:100%;padding:.5rem">
|
||||
</div>
|
||||
<input type="hidden" name="_csrf_token" value="{{ csrf_token('change_password') }}">
|
||||
<div style="display:flex;gap:1rem;align-items:center">
|
||||
<button type="submit" style="padding:.5rem 1rem">Passwort ändern</button>
|
||||
<a href="{{ path('easyadmin') }}" style="color:#666">Zurück zum Dashboard</a>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
||||
Loading…
Reference in a new issue