fixing password validator

KejawenLab · Aug 27, 2021 · 12bbf21 · 12bbf21
1 parent 4550ff8
commit 12bbf21
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 84 deletions.
diff --git a/lib/Admin/Controller/Me/Profile.php b/lib/Admin/Controller/Me/Profile.php
@@ -9,9 +9,13 @@
 use KejawenLab\ApiSkeleton\Admin\AdminContext;
 use KejawenLab\ApiSkeleton\ApiClient\ApiClientService;
 use KejawenLab\ApiSkeleton\Entity\ApiClient;
+use KejawenLab\ApiSkeleton\Entity\User as RealUser;
 use KejawenLab\ApiSkeleton\Form\UpdateProfileType;
+use KejawenLab\ApiSkeleton\Media\MediaService;
 use KejawenLab\ApiSkeleton\Pagination\Paginator;
+use KejawenLab\ApiSkeleton\Security\Model\UserInterface;
 use KejawenLab\ApiSkeleton\Security\Service\UserProviderFactory;
+use KejawenLab\ApiSkeleton\Security\Service\UserService;
 use KejawenLab\ApiSkeleton\Security\User;
 use KejawenLab\ApiSkeleton\Setting\SettingService;
 use KejawenLab\ApiSkeleton\Util\StringUtil;
@@ -31,14 +35,16 @@ final class Profile extends AbstractController
 {
     public function __construct(
         private UserProviderFactory $userProviderFactory,
+        private MediaService $mediaService,
         private Paginator $paginator,
         private SettingService $setting,
-        private ApiClientService $service,
+        private ApiClientService $apiClientService,
+        private UserService $service,
     ) {
     }
 
     /**
-     * @Route(path="/me", name=Profile::class, methods={"GET"}, priority=-1)
+     * @Route(path="/me", name=Profile::class, methods={"GET", "POST"}, priority=-1)
      *
      * @throws ReflectionException
      * @throws NoResultException
@@ -52,6 +58,37 @@ public function __invoke(Request $request): Response
         }
 
         $user = $this->userProviderFactory->getRealUser($user);
+        if (!$user instanceof UserInterface) {
+            return new RedirectResponse($this->generateUrl(AdminContext::ADMIN_ROUTE));
+        }
+
+        $form = $this->createForm(UpdateProfileType::class, $user);
+        if ($request->isMethod(Request::METHOD_POST)) {
+            $userClone = clone $user;
+            if ($request->isMethod(Request::METHOD_POST)) {
+                $form->handleRequest($request);
+                if ($form->isValid()) {
+                    if ($form['oldPassword']->getData() && $password = $form['newPassword']->getData()) {
+                        $user->setPlainPassword($password);
+                    }
+
+                    if ($form['file']->getData()) {
+                        /** @var RealUser $user */
+                        $media = $this->mediaService->getByFile($user->getProfileImage());
+                        if (null !== $media) {
+                            $this->mediaService->remove($media);
+                        }
+                    } else {
+                        $user->setProfileImage($userClone->getProfileImage());
+                    }
+
+                    $this->service->save($user);
+
+                    $this->addFlash('info', 'sas.page.profile.updated');
+                }
+            }
+        }
+
         $class = new ReflectionClass($user::class);
 
         $request->query->set($this->setting->getPerPageField(), 17);
@@ -61,9 +98,9 @@ public function __invoke(Request $request): Response
             'context' => StringUtil::lowercase($class->getShortName()),
             'properties' => $class->getProperties(ReflectionProperty::IS_PRIVATE),
             'api_clients' => (new ReflectionClass(ApiClient::class))->getProperties(ReflectionProperty::IS_PRIVATE),
-            'paginator' => $this->paginator->paginate($this->service->getQueryBuilder(), $request, ApiClient::class),
+            'paginator' => $this->paginator->paginate($this->apiClientService->getQueryBuilder(), $request, ApiClient::class),
             'data' => $user,
-            'form' => $this->createForm(UpdateProfileType::class, $user)->createView(),
+            'form' => $form->createView(),
         ]);
     }
 }
diff --git a/lib/Admin/Controller/Me/Put.php b/lib/Admin/Controller/Me/Put.php
diff --git a/lib/Repository/PasswordHistoryRepository.php b/lib/Repository/PasswordHistoryRepository.php
@@ -31,9 +31,9 @@ public function findPasswords(UserInterface $user): iterable
     {
         $queryBuilder = $this->createQueryBuilder('o');
         $queryBuilder->andWhere($queryBuilder->expr()->eq('o.source', $queryBuilder->expr()->literal($user::class)));
-        $queryBuilder->andWhere($queryBuilder->expr()->eq('o.id', $queryBuilder->expr()->literal($user->getId())));
+        $queryBuilder->andWhere($queryBuilder->expr()->eq('o.identifier', $queryBuilder->expr()->literal($user->getId())));
         $queryBuilder->addOrderBy('o.createdAt', 'DESC');
-        $queryBuilder->setMaxResults(17);
+        $queryBuilder->setMaxResults(7);
 
         $query = $queryBuilder->getQuery();
         $query->useQueryCache(true);

diff --git a/lib/Security/Service/PasswordHistoryService.php b/lib/Security/Service/PasswordHistoryService.php
@@ -25,7 +25,7 @@ public function __construct(MessageBusInterface $messageBus, PasswordHistoryRepo
     /**
      * @return PasswordHistoryInterface[]
      */
-    public function getPasswords(UserInterface $user): array
+    public function getPasswords(UserInterface $user): iterable
     {
         return $this->repository->findPasswords($user);
     }

diff --git a/lib/Security/Validator/PasswordHistoryValidator.php b/lib/Security/Validator/PasswordHistoryValidator.php
@@ -41,7 +41,8 @@ public function validate($value, Constraint $constraint): void
             return;
         }
 
-        if (($token = $this->tokenStorage->getToken()) === null) {
+        $token = $this->tokenStorage->getToken();
+        if ($token === null) {
             throw new UnexpectedValueException($token, TokenInterface::class);
         }
 
@@ -55,9 +56,8 @@ public function validate($value, Constraint $constraint): void
             throw new UnexpectedValueException($token, UserInterface::class);
         }
 
-        $passwords = $this->service->getPasswords($object);
         $user = new User();
-        foreach ($passwords as $password) {
+        foreach ($this->service->getPasswords($object) as $password) {
             $user->setPassword($password->getPassword());
             if ($this->encoder->isPasswordValid($user, $value)) {
                 $this->context->buildViolation($this->translator->trans($constraint->getMessage(), [], 'validators'))->addViolation();

diff --git a/templates/profile/view.html.twig b/templates/profile/view.html.twig
@@ -51,7 +51,7 @@
         </div>
         <div class="col-lg-6 col-md-12 col-sm-12">
             <div class="card">
-                <form role="form" method="post" action="{{ path('KejawenLab\\ApiSkeleton\\Admin\\Controller\\Me\\Put') }}" enctype="multipart/form-data">
+                <form role="form" method="post" action="{{ path('KejawenLab\\ApiSkeleton\\Admin\\Controller\\Me\\Profile') }}" enctype="multipart/form-data">
                     <div class="card-body">
                         {{ form_widget(form) }}
                     </div>