WIP prevent automaticaly enabeling user at password creation #3

config/services.yaml

@@ -198,7 +198,11 @@ services:
         autowire: false
 
     App\Controller\ResettingController:
-        autowire: false
+        arguments:
+            $userManager: '@fos_user.user_manager'
+            $formFactory: '@fos_user.resetting.form.factory'
+            $dispatcher: '@event_dispatcher'
+        tags: ['controller.service_arguments']
 
     app.flux.listener:
         class: App\Listener\FluxListener

src/Controller/ResettingController.php

@@ -2,62 +2,66 @@
 
 namespace App\Controller;
 
-use FOS\UserBundle\Controller\ResettingController as BaseController;
-use FOS\UserBundle\Event\GetResponseUserEvent;
-use FOS\UserBundle\Event\FormEvent;
-use FOS\UserBundle\FOSUserEvents;
-use FOS\UserBundle\Model\UserInterface;
-use FOS\UserBundle\Model\UserManagerInterface;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\Routing\Annotation\Route;
+use FOS\UserBundle\Model\UserManagerInterface;
+use FOS\UserBundle\Form\Factory\FactoryInterface;
+use FOS\UserBundle\Event\FormEvent;
+use FOS\UserBundle\FOSUserEvents;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 
-class ResettingController extends BaseController
+class ResettingController extends AbstractController
 {
+    private $userManager;
+    private $formFactory;
+    private $dispatcher;
+
+    public function __construct(UserManagerInterface $userManager, FactoryInterface $formFactory, EventDispatcherInterface $dispatcher)
+    {
+        $this->userManager = $userManager;
+        $this->formFactory = $formFactory;
+        $this->dispatcher = $dispatcher;
+    }
+
     /**
-     * Override action from FOSUserBundle to prevent automatically enabeling a user
-     *  if its account was created disabled by the admin
+     * Create a custom ResettingController for the reset password action.
+     * This is done to prevent automatic activation of user after changing password,
+     * in case the admin created the account disabled.
      * 
      * @Route("/resetting/reset/{token}", name="fos_user_resetting_reset")
      */
-    public function resetAction(Request $request, $token)
+    public function resetAction(Request $request, string $token)
     {
-        $user = $this->get('fos_user.user_manager')->findUserByConfirmationToken($token);
-        if (null === $user) {
-            throw $this->createNotFoundException(sprintf('The user with password reset token "%s" does not exist', $token));
-        }
+        $user = $this->userManager->findUserByConfirmationToken($token);
 
-        $event = new GetResponseUserEvent($user, $request);
-        $this->get('event_dispatcher')->dispatch($event, FOSUserEvents::RESETTING_RESET_INITIALIZE);
-
-        if (null !== $event->getResponse()) {
-            return $event->getResponse();
+        if (null === $user) {
+            throw $this->createNotFoundException(sprintf('L’utilisateur avec le token %s n’existe pas.', $token));
         }
 
-        $form = $this->$formFactory->createForm();
+        $form = $this->formFactory->createForm();
         $form->setData($user);
 
         $form->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
             $event = new FormEvent($form, $request);
-            $this->get('event_dispatcher')->dispatch($event, FOSUserEvents::RESETTING_RESET_SUCCESS);
+            $this->dispatcher->dispatch($event, FOSUserEvents::RESETTING_RESET_SUCCESS);
 
-            // Delete tokent but don't activate account
+            // Don't force enable user, as opposed to what's done in FOSUserBundle
             $user->setConfirmationToken(null);
             $user->setPasswordRequestedAt(null);
+            // $user->setEnabled(false);
 
-            // Don't automatically enable user if it was created disabled
-            // $user->setEnabled(true);
-
-            $this->get('fos_user.user_manager')->updateUser($user);
+            $this->userManager->updateUser($user);
 
             if (null === $response = $event->getResponse()) {
-                $url = $this->generateUrl('fos_user_profile_show');
-                $response = new RedirectResponse($url);
+                $response = new RedirectResponse($this->generateUrl('fos_user_profile_show'));
             }
 
-            $this->get('event_dispatcher')->dispatch(new \Symfony\Component\EventDispatcher\GenericEvent($user), FOSUserEvents::RESETTING_RESET_COMPLETED);
+            $this->dispatcher->dispatch(new \Symfony\Component\EventDispatcher\GenericEvent($user), FOSUserEvents::RESETTING_RESET_COMPLETED);
 
             return $response;
         }
@@ -67,4 +71,4 @@ class ResettingController extends BaseController
             'form' => $form->createView(),
         ]);
     }
-}
\ No newline at end of file
+}