WIP prevent automaticaly enabeling user at password creation #3

a81efc21 · Damien Moulard · 36bd6850 · a81efc21 · a81efc21
Commit a81efc21 authored Apr 08, 2025 by Damien Moulard
Show whitespace changes
Inline Side-by-side

Showing with 38 additions and 30 deletions

services.yaml config/services.yaml +5 -1

ResettingController.php src/Controller/ResettingController.php +33 -29

No files found.
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -198,7 +198,11 @@ services:
        autowire: false
    App\Controller\ResettingController:
-        autowire: false
+        arguments:
+            $userManager: '@fos_user.user_manager'
+            $formFactory: '@fos_user.resetting.form.factory'
+            $dispatcher: '@event_dispatcher'
+        tags: ['controller.service_arguments']
    app.flux.listener:
        class: App\Listener\FluxListener

--- a/src/Controller/ResettingController.php
+++ b/src/Controller/ResettingController.php
@@ -2,62 +2,66 @@
 namespace App\Controller;
-use FOS\UserBundle\Controller\ResettingController as BaseController;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
-use FOS\UserBundle\Event\GetResponseUserEvent;
-use FOS\UserBundle\Event\FormEvent;
-use FOS\UserBundle\FOSUserEvents;
-use FOS\UserBundle\Model\UserInterface;
-use FOS\UserBundle\Model\UserManagerInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\Routing\Annotation\Route;
+use FOS\UserBundle\Model\UserManagerInterface;
+use FOS\UserBundle\Form\Factory\FactoryInterface;
+use FOS\UserBundle\Event\FormEvent;
+use FOS\UserBundle\FOSUserEvents;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
-class ResettingController extends BaseController
+class ResettingController extends AbstractController
 {
+    private $userManager;
+    private $formFactory;
+    private $dispatcher;
+    public function __construct(UserManagerInterface $userManager, FactoryInterface $formFactory, EventDispatcherInterface $dispatcher)
+    {
+        $this->userManager = $userManager;
+        $this->formFactory = $formFactory;
+        $this->dispatcher = $dispatcher;
+    }
    /**
-     * Override action from FOSUserBundle to prevent automatically enabeling a user
+     * Create a custom ResettingController for the reset password action.
-     *  if its account was created disabled by the admin
+     * This is done to prevent automatic activation of user after changing password,
+     * in case the admin created the account disabled.
     * 
     * @Route("/resetting/reset/{token}", name="fos_user_resetting_reset")
     */
-    public function resetAction(Request $request, $token)
+    public function resetAction(Request $request, string $token)
    {
-        $user = $this->get('fos_user.user_manager')->findUserByConfirmationToken($token);
+        $user = $this->userManager->findUserByConfirmationToken($token);
-        if (null === $user) {
-            throw $this->createNotFoundException(sprintf('The user with password reset token "%s" does not exist', $token));
-        }
-        $event = new GetResponseUserEvent($user, $request);
+        if (null === $user) {
-        $this->get('event_dispatcher')->dispatch($event, FOSUserEvents::RESETTING_RESET_INITIALIZE);
+            throw $this->createNotFoundException(sprintf('L’utilisateur avec le token %s n’existe pas.', $token));
-        if (null !== $event->getResponse()) {
-            return $event->getResponse();
        }
-        $form = $this->$formFactory->createForm();
+        $form = $this->formFactory->createForm();
        $form->setData($user);
        $form->handleRequest($request);
        if ($form->isSubmitted() && $form->isValid()) {
            $event = new FormEvent($form, $request);
-            $this->get('event_dispatcher')->dispatch($event, FOSUserEvents::RESETTING_RESET_SUCCESS);
+            $this->dispatcher->dispatch($event, FOSUserEvents::RESETTING_RESET_SUCCESS);
-            // Delete tokent but don't activate account
+            // Don't force enable user, as opposed to what's done in FOSUserBundle
            $user->setConfirmationToken(null);
            $user->setPasswordRequestedAt(null);
+            // $user->setEnabled(false);
-            // Don't automatically enable user if it was created disabled
+            $this->userManager->updateUser($user);
-            // $user->setEnabled(true);
-            $this->get('fos_user.user_manager')->updateUser($user);
            if (null === $response = $event->getResponse()) {
-                $url = $this->generateUrl('fos_user_profile_show');
+                $response = new RedirectResponse($this->generateUrl('fos_user_profile_show'));
-                $response = new RedirectResponse($url);
            }
-            $this->get('event_dispatcher')->dispatch(new \Symfony\Component\EventDispatcher\GenericEvent($user), FOSUserEvents::RESETTING_RESET_COMPLETED);
+            $this->dispatcher->dispatch(new \Symfony\Component\EventDispatcher\GenericEvent($user), FOSUserEvents::RESETTING_RESET_COMPLETED);
            return $response;
        }