Merge branch '7892-dont-automaticaly-enable-user-at-pswd-creation' into 'develop'

7892 dont automaticaly enable user at pswd creation

See merge request !138

config/routes.yaml

@@ -33,3 +33,7 @@ app.swagger_ui:
 
 payum_all:
     resource: "@PayumBundle/Resources/config/routing/all.xml"
+
+fos_user_resetting_reset:
+    path: /resetting/reset/{token}
+    controller: App\Controller\ResettingController::resetAction
\ No newline at end of file

config/services.yaml

@@ -197,6 +197,20 @@ services:
     App\Controller\RegistrationController:
         autowire: false
 
+    App\Controller\ResettingController:
+        arguments:
+            $userManager: '@fos_user.user_manager'
+            $formFactory: '@fos_user.resetting.form.factory'
+            $dispatcher: '@event_dispatcher'
+        tags: ['controller.service_arguments']
+
+    App\EventListener\PreventDisabledUserAutoLoginListener:
+        arguments:
+            $tokenStorage: '@security.token_storage'
+            $requestStack: '@request_stack'
+        tags:
+            - { name: kernel.event_subscriber }
+
     app.flux.listener:
         class: App\Listener\FluxListener
         tags:

src/Controller/ResettingController.php

+<?php
+
+namespace App\Controller;
+
+use FOS\UserBundle\Event\FilterUserResponseEvent;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\Routing\Annotation\Route;
+use FOS\UserBundle\Model\UserManagerInterface;
+use FOS\UserBundle\Form\Factory\FactoryInterface;
+use FOS\UserBundle\Event\FormEvent;
+use FOS\UserBundle\FOSUserEvents;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+
+class ResettingController extends AbstractController
+{
+    private $userManager;
+    private $formFactory;
+    private $dispatcher;
+
+    public function __construct(UserManagerInterface $userManager, FactoryInterface $formFactory, EventDispatcherInterface $dispatcher)
+    {
+        $this->userManager = $userManager;
+        $this->formFactory = $formFactory;
+        $this->dispatcher = $dispatcher;
+    }
+
+    /**
+     * Create a custom ResettingController for the reset password action.
+     * This is done to prevent automatic activation of user after changing password,
+     * in case the admin created the account disabled.
+     * 
+     * @Route("/resetting/reset/{token}", name="fos_user_resetting_reset")
+     */
+    public function resetAction(Request $request, string $token)
+    {
+        $user = $this->userManager->findUserByConfirmationToken($token);
+
+        if (null === $user) {
+            throw $this->createNotFoundException(sprintf('L’utilisateur avec le token %s n’existe pas.', $token));
+        }
+
+        $form = $this->formFactory->createForm();
+        $form->setData($user);
+
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            // Save enabled state
+            $wasEnabled = $user->isEnabled();
+
+            $event = new FormEvent($form, $request);
+            $this->dispatcher->dispatch($event, FOSUserEvents::RESETTING_RESET_SUCCESS);
+
+            $user->setConfirmationToken(null);
+            $user->setPasswordRequestedAt(null);
+
+            $this->userManager->updateUser($user);
+
+            if (null === $response = $event->getResponse()) {
+                $response = new RedirectResponse($this->generateUrl('fos_user_profile_show'));
+            }
+
+            // Re-set original "enabled" state
+            if ($user->isEnabled() !== $wasEnabled) {
+                $user->setEnabled($wasEnabled);
+                $this->userManager->updateUser($user);
+            }
+
+            $this->dispatcher->dispatch(
+                new FilterUserResponseEvent($user, $request, $response),
+                FOSUserEvents::RESETTING_RESET_COMPLETED
+            );
+
+            return $response;
+        }
+
+        return $this->render('@FOSUser/Resetting/reset.html.twig', [
+            'token' => $token,
+            'form' => $form->createView(),
+        ]);
+    }
+}

src/EventListener/PreventDisabledUserAutoLoginListener.php

+<?php
+
+namespace App\EventListener;
+
+use FOS\UserBundle\FOSUserEvents;
+use FOS\UserBundle\Event\FilterUserResponseEvent;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\HttpFoundation\RequestStack;
+
+class PreventDisabledUserAutoLoginListener implements EventSubscriberInterface
+{
+    private $tokenStorage;
+    private $requestStack;
+
+    public function __construct(TokenStorageInterface $tokenStorage, RequestStack $requestStack)
+    {
+        $this->tokenStorage = $tokenStorage;
+        $this->requestStack = $requestStack;
+    }
+
+    public static function getSubscribedEvents()
+    {
+        return [
+            FOSUserEvents::RESETTING_RESET_COMPLETED => ['onResettingCompleted', 999], // high priority
+        ];
+    }
+
+    public function onResettingCompleted(FilterUserResponseEvent $event)
+    {
+        $user = $event->getUser();
+
+        if (!$user->isEnabled()) {
+            // Add flash message before deleting token
+            $request = $this->requestStack->getCurrentRequest();
+            if ($request) {
+                $request->getSession()->getFlashBag()->add('success', 'Votre mot de passe a été modifié. Vous pourrez vous connecter lorsque votre compte sera activé.');
+            }
+
+            // Delete authentication token so disabled user isn't automaticaly connected after resetting password
+            $this->tokenStorage->setToken(null);
+        }
+    }
+}
\ No newline at end of file