mirror of
https://github.com/Sylius/Sylius.git
synced 2026-07-17 02:18:01 +00:00
Add validation on reset password token
This commit is contained in:
parent
3dd0110abd
commit
768018edef
7 changed files with 177 additions and 0 deletions
|
|
@ -115,6 +115,17 @@
|
|||
<tag name="validator.constraint_validator" alias="sylius_api_shipment_already_shipped" />
|
||||
</service>
|
||||
|
||||
<service id="Sylius\Bundle\ApiBundle\Validator\Constraints\ResetPasswordTokenExistsValidator">
|
||||
<argument type="service" id="sylius.repository.shop_user" />
|
||||
<tag name="validator.constraint_validator" alias="sylius_api_reset_password_token_exists" />
|
||||
</service>
|
||||
|
||||
<service id="Sylius\Bundle\ApiBundle\Validator\Constraints\ResetPasswordTokenExpiresValidator">
|
||||
<argument type="service" id="sylius.repository.shop_user" />
|
||||
<argument type="string">%sylius.shop_user.token.password_reset.ttl%</argument>
|
||||
<tag name="validator.constraint_validator" alias="sylius_api_reset_password_token_expires" />
|
||||
</service>
|
||||
|
||||
<service id="Sylius\Bundle\ApiBundle\Validator\Constraints\ShopUserNotVerifiedValidator">
|
||||
<argument type="service" id="sylius.repository.shop_user" />
|
||||
<tag name="validator.constraint_validator" alias="sylius_api_shop_user_not_verified" />
|
||||
|
|
|
|||
|
|
@ -45,5 +45,16 @@
|
|||
<option name="groups">sylius</option>
|
||||
</constraint>
|
||||
</property>
|
||||
<property name="resetPasswordToken">
|
||||
<constraint name="NotBlank">
|
||||
<option name="groups">sylius</option>
|
||||
</constraint>
|
||||
<constraint name="Sylius\Bundle\ApiBundle\Validator\Constraints\ResetPasswordTokenExists">
|
||||
<option name="groups">sylius</option>
|
||||
</constraint>
|
||||
<constraint name="Sylius\Bundle\ApiBundle\Validator\Constraints\ResetPasswordTokenExpires">
|
||||
<option name="groups">sylius</option>
|
||||
</constraint>
|
||||
</property>
|
||||
</class>
|
||||
</constraint-mapping>
|
||||
|
|
|
|||
|
|
@ -30,3 +30,6 @@ sylius:
|
|||
not_found: 'The shipping method with %code% code does not exist.'
|
||||
not_available: 'The shipping method %name% is not available for this order. Please reselect your shipping method.'
|
||||
shipping_address_not_found: 'Order should be addressed first.'
|
||||
reset_password:
|
||||
invalid_token: 'No user found with reset token: %token%.'
|
||||
token_expired: 'Password reset token has expired.'
|
||||
|
|
|
|||
|
|
@ -0,0 +1,27 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Sylius package.
|
||||
*
|
||||
* (c) Paweł Jędrzejewski
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Sylius\Bundle\ApiBundle\Validator\Constraints;
|
||||
|
||||
use Symfony\Component\Validator\Constraint;
|
||||
|
||||
/** @experimental */
|
||||
final class ResetPasswordTokenExists extends Constraint
|
||||
{
|
||||
public string $message = 'sylius.reset_password.invalid_token';
|
||||
|
||||
public function validatedBy(): string
|
||||
{
|
||||
return 'sylius_api_reset_password_token_exists';
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Sylius package.
|
||||
*
|
||||
* (c) Paweł Jędrzejewski
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Sylius\Bundle\ApiBundle\Validator\Constraints;
|
||||
|
||||
use Sylius\Component\Core\Model\ShopUserInterface;
|
||||
use Sylius\Component\User\Repository\UserRepositoryInterface;
|
||||
use Symfony\Component\Validator\Constraint;
|
||||
use Symfony\Component\Validator\ConstraintValidator;
|
||||
use Webmozart\Assert\Assert;
|
||||
|
||||
/** @experimental */
|
||||
final class ResetPasswordTokenExistsValidator extends ConstraintValidator
|
||||
{
|
||||
public function __construct(private UserRepositoryInterface $shopUserRepository)
|
||||
{
|
||||
}
|
||||
|
||||
public function validate($value, Constraint $constraint): void
|
||||
{
|
||||
Assert::string($value);
|
||||
|
||||
/** @var ResetPasswordTokenExists $constraint */
|
||||
Assert::isInstanceOf($constraint, ResetPasswordTokenExists::class);
|
||||
|
||||
/** @var ShopUserInterface|null $shopUser */
|
||||
$shopUser = $this->shopUserRepository->findOneBy(['passwordResetToken' => $value]);
|
||||
|
||||
if (null !== $shopUser) {
|
||||
return;
|
||||
}
|
||||
|
||||
$this->context->addViolation($constraint->message, ['%token%' => $value]);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Sylius package.
|
||||
*
|
||||
* (c) Paweł Jędrzejewski
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Sylius\Bundle\ApiBundle\Validator\Constraints;
|
||||
|
||||
use Symfony\Component\Validator\Constraint;
|
||||
|
||||
/** @experimental */
|
||||
final class ResetPasswordTokenExpires extends Constraint
|
||||
{
|
||||
public string $message = 'sylius.reset_password.token_expired';
|
||||
|
||||
public function validatedBy(): string
|
||||
{
|
||||
return 'sylius_api_reset_password_token_expires';
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Sylius package.
|
||||
*
|
||||
* (c) Paweł Jędrzejewski
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Sylius\Bundle\ApiBundle\Validator\Constraints;
|
||||
|
||||
use Sylius\Component\Core\Model\ShopUserInterface;
|
||||
use Sylius\Component\User\Repository\UserRepositoryInterface;
|
||||
use Symfony\Component\Validator\Constraint;
|
||||
use Symfony\Component\Validator\ConstraintValidator;
|
||||
use Webmozart\Assert\Assert;
|
||||
|
||||
/** @experimental */
|
||||
final class ResetPasswordTokenExpiresValidator extends ConstraintValidator
|
||||
{
|
||||
public function __construct(
|
||||
private UserRepositoryInterface $shopUserRepository,
|
||||
private string $passwordResetTokenTtl
|
||||
) {
|
||||
}
|
||||
|
||||
public function validate($value, Constraint $constraint): void
|
||||
{
|
||||
Assert::string($value);
|
||||
|
||||
/** @var ResetPasswordTokenExpires $constraint */
|
||||
Assert::isInstanceOf($constraint, ResetPasswordTokenExpires::class);
|
||||
|
||||
/** @var ShopUserInterface|null $shopUser */
|
||||
$shopUser = $this->shopUserRepository->findOneBy(['passwordResetToken' => $value]);
|
||||
|
||||
if (null === $shopUser) {
|
||||
return;
|
||||
}
|
||||
|
||||
$lifetime = new \DateInterval($this->passwordResetTokenTtl);
|
||||
|
||||
if ($shopUser->isPasswordRequestNonExpired($lifetime)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$this->context->addViolation($constraint->message);
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue