Add validation on reset password token

This commit is contained in:
Francis Hilaire 2022-05-04 16:36:39 +02:00 committed by Wojdylak
parent 3dd0110abd
commit 768018edef
7 changed files with 177 additions and 0 deletions

View file

@ -115,6 +115,17 @@
<tag name="validator.constraint_validator" alias="sylius_api_shipment_already_shipped" />
</service>
<service id="Sylius\Bundle\ApiBundle\Validator\Constraints\ResetPasswordTokenExistsValidator">
<argument type="service" id="sylius.repository.shop_user" />
<tag name="validator.constraint_validator" alias="sylius_api_reset_password_token_exists" />
</service>
<service id="Sylius\Bundle\ApiBundle\Validator\Constraints\ResetPasswordTokenExpiresValidator">
<argument type="service" id="sylius.repository.shop_user" />
<argument type="string">%sylius.shop_user.token.password_reset.ttl%</argument>
<tag name="validator.constraint_validator" alias="sylius_api_reset_password_token_expires" />
</service>
<service id="Sylius\Bundle\ApiBundle\Validator\Constraints\ShopUserNotVerifiedValidator">
<argument type="service" id="sylius.repository.shop_user" />
<tag name="validator.constraint_validator" alias="sylius_api_shop_user_not_verified" />

View file

@ -45,5 +45,16 @@
<option name="groups">sylius</option>
</constraint>
</property>
<property name="resetPasswordToken">
<constraint name="NotBlank">
<option name="groups">sylius</option>
</constraint>
<constraint name="Sylius\Bundle\ApiBundle\Validator\Constraints\ResetPasswordTokenExists">
<option name="groups">sylius</option>
</constraint>
<constraint name="Sylius\Bundle\ApiBundle\Validator\Constraints\ResetPasswordTokenExpires">
<option name="groups">sylius</option>
</constraint>
</property>
</class>
</constraint-mapping>

View file

@ -30,3 +30,6 @@ sylius:
not_found: 'The shipping method with %code% code does not exist.'
not_available: 'The shipping method %name% is not available for this order. Please reselect your shipping method.'
shipping_address_not_found: 'Order should be addressed first.'
reset_password:
invalid_token: 'No user found with reset token: %token%.'
token_expired: 'Password reset token has expired.'

View file

@ -0,0 +1,27 @@
<?php
/*
* This file is part of the Sylius package.
*
* (c) Paweł Jędrzejewski
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Sylius\Bundle\ApiBundle\Validator\Constraints;
use Symfony\Component\Validator\Constraint;
/** @experimental */
final class ResetPasswordTokenExists extends Constraint
{
public string $message = 'sylius.reset_password.invalid_token';
public function validatedBy(): string
{
return 'sylius_api_reset_password_token_exists';
}
}

View file

@ -0,0 +1,45 @@
<?php
/*
* This file is part of the Sylius package.
*
* (c) Paweł Jędrzejewski
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Sylius\Bundle\ApiBundle\Validator\Constraints;
use Sylius\Component\Core\Model\ShopUserInterface;
use Sylius\Component\User\Repository\UserRepositoryInterface;
use Symfony\Component\Validator\Constraint;
use Symfony\Component\Validator\ConstraintValidator;
use Webmozart\Assert\Assert;
/** @experimental */
final class ResetPasswordTokenExistsValidator extends ConstraintValidator
{
public function __construct(private UserRepositoryInterface $shopUserRepository)
{
}
public function validate($value, Constraint $constraint): void
{
Assert::string($value);
/** @var ResetPasswordTokenExists $constraint */
Assert::isInstanceOf($constraint, ResetPasswordTokenExists::class);
/** @var ShopUserInterface|null $shopUser */
$shopUser = $this->shopUserRepository->findOneBy(['passwordResetToken' => $value]);
if (null !== $shopUser) {
return;
}
$this->context->addViolation($constraint->message, ['%token%' => $value]);
}
}

View file

@ -0,0 +1,27 @@
<?php
/*
* This file is part of the Sylius package.
*
* (c) Paweł Jędrzejewski
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Sylius\Bundle\ApiBundle\Validator\Constraints;
use Symfony\Component\Validator\Constraint;
/** @experimental */
final class ResetPasswordTokenExpires extends Constraint
{
public string $message = 'sylius.reset_password.token_expired';
public function validatedBy(): string
{
return 'sylius_api_reset_password_token_expires';
}
}

View file

@ -0,0 +1,53 @@
<?php
/*
* This file is part of the Sylius package.
*
* (c) Paweł Jędrzejewski
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Sylius\Bundle\ApiBundle\Validator\Constraints;
use Sylius\Component\Core\Model\ShopUserInterface;
use Sylius\Component\User\Repository\UserRepositoryInterface;
use Symfony\Component\Validator\Constraint;
use Symfony\Component\Validator\ConstraintValidator;
use Webmozart\Assert\Assert;
/** @experimental */
final class ResetPasswordTokenExpiresValidator extends ConstraintValidator
{
public function __construct(
private UserRepositoryInterface $shopUserRepository,
private string $passwordResetTokenTtl
) {
}
public function validate($value, Constraint $constraint): void
{
Assert::string($value);
/** @var ResetPasswordTokenExpires $constraint */
Assert::isInstanceOf($constraint, ResetPasswordTokenExpires::class);
/** @var ShopUserInterface|null $shopUser */
$shopUser = $this->shopUserRepository->findOneBy(['passwordResetToken' => $value]);
if (null === $shopUser) {
return;
}
$lifetime = new \DateInterval($this->passwordResetTokenTtl);
if ($shopUser->isPasswordRequestNonExpired($lifetime)) {
return;
}
$this->context->addViolation($constraint->message);
}
}