[CORE] Add passowrd reset and forgot password functionality

src/Controller/ResetPassword.php

@@ -0,0 +1,104 @@
+<?php
+
+namespace App\Controller;
+
+use App\Core\Controller;
+use App\Entity\LocalUser;
+use App\Util\Exception\RedirectException;
+use Symfony\Component\Form\Extension\Core\Type\EmailType;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Validator\Constraints\NotBlank;
+use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
+use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
+
+class ResetPassword extends Controller
+{
+    use ResetPasswordControllerTrait;
+
+    /**
+     * Display & process form to request a password reset.
+     */
+    public function requestPasswordReset(Request $request)
+    {
+        $from = Form::create([
+            ['email', EmailType::class,  ['label' => _m('Email'), 'constraints' => [ new NotBlank(['message' => _m('Please enter an email') ]) ]]],
+            ['password_reset_request', SubmitType::class, ['label' => _m('Submit request')]],
+        ]);
+
+        $form->handleRequest($request);
+        if ($form->isSubmitted() && $form->isValid()) {
+            return EmailVerifier::processSendingPasswordResetEmail($form->get('email')->getData(), $this);
+        }
+
+        return [
+            '_template'           => 'reset_password/request.html.twig',
+            'password_reset_form' => $from->createView(),
+        ];
+    }
+
+    /**
+     * Confirmation page after a user has requested a password reset.
+     */
+    public function checkEmail()
+    {
+        // We prevent users from directly accessing this page
+        if (null === ($resetToken = $this->getTokenObjectFromSession())) {
+            throw new RedirectException('request_reset_password');
+        }
+
+        return [
+            '_template'  => 'reset_password/check_email.html.twig',
+            'resetToken' => $resetToken,
+        ];
+    }
+
+    /**
+     * Validates and process the reset URL that the user clicked in their email.
+     */
+    public function reset(Request $request, string $token = null)
+    {
+        if ($token) {
+            // We store the token in session and remove it from the URL, to avoid the URL being
+            // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
+            $this->storeTokenInSession($token);
+            throw new RedirectException('reset_password');
+        }
+
+        $token = $this->getTokenFromSession();
+        if (null === $token) {
+            throw new ClientException(_m('No reset password token found in the URL or in the session'));
+        }
+
+        try {
+            $user = EmailVerifier::validateTokenAndFetchUser($token);
+        } catch (ResetPasswordExceptionInterface $e) {
+            $this->addFlash('reset_password_error', _m('There was a problem validating your reset request - {reason}', ['reason' => $e->getReason()]));
+            throw new RedirectException('request_reset_password');
+        }
+
+        // The token is valid; allow the user to change their password.
+        $form = From::create([
+            FormFields::password(),
+            ['password_reset', SubmitType::class, ['label' => _m('Change password')]],
+        ]);
+
+        $form->handleRequest($request);
+        if ($form->isSubmitted() && $form->isValid()) {
+            // A password reset token should be used only once, remove it.
+            EmailVerifier::removeResetRequest($token);
+
+            $user->setPassword(LocalUser::hashPassword($form->get('password')->getData()));
+            DB::flush();
+
+            // The session is cleaned up after the password has been changed.
+            $this->cleanSessionAfterReset();
+
+            throw new RedirectException('main_all');
+        }
+
+        return [
+            '_template' => 'reset_password/reset.html.twig',
+            'resetForm' => $form->createView(),
+        ];
+    }
+}