Password reset logic

Author: tatevikg1

config/parameters.yml.dist

@@ -29,6 +29,8 @@ parameters:
     env(MAILER_DSN): 'null://null'
     app.confirmation_url: '%%env(CONFIRMATION_URL)%%'
     env(CONFIRMATION_URL): 'https://example.com/confirm/'
+    app.password_reset_url: '%%env(PASSWORD_RESET_URL)%%'
+    env(PASSWORD_RESET_URL): 'https://example.com/reset/'
 
     # Messenger configuration for asynchronous processing
     app.messenger_transport_dsn: '%%env(MESSENGER_TRANSPORT_DSN)%%'

config/services/managers.yml

@@ -59,3 +59,7 @@ services:
   PhpList\Core\Domain\Configuration\Service\Manager\ConfigManager:
     autowire: true
     autoconfigure: true
+
+  PhpList\Core\Domain\Identity\Service\PasswordManager:
+    autowire: true
+    autoconfigure: true

config/services/messenger.yml

@@ -15,3 +15,10 @@ services:
         autowire: true
         autoconfigure: true
         tags: [ 'messenger.message_handler' ]
+
+    PhpList\Core\Domain\Messaging\MessageHandler\PasswordResetMessageHandler:
+        autowire: true
+        autoconfigure: true
+        tags: [ 'messenger.message_handler' ]
+        arguments:
+            $passwordResetUrl: '%app.password_reset_url%'

src/Domain/Identity/Repository/AdminPasswordRequestRepository.php

@@ -7,8 +7,20 @@
 use PhpList\Core\Domain\Common\Repository\AbstractRepository;
 use PhpList\Core\Domain\Common\Repository\CursorPaginationTrait;
 use PhpList\Core\Domain\Common\Repository\Interfaces\PaginatableRepositoryInterface;
+use PhpList\Core\Domain\Identity\Model\Administrator;
+use PhpList\Core\Domain\Identity\Model\AdminPasswordRequest;
 
 class AdminPasswordRequestRepository extends AbstractRepository implements PaginatableRepositoryInterface
 {
     use CursorPaginationTrait;
+
+    public function findByAdmin(Administrator $administrator): array
+    {
+        return $this->findBy(['administrator' => $administrator]);
+    }
+
+    public function findOneByToken(string $token): ?AdminPasswordRequest
+    {
+        return $this->findOneBy(['keyValue' => $token]);
+    }
 }

src/Domain/Identity/Service/PasswordManager.php

@@ -0,0 +1,132 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpList\Core\Domain\Identity\Service;
+
+use DateTime;
+use PhpList\Core\Domain\Identity\Model\AdminPasswordRequest;
+use PhpList\Core\Domain\Identity\Model\Administrator;
+use PhpList\Core\Domain\Identity\Repository\AdminPasswordRequestRepository;
+use PhpList\Core\Domain\Identity\Repository\AdministratorRepository;
+use PhpList\Core\Domain\Messaging\Message\PasswordResetMessage;
+use PhpList\Core\Security\HashGenerator;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Symfony\Component\Messenger\MessageBusInterface;
+
+class PasswordManager
+{
+    private const TOKEN_EXPIRY = '+24 hours';
+
+    private AdminPasswordRequestRepository $passwordRequestRepository;
+    private AdministratorRepository $administratorRepository;
+    private HashGenerator $hashGenerator;
+    private MessageBusInterface $messageBus;
+
+    public function __construct(
+        AdminPasswordRequestRepository $passwordRequestRepository,
+        AdministratorRepository $administratorRepository,
+        HashGenerator $hashGenerator,
+        MessageBusInterface $messageBus
+    ) {
+        $this->passwordRequestRepository = $passwordRequestRepository;
+        $this->administratorRepository = $administratorRepository;
+        $this->hashGenerator = $hashGenerator;
+        $this->messageBus = $messageBus;
+    }
+
+    /**
+     * Generates a password reset token for the administrator with the given email.
+     * Returns the token that should be sent to the user via email.
+     *
+     * @param string $email The email of the administrator
+     * @return string The generated token
+     * @throws NotFoundHttpException If no administrator with the given email exists
+     */
+    public function generatePasswordResetToken(string $email): string
+    {
+        $administrator = $this->administratorRepository->findOneBy(['email' => $email]);
+        if ($administrator === null) {
+            throw new NotFoundHttpException('Administrator not found', null, 1500567100);
+        }
+
+        $existingRequests = $this->passwordRequestRepository->findByAdmin($administrator);
+        foreach ($existingRequests as $request) {
+            $this->passwordRequestRepository->remove($request);
+        }
+
+        $token = md5(random_bytes(256));
+
+        $expiryDate = new DateTime(self::TOKEN_EXPIRY);
+        $passwordRequest = new AdminPasswordRequest(date: $expiryDate, admin: $administrator, keyValue: $token);
+
+        $this->passwordRequestRepository->save($passwordRequest);
+
+        $message = new PasswordResetMessage(email: $email, token: $token);
+        $this->messageBus->dispatch($message);
+
+        return $token;
+    }
+
+    /**
+     * Validates a password reset token.
+     * Returns the administrator if the token is valid, null otherwise.
+     *
+     * @param string $token The token to validate
+     * @return Administrator|null The administrator if the token is valid, null otherwise
+     */
+    public function validatePasswordResetToken(string $token): ?Administrator
+    {
+        $passwordRequest = $this->passwordRequestRepository->findOneByToken($token);
+        if ($passwordRequest === null) {
+            return null;
+        }
+
+        $now = new DateTime();
+        if ($now >= $passwordRequest->getDate()) {
+            $this->passwordRequestRepository->remove($passwordRequest);
+            return null;
+        }
+
+        return $passwordRequest->getAdmin();
+    }
+
+    /**
+     * Updates the password for the administrator with the given token.
+     * Returns true if the password was updated successfully, false otherwise.
+     *
+     * @param string $token The password reset token
+     * @param string $newPassword The new password
+     * @return bool True if the password was updated successfully, false otherwise
+     */
+    public function updatePasswordWithToken(string $token, string $newPassword): bool
+    {
+        $administrator = $this->validatePasswordResetToken($token);
+        if ($administrator === null) {
+            return false;
+        }
+
+        $passwordHash = $this->hashGenerator->createPasswordHash($newPassword);
+        $administrator->setPasswordHash($passwordHash);
+        $this->administratorRepository->save($administrator);
+
+        $passwordRequest = $this->passwordRequestRepository->findOneByToken($token);
+        $this->passwordRequestRepository->remove($passwordRequest);
+
+        return true;
+    }
+
+    /**
+     * Cleans up expired password reset requests.
+     */
+    public function cleanupExpiredTokens(): void
+    {
+        $now = new DateTime();
+        $allRequests = $this->passwordRequestRepository->findAll();
+        foreach ($allRequests as $request) {
+            if ($now >= $request->getDate()) {
+                $this->passwordRequestRepository->remove($request);
+            }
+        }
+    }
+}

src/Domain/Messaging/Message/PasswordResetMessage.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpList\Core\Domain\Messaging\Message;
+
+class PasswordResetMessage
+{
+    private string $email;
+    private string $token;
+
+    public function __construct(string $email, string $token)
+    {
+        $this->email = $email;
+        $this->token = $token;
+    }
+
+    public function getEmail(): string
+    {
+        return $this->email;
+    }
+
+    public function getToken(): string
+    {
+        return $this->token;
+    }
+}

src/Domain/Messaging/MessageHandler/PasswordResetMessageHandler.php

@@ -0,0 +1,58 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpList\Core\Domain\Messaging\MessageHandler;
+
+use PhpList\Core\Domain\Messaging\Message\PasswordResetMessage;
+use PhpList\Core\Domain\Messaging\Service\EmailService;
+use Symfony\Component\Messenger\Attribute\AsMessageHandler;
+use Symfony\Component\Mime\Email;
+
+#[AsMessageHandler]
+class PasswordResetMessageHandler
+{
+    private EmailService $emailService;
+    private string $passwordResetUrl;
+
+    public function __construct(EmailService $emailService, string $passwordResetUrl)
+    {
+        $this->emailService = $emailService;
+        $this->passwordResetUrl = $passwordResetUrl;
+    }
+
+    /**
+     * Process a subscriber confirmation message by sending the confirmation email
+     */
+    public function __invoke(PasswordResetMessage $message): void
+    {
+        $confirmationLink = $this->generateLink($message->getToken());
+
+        $subject = 'Password Reset Request';
+        $textContent = "Hello,\n\n"
+            . "A password reset has been requested for your account.\n"
+            . "Please use the following token to reset your password:\n\n"
+            . $message->getToken()
+            . "\n\nIf you did not request this password reset, please ignore this email.\n\nThank you.";
+
+        $htmlContent = '<p>Password Reset Request!</p>'
+            . '<p>Hello! A password reset has been requested for your account.</p>'
+            . '<p>Please use the following token to reset your password:</p>'
+            . '<p><a href="' . $confirmationLink . '">Reset Password</a></p>'
+            . '<p>If you did not request this password reset, please ignore this email.</p>'
+            . '<p>Thank you.</p>';
+
+        $email = (new Email())
+            ->to($message->getEmail())
+            ->subject($subject)
+            ->text($textContent)
+            ->html($htmlContent);
+
+        $this->emailService->sendEmail($email);
+    }
+
+    private function generateLink(string $uniqueId): string
+    {
+        return $this->passwordResetUrl . '?uniqueId=' . urlencode($uniqueId);
+    }
+}