标题:Symfony控制器中缺少密码验证的条件

e0bqpujr  于 2023-05-18  发布在  其他
关注(0)|答案(1)|浏览(107)

我正在开发一个Symfony应用程序,其中我有一个控制器方法来更新用户的密码。然而,我似乎在代码中犯了一个错误,我很难弄清楚这个问题。
在我的userPasswordEdit方法中,我使用一个Symfony表单来处理密码更新。该方法检查表单是否已提交且有效,然后继续更新用户的密码。然而,我意识到我忘记了包括密码验证的条件,这意味着无论重复的密码是否与原始密码匹配,都会发生更新。

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------    
    Instructeur + leerling controller   
    
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#[Route('/profile/password', name: 'edit_password')]
public function userPasswordEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
{
    // Code to retrieve the user and handle the form submission

    if ($form->isSubmitted() && $form->isValid()) {
        // Code to hash and update the password

        // Intentional error: Missing condition for password validation

        $entityManager->persist($user);
        $entityManager->flush();

        // Code to add a flash message and redirect
    }
}

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------    
#[Route('/profile/edit', name: 'edit_profile')]
    public function userProfileEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
    {
        $user = $this->getUser();
        $form = $this->createForm(EditProfileType::class, $user);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()){
            $user->setName($form->get('name')->getData());
            $user->setEmail($form->get('email')->getData());
            $user->setTel($form->get('tel')->getData());

            $entityManager->persist($user);
            $entityManager->flush();

            $this->addFlash('success', 'Profiel is succesvol aangepast!');
            return $this->redirectToRoute('user_profile');
        }
        
        return $this->render('user/edit_profile.html.twig', [
            'user' => $user, 'profile_form' => $form->createView()
        ]);
    }           
        
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------        
            
    #[Route('/menu/delete/{id}', name: 'delete_item')]
    public function delete_item($id, MenuRepository $menuRepository, EntityManagerInterface $entityManager): Response
    {
        $menu_item = $menuRepository->find($id);

        $entityManager->remove($menu_item);
        $entityManager->flush();

        $this->addFlash('success', $menu_item->getName() .' is succesvol verwijderd van het menu!');
        return $this->redirectToRoute('admin_menu');        
        
        
--------------------------------------------------------------------------------------------------------------------------
TWIG:

<td><a href="{{ path('admin_order', {id: order.id}) }}"> Order number: {{ order.id }}</a></td>
23c0lvtd

23c0lvtd1#

缺少密码验证条件。要在userPasswordEdit方法中添加密码验证缺失的条件,需要在更新之前将重复的密码与原始密码进行比较。
下面是您可以修改代码以包含验证检查的方法:
讲师+管理员

#[Route('/profile/password', name: 'edit_password')]
public function userPasswordEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
{
    $user = $this->getUser();
    $form = $this->createForm(EditPasswordType::class, $user);
    $form->handleRequest($request);

    if ($form->isSubmitted() && $form->isValid()){
        $plainPassword = $form->get('password')->getData();
        $repeatPlainPassword = $form->get('repeatPassword')->getData();

        if ($repeatPlainPassword === $plainPassword){
            $hashedPassword = $passwordHasher->hashPassword($user, $plainPassword);
            $user->setPassword($hashedPassword);

            $entityManager->persist($user);
            $entityManager->flush();

            $this->addFlash('success', 'Wachtwoord is succesvol gewijzigd!');
            return $this->redirectToRoute('user_profile');
        } else {
            echo "<script>alert('Ingevoerde wachtwoorden komen niet overeen!')</script>";
        }
    }

#[Route('/profile/edit', name: 'edit_profile')]
    public function userProfileEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
    {
        $user = $this->getUser();
        $form = $this->createForm(EditProfileType::class, $user);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()){
            $user->setName($form->get('name')->getData());
            $user->setEmail($form->get('email')->getData());
            $user->setTel($form->get('tel')->getData());

            $entityManager->persist($user);
            $entityManager->flush();

            $this->addFlash('success', 'Profiel is succesvol aangepast!');
            return $this->redirectToRoute('user_profile');
        }
        
        return $this->render('user/edit_profile.html.twig', [
            'user' => $user, 'profile_form' => $form->createView()
        ]);
    }           
        
    #[Route('/menu/delete/{id}', name: 'delete_item')]
    public function delete_item($id, MenuRepository $menuRepository, EntityManagerInterface $entityManager): Response
    {
        $menu_item = $menuRepository->find($id);

        $entityManager->remove($menu_item);
        $entityManager->flush();

        $this->addFlash('success', $menu_item->getName() .' is succesvol verwijderd van het menu!');
        return $this->redirectToRoute('admin_menu');

TWIG:

<td><a href="{{ path('admin_order', {id: order.id}) }}"> Order number{{ order.id }}</a></td>

相关问题