src/Controller/SecurityController.php

<?php declare(strict_types=1);
/*
 * This file is part of the SplendidBear Websites' projects.
 *
 * Copyright (c) 2026 @ www.splendidbear.org
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace App\Controller;

use App\Entity\User;
use App\Form\ForgotPasswordFormType;
use App\Form\RegistrationFormType;
use App\Form\ResetPasswordFormType;
use App\Repository\UserRepository;
use DateTime;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bridge\Twig\Mime\TemplatedEmail;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Attribute\AsController;
use Symfony\Component\Mailer\MailerInterface;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;

/**
 * Class SecurityController
 *
 * @package  App\Controller
 * @author   Lang <https://www.splendidbear.org>
 * @category Class
 * @license  https://www.gnu.org/licenses/lgpl-3.0.en.html GNU Lesser General Public License
 * @link     www.splendidbear.org
 * @since    2026. 04. 11.
 */
#[AsController]
class SecurityController extends AbstractController
{
    public function __construct(
        #[Autowire(env: 'APP_CONTACT_MAIL_ADDRESS')]
        private readonly string $appContactMailAddress,
    ) {
    }

    #[Route('/login', name: 'MineSeekerBundle_login')]
    public function login(AuthenticationUtils $authenticationUtils): Response
    {
        if ($this->getUser()) {
            return $this->redirectToRoute('MineSeekerBundle_homepage');
        }

        return $this->render('Security/login.html.twig', [
            'last_username' => $authenticationUtils->getLastUsername(),
            'error'         => $authenticationUtils->getLastAuthenticationError(),
        ]);
    }

    #[Route('/logout', name: 'MineSeekerBundle_logout', methods: ['POST'])]
    public function logout(): never
    {
        throw new \LogicException('This action is intercepted by the security firewall.');
    }

    #[Route('/register', name: 'MineSeekerBundle_register')]
    public function register(
        Request                     $request,
        UserPasswordHasherInterface $hasher,
        EntityManagerInterface      $em,
        MailerInterface             $mailer,
    ): Response {
        if ($this->getUser()) {
            return $this->redirectToRoute('MineSeekerBundle_homepage');
        }

        $user = new User();
        $form = $this->createForm(RegistrationFormType::class, $user);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
            $token = bin2hex(random_bytes(32));

            $user
                ->setIsVerified(false)
                ->setVerificationToken($token)
                ->setPassword($hasher->hashPassword($user, $form->get('plainPassword')->getData()));

            $em->persist($user);
            $em->flush();

            $activationUrl = $this->generateUrl(
                'MineSeekerBundle_activate',
                ['token' => $token],
                UrlGeneratorInterface::ABSOLUTE_URL,
            );

            /** Ensure HTTPS scheme in production */
            if ($this->getParameter('kernel.environment') === 'prod') {
                $activationUrl = str_replace('http://', 'https://', $activationUrl);
            }

            $mailer->send(
                new TemplatedEmail()
                    ->from('noreply@mineseeker.hu')
                    ->to($user->getEmail())
                    ->subject('Activate your MineSeeker account')
                    ->htmlTemplate('emails/activation.html.twig')
                    ->context([
                        'username'       => $user->getUsername(),
                        'activation_url' => $activationUrl,
                    ])
            );

            /** Send admin notification about new user registration */
            $mailer->send(
                new TemplatedEmail()
                    ->from('noreply@mineseeker.hu')
                    ->to($this->appContactMailAddress)
                    ->subject('🎉 New User Registration: ' . $user->getUsername())
                    ->htmlTemplate('emails/user_registration_notification.html.twig')
                    ->context([
                        'user'         => $user,
                        'registeredAt' => new DateTime(),
                    ])
            );

            $this->addFlash('verify_email', $user->getEmail());

            return $this->redirectToRoute('MineSeekerBundle_register');
        }

        return $this->render('Security/register.html.twig', ['form' => $form]);
    }

    #[Route('/forgot-password', name: 'MineSeekerBundle_forgot_password')]
    public function forgotPassword(
        Request                $request,
        UserRepository         $userRepository,
        EntityManagerInterface $em,
        MailerInterface        $mailer,
    ): Response {
        if ($this->getUser()) {
            return $this->redirectToRoute('MineSeekerBundle_homepage');
        }

        $form = $this->createForm(ForgotPasswordFormType::class);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
            $email = $form->get('email')->getData();
            $user = $userRepository->findOneByEmail($email);

            if ($user && $user->isVerified()) {
                $token = bin2hex(random_bytes(32));
                $user
                    ->setResetToken($token)
                    ->setResetTokenExpiresAt(new DateTime('+1 hour'));
                $em->flush();

                $resetUrl = $this->generateUrl(
                    'MineSeekerBundle_reset_password',
                    ['token' => $token],
                    UrlGeneratorInterface::ABSOLUTE_URL,
                );

                /** Ensure HTTPS scheme in production */
                if ($this->getParameter('kernel.environment') === 'prod') {
                    $resetUrl = str_replace('http://', 'https://', $resetUrl);
                }

                $mailer->send(
                    new TemplatedEmail()
                        ->from('noreply@mineseeker.hu')
                        ->to($email)
                        ->subject('Reset your MineSeeker password')
                        ->htmlTemplate('emails/reset_password.html.twig')
                        ->context([
                            'username'  => $user->getUsername(),
                            'reset_url' => $resetUrl,
                        ])
                );
            }

            // Always show the same flash to prevent email enumeration
            $this->addFlash('reset_sent', $email);

            return $this->redirectToRoute('MineSeekerBundle_forgot_password');
        }

        return $this->render('Security/forgot_password.html.twig', ['form' => $form]);
    }

    #[Route('/reset-password/{token}', name: 'MineSeekerBundle_reset_password')]
    public function resetPassword(
        string                      $token,
        Request                     $request,
        UserRepository              $userRepository,
        EntityManagerInterface      $em,
        UserPasswordHasherInterface $hasher,
    ): Response {
        $user = $userRepository->findOneByResetToken($token);

        if (!$user || $user->getResetTokenExpiresAt() < new DateTime()) {
            $this->addFlash('error', 'This password reset link is invalid or has expired.');
            return $this->redirectToRoute('MineSeekerBundle_forgot_password');
        }

        $form = $this->createForm(ResetPasswordFormType::class);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
            $user
                ->setPassword($hasher->hashPassword($user, $form->get('plainPassword')->getData()))
                ->setResetToken(null)
                ->setResetTokenExpiresAt(null);
            $em->flush();

            $this->addFlash('success', 'Your password has been reset. You can now sign in.');

            return $this->redirectToRoute('MineSeekerBundle_login');
        }

        return $this->render('Security/reset_password.html.twig', ['form' => $form]);
    }

    #[Route('/activate/{token}', name: 'MineSeekerBundle_activate')]
    public function activate(string $token, EntityManagerInterface $em): Response
    {
        $user = $em->getRepository(User::class)->findOneBy(['verificationToken' => $token]);

        if (!$user) {
            $this->addFlash('error', 'This activation link is invalid or has already been used.');
            return $this->redirectToRoute('MineSeekerBundle_login');
        }

        $user->setIsVerified(true)->setVerificationToken(null);
        $em->flush();

        $this->addFlash('success', 'Your account is now active. Welcome, ' . $user->getUsername() . '!');

        return $this->redirectToRoute('MineSeekerBundle_login');
    }
}
chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`<?php declare(strict_types=1);`
			`/*`
			`* This file is part of the SplendidBear Websites' projects.`
			`*`
			`* Copyright (c) 2026 @ www.splendidbear.org`
			`*`
			`* For the full copyright and license information, please view the LICENSE`
			`* file that was distributed with this source code.`
			`*/`

			`namespace App\Controller;`

			`use App\Entity\User;`
chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`use App\Form\ForgotPasswordFormType;`
			`use App\Form\RegistrationFormType;`
			`use App\Form\ResetPasswordFormType;`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00			`use App\Repository\UserRepository;`
			`use DateTime;`
chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`use Doctrine\ORM\EntityManagerInterface;`
			`use Symfony\Bridge\Twig\Mime\TemplatedEmail;`
			`use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;`
new: usr: add notification email when a user is registered #4 2026-04-15 20:19:29 +02:00			`use Symfony\Component\DependencyInjection\Attribute\Autowire;`
chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`use Symfony\Component\HttpFoundation\Request;`
			`use Symfony\Component\HttpFoundation\Response;`
chg: dev: increase the minimum PHP version to the latest major - and massive refactor on back-end, like Controllers and Repositories #4 2026-04-12 08:01:46 +02:00			`use Symfony\Component\HttpKernel\Attribute\AsController;`
chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`use Symfony\Component\Mailer\MailerInterface;`
			`use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;`
			`use Symfony\Component\Routing\Attribute\Route;`
			`use Symfony\Component\Routing\Generator\UrlGeneratorInterface;`
			`use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;`

			`/**`
			`* Class SecurityController`
			`*`
			`* @package App\Controller`
			`* @author Lang <https://www.splendidbear.org>`
			`* @category Class`
			`* @license https://www.gnu.org/licenses/lgpl-3.0.en.html GNU Lesser General Public License`
			`* @link www.splendidbear.org`
			`* @since 2026. 04. 11.`
			`*/`
chg: dev: increase the minimum PHP version to the latest major - and massive refactor on back-end, like Controllers and Repositories #4 2026-04-12 08:01:46 +02:00			`#[AsController]`
chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`class SecurityController extends AbstractController`
			`{`
new: usr: add notification email when a user is registered #4 2026-04-15 20:19:29 +02:00			`public function __construct(`
			`#[Autowire(env: 'APP_CONTACT_MAIL_ADDRESS')]`
			`private readonly string $appContactMailAddress,`
			`) {`
			`}`

chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`#[Route('/login', name: 'MineSeekerBundle_login')]`
			`public function login(AuthenticationUtils $authenticationUtils): Response`
			`{`
			`if ($this->getUser()) {`
			`return $this->redirectToRoute('MineSeekerBundle_homepage');`
			`}`

			`return $this->render('Security/login.html.twig', [`
			`'last_username' => $authenticationUtils->getLastUsername(),`
			`'error' => $authenticationUtils->getLastAuthenticationError(),`
			`]);`
			`}`

			`#[Route('/logout', name: 'MineSeekerBundle_logout', methods: ['POST'])]`
new: usr: implement the 2FA authentication (TOTP and backup codes) #4 2026-04-12 17:55:57 +02:00			`public function logout(): never`
chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`{`
new: usr: implement the 2FA authentication (TOTP and backup codes) #4 2026-04-12 17:55:57 +02:00			`throw new \LogicException('This action is intercepted by the security firewall.');`
chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`}`

			`#[Route('/register', name: 'MineSeekerBundle_register')]`
			`public function register(`
new: usr: implement the 2FA authentication (TOTP and backup codes) #4 2026-04-12 17:55:57 +02:00			`Request $request,`
chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`UserPasswordHasherInterface $hasher,`
new: usr: implement the 2FA authentication (TOTP and backup codes) #4 2026-04-12 17:55:57 +02:00			`EntityManagerInterface $em,`
			`MailerInterface $mailer,`
chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`): Response {`
			`if ($this->getUser()) {`
			`return $this->redirectToRoute('MineSeekerBundle_homepage');`
			`}`

chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`$user = new User();`
			`$form = $this->createForm(RegistrationFormType::class, $user);`
			`$form->handleRequest($request);`

			`if ($form->isSubmitted() && $form->isValid()) {`
			`$token = bin2hex(random_bytes(32));`

			`$user`
			`->setIsVerified(false)`
			`->setVerificationToken($token)`
			`->setPassword($hasher->hashPassword($user, $form->get('plainPassword')->getData()));`

			`$em->persist($user);`
			`$em->flush();`

			`$activationUrl = $this->generateUrl(`
			`'MineSeekerBundle_activate',`
			`['token' => $token],`
			`UrlGeneratorInterface::ABSOLUTE_URL,`
			`);`

new: usr: add notification email when a user is registered #4 2026-04-15 20:19:29 +02:00			`/** Ensure HTTPS scheme in production */`
chg: pkg: new version release !skipChangelog 2026-04-15 20:13:38 +02:00			`if ($this->getParameter('kernel.environment') === 'prod') {`
			`$activationUrl = str_replace('http://', 'https://', $activationUrl);`
			`}`

chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`$mailer->send(`
			`new TemplatedEmail()`
fix: dev: quickfix for email sending #4 2026-04-14 16:38:55 +02:00			`->from('noreply@mineseeker.hu')`
chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`->to($user->getEmail())`
			`->subject('Activate your MineSeeker account')`
			`->htmlTemplate('emails/activation.html.twig')`
			`->context([`
			`'username' => $user->getUsername(),`
			`'activation_url' => $activationUrl,`
			`])`
			`);`

new: usr: add notification email when a user is registered #4 2026-04-15 20:19:29 +02:00			`/** Send admin notification about new user registration */`
			`$mailer->send(`
			`new TemplatedEmail()`
			`->from('noreply@mineseeker.hu')`
			`->to($this->appContactMailAddress)`
			`->subject('🎉 New User Registration: ' . $user->getUsername())`
			`->htmlTemplate('emails/user_registration_notification.html.twig')`
			`->context([`
			`'user' => $user,`
			`'registeredAt' => new DateTime(),`
			`])`
			`);`

chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`$this->addFlash('verify_email', $user->getEmail());`

			`return $this->redirectToRoute('MineSeekerBundle_register');`
chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`}`

chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`return $this->render('Security/register.html.twig', ['form' => $form]);`
chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`}`

chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00			`#[Route('/forgot-password', name: 'MineSeekerBundle_forgot_password')]`
			`public function forgotPassword(`
new: usr: implement the 2FA authentication (TOTP and backup codes) #4 2026-04-12 17:55:57 +02:00			`Request $request,`
			`UserRepository $userRepository,`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00			`EntityManagerInterface $em,`
new: usr: implement the 2FA authentication (TOTP and backup codes) #4 2026-04-12 17:55:57 +02:00			`MailerInterface $mailer,`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00			`): Response {`
			`if ($this->getUser()) {`
			`return $this->redirectToRoute('MineSeekerBundle_homepage');`
			`}`

chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`$form = $this->createForm(ForgotPasswordFormType::class);`
			`$form->handleRequest($request);`

			`if ($form->isSubmitted() && $form->isValid()) {`
			`$email = $form->get('email')->getData();`
new: usr: implement the 2FA authentication (TOTP and backup codes) #4 2026-04-12 17:55:57 +02:00			`$user = $userRepository->findOneByEmail($email);`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00
			`if ($user && $user->isVerified()) {`
			`$token = bin2hex(random_bytes(32));`
			`$user`
			`->setResetToken($token)`
			`->setResetTokenExpiresAt(new DateTime('+1 hour'));`
			`$em->flush();`

			`$resetUrl = $this->generateUrl(`
			`'MineSeekerBundle_reset_password',`
			`['token' => $token],`
			`UrlGeneratorInterface::ABSOLUTE_URL,`
			`);`

new: usr: add notification email when a user is registered #4 2026-04-15 20:19:29 +02:00			`/** Ensure HTTPS scheme in production */`
chg: pkg: new version release !skipChangelog 2026-04-15 20:13:38 +02:00			`if ($this->getParameter('kernel.environment') === 'prod') {`
			`$resetUrl = str_replace('http://', 'https://', $resetUrl);`
			`}`

chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00			`$mailer->send(`
			`new TemplatedEmail()`
fix: dev: quickfix for email sending #4 2026-04-14 16:38:55 +02:00			`->from('noreply@mineseeker.hu')`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00			`->to($email)`
			`->subject('Reset your MineSeeker password')`
			`->htmlTemplate('emails/reset_password.html.twig')`
			`->context([`
			`'username' => $user->getUsername(),`
			`'reset_url' => $resetUrl,`
			`])`
			`);`
			`}`

			`// Always show the same flash to prevent email enumeration`
			`$this->addFlash('reset_sent', $email);`

			`return $this->redirectToRoute('MineSeekerBundle_forgot_password');`
			`}`

chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`return $this->render('Security/forgot_password.html.twig', ['form' => $form]);`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00			`}`

			`#[Route('/reset-password/{token}', name: 'MineSeekerBundle_reset_password')]`
			`public function resetPassword(`
new: usr: implement the 2FA authentication (TOTP and backup codes) #4 2026-04-12 17:55:57 +02:00			`string $token,`
			`Request $request,`
			`UserRepository $userRepository,`
			`EntityManagerInterface $em,`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00			`UserPasswordHasherInterface $hasher,`
			`): Response {`
			`$user = $userRepository->findOneByResetToken($token);`

			`if (!$user \|\| $user->getResetTokenExpiresAt() < new DateTime()) {`
			`$this->addFlash('error', 'This password reset link is invalid or has expired.');`
			`return $this->redirectToRoute('MineSeekerBundle_forgot_password');`
			`}`

chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`$form = $this->createForm(ResetPasswordFormType::class);`
			`$form->handleRequest($request);`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00
chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`if ($form->isSubmitted() && $form->isValid()) {`
			`$user`
			`->setPassword($hasher->hashPassword($user, $form->get('plainPassword')->getData()))`
			`->setResetToken(null)`
			`->setResetTokenExpiresAt(null);`
			`$em->flush();`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00
chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`$this->addFlash('success', 'Your password has been reset. You can now sign in.');`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00
chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`return $this->redirectToRoute('MineSeekerBundle_login');`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00			`}`

chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4 2026-04-12 08:49:47 +02:00			`return $this->render('Security/reset_password.html.twig', ['form' => $form]);`
chg: usr: add forgot password functionality #4 2026-04-12 08:10:36 +02:00			`}`

chg: usr: improve the gfx on homepage - implement login/register and activation for authentication - and add the first version of profile page #4 2026-04-11 20:45:51 +02:00			`#[Route('/activate/{token}', name: 'MineSeekerBundle_activate')]`
			`public function activate(string $token, EntityManagerInterface $em): Response`
			`{`
			`$user = $em->getRepository(User::class)->findOneBy(['verificationToken' => $token]);`

			`if (!$user) {`
			`$this->addFlash('error', 'This activation link is invalid or has already been used.');`
			`return $this->redirectToRoute('MineSeekerBundle_login');`
			`}`

			`$user->setIsVerified(true)->setVerificationToken(null);`
			`$em->flush();`

			`$this->addFlash('success', 'Your account is now active. Welcome, ' . $user->getUsername() . '!');`

			`return $this->redirectToRoute('MineSeekerBundle_login');`
			`}`
chg: dev: increase the minimum PHP version to the latest major - and massive refactor on back-end, like Controllers and Repositories #4 2026-04-12 08:01:46 +02:00			`}`