SplendidBear-Websites/MineSeeker
Private
Public Access
1
0
Fork 0
Code Pull Requests 1 Releases Activity

chg: dev: refactor all forms to have Symfony Form Types & Validation Constrainsts - & implement Google ReCapthca v3 #4

Browse Source
This commit is contained in:
László Lang
2026-04-12 08:49:47 +02:00
parent e2b227ed7a
commit acbe9c7f63
21 changed files with 1253 additions and 351 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
src/Controller/SecurityController.php
View File

@@ -11,6 +11,9 @@
namespace App\Controller;
use App\Entity\User;
use App\Form\ForgotPasswordFormType;
use App\Form\RegistrationFormType;
use App\Form\ResetPasswordFormType;
use App\Repository\UserRepository;
use DateTime;
use Doctrine\ORM\EntityManagerInterface;
@@ -68,75 +71,45 @@ class SecurityController extends AbstractController
return $this->redirectToRoute('MineSeekerBundle_homepage');
}
$errors = [];
$user = new User();
$form = $this->createForm(RegistrationFormType::class, $user);
$form->handleRequest($request);
if ($request->isMethod('POST')) {
$username = trim((string) $request->request->get('_username', ''));
$email = trim((string) $request->request->get('_email', ''));
$password = (string) $request->request->get('_password', '');
$passwordConfirm = (string) $request->request->get('_password_confirm', '');
if ($form->isSubmitted() && $form->isValid()) {
$token = bin2hex(random_bytes(32));
if (mb_strlen($username) < 3) {
$errors['username'] = 'Username must be at least 3 characters.';
} elseif ($em->getRepository(User::class)->findOneBy(['username' => $username])) {
$errors['username'] = 'This username is already taken.';
}
$user
->setIsVerified(false)
->setVerificationToken($token)
->setPassword($hasher->hashPassword($user, $form->get('plainPassword')->getData()));
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors['email'] = 'Please enter a valid email address.';
} elseif ($em->getRepository(User::class)->findOneBy(['email' => $email])) {
$errors['email'] = 'This email address is already registered.';
}
$em->persist($user);
$em->flush();
if (mb_strlen($password) < 6) {
$errors['password'] = 'Password must be at least 6 characters.';
} elseif ($password !== $passwordConfirm) {
$errors['password_confirm'] = 'Passwords do not match.';
}
$activationUrl = $this->generateUrl(
'MineSeekerBundle_activate',
['token' => $token],
UrlGeneratorInterface::ABSOLUTE_URL,
);
if (empty($errors)) {
$token = bin2hex(random_bytes(32));
$mailer->send(
new TemplatedEmail()
->from('noreply@mineseeker.ninja')
->to($user->getEmail())
->subject('Activate your MineSeeker account')
->htmlTemplate('emails/activation.html.twig')
->context([
'username' => $user->getUsername(),
'activation_url' => $activationUrl,
])
);
$user = new User()
->setUsername($username)
->setEmail($email)
->setIsVerified(false)
->setVerificationToken($token);
$this->addFlash('verify_email', $user->getEmail());
$user->setPassword($hasher->hashPassword($user, $password));
$em->persist($user);
$em->flush();
$activationUrl = $this->generateUrl(
'MineSeekerBundle_activate',
['token' => $token],
UrlGeneratorInterface::ABSOLUTE_URL,
);
$mailer->send(
new TemplatedEmail()
->from('noreply@mineseeker.ninja')
->to($email)
->subject('Activate your MineSeeker account')
->htmlTemplate('emails/activation.html.twig')
->context([
'username' => $username,
'activation_url' => $activationUrl,
])
);
$this->addFlash('verify_email', $email);
return $this->redirectToRoute('MineSeekerBundle_register');
}
return $this->redirectToRoute('MineSeekerBundle_register');
}
return $this->render('Security/register.html.twig', [
'errors' => $errors,
'last_username' => $request->request->get('_username', ''),
'last_email' => $request->request->get('_email', ''),
]);
return $this->render('Security/register.html.twig', ['form' => $form]);
}
#[Route('/forgot-password', name: 'MineSeekerBundle_forgot_password')]
@@ -150,8 +123,11 @@ class SecurityController extends AbstractController
return $this->redirectToRoute('MineSeekerBundle_homepage');
}
if ($request->isMethod('POST')) {
$email = trim((string) $request->request->get('_email', ''));
$form = $this->createForm(ForgotPasswordFormType::class);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
$email = $form->get('email')->getData();
$user = $userRepository->findOneByEmail($email);
if ($user && $user->isVerified()) {
@@ -186,7 +162,7 @@ class SecurityController extends AbstractController
return $this->redirectToRoute('MineSeekerBundle_forgot_password');
}
return $this->render('Security/forgot_password.html.twig');
return $this->render('Security/forgot_password.html.twig', ['form' => $form]);
}
#[Route('/reset-password/{token}', name: 'MineSeekerBundle_reset_password')]
@@ -204,32 +180,22 @@ class SecurityController extends AbstractController
return $this->redirectToRoute('MineSeekerBundle_forgot_password');
}
$errors = [];
$form = $this->createForm(ResetPasswordFormType::class);
$form->handleRequest($request);
if ($request->isMethod('POST')) {
$password = (string) $request->request->get('_password', '');
$passwordConfirm = (string) $request->request->get('_password_confirm', '');
if ($form->isSubmitted() && $form->isValid()) {
$user
->setPassword($hasher->hashPassword($user, $form->get('plainPassword')->getData()))
->setResetToken(null)
->setResetTokenExpiresAt(null);
$em->flush();
if (mb_strlen($password) < 6) {
$errors['password'] = 'Password must be at least 6 characters.';
} elseif ($password !== $passwordConfirm) {
$errors['password_confirm'] = 'Passwords do not match.';
}
$this->addFlash('success', 'Your password has been reset. You can now sign in.');
if (empty($errors)) {
$user
->setPassword($hasher->hashPassword($user, $password))
->setResetToken(null)
->setResetTokenExpiresAt(null);
$em->flush();
$this->addFlash('success', 'Your password has been reset. You can now sign in.');
return $this->redirectToRoute('MineSeekerBundle_login');
}
return $this->redirectToRoute('MineSeekerBundle_login');
}
return $this->render('Security/reset_password.html.twig', ['errors' => $errors]);
return $this->render('Security/reset_password.html.twig', ['form' => $form]);
}
#[Route('/activate/{token}', name: 'MineSeekerBundle_activate')]

6
src/Entity/User.php
View File

@@ -18,9 +18,9 @@ use Doctrine\ORM\Mapping\Entity;
use Doctrine\ORM\Mapping\GeneratedValue;
use Doctrine\ORM\Mapping\Id;
use Doctrine\ORM\Mapping\Table;
use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Validator\Constraints as Assert;
/**
* Class User
@@ -34,6 +34,8 @@ use Symfony\Component\Validator\Constraints as Assert;
*/
#[Table(name: 'app_user')]
#[Entity(repositoryClass: UserRepository::class)]
#[UniqueEntity(fields: ['username'], message: 'This username is already taken.')]
#[UniqueEntity(fields: ['email'], message: 'This email address is already registered.')]
class User implements UserInterface, PasswordAuthenticatedUserInterface
{
#[Id, GeneratedValue, Column]
@@ -82,7 +84,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
public function getUserIdentifier(): string
{
return (string) $this->username;
return (string)$this->username;
}
public function getRoles(): array

56
src/EventListener/LoginCaptchaListener.php Normal file
View File

@@ -0,0 +1,56 @@
<?php declare(strict_types=1);
/*
* This file is part of the SplendidBear Websites' projects.
*
* Copyright (c) 2026 @ www.splendidbear.org
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace App\EventListener;
use App\Service\RecaptchaService;
use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Http\Event\CheckPassportEvent;
/**
* Class LoginCaptchaListener
*
* Validates the Google reCAPTCHA v3 token during form-login authentication.
* Fires on CheckPassportEvent, which is dispatched after credentials are
* collected but before the user is authenticated.
*
* @package App\EventListener
* @author Lang <https://www.splendidbear.org>
* @category Class
* @license https://www.gnu.org/licenses/lgpl-3.0.en.html GNU Lesser General Public License
* @link www.splendidbear.org
* @since 2026. 04. 12.
*/
#[AsEventListener(event: CheckPassportEvent::class)]
readonly class LoginCaptchaListener
{
public function __construct(
private RecaptchaService $recaptcha,
private RequestStack $requestStack,
) {}
public function __invoke(CheckPassportEvent $event): void
{
$request = $this->requestStack->getCurrentRequest();
if ($request === null || !$request->isMethod('POST')) {
return;
}
$token = $request->request->getString('g-recaptcha-response');
$remoteIp = (string) $request->getClientIp();
if (!$this->recaptcha->verify($token, $remoteIp)) {
throw new CustomUserMessageAuthenticationException('CAPTCHA verification failed. Please try again.');
}
}
}

48
src/Form/ForgotPasswordFormType.php Normal file
View File

@@ -0,0 +1,48 @@
<?php declare(strict_types=1);
/*
* This file is part of the SplendidBear Websites' projects.
*
* Copyright (c) 2026 @ www.splendidbear.org
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace App\Form;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\Extension\Core\Type\EmailType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolver;
use Symfony\Component\Validator\Constraints\Email;
use Symfony\Component\Validator\Constraints\NotBlank;
/**
* Class ForgotPasswordFormType
*
* @package App\Form
* @author Lang <https://www.splendidbear.org>
* @category Class
* @license https://www.gnu.org/licenses/lgpl-3.0.en.html GNU Lesser General Public License
* @link www.splendidbear.org
* @since 2026. 04. 12.
*/
class ForgotPasswordFormType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options): void
{
$builder
->add('email', EmailType::class, [
'constraints' => [
new NotBlank(message: 'Please enter an email address.'),
new Email(message: 'Please enter a valid email address.'),
],
])
->add('recaptcha', RecaptchaType::class);
}
public function configureOptions(OptionsResolver $resolver): void
{
$resolver->setDefaults([]);
}
}

61
src/Form/RecaptchaType.php Normal file
View File

@@ -0,0 +1,61 @@
<?php declare(strict_types=1);
/*
* This file is part of the SplendidBear Websites' projects.
*
* Copyright (c) 2026 @ www.splendidbear.org
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace App\Form;
use App\Validator\Recaptcha;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\Event\PreSubmitEvent;
use Symfony\Component\Form\Extension\Core\Type\HiddenType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\Form\FormEvents;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\OptionsResolver\OptionsResolver;
/**
* Class RecaptchaType
*
* Reads the Google reCAPTCHA v3 token from the raw POST field
* `g-recaptcha-response` (populated by JS before form submit) and injects
* it as this field's value before validation runs.
*
* @package App\Form
* @author Lang <https://www.splendidbear.org>
* @category Class
* @license https://www.gnu.org/licenses/lgpl-3.0.en.html GNU Lesser General Public License
* @link www.splendidbear.org
* @since 2026. 04. 12.
*/
class RecaptchaType extends AbstractType
{
public function __construct(private readonly RequestStack $requestStack) {}
public function buildForm(FormBuilderInterface $builder, array $options): void
{
$builder->addEventListener(FormEvents::PRE_SUBMIT, function (PreSubmitEvent $event): void {
$request = $this->requestStack->getCurrentRequest();
$token = $request?->request->getString('g-recaptcha-response') ?? '';
$event->setData($token);
});
}
public function configureOptions(OptionsResolver $resolver): void
{
$resolver->setDefaults([
'mapped' => false,
'constraints' => [new Recaptcha()],
]);
}
public function getParent(): string
{
return HiddenType::class;
}
}

80
src/Form/RegistrationFormType.php Normal file
View File

@@ -0,0 +1,80 @@
<?php declare(strict_types=1);
/*
* This file is part of the SplendidBear Websites' projects.
*
* Copyright (c) 2026 @ www.splendidbear.org
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace App\Form;
use App\Entity\User;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\Extension\Core\Type\EmailType;
use Symfony\Component\Form\Extension\Core\Type\PasswordType;
use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
use Symfony\Component\Form\Extension\Core\Type\TextType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolver;
use Symfony\Component\Validator\Constraints\Email;
use Symfony\Component\Validator\Constraints\Length;
use Symfony\Component\Validator\Constraints\NotBlank;
/**
* Class RegistrationFormType
*
* @package App\Form
* @author Lang <https://www.splendidbear.org>
* @category Class
* @license https://www.gnu.org/licenses/lgpl-3.0.en.html GNU Lesser General Public License
* @link www.splendidbear.org
* @since 2026. 04. 12.
*/
class RegistrationFormType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options): void
{
$builder
->add('username', TextType::class, [
'constraints' => [
new NotBlank(message: 'Please enter a username.'),
new Length(
min: 3,
max: 180,
minMessage: 'Username must be at least {{ limit }} characters.',
maxMessage: 'Username cannot be longer than {{ limit }} characters.',
),
],
])
->add('email', EmailType::class, [
'constraints' => [
new NotBlank(message: 'Please enter an email address.'),
new Email(message: 'Please enter a valid email address.'),
],
])
->add('plainPassword', RepeatedType::class, [
'type' => PasswordType::class,
'mapped' => false,
'invalid_message' => 'Passwords do not match.',
'first_options' => ['label' => 'Password'],
'second_options' => ['label' => 'Confirm Password'],
'constraints' => [
new NotBlank(message: 'Please enter a password.'),
new Length(
min: 6,
minMessage: 'Password must be at least {{ limit }} characters.',
),
],
])
->add('recaptcha', RecaptchaType::class);
}
public function configureOptions(OptionsResolver $resolver): void
{
$resolver->setDefaults([
'data_class' => User::class,
]);
}
}

56
src/Form/ResetPasswordFormType.php Normal file
View File

@@ -0,0 +1,56 @@
<?php declare(strict_types=1);
/*
* This file is part of the SplendidBear Websites' projects.
*
* Copyright (c) 2026 @ www.splendidbear.org
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace App\Form;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\Extension\Core\Type\PasswordType;
use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolver;
use Symfony\Component\Validator\Constraints\Length;
use Symfony\Component\Validator\Constraints\NotBlank;
/**
* Class ResetPasswordFormType
*
* @package App\Form
* @author Lang <https://www.splendidbear.org>
* @category Class
* @license https://www.gnu.org/licenses/lgpl-3.0.en.html GNU Lesser General Public License
* @link www.splendidbear.org
* @since 2026. 04. 12.
*/
class ResetPasswordFormType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options): void
{
$builder
->add('recaptcha', RecaptchaType::class)
->add('plainPassword', RepeatedType::class, [
'type' => PasswordType::class,
'invalid_message' => 'Passwords do not match.',
'first_options' => ['label' => 'New Password'],
'second_options' => ['label' => 'Confirm New Password'],
'constraints' => [
new NotBlank(message: 'Please enter a password.'),
new Length(
min: 6,
minMessage: 'Password must be at least {{ limit }} characters.',
),
],
]);
}
public function configureOptions(OptionsResolver $resolver): void
{
$resolver->setDefaults([]);
}
}

69
src/Service/RecaptchaService.php Normal file
View File

@@ -0,0 +1,69 @@
<?php declare(strict_types=1);
/*
* This file is part of the SplendidBear Websites' projects.
*
* Copyright (c) 2026 @ www.splendidbear.org
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace App\Service;
use Psr\Log\LoggerInterface;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Contracts\HttpClient\HttpClientInterface;
/**
* Class RecaptchaService
*
* @package App\Service
* @author Lang <https://www.splendidbear.org>
* @category Class
* @license https://www.gnu.org/licenses/lgpl-3.0.en.html GNU Lesser General Public License
* @link www.splendidbear.org
* @since 2026. 04. 12.
*/
readonly class RecaptchaService
{
private const string SITEVERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';
/**
* Minimum score to accept a request (0.0 = bot, 1.0 = human).
* 0.5 is Google's recommended default threshold.
*/
private const float SCORE_THRESHOLD = 0.5;
public function __construct(
private HttpClientInterface $httpClient,
private LoggerInterface $logger,
#[Autowire(env: 'RECAPTCHA_SECRET_KEY')]
private string $secretKey,
) {}
public function verify(string $token, string $remoteIp = ''): bool
{
if ($token === '') {
return false;
}
try {
$body = ['secret' => $this->secretKey, 'response' => $token];
if ($remoteIp !== '') {
$body['remoteip'] = $remoteIp;
}
$data = $this->httpClient
->request('POST', self::SITEVERIFY_URL, ['body' => $body])
->toArray();
return ($data['success'] ?? false) === true
&& ($data['score'] ?? 0.0) >= self::SCORE_THRESHOLD;
} catch (\Throwable $e) {
$this->logger->error('reCAPTCHA verification failed: ' . $e->getMessage());
return false;
}
}
}

30
src/Validator/Recaptcha.php Normal file
View File

@@ -0,0 +1,30 @@
<?php declare(strict_types=1);
/*
* This file is part of the SplendidBear Websites' projects.
*
* Copyright (c) 2026 @ www.splendidbear.org
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace App\Validator;
use Attribute;
use Symfony\Component\Validator\Constraint;
/**
* Class Recaptcha
*
* @package App\Validator
* @author Lang <https://www.splendidbear.org>
* @category Class
* @license https://www.gnu.org/licenses/lgpl-3.0.en.html GNU Lesser General Public License
* @link www.splendidbear.org
* @since 2026. 04. 12.
*/
#[Attribute(Attribute::TARGET_PROPERTY | Attribute::TARGET_METHOD | Attribute::IS_REPEATABLE)]
class Recaptcha extends Constraint
{
public string $message = 'CAPTCHA verification failed. Please try again.';
}

51
src/Validator/RecaptchaValidator.php Normal file
View File

@@ -0,0 +1,51 @@
<?php declare(strict_types=1);
/*
* This file is part of the SplendidBear Websites' projects.
*
* Copyright (c) 2026 @ www.splendidbear.org
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace App\Validator;
use App\Service\RecaptchaService;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Validator\Constraint;
use Symfony\Component\Validator\ConstraintValidator;
use Symfony\Component\Validator\Exception\UnexpectedTypeException;
/**
* Class RecaptchaValidator
*
* @package App\Validator
* @author Lang <https://www.splendidbear.org>
* @category Class
* @license https://www.gnu.org/licenses/lgpl-3.0.en.html GNU Lesser General Public License
* @link www.splendidbear.org
* @since 2026. 04. 12.
*/
class RecaptchaValidator extends ConstraintValidator
{
public function __construct(
private readonly RecaptchaService $recaptcha,
private readonly RequestStack $requestStack,
) {}
public function validate(mixed $value, Constraint $constraint): void
{
if (!$constraint instanceof Recaptcha) {
throw new UnexpectedTypeException($constraint, Recaptcha::class);
}
$request = $this->requestStack->getCurrentRequest();
$remoteIp = $request !== null ? ((string) $request->getClientIp()) : '';
if ($this->recaptcha->verify((string) $value, $remoteIp)) {
return;
}
$this->context->buildViolation($constraint->message)->addViolation();
}
}