Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Title: Missing condition for password validation in Symfony controller

byMR
May 11, 2023

I’m working on a Symfony application where I have a controller method for updating the user’s password. However, I seem to have made an error in the code, and I’m having trouble figuring out the issue.

In my userPasswordEdit method, I’m using a Symfony form to handle the password update. The method checks if the form is submitted and valid, and then it proceeds to update the user’s password. However, I realize that I forgot to include a condition for password validation, which means the update happens regardless of whether the repeated password matches the original password.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------    
    Instructeur + leerling controller   
    
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#[Route('/profile/password', name: 'edit_password')]
public function userPasswordEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
{
    // Code to retrieve the user and handle the form submission

    if ($form->isSubmitted() && $form->isValid()) {
        // Code to hash and update the password

        // Intentional error: Missing condition for password validation

        $entityManager->persist($user);
        $entityManager->flush();

        // Code to add a flash message and redirect
    }
}

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------    
#[Route('/profile/edit', name: 'edit_profile')]
    public function userProfileEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
    {
        $user = $this->getUser();
        $form = $this->createForm(EditProfileType::class, $user);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()){
            $user->setName($form->get('name')->getData());
            $user->setEmail($form->get('email')->getData());
            $user->setTel($form->get('tel')->getData());

            $entityManager->persist($user);
            $entityManager->flush();

            $this->addFlash('success', 'Profiel is succesvol aangepast!');
            return $this->redirectToRoute('user_profile');
        }
        
        return $this->render('user/edit_profile.html.twig', [
            'user' => $user, 'profile_form' => $form->createView()
        ]);
    }           
        
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------        
            
    #[Route('/menu/delete/{id}', name: 'delete_item')]
    public function delete_item($id, MenuRepository $menuRepository, EntityManagerInterface $entityManager): Response
    {
        $menu_item = $menuRepository->find($id);

        $entityManager->remove($menu_item);
        $entityManager->flush();

        $this->addFlash('success', $menu_item->getName() .' is succesvol verwijderd van het menu!');
        return $this->redirectToRoute('admin_menu');        
        
        
--------------------------------------------------------------------------------------------------------------------------
TWIG:

<td><a href="{{ path('admin_order', {id: order.id}) }}"> Order number: {{ order.id }}</a></td>

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

>Solution :

You have a missing condition for password validation. To add the missing condition for password validation in your userPasswordEdit method, you need to compare the repeated password with the original password before updating it.

Here’s how you can modify your code to include the validation check:

Instructeur + leerling controller

#[Route('/profile/password', name: 'edit_password')]
public function userPasswordEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
{
    $user = $this->getUser();
    $form = $this->createForm(EditPasswordType::class, $user);
    $form->handleRequest($request);

    if ($form->isSubmitted() && $form->isValid()){
        $plainPassword = $form->get('password')->getData();
        $repeatPlainPassword = $form->get('repeatPassword')->getData();

        if ($repeatPlainPassword === $plainPassword){
            $hashedPassword = $passwordHasher->hashPassword($user, $plainPassword);
            $user->setPassword($hashedPassword);

            $entityManager->persist($user);
            $entityManager->flush();

            $this->addFlash('success', 'Wachtwoord is succesvol gewijzigd!');
            return $this->redirectToRoute('user_profile');
        } else {
            echo "<script>alert('Ingevoerde wachtwoorden komen niet overeen!')</script>";
        }
    }


#[Route('/profile/edit', name: 'edit_profile')]
    public function userProfileEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
    {
        $user = $this->getUser();
        $form = $this->createForm(EditProfileType::class, $user);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()){
            $user->setName($form->get('name')->getData());
            $user->setEmail($form->get('email')->getData());
            $user->setTel($form->get('tel')->getData());

            $entityManager->persist($user);
            $entityManager->flush();

            $this->addFlash('success', 'Profiel is succesvol aangepast!');
            return $this->redirectToRoute('user_profile');
        }
        
        return $this->render('user/edit_profile.html.twig', [
            'user' => $user, 'profile_form' => $form->createView()
        ]);
    }           
        
    #[Route('/menu/delete/{id}', name: 'delete_item')]
    public function delete_item($id, MenuRepository $menuRepository, EntityManagerInterface $entityManager): Response
    {
        $menu_item = $menuRepository->find($id);

        $entityManager->remove($menu_item);
        $entityManager->flush();

        $this->addFlash('success', $menu_item->getName() .' is succesvol verwijderd van het menu!');
        return $this->redirectToRoute('admin_menu');

TWIG:

<td><a href="{{ path('admin_order', {id: order.id}) }}"> Order number{{ order.id }}</a></td>
byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading