0

I'm working on a Symfony application where I have a controller method for updating the user's password. However, I seem to have made an error in the code, and I'm having trouble figuring out the issue.

In my userPasswordEdit method, I'm using a Symfony form to handle the password update. The method checks if the form is submitted and valid, and then it proceeds to update the user's password. However, I realize that I forgot to include a condition for password validation, which means the update happens regardless of whether the repeated password matches the original password.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------    
    Instructeur + leerling controller   
    
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#[Route('/profile/password', name: 'edit_password')]
public function userPasswordEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
{
    // Code to retrieve the user and handle the form submission

    if ($form->isSubmitted() && $form->isValid()) {
        // Code to hash and update the password

        // Intentional error: Missing condition for password validation

        $entityManager->persist($user);
        $entityManager->flush();

        // Code to add a flash message and redirect
    }
}

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------    
#[Route('/profile/edit', name: 'edit_profile')]
    public function userProfileEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
    {
        $user = $this->getUser();
        $form = $this->createForm(EditProfileType::class, $user);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()){
            $user->setName($form->get('name')->getData());
            $user->setEmail($form->get('email')->getData());
            $user->setTel($form->get('tel')->getData());

            $entityManager->persist($user);
            $entityManager->flush();

            $this->addFlash('success', 'Profiel is succesvol aangepast!');
            return $this->redirectToRoute('user_profile');
        }
        
        return $this->render('user/edit_profile.html.twig', [
            'user' => $user, 'profile_form' => $form->createView()
        ]);
    }           
        
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------        
            
    #[Route('/menu/delete/{id}', name: 'delete_item')]
    public function delete_item($id, MenuRepository $menuRepository, EntityManagerInterface $entityManager): Response
    {
        $menu_item = $menuRepository->find($id);

        $entityManager->remove($menu_item);
        $entityManager->flush();

        $this->addFlash('success', $menu_item->getName() .' is succesvol verwijderd van het menu!');
        return $this->redirectToRoute('admin_menu');        
        
        
--------------------------------------------------------------------------------------------------------------------------
TWIG:

<td><a href="{{ path('admin_order', {id: order.id}) }}"> Order number: {{ order.id }}</a></td>
Butterbad
  • 43
  • 4

1 Answers1

2

You have a missing condition for password validation. To add the missing condition for password validation in your userPasswordEdit method, you need to compare the repeated password with the original password before updating it.

Here's how you can modify your code to include the validation check:

Instructeur + leerling controller

#[Route('/profile/password', name: 'edit_password')]
public function userPasswordEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
{
    $user = $this->getUser();
    $form = $this->createForm(EditPasswordType::class, $user);
    $form->handleRequest($request);

    if ($form->isSubmitted() && $form->isValid()){
        $plainPassword = $form->get('password')->getData();
        $repeatPlainPassword = $form->get('repeatPassword')->getData();

        if ($repeatPlainPassword === $plainPassword){
            $hashedPassword = $passwordHasher->hashPassword($user, $plainPassword);
            $user->setPassword($hashedPassword);

            $entityManager->persist($user);
            $entityManager->flush();

            $this->addFlash('success', 'Wachtwoord is succesvol gewijzigd!');
            return $this->redirectToRoute('user_profile');
        } else {
            echo "<script>alert('Ingevoerde wachtwoorden komen niet overeen!')</script>";
        }
    }


#[Route('/profile/edit', name: 'edit_profile')]
    public function userProfileEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
    {
        $user = $this->getUser();
        $form = $this->createForm(EditProfileType::class, $user);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()){
            $user->setName($form->get('name')->getData());
            $user->setEmail($form->get('email')->getData());
            $user->setTel($form->get('tel')->getData());

            $entityManager->persist($user);
            $entityManager->flush();

            $this->addFlash('success', 'Profiel is succesvol aangepast!');
            return $this->redirectToRoute('user_profile');
        }
        
        return $this->render('user/edit_profile.html.twig', [
            'user' => $user, 'profile_form' => $form->createView()
        ]);
    }           
        
    #[Route('/menu/delete/{id}', name: 'delete_item')]
    public function delete_item($id, MenuRepository $menuRepository, EntityManagerInterface $entityManager): Response
    {
        $menu_item = $menuRepository->find($id);

        $entityManager->remove($menu_item);
        $entityManager->flush();

        $this->addFlash('success', $menu_item->getName() .' is succesvol verwijderd van het menu!');
        return $this->redirectToRoute('admin_menu');

TWIG:

<td><a href="{{ path('admin_order', {id: order.id}) }}"> Order number{{ order.id }}</a></td>
Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
ProDeveloper69
  • 36
  • 4