Add ability to edit user's informations and password #834
Conversation
src/Controller/UserController.php
Outdated
| $em->persist($user); | ||
| $em->flush(); | ||
|
|
||
| return $this->redirectToRoute('security_logout'); |
There was a problem hiding this comment.
I should remplace redirect to $this->redirectToRoute('user_index') and I add a flashbag message
There was a problem hiding this comment.
I find it safer to logout the user after he has changed his password, but I can be wrong. I would like to get feedback from the community about that.
|
|
||
| public function testChangePassword() | ||
| { | ||
| $newUserPassword = $this->generateRandomString(10); |
There was a problem hiding this comment.
I think it's better to use a simple constant here. The test should be simple as possible.
$newUserPassword = 'new-password';
src/Controller/UserController.php
Outdated
| /** | ||
| * @Route("/", methods={"GET", "POST"}, name="user_index") | ||
| * | ||
| * @param \Symfony\Component\HttpFoundation\Request $request |
There was a problem hiding this comment.
This docblock comment is not needed.
src/Controller/UserController.php
Outdated
| * | ||
| * @param \Symfony\Component\HttpFoundation\Request $request | ||
| * | ||
| * @return \Symfony\Component\HttpFoundation\Response |
There was a problem hiding this comment.
This docblock comment is not needed too.
| <trans-unit id="action.change_password"> | ||
| <source>action.change_password</source> | ||
| <target>Change password</target> | ||
| </trans-unit> |
There was a problem hiding this comment.
The action.update_user_info is missing.
There was a problem hiding this comment.
Actually, it was the translation key in the template file that was wrong.
src/Form/Type/ChangePasswordType.php
Outdated
| public function configureOptions(OptionsResolver $resolver): void | ||
| { | ||
| $resolver->setDefaults([ | ||
| 'data_class' => null, |
There was a problem hiding this comment.
I think this config isn't necessary. If you aren't going to bind any data to this form, it's already null by default (source).
src/Form/Type/ChangePasswordType.php
Outdated
| ->add('currentPassword', PasswordType::class, [ | ||
| 'constraints' => [ | ||
| new NotBlank(), | ||
| new UserPassword(), |
There was a problem hiding this comment.
I think NotBlank constraint isn't necessary since a "Not blank" value is already verified in UserPassword constraint.
src/Form/Type/ChangePasswordType.php
Outdated
| new NotBlank(), | ||
| new Length([ | ||
| 'min' => 5, | ||
| ]), |
There was a problem hiding this comment.
I also suggest adding a callback() constraint and check by BasePasswordEncoder::isPasswordTooLong($password) otherwise we could get an uncatched error BadCredentialsException in controller during password encoding.
There was a problem hiding this comment.
That's not something that would happen in a real-life scenario unless really trying to make it fail. No sensible user would try setting a 4096+ chars long password. So I would not showcase it here or instead arbitrary set a reasonable max value in Length constraint above.
(relates to #834 (comment))
There was a problem hiding this comment.
It's 72 chars for BCryptPasswordEncoder which is the current configured encoder :P but you're right, setting it (BCryptPasswordEncoder::MAX_PASSWORD_LENGTH) in max Length constraint is simple.
src/Controller/UserController.php
Outdated
| * @Route("/password", methods={"GET", "POST"}, name="user_password") | ||
| * | ||
| * @param \Symfony\Component\HttpFoundation\Request $request | ||
| * @param \Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface $encoder |
There was a problem hiding this comment.
All these PHPDoc can be removed too.
src/Controller/UserController.php
Outdated
| $user->setPassword($encoder->encodePassword($user, $form->get('newPassword')->getData())); | ||
|
|
||
| $em = $this->getDoctrine()->getManager(); | ||
| $em->persist($user); |
There was a problem hiding this comment.
persist is unnecessary here as the entity is not a new one and already managed by doctrine.
src/Form/Type/ChangePasswordType.php
Outdated
| new NotBlank(), | ||
| new Length([ | ||
| 'min' => 5, | ||
| ]), |
There was a problem hiding this comment.
That's not something that would happen in a real-life scenario unless really trying to make it fail. No sensible user would try setting a 4096+ chars long password. So I would not showcase it here or instead arbitrary set a reasonable max value in Length constraint above.
(relates to #834 (comment))
src/Form/UserType.php
Outdated
|
|
||
| $builder | ||
| ->add('username', TextType::class, [ | ||
| 'attr' => ['readonly' => true], |
There was a problem hiding this comment.
setting the readonly attribute will not enforce this field cannot be submit and username not changed.
You must use disabled instead.
There was a problem hiding this comment.
If I use disabled, I got an error Argument 1 passed to App\Entity\User::setUsername() must be of the type string, null given.
So, what should I do ?
- leave readonly
- add the nullable type to
setUsername()inApp\Entity\User - allow user to change his username
- remove the username in
UserType
There was a problem hiding this comment.
@ker0x, He means a form option, not an HTML attribute:
$builder
->add('username', TextType::class,
'label' => 'label.username',
'disabled' => true,
])There was a problem hiding this comment.
Ho right, i'm so stupid! Thanks 👍
ker0x
force-pushed
the
master
branch
3 times, most recently
from
1237860
to
19b0bb5
Compare
src/Controller/UserController.php
Outdated
| /** | ||
| * @Route("/password", methods={"GET", "POST"}, name="user_password") | ||
| */ | ||
| public function password(Request $request, UserPasswordEncoderInterface $encoder): Response |
There was a problem hiding this comment.
changePassword ? (same for the template name & route name)
There was a problem hiding this comment.
I changed it for /profile/change-password
src/Controller/UserController.php
Outdated
| /** | ||
| * @Route("/", methods={"GET", "POST"}, name="user_index") | ||
| */ | ||
| public function index(Request $request): Response |
There was a problem hiding this comment.
profile / editProfile ? (same for the template name & route name)
| $builder | ||
| ->add('username', TextType::class, [ | ||
| 'label' => 'label.username', | ||
| 'disabled' => true, |
There was a problem hiding this comment.
If the intention is not to modify the username, how about removing this field and print {{ user.username }} directly in the template?
There was a problem hiding this comment.
As this is a demo application, maybe we can keep the disabled option to show people how to disable an input in a form ?
src/Controller/UserController.php
Outdated
| $user->setPassword($encoder->encodePassword($user, $form->get('newPassword')->getData())); | ||
|
|
||
| $em = $this->getDoctrine()->getManager(); | ||
| $em->flush(); |
There was a problem hiding this comment.
$this->getDoctrine()->getManager()->flush()?
There was a problem hiding this comment.
Yep, already change 👍
src/Controller/UserController.php
Outdated
| /** | ||
| * Controller used to manage current user. | ||
| * | ||
| * @Route("/user") |
There was a problem hiding this comment.
/user-profile, /profile/user, /user-account, /account/user... ?
There was a problem hiding this comment.
I changed it for /profile/edit
templates/user/index.html.twig
Outdated
| {{ form_widget(form) }} | ||
|
|
||
| <button type="submit" class="{{ button_css|default("btn btn-primary") }}"> | ||
| <i class="fa fa-save" aria-hidden="true"></i> {{ button_label|default('action.save'|trans) }} |
There was a problem hiding this comment.
same here {{ 'action.save'|trans }}
templates/user/index.html.twig
Outdated
| {{ form_start(form, {attr: attr|default({})}) }} | ||
| {{ form_widget(form) }} | ||
|
|
||
| <button type="submit" class="{{ button_css|default("btn btn-primary") }}"> |
There was a problem hiding this comment.
why not btn btn-primary directly? same for password.html.twig template.
templates/user/index.html.twig
Outdated
| {% block main %} | ||
| <h1>{{ 'title.edit_user'|trans }}</h1> | ||
|
|
||
| {{ form_start(form, {attr: attr|default({})}) }} |
There was a problem hiding this comment.
{attr: attr|default({})} can be removed.
…unnecessary form options
|
Is there a reason that it's |
|
@bobdenotter I think I can answer your question. |
|
@ker0x you did it really great. This is a ver well done feature. Thanks for working on this and thanks for your patience during the review. And thanks to all reviewers too! |
As requested in #820