Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: add details for checking user password strength #143

Merged
merged 5 commits into from
Sep 24, 2024
Merged

doc: add details for checking user password strength #143

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d3044b6
docs (README.md): typo an -> a
GregoireHebert Sep 18, 2024
cc68850
doc (usage): add details for checking user password strength
GregoireHebert Sep 24, 2024
b5ae96f
review
GregoireHebert Sep 24, 2024
345c190
Apply suggestions from code review
vincentchalamon Sep 24, 2024
5eda918
Merge branch 'main' into improve-doc
vincentchalamon Sep 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# CoopTilleulsForgotPasswordBundle

This Symfony bundle provides an _forgot password_ feature for a REST API.
This Symfony bundle provides a _forgot password_ feature for a REST API.
It is bridged for [API Platform](https://api-platform.com/).

[![Actions Status](https://github.com/coopTilleuls/CoopTilleulsForgotPasswordBundle/workflows/CI/badge.svg)](https://github.com/coopTilleuls/CoopTilleulsForgotPasswordBundle/actions)
Expand Down
48 changes: 48 additions & 0 deletions docs/usage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,54 @@ Your app is ready to receive a request like:
}
```

### Validate the user password

Chances are that you want to ensure the new password is strong enough.

```php
// src/Entity/User.php
namespace App\Entity;

use Symfony\Component\Validator\Constraints as Assert;

class User
{
#[Assert\PasswordStrength]
protected $rawPassword;
}
```

Now, you can use the very same event to validate the User.

```php
// src/EventSubscriber/ForgotPasswordEventSubscriber.php

public function onUpdatePassword(UpdatePasswordEvent $event): void
{
$passwordToken = $event->getPasswordToken();
$user = $passwordToken->getUser();
$user->setPlainPassword($event->getPassword());

// ApiPlatform\Validator\ValidatorInterface
$this->validator->validate($user); // throws an Exception if invalid

/*
* // Symfony\Component\Validator\Validator\ValidatorInterface
* $constraintViolationList = $this->validator->validate($user); // returns a ConstraintViolationListInterface which is a \Traversable, \Countable and \ArrayAccess
*
* // TODO: handle when the list is not empty
*/

$this->userManager->updateUser($user);
}
```

Please note that when using API Platform validator, there is a slight difference between version 3.3 and 3.4+.

**In version 3.3 and lower**, the validation system overwrite Symfony's. In case of a constraint violation Exception thrown, it will always respond in JSON with Hydra / JSON-LD / JSON Problem, according to your configuration. This, even if the Request has been sent through a classic form. _You might want to prefer one or the other accordingly to your use-case._

**In version 3.4 and above**, this unwanted behaviour has been fixed and API Platform validation system will check if the object (here: the user) is an API Platform resource. If not, It will fallback to Symfony's error system, as it should. _Using API Platform validator is then completely fine._

## Use your own business rules when the user is not found

On the third user story, user was not found, you can listen to this event and use your own rules.
Expand Down