Merge branch 'main' into feature/organizational-unit-hierarchy

config/api_platform/User.yaml

@@ -9,6 +9,7 @@ resources:
             groups: ['user:write']
         operations:
             ApiPlatform\Metadata\GetCollection:
+                security: 'is_granted("ROLE_SUPER_ADMIN")'
                 provider: App\State\Provider\UserProvider
                 filters:
                     - 'api_platform.filter.user.order'
@@ -21,9 +22,20 @@ resources:
             ApiPlatform\Metadata\Patch:
                 provider: App\State\Provider\UserProvider
             ApiPlatform\Metadata\Post:
+                security: 'is_granted("ROLE_SUPER_ADMIN")'
                 validationContext:
                     groups: [ 'default', 'user:post' ]
-            ApiPlatform\Metadata\Delete: ~
+            ApiPlatform\Metadata\Delete:
+                security: 'is_granted("ROLE_SUPER_ADMIN")'
+            reset_password:
+                provider: App\State\Provider\UserProvider
+                class: ApiPlatform\Metadata\Put
+                method: PUT
+                input: App\Dto\Input\UserInput
+                uriTemplate: /users/{uuid}/reset-password
+                controller: App\Controller\ResetPasswordAction
+                validationContext:
+                    groups: [ 'user:reset-password' ]
 
 properties:
     App\Entity\User:

config/packages/api_platform.yaml

@@ -9,6 +9,7 @@ api_platform:
         jsonld: ['application/ld+json', 'application/json']
     mapping:
         paths: ['%kernel.project_dir%/config/api_platform', '%kernel.project_dir%/src/Dto']
+    use_symfony_listeners: true
     defaults:
         pagination_client_items_per_page: true
         denormalization_context:

src/Controller/ResetPasswordAction.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace App\Controller;
+
+use App\Dto\Input\UserInput;
+use App\Entity\User;
+use App\Handler\ResetPasswordHandler;
+use App\Repository\UserRepository;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpKernel\Attribute\AsController;
+
+#[AsController]
+class ResetPasswordAction extends AbstractController
+{
+    public function __construct(
+        private readonly ResetPasswordHandler $resetPasswordHandler,
+        private readonly UserRepository $userRepository
+    )
+    {
+
+    }
+
+    public function __invoke(string $uuid, UserInput $input): UserInput
+    {
+        /** @var User $user */
+        $user = $this->userRepository->findOneByUuid($uuid);
+        $this->resetPasswordHandler->handle($user, $input->currentPassword, $input->newPassword);
+
+        return new UserInput($user);
+    }
+}

src/Dto/Input/UserInput.php

@@ -13,32 +13,47 @@ use Symfony\Component\Validator\Constraints as Assert;
 final class UserInput
 {
     #[Assert\NotBlank]
-    #[Groups(['user:write'])]
+    #[Groups('user:write')]
     public ?string $username = null;
 
     /**
      * @var OrganizationalUnit[]
      */
-    #[Groups(['user:write'])]
+    #[Groups('user:write')]
     #[ApiProperty(readableLink: false,  writableLink: false)]
     public array $allowedOrganizationalUnits = [];
 
     #[Assert\NotBlank(groups: ['user:post'])]
     #[Assert\Length(min: 8, groups: ['user:write', 'user:post'])]
-    #[Groups(['user:write'])]
+    #[Groups('user:write')]
     public ?string $password = null;
 
     #[Assert\NotNull]
-    #[Groups(['user:write'])]
+    #[Groups('user:write')]
     public ?bool $enabled = true;
 
     /**
      * @var UserGroup[]
      */
-    #[Groups(['user:write'])]
+    #[Groups('user:write')]
     #[ApiProperty(readableLink: false,  writableLink: false)]
     public array $userGroups = [];
 
+    #[Assert\NotBlank(groups: ['user:reset-password'])]
+    #[Groups('user:reset-password')]
+    public ?string $currentPassword = null;
+
+    #[Assert\NotBlank(groups: ['user:reset-password'])]
+    #[Assert\Length(min: 8, groups: ['user:reset-password'])]
+    #[Groups('user:reset-password')]
+    public ?string $newPassword = null;
+
+    #[Assert\NotBlank(groups: ['user:reset-password'])]
+    #[Assert\Length(min: 8, groups: ['user:reset-password'])]
+    #[Assert\Expression(expression: 'this.newPassword === this.repeatNewPassword', message: 'This value should be the same as the new password', groups: ['user:reset-password'])]
+    #[Groups('user:reset-password')]
+    public ?string $repeatNewPassword = null;
+
     public function __construct(?User $user = null)
     {
         if (!$user) {
@@ -74,6 +89,18 @@ final class UserInput
         }
         $user->setAllowedOrganizationalUnits( $allowedOrganizationalUnitToAdd ?? [] );
 
+        if ($this->currentPassword !== null) {
+            $user->setCurrentPassword($this->currentPassword);
+        }
+
+        if ($this->newPassword !== null) {
+            $user->setNewPassword($this->newPassword);
+        }
+
+        if ($this->repeatNewPassword !== null) {
+            $user->setRepeatNewPassword($this->repeatNewPassword);
+        }
+
         return $user;
     }
 }

src/Entity/User.php

@@ -47,6 +47,11 @@ class User extends AbstractEntity implements UserInterface, PasswordAuthenticate
     #[ORM\ManyToMany(targetEntity: OrganizationalUnit::class, inversedBy: 'users')]
     private Collection $allowedOrganizationalUnits;
 
+    private ?string $currentPassword = null;
+    private ?string $newPassword = null;
+    private ?string $repeatNewPassword = null;
+
+
     public function __construct()
     {
         parent::__construct();
@@ -204,4 +209,40 @@ class User extends AbstractEntity implements UserInterface, PasswordAuthenticate
 
         return $this;
     }
+
+    public function getCurrentPassword(): ?string
+    {
+        return $this->currentPassword;
+    }
+
+    public function setCurrentPassword(?string $currentPassword): static
+    {
+        $this->currentPassword = $currentPassword;
+
+        return $this;
+    }
+
+    public function getNewPassword(): ?string
+    {
+        return $this->newPassword;
+    }
+
+    public function setNewPassword(?string $newPassword): static
+    {
+        $this->newPassword = $newPassword;
+
+        return $this;
+    }
+
+    public function getRepeatNewPassword(): ?string
+    {
+        return $this->repeatNewPassword;
+    }
+
+    public function setRepeatNewPassword(?string $repeatNewPassword): static
+    {
+        $this->repeatNewPassword = $repeatNewPassword;
+
+        return $this;
+    }
 }

src/Handler/ResetPasswordHandler.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Handler;
+
+use App\Dto\Input\UserInput;
+use App\Entity\User;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+
+class ResetPasswordHandler
+{
+    public function __construct(
+        Security $security,
+        private readonly UserPasswordHasherInterface $userPasswordHasher
+    )
+    {
+
+    }
+    public function handle(User $user, string $currentPassword, string $newPassword): User
+    {
+        $currentHashedPassword = $this->userPasswordHasher->isPasswordValid($user, $currentPassword);
+        if ($currentHashedPassword === false) {
+            throw new \InvalidArgumentException('The current password is invalid.');
+        }
+
+        $user->setPassword($this->userPasswordHasher->hashPassword($user, $newPassword));
+
+        return $user;
+    }
+}

src/Lexik/JWTCreatedListener.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace App\Lexik;
+
+use App\Entity\User;
+use Lexik\Bundle\JWTAuthenticationBundle\Events;
+use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTCreatedEvent;
+use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
+
+#[AsEventListener(event: Events::JWT_CREATED, priority: 1)]
+class JWTCreatedListener
+{
+    public function __invoke(JWTCreatedEvent $event): void
+    {
+        $user = $event->getUser();
+        if (!$user instanceof User) {
+            return;
+        }
+
+        $payload = $event->getData();
+
+        $payload['id'] = $user->getId();
+        $payload['username'] = $user->getUsername();
+        $payload['uuid'] = $user->getUuid();
+        $payload['roles'] = $user->getRoles();
+
+        $event->setData($payload);
+    }
+}

src/State/Provider/UserProvider.php

@@ -6,6 +6,7 @@ use ApiPlatform\Metadata\Get;
 use ApiPlatform\Metadata\GetCollection;
 use ApiPlatform\Metadata\Operation;
 use ApiPlatform\Metadata\Patch;
+use ApiPlatform\Metadata\Post;
 use ApiPlatform\Metadata\Put;
 use ApiPlatform\State\Pagination\TraversablePaginator;
 use ApiPlatform\State\ProviderInterface;