标题:Symfony控制器中密码验证的缺失条件

huangapple go评论52阅读模式
英文:

Title: Missing condition for password validation in Symfony controller

问题

Sure, here's the translated code:

我正在开发一个Symfony应用程序,在其中我有一个控制器方法来更新用户的密码。然而,我似乎在代码中犯了一个错误,我很难找出问题所在。

在我的userPasswordEdit方法中,我使用Symfony表单来处理密码更新。该方法检查表单是否已提交并且有效,然后继续更新用户的密码。然而,我意识到我忘记了包括密码验证的条件,这意味着无论重复密码是否与原始密码匹配,更新都会发生。

在这里提供的代码片段已经被翻译成中文。如果需要进一步的翻译或帮助,请随时告诉我。

英文:

I'm working on a Symfony application where I have a controller method for updating the user's password. However, I seem to have made an error in the code, and I'm having trouble figuring out the issue.

In my userPasswordEdit method, I'm using a Symfony form to handle the password update. The method checks if the form is submitted and valid, and then it proceeds to update the user's password. However, I realize that I forgot to include a condition for password validation, which means the update happens regardless of whether the repeated password matches the original password.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------	
	Instructeur + leerling controller	
	
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#[Route('/profile/password', name: 'edit_password')]
public function userPasswordEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
{
    // Code to retrieve the user and handle the form submission

    if ($form->isSubmitted() && $form->isValid()) {
        // Code to hash and update the password

        // Intentional error: Missing condition for password validation

        $entityManager->persist($user);
        $entityManager->flush();

        // Code to add a flash message and redirect
    }
}

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------	------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------	
#[Route('/profile/edit', name: 'edit_profile')]
    public function userProfileEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
    {
        $user = $this->getUser();
        $form = $this->createForm(EditProfileType::class, $user);
        $form->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()){
            $user->setName($form->get('name')->getData());
            $user->setEmail($form->get('email')->getData());
            $user->setTel($form->get('tel')->getData());

            $entityManager->persist($user);
            $entityManager->flush();

            $this->addFlash('success', 'Profiel is succesvol aangepast!');
            return $this->redirectToRoute('user_profile');
        }
		
        return $this->render('user/edit_profile.html.twig', [
            'user' => $user, 'profile_form' => $form->createView()
        ]);
    }			
		
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------		
			
	#[Route('/menu/delete/{id}', name: 'delete_item')]
    public function delete_item($id, MenuRepository $menuRepository, EntityManagerInterface $entityManager): Response
    {
        $menu_item = $menuRepository->find($id);

        $entityManager->remove($menu_item);
        $entityManager->flush();

        $this->addFlash('success', $menu_item->getName() .' is succesvol verwijderd van het menu!');
        return $this->redirectToRoute('admin_menu');		
		
		
--------------------------------------------------------------------------------------------------------------------------
TWIG:

<td><a href="{{ path('admin_order', {id: order.id}) }}"> Order number: {{ order.id }}</a></td>

答案1

得分: 2

你的密码验证缺少条件。要在userPasswordEdit方法中添加密码验证的条件,你需要在更新密码之前比较重复密码与原始密码。

这是你可以修改代码以包括验证检查的方式:

if ($repeatPlainPassword === $plainPassword){
    // ... 其他代码
} else {
    echo "<script>alert('Ingevoerde wachtwoorden komen niet overeen!')</script>";
}

在Twig部分中,以下是一个示例链接:

<td><a href="{{ path('admin_order', {id: order.id}) }}">订单编号{{ order.id }}</a></td>

请注意,这只是部分内容的翻译,仅包括代码和Twig模板部分。

英文:

You have a missing condition for password validation. To add the missing condition for password validation in your userPasswordEdit method, you need to compare the repeated password with the original password before updating it.

Here's how you can modify your code to include the validation check:

Instructeur + leerling controller

#[Route(&#39;/profile/password&#39;, name: &#39;edit_password&#39;)]
public function userPasswordEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
{
    $user = $this-&gt;getUser();
    $form = $this-&gt;createForm(EditPasswordType::class, $user);
    $form-&gt;handleRequest($request);

    if ($form-&gt;isSubmitted() &amp;&amp; $form-&gt;isValid()){
        $plainPassword = $form-&gt;get(&#39;password&#39;)-&gt;getData();
        $repeatPlainPassword = $form-&gt;get(&#39;repeatPassword&#39;)-&gt;getData();

        if ($repeatPlainPassword === $plainPassword){
            $hashedPassword = $passwordHasher-&gt;hashPassword($user, $plainPassword);
            $user-&gt;setPassword($hashedPassword);

            $entityManager-&gt;persist($user);
            $entityManager-&gt;flush();

            $this-&gt;addFlash(&#39;success&#39;, &#39;Wachtwoord is succesvol gewijzigd!&#39;);
            return $this-&gt;redirectToRoute(&#39;user_profile&#39;);
        } else {
            echo &quot;&lt;script&gt;alert(&#39;Ingevoerde wachtwoorden komen niet overeen!&#39;)&lt;/script&gt;&quot;;
        }
    }


#[Route(&#39;/profile/edit&#39;, name: &#39;edit_profile&#39;)]
    public function userProfileEdit(EntityManagerInterface $entityManager, Request $request, UserPasswordHasherInterface $passwordHasher): Response
    {
        $user = $this-&gt;getUser();
        $form = $this-&gt;createForm(EditProfileType::class, $user);
        $form-&gt;handleRequest($request);

        if ($form-&gt;isSubmitted() &amp;&amp; $form-&gt;isValid()){
            $user-&gt;setName($form-&gt;get(&#39;name&#39;)-&gt;getData());
            $user-&gt;setEmail($form-&gt;get(&#39;email&#39;)-&gt;getData());
            $user-&gt;setTel($form-&gt;get(&#39;tel&#39;)-&gt;getData());

            $entityManager-&gt;persist($user);
            $entityManager-&gt;flush();

            $this-&gt;addFlash(&#39;success&#39;, &#39;Profiel is succesvol aangepast!&#39;);
            return $this-&gt;redirectToRoute(&#39;user_profile&#39;);
        }
		
        return $this-&gt;render(&#39;user/edit_profile.html.twig&#39;, [
            &#39;user&#39; =&gt; $user, &#39;profile_form&#39; =&gt; $form-&gt;createView()
        ]);
    }			
		
	#[Route(&#39;/menu/delete/{id}&#39;, name: &#39;delete_item&#39;)]
    public function delete_item($id, MenuRepository $menuRepository, EntityManagerInterface $entityManager): Response
    {
        $menu_item = $menuRepository-&gt;find($id);

        $entityManager-&gt;remove($menu_item);
        $entityManager-&gt;flush();

        $this-&gt;addFlash(&#39;success&#39;, $menu_item-&gt;getName() .&#39; is succesvol verwijderd van het menu!&#39;);
        return $this-&gt;redirectToRoute(&#39;admin_menu&#39;);		

TWIG:

&lt;td&gt;&lt;a href=&quot;{{ path(&#39;admin_order&#39;, {id: order.id}) }}&quot;&gt; Order number{{ order.id }}&lt;/a&gt;&lt;/td&gt;

huangapple
  • 本文由 发表于 2023年5月11日 06:14:57
  • 转载请务必保留本文链接:https://go.coder-hub.com/76222912.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定