CODEWITHSUNDEEP
symfonyfosuserbundle
luisδμ
luisδμ

Reputation: 119

Change password of another user using FOSUserBundle

I have two roles in my system: users and admins. By default, when someone logs in as an user or an admin, he can modify his own password using the implemented forms of FOSUserBundle. But I'd like to forbid the users to change their own password, having to request it to the admin, so then the admin would reset it, either introducing a new one chosen by the admin, either generating a random one. I'd also like to send and a email to the user telling him that his passwd has changed and he has to use the new one from now on. But I cannot find how do that. Any help?

Upvotes: 2

Views: 13190

Answers (2)

Roubi
Roubi

Reputation: 2106

If you want an admin to change another user's password, you can use your own form:

class UserType extends AbstractType
{
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder
            ->add('username',               TextType::class, array(
                                                    'required' => true,
                                                    'label' => "Username "
                                                    ))
            ->add('email',                  TextType::class, array(
                                                    'required' => true,
                                                    'label' => "Adresse email "
                                                    ))
            ->add('plainPassword',          RepeatedType::class, array(
                                                    'type' => PasswordType::class,
                                                    'options' => array('translation_domain' => 'FOSUserBundle'),
                                                    'first_options' => array('label' => 'form.password'),
                                                    'second_options' => array('label' => 'form.password_confirmation'),
                                                    'invalid_message' => 'fos_user.password.mismatch',
                                                    ))
            ->add('roles',                  ChoiceType::class, array(
                                                    'required' => true,
                                                    'choices' => array('Salarié' => 'ROLE_SALARIE', 'Admin' => 'ROLE_ADMIN'),
                                                    'multiple' => true,
                                                    'expanded'=>true,
                                                    'label' => "Rôle ",
                                                    'label_attr' => array('class' => 'checkbox-inline')
                                                    ))
        ;
    }

//...

And then, in your controller:

public function updateAction(Request $request, Member $user)
{
    $em = $this->getDoctrine()->getManager();

    $form = $this->createEditForm($user);
    $form->handleRequest($request);

    if ($form->isValid()) {
        $userManager = $this->container->get('fos_user.user_manager');
        $userManager->updatePassword($user);
        $em->flush();

Upvotes: 4

Juan Sosa
Juan Sosa

Reputation: 5280

You can prevent users from changing their password by removing the fos_user_change_password and fos_user_resetting routes in your app/config/routing.yml file. This way neither users nor admin will be able to change their own password through the /profile page.

Then you will need to create a secured controller action that allows admin to change passwords and send the email. In order to do that you can use FOSUserBundle UserManager and its setPlainPassword() method.

Take a look at the documentation:

Symfony2 Security

FOSUserBundle User Manager

How to send an Email

Upvotes: 2

Related Questions