fix for #2667: put email-update-confirmation code into separate controller

Controller/ConfirmEmailUpdateController.php

@@ -0,0 +1,115 @@
+<?php
+
+/*
+ * This file is part of the FOSUserBundle package.
+ *
+ * (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace FOS\UserBundle\Controller;
+
+use FOS\UserBundle\Event\UserEvent;
+use FOS\UserBundle\FOSUserEvents;
+use FOS\UserBundle\Model\User;
+use FOS\UserBundle\Model\UserInterface;
+use FOS\UserBundle\Model\UserManagerInterface;
+use FOS\UserBundle\Services\EmailConfirmation\EmailUpdateConfirmation;
+use FOS\UserBundle\Util\CanonicalFieldsUpdater;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+use Symfony\Component\Translation\TranslatorInterface;
+
+/**
+ * Controller managing the confirmation of changed user email.
+ *
+ * @author Dominik Businger <git@azine.me>
+ */
+class ConfirmEmailUpdateController extends AbstractController
+{
+    /**
+     * @var EventDispatcherInterface
+     */
+    private $eventDispatcher;
+
+    /**
+     * @var UserManagerInterface
+     */
+    private $userManager;
+
+    /**
+     * @var EmailUpdateConfirmation
+     */
+    private $emailUpdateConfirmation;
+
+    /**
+     * @var TranslatorInterface
+     */
+    private $translator;
+    /**
+     * @var CanonicalFieldsUpdater
+     */
+    private $canonicalFieldsUpdater;
+
+    /**
+     * @param EventDispatcherInterface $eventDispatcher
+     * @param UserManagerInterface     $userManager
+     * @param EmailUpdateConfirmation  $emailUpdateConfirmation
+     * @param TranslatorInterface      $translator
+     * @param CanonicalFieldsUpdater   $canonicalFieldsUpdater
+     */
+    public function __construct(EventDispatcherInterface $eventDispatcher, UserManagerInterface $userManager, EmailUpdateConfirmation $emailUpdateConfirmation, TranslatorInterface $translator, CanonicalFieldsUpdater $canonicalFieldsUpdater)
+    {
+        $this->eventDispatcher = $eventDispatcher;
+        $this->userManager = $userManager;
+        $this->emailUpdateConfirmation = $emailUpdateConfirmation;
+        $this->translator = $translator;
+        $this->canonicalFieldsUpdater = $canonicalFieldsUpdater;
+    }
+
+    /**
+     * Confirm user`s email update.
+     *
+     * @param Request $request
+     * @param string  $token
+     *
+     * @return \Symfony\Component\HttpFoundation\RedirectResponse
+     */
+    public function confirmEmailUpdateAction(Request $request, $token)
+    {
+        /** @var User $user */
+        $user = $this->userManager->findUserByConfirmationToken($token);
+
+        // If user was not found throw 404 exception
+        if (!$user) {
+            throw $this->createNotFoundException($this->translator->trans('email_update.error.message', array(), 'FOSUserBundle'));
+        }
+
+        // Show invalid token message if the user id found via token does not match the current users id (e.g. anon. or other user)
+        if (!($this->getUser() instanceof UserInterface) || ($user->getId() !== $this->getUser()->getId())) {
+            throw new AccessDeniedException($this->translator->trans('email_update.error.message', array(), 'FOSUserBundle'));
+        }
+
+        $this->emailUpdateConfirmation->setUser($user);
+
+        $newEmail = $this->emailUpdateConfirmation->fetchEncryptedEmailFromConfirmationLink($request->get('target'));
+
+        // Update user email
+        if ($newEmail) {
+            $user->setConfirmationToken($this->emailUpdateConfirmation->getEmailConfirmedToken());
+            $user->setEmail($newEmail);
+            $user->setEmail($this->canonicalFieldsUpdater->canonicalizeEmail($newEmail));
+        }
+
+        $this->userManager->updateUser($user);
+
+        $event = new UserEvent($user, $request);
+        $this->eventDispatcher->dispatch(FOSUserEvents::EMAIL_UPDATE_SUCCESS, $event);
+
+        return $this->redirect($this->generateUrl('fos_user_profile_show'));
+    }
+}

Controller/ProfileController.php

@@ -14,20 +14,16 @@
 use FOS\UserBundle\Event\FilterUserResponseEvent;
 use FOS\UserBundle\Event\FormEvent;
 use FOS\UserBundle\Event\GetResponseUserEvent;
-use FOS\UserBundle\Event\UserEvent;
 use FOS\UserBundle\Form\Factory\FactoryInterface;
 use FOS\UserBundle\FOSUserEvents;
-use FOS\UserBundle\Model\User;
 use FOS\UserBundle\Model\UserInterface;
 use FOS\UserBundle\Model\UserManagerInterface;
-use FOS\UserBundle\Services\EmailConfirmation\EmailUpdateConfirmation;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
-use Symfony\Component\Translation\TranslatorInterface;
 
 /**
  * Controller managing the user profile.
@@ -51,30 +47,16 @@ class ProfileController extends AbstractController
      */
     private $userManager;
 
-    /**
-     * @var EmailUpdateConfirmation
-     */
-    private $emailUpdateConfirmation;
-
-    /**
-     * @var TranslatorInterface
-     */
-    private $translator;
-
     /**
      * @param EventDispatcherInterface $eventDispatcher
      * @param FactoryInterface         $formFactory
      * @param UserManagerInterface     $userManager
-     * @param EmailUpdateConfirmation  $emailUpdateConfirmation
-     * @param TranslatorInterface      $translator
      */
-    public function __construct(EventDispatcherInterface $eventDispatcher, FactoryInterface $formFactory, UserManagerInterface $userManager, EmailUpdateConfirmation $emailUpdateConfirmation, TranslatorInterface $translator)
+    public function __construct(EventDispatcherInterface $eventDispatcher, FactoryInterface $formFactory, UserManagerInterface $userManager)
     {
         $this->eventDispatcher = $eventDispatcher;
         $this->formFactory = $formFactory;
         $this->userManager = $userManager;
-        $this->emailUpdateConfirmation = $emailUpdateConfirmation;
-        $this->translator = $translator;
     }
 
     /**
@@ -140,45 +122,4 @@ public function editAction(Request $request)
             'form' => $form->createView(),
         ));
     }
-
-    /**
-     * Confirm user`s email update.
-     *
-     * @param Request $request
-     * @param string  $token
-     *
-     * @return \Symfony\Component\HttpFoundation\RedirectResponse
-     */
-    public function confirmEmailUpdateAction(Request $request, $token)
-    {
-        /** @var User $user */
-        $user = $this->userManager->findUserByConfirmationToken($token);
-
-        // If user was not found throw 404 exception
-        if (!$user) {
-            throw $this->createNotFoundException($this->translator->trans('email_update.error.message', array(), 'FOSUserBundle'));
-        }
-
-        // Show invalid token message if the user id found via token does not match the current users id (e.g. anon. or other user)
-        if (!($this->getUser() instanceof UserInterface) || ($user->getId() !== $this->getUser()->getId())) {
-            throw new AccessDeniedException($this->translator->trans('email_update.error.message', array(), 'FOSUserBundle'));
-        }
-
-        $this->emailUpdateConfirmation->setUser($user);
-
-        $newEmail = $this->emailUpdateConfirmation->fetchEncryptedEmailFromConfirmationLink($request->get('target'));
-
-        // Update user email
-        if ($newEmail) {
-            $user->setConfirmationToken($this->emailUpdateConfirmation->getEmailConfirmedToken());
-            $user->setEmail($newEmail);
-        }
-
-        $this->userManager->updateUser($user);
-
-        $event = new UserEvent($user, $request);
-        $this->eventDispatcher->dispatch(FOSUserEvents::EMAIL_UPDATE_SUCCESS, $event);
-
-        return $this->redirect($this->generateUrl('fos_user_profile_show'));
-    }
 }

DependencyInjection/FOSUserExtension.php

@@ -193,13 +193,12 @@ private function loadProfile(array $config, ContainerBuilder $container, XmlFile
 
         if ($config['email_update_confirmation']['enabled']) {
             if ('custom' !== $dbDriver && isset(self::$doctrineDrivers[$dbDriver])) {
-                $loader->load('profile_email_update_listener.xml');
+                $loader->load('profile_email_update.xml');
             }
+            $container->setParameter('fos_user.email_update_confirmation.template', $config['email_update_confirmation']['email_template']);
+            $container->setParameter('fos_user.email_update_confirmation.cypher_method', $config['email_update_confirmation']['cypher_method']);
         }
 
-        $container->setParameter('fos_user.email_update_confirmation.template', $config['email_update_confirmation']['email_template']);
-        $container->setParameter('fos_user.email_update_confirmation.cypher_method', $config['email_update_confirmation']['cypher_method']);
-
         $this->remapParametersNamespaces($config, $container, array(
             'form' => 'fos_user.profile.form.%s',
         ));

Doctrine/EmailUpdateListener.php

@@ -14,6 +14,7 @@
 use Doctrine\ORM\Event\PreUpdateEventArgs;
 use FOS\UserBundle\Model\UserInterface;
 use FOS\UserBundle\Services\EmailConfirmation\EmailUpdateConfirmation;
+use FOS\UserBundle\Util\CanonicalFieldsUpdater;
 use Symfony\Component\HttpFoundation\RequestStack;
 
 /**
@@ -30,17 +31,23 @@ class EmailUpdateListener
      * @var RequestStack
      */
     private $requestStack;
+    /**
+     * @var CanonicalFieldsUpdater
+     */
+    private $canonicalFieldsUpdater;
 
     /**
      * Constructor.
      *
      * @param EmailUpdateConfirmation $emailUpdateConfirmation
      * @param RequestStack            $requestStack
+     * @param CanonicalFieldsUpdater  $canonicalFieldsUpdater
      */
-    public function __construct(EmailUpdateConfirmation $emailUpdateConfirmation, RequestStack $requestStack)
+    public function __construct(EmailUpdateConfirmation $emailUpdateConfirmation, RequestStack $requestStack, CanonicalFieldsUpdater $canonicalFieldsUpdater)
     {
         $this->emailUpdateConfirmation = $emailUpdateConfirmation;
         $this->requestStack = $requestStack;
+        $this->canonicalFieldsUpdater = $canonicalFieldsUpdater;
     }
 
     /**
@@ -58,8 +65,8 @@ public function preUpdate(PreUpdateEventArgs $args)
             if ($user->getConfirmationToken() != $this->emailUpdateConfirmation->getEmailConfirmedToken() && isset($args->getEntityChangeSet()['email'])) {
                 $oldEmail = $args->getEntityChangeSet()['email'][0];
                 $newEmail = $args->getEntityChangeSet()['email'][1];
-
                 $user->setEmail($oldEmail);
+                $user->setEmailCanonical($this->canonicalFieldsUpdater->canonicalizeEmail($oldEmail));
 
                 // Configure email confirmation
                 $this->emailUpdateConfirmation->setUser($user);

Mailer/Mailer.php

@@ -93,7 +93,7 @@ public function sendResettingEmailMessage(UserInterface $user)
      */
     public function sendUpdateEmailConfirmation(UserInterface $user, $confirmationUrl, $toEmail)
     {
-        $template = $this->parameters['template']['email_updating'];
+        $template = $this->parameters['email_updating.template'];
         $rendered = $this->templating->render($template, array(
             'user' => $user,
             'confirmationUrl' => $confirmationUrl,

Resources/config/email_confirmation.xml

@@ -13,18 +13,6 @@
             <argument type="service" id="session" />
         </service>
 
-        <service id="fos_user.email_encryption" class="FOS\UserBundle\Services\EmailConfirmation\EmailEncryption">
-            <argument type="service" id="validator"/>
-            <argument>%fos_user.email_update_confirmation.cypher_method%</argument>
-        </service>
-
-        <service id="fos_user.email_update_confirmation" class="FOS\UserBundle\Services\EmailConfirmation\EmailUpdateConfirmation">
-            <argument type="service" id="router" />
-            <argument type="service" id="fos_user.util.token_generator" />
-            <argument type="service" id="fos_user.mailer" />
-            <argument type="service" id="fos_user.email_encryption" />
-            <argument type="service" id="event_dispatcher" />
-        </service>
     </services>
 
 </container>

Resources/config/profile.xml

@@ -18,12 +18,10 @@
             <tag name="form.type" alias="fos_user_profile" />
         </service>
 
-        <service id="fos_user.profiler.controller" class="FOS\UserBundle\Controller\ProfileController" public="true">
+        <service id="fos_user.profile.controller" class="FOS\UserBundle\Controller\ProfileController" public="true">
             <argument type="service" id="event_dispatcher" />
             <argument type="service" id="fos_user.profile.form.factory" />
             <argument type="service" id="fos_user.user_manager" />
-            <argument type="service" id="fos_user.email_update_confirmation" />
-            <argument type="service" id="translator" />
         </service>
     </services>
 

Resources/config/profile_email_update.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<container xmlns="http://symfony.com/schema/dic/services"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+    <services>
+        <service id="fos_user.email_encryption" class="FOS\UserBundle\Services\EmailConfirmation\EmailEncryption">
+            <argument type="service" id="validator"/>
+            <argument>%fos_user.email_update_confirmation.cypher_method%</argument>
+        </service>
+
+        <service id="fos_user.email_update_confirmation" class="FOS\UserBundle\Services\EmailConfirmation\EmailUpdateConfirmation">
+            <argument type="service" id="router" />
+            <argument type="service" id="fos_user.util.token_generator" />
+            <argument type="service" id="fos_user.mailer" />
+            <argument type="service" id="fos_user.email_encryption" />
+            <argument type="service" id="event_dispatcher" />
+        </service>
+
+        <service id="fos_user.email_update_listener" class="FOS\UserBundle\Doctrine\EmailUpdateListener" public="false">
+            <argument type="service" id="fos_user.email_update_confirmation"/>
+            <argument type="service" id="request_stack" />
+            <argument type="service" id="fos_user.util.canonical_fields_updater" />
+            <tag name="doctrine.event_listener" event="preUpdate" lazy="true" />
+        </service>
+
+        <service id="fos_user.confirm.email.update.controller" class="FOS\UserBundle\Controller\ConfirmEmailUpdateController" public="true">
+            <argument type="service" id="event_dispatcher" />
+            <argument type="service" id="fos_user.user_manager" />
+            <argument type="service" id="fos_user.email_update_confirmation" />
+            <argument type="service" id="translator" />
+            <argument type="service" id="fos_user.util.canonical_fields_updater" />
+        </service>
+
+    </services>
+
+</container>

Resources/config/routing/profile.xml

@@ -5,11 +5,11 @@
     xsi:schemaLocation="http://symfony.com/schema/routing http://symfony.com/schema/routing/routing-1.0.xsd">
 
     <route id="fos_user_profile_show" path="/" methods="GET">
-        <default key="_controller">fos_user.profiler.controller:showAction</default>
+        <default key="_controller">fos_user.profile.controller:showAction</default>
     </route>
 
     <route id="fos_user_profile_edit" path="/edit" methods="GET POST">
-        <default key="_controller">fos_user.profiler.controller:editAction</default>
+        <default key="_controller">fos_user.profile.controller:editAction</default>
     </route>
 
 </routes>

Resources/config/routing/update_email.xml

@@ -5,7 +5,7 @@
         xsi:schemaLocation="http://symfony.com/schema/routing http://symfony.com/schema/routing/routing-1.0.xsd">
 
     <route id="fos_user_update_email_confirm" path="/confirm-email-update/{token}" methods="GET">
-        <default key="_controller">fos_user.profiler.controller:confirmEmailUpdateAction</default>
+        <default key="_controller">fos_user.confirm.email.update.controller:confirmEmailUpdateAction</default>
     </route>
 
 </routes>