Developed with love by KnpLabs Hire us for your project!
73

reset-password-bundle

by SymfonyCasts

Need a killer reset password feature for your Symfony? Us too!

ResetPasswordBundle: Mind-Blowing (and Secure) Password Resetting for Symfony

Worrying about how to deal with users that can't remember their password? We've
got you covered! This bundle provides a secure out of the box solution to allow
users to reset their forgotten passwords.

Installation

The bundle can be installed using Composer or the Symfony binary:

composer require symfonycasts/reset-password-bundle

Usage

There are two ways to get started, the easiest and preferred way is to use
Symfony's MakerBundle. The Maker will
take care of everything from creating configuration, to generating your
templates, controllers, and entities.

Using Symfony's Maker Bundle (Recommended)

  • Run bin/console make:reset-password, answer a couple questions, and enjoy our bundle!

Setting things up manually

If you prefer to take care of the leg work yourself, checkout the
manual setup
guide. We still recommend using the Maker command to get a feel for how we
intended the bundle to be used.


If you used our Symfony Maker command bin/console make:reset-password after
installation, your app is ready to go. Go to https://your-apps-domain/reset-password,
fill out the form, click on the link sent to your email, and change your password.
That's it! The Reset Password Bundle takes care of the rest.

The above assumes you have already setup
authentication with a
registered user account & configured Symfony's
mailer in your app.

Configuration

You can change the default configuration parameters for the bundle in the
config/packages/reset_password.yaml config file created by Maker.

symfonycasts_reset_password:
  request_password_repository: App\Repository\PasswordResetRequestRepository
  lifetime: 3600
  throttle_limit: 3600
  enable_garbage_collection: true

Parameters:

request_password_repository

Required

The complete namespace of the repository for the ResetPasswordRequest entity. If
you used make:reset-password, this will be App\Repository\ResetPasswordRequestRepository.

lifetime

Optional - Defaults to 3600 seconds

This is the length of time a reset password request is valid for in seconds
after it has been created.

throttle_limit

Optional - Defaults to 3600 seconds

This is the length of time in seconds that must pass before a user can request a
subsequent reset request.

Setting this value equal to or higher than lifetime will prevent a user from
requesting a password reset before a previous reset attempt has either 1) Been
successfully completed. 2) The previous request has expired.

Setting this value lower than lifetime will allow a user to make several
reset password requests, even if any previous requests have not been successfully
completed or have not expired. This would allow for cases such as a user never
received the reset password request email.

enable_garbage_collection

Optional - Defaults to true

Enable or disable the Reset Password Cleaner which handles expired reset password
requests that may have been left in persistence.

Support

Feel free to open an issue for questions, problems, or suggestions with our bundle.
Issues pertaining to Symfony's Maker Bundle, specifically make:reset-password,
should be addressed in the Symfony Maker repository.

Security Issues

For security related vulnerabilities, we ask that you send an email to
ryan [at] symfonycasts.com instead of creating an issue.

This will give us the opportunity to address the issue without exposing the
vulnerability before a fix can be published.

  • Merge pull request #108 from jrushlow/replace/micro-kernel-trait
    By web-flow, 3 months ago
  • remove abstract test kernel
    By , 3 months ago
  • replace embedded abstract kernel with reset password test kernel
    By jrushlow, 3 months ago
  • replace embedded abstract kernel with reset password test kernel
    By jrushlow, 3 months ago
  • swap abstract test kernel with test kernel
    By jrushlow, 3 months ago
  • refactor autowire test
    By jrushlow, 3 months ago
  • create test kernel to replace the abstract kernel
    By jrushlow, 3 months ago
  • create test kernel to replace the abstract kernel
    By jrushlow, 3 months ago
  • bug #105 [bug] ensure all requests are removed for user (kbond)
    By weaverryan, 3 months ago
  • Merge pull request #106 from jrushlow/update/changelog
    By web-flow, 3 months ago
  • added missing v1.0.0 date
    By jrushlow, 3 months ago
  • update changelog for v1.1.0
    By jrushlow, 3 months ago
  • [bug] ensure all requests are removed for user
    By kbond, 3 months ago
  • Merge pull request #96 from jrushlow/bump/dev-depends
    By web-flow, 3 months ago
  • Merge pull request #104 from kbond/feature/throttle-retry-time
    By web-flow, 3 months ago
  • Merge pull request #103 from kbond/bug/remove-expired-time
    By web-flow, 3 months ago
  • [feature] add additional detail to TooManyPasswordRequestsException (closes #101)
    By kbond, 3 months ago
  • [bug] increase time before expired requests are garbage collected to 1 week (closes #100)
    By kbond, 3 months ago
  • Merge pull request #97 from stof/patch-1
    By web-flow, 4 months ago
  • Merge pull request #99 from vendi-advertising/cjh-typo-his
    By web-flow, 4 months ago
  • Fix typo hasUserHisThrottling to hasUserHitThrottling (his/hit)
    By , 4 months ago
  • Clarify that the repository trait is for Doctrine ORM only
    By web-flow, 4 months ago
  • fixed unneeded full name space
    By jrushlow, 4 months ago
  • fix typo
    By jrushlow, 4 months ago
  • stops using doctrine common in tests
    By jrushlow, 4 months ago
  • Merge pull request #89 from jrushlow/ci/add-symfony-matrix
    By web-flow, 4 months ago
  • removed doctrine naming strategy from test kernel
    By jrushlow, 4 months ago
  • adds lowest dep tests
    By jrushlow, 4 months ago
  • test again symfony dev-master
    By jrushlow, 4 months ago
  • fix framework bundle version constraint to allow 4.4
    By jrushlow, 4 months ago