fix: blocks pw resets when auth method = oidc

.env

@@ -38,3 +38,16 @@ MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
 ###< symfony/messenger ###
 
 REDIS_HOST=redis://redis
+
+###> symfony/mailer ###
+MAILER_DSN=null://null
+###< symfony/mailer ###
+
+AUTH_METHOD=form_login
+
+###> drenso/symfony-oidc-bundle ###
+OIDC_WELL_KNOWN_URL="https://oidc/.well-known"
+OIDC_CLIENT_ID="Enter your OIDC client id"
+OIDC_CLIENT_SECRET="Enter your OIDC client secret"
+OIDC_BYPASS_FORM_LOGIN=false
+###< drenso/symfony-oidc-bundle ###

assets/controllers/movie_results_controller.js

@@ -51,6 +51,7 @@ export default class extends Controller {
         let selectedCount = 0;
 
         this.options.forEach((option) => {
+            const optionHeader = document.querySelector(`[data-option-id="${option.dataset['localId']}"]`)
             const props = {
                 "resolution": option.querySelector('#resolution').textContent.trim(),
                 "codec": option.querySelector('#codec').textContent.trim(),
@@ -62,6 +63,8 @@ export default class extends Controller {
             let include = true;
             option.classList.add('r-tablerow');
             option.classList.remove('hidden');
+            optionHeader.classList.add('r-tablerow');
+            optionHeader.classList.remove('hidden');
             option.querySelector('input[type="checkbox"]').checked = false;
 
             for (let [key, value] of Object.entries(activeFilter)) {
@@ -88,6 +91,8 @@ export default class extends Controller {
             if (false === include) {
                 option.classList.remove('r-tablerow');
                 option.classList.add('hidden');
+                optionHeader.classList.remove('r-tablerow');
+                optionHeader.classList.add('hidden');
             } else if (true === firstIncluded) {
                 count = 1;
                 selectedCount = selectedCount + 1;

assets/controllers/result_filter_controller.js

@@ -127,6 +127,7 @@ export default class extends Controller {
     }
 
     async filter() {
+        const downloadSeasonSpan = document.querySelector("#downloadSeasonModal");
         const currentSeason = this.activeFilter['season'];
 
         let results = [];
@@ -145,6 +146,7 @@ export default class extends Controller {
         } else if ("tvshows" === this.mediaTypeValue) {
             results = this.tvResultsOutlets;
             this.activeFilter.season = this.seasonTarget.value;
+            downloadSeasonSpan.innerText = this.activeFilter.season;
             await results.forEach((list) => list.filter(this.activeFilter, currentSeason, this.seasonTarget.value));
         }
     }

assets/controllers/tv_results_controller.js

@@ -128,6 +128,7 @@ export default class extends Controller {
         let selectedCount = 0;
 
         this.options.forEach((option) => {
+            const optionHeader = document.querySelector(`[data-option-id="${option.dataset['localId']}"]`)
             const props = {
                 "resolution": option.querySelector('#resolution').textContent.trim(),
                 "codec": option.querySelector('#codec').textContent.trim(),
@@ -138,6 +139,8 @@ export default class extends Controller {
             let include = true;
             option.classList.add('r-tablerow');
             option.classList.remove('hidden');
+            optionHeader.classList.add('r-tablerow');
+            optionHeader.classList.remove('hidden');
             option.querySelector('input[type="checkbox"]').checked = false;
 
             for (let [key, value] of Object.entries(activeFilter)) {
@@ -164,6 +167,8 @@ export default class extends Controller {
             if (false === include) {
                 option.classList.remove('r-tablerow');
                 option.classList.add('hidden');
+                optionHeader.classList.remove('r-tablerow');
+                optionHeader.classList.add('hidden');
             } else if (true === firstIncluded) {
                 count = 1;
                 selectedCount = selectedCount + 1;

assets/styles/app.css

@@ -64,6 +64,14 @@ dialog[data-dialog-target="dialog"][closing] {
     animation: fade-out 200ms forwards;
 }
 
+.text-input {
+    @apply bg-gray-50 text-gray-50 p-1 bg-transparent border-b-2 border-orange-400
+}
+
+.submit-button {
+    @apply bg-green-600/40 px-1.5 py-1 w-full rounded-md text-gray-50 backdrop-filter backdrop-blur-sm border-2 border-green-500 hover:bg-green-700/40
+}
+
 .r-tablecell {
     display: none;
 }
@@ -74,7 +82,7 @@ dialog[data-dialog-target="dialog"][closing] {
 
 @media screen and (min-width: 768px) {
     .r-tablecell {
-        display: inline-table;
+        display: table-cell;
     }
 
     .r-tablerow {

composer.json

@@ -16,6 +16,7 @@
         "doctrine/doctrine-migrations-bundle": "^3.4",
         "doctrine/orm": "^3.3",
         "dragonmantank/cron-expression": "^3.4",
+        "drenso/symfony-oidc-bundle": "^4.2",
         "guzzlehttp/guzzle": "^7.9",
         "league/pipeline": "^1.1",
         "nesbot/carbon": "^3.9",
@@ -36,7 +37,9 @@
         "symfony/flex": "^2",
         "symfony/form": "7.3.*",
         "symfony/framework-bundle": "7.3.*",
+        "symfony/http-client": "7.3.*",
         "symfony/ldap": "7.3.*",
+        "symfony/mailer": "7.3.*",
         "symfony/mercure-bundle": "^0.3.9",
         "symfony/messenger": "7.3.*",
         "symfony/runtime": "7.3.*",
@@ -50,9 +53,11 @@
         "symfony/ux-turbo": "^2.24",
         "symfony/ux-twig-component": "^2.24",
         "symfony/yaml": "7.3.*",
+        "symfonycasts/reset-password-bundle": "^1.23",
         "symfonycasts/tailwind-bundle": "^0.10.0",
         "twig/extra-bundle": "^2.12|^3.0",
-        "twig/twig": "^2.12|^3.0"
+        "twig/twig": "^2.12|^3.0",
+        "web-token/jwt-library": "^4.0"
     },
     "config": {
         "allow-plugins": {

config/bundles.php

@@ -20,4 +20,6 @@ return [
     Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['dev' => true, 'test' => true],
     Stof\DoctrineExtensionsBundle\StofDoctrineExtensionsBundle::class => ['all' => true],
     Symfony\UX\Autocomplete\AutocompleteBundle::class => ['all' => true],
+    SymfonyCasts\Bundle\ResetPassword\SymfonyCastsResetPasswordBundle::class => ['all' => true],
+    Drenso\OidcBundle\DrensoOidcBundle::class => ['all' => true],
 ];

config/packages/doctrine.yaml

@@ -18,6 +18,12 @@ doctrine:
             Doctrine\DBAL\Platforms\PostgreSQLPlatform: identity
         auto_mapping: true
         mappings:
+#            App:
+#                type: attribute
+#                is_bundle: false
+#                dir: '%kernel.project_dir%/src/Entity'
+#                prefix: 'App\Entity'
+#                alias: App
             Download:
                 type: attribute
                 is_bundle: false

config/packages/drenso_oidc.yaml

@@ -0,0 +1,19 @@
+drenso_oidc:
+    #default_client: default # The default client, will be aliased to OidcClientInterface
+    clients:
+        default: # The client name, each client will be aliased to its name (for example, $defaultOidcClient)
+            # Required OIDC client configuration
+            well_known_url: '%env(OIDC_WELL_KNOWN_URL)%'
+            client_id: '%env(OIDC_CLIENT_ID)%'
+            client_secret: '%env(OIDC_CLIENT_SECRET)%'
+            redirect_route: '/login/oidc/auth'
+
+            # Extra configuration options
+            #redirect_route: '/login_check'
+            #custom_client_headers: []
+
+        # Add any extra client
+        #link: # Will be accessible using $linkOidcClient
+            #well_known_url: '%env(LINK_WELL_KNOWN_URL)%'
+            #client_id: '%env(LINK_CLIENT_ID)%'
+            #client_secret: '%env(LINK_CLIENT_SECRET)%'

config/packages/mailer.yaml

@@ -0,0 +1,7 @@
+framework:
+    mailer:
+        dsn: 'smtp://%env(SMTP_USER)%:%env(SMTP_PASS)%@%env(SMTP_HOST)%:%env(SMTP_PORT)%'
+        envelope:
+            sender: '%env(SMTP_FROM)%'
+        headers:
+            From: '%env(SMTP_FROM_NAME)% <%env(SMTP_FROM)%>'

config/packages/reset_password.yaml

@@ -0,0 +1,2 @@
+symfonycasts_reset_password:
+    request_password_repository: App\User\Framework\Repository\ResetPasswordRequestRepository

config/packages/security.yaml

@@ -10,6 +10,9 @@ security:
                 class: App\User\Framework\Entity\User
                 property: email
 
+        app_oidc:
+            id: App\User\Framework\Security\OidcUserProvider
+
         app_ldap:
             id: App\User\Framework\Security\LdapUserProvider
 
@@ -18,14 +21,18 @@ security:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
         main:
-            lazy: true
-            provider: app_local
+            logout:
+                path: /logout
+            provider: app_oidc
             form_login:
                 login_path: app_login
                 check_path: app_login
                 enable_csrf: true
-            logout:
-                path: app_logout
+            oidc:
+                login_path: '/login/oidc'
+                check_path: '/login/oidc/auth'
+                enable_end_session_listener: true
+            entry_point: form_login
 
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall
@@ -36,6 +43,7 @@ security:
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used
     access_control:
+        - { path: ^/reset-password, roles: PUBLIC_ACCESS }
         - { path: ^/getting-started, roles: PUBLIC_ACCESS }
         - { path: ^/register, roles: PUBLIC_ACCESS }
         - { path: ^/login, roles: PUBLIC_ACCESS }

config/security.yaml

@@ -1,61 +0,0 @@
-security:
-    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
-    password_hashers:
-        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
-    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
-    providers:
-        users_in_memory: { memory: null }
-        app_local:
-            entity:
-                class: App\User\Framework\Entity\User
-                property: email
-
-        app_ldap:
-            id: App\User\Framework\Security\LdapUserProvider
-
-    firewalls:
-        dev:
-            pattern: ^/(_(profiler|wdt)|css|images|js)/
-            security: false
-        main:
-            lazy: true
-            provider: app_ldap
-            entry_point: form_login_ldap
-            form_login_ldap:
-                login_path: app_login
-                check_path: app_login
-                enable_csrf: true
-                service: Symfony\Component\Ldap\Ldap
-                dn_string: '%env(LDAP_DN_STRING)%'
-            form_login:
-                login_path: app_login
-                check_path: app_login
-                enable_csrf: true
-            logout:
-                path: app_logout
-
-            # activate different ways to authenticate
-            # https://symfony.com/doc/current/security.html#the-firewall
-
-            # https://symfony.com/doc/current/security/impersonating_user.html
-            # switch_user: true
-
-    # Easy way to control access for large sections of your site
-    # Note: Only the *first* access control that matches will be used
-    access_control:
-        - { path: ^/register, roles: PUBLIC_ACCESS }
-        - { path: ^/login, roles: PUBLIC_ACCESS }
-        - { path: ^/, roles: ROLE_USER } # Or ROLE_ADMIN, ROLE_SUPER_ADMIN,
-
-when@test:
-    security:
-        password_hashers:
-            # By default, password hashers are resource intensive and take time. This is
-            # important to generate secure password hashes. In tests however, secure hashes
-            # are not important, waste resources and increase test times. The following
-            # reduces the work factor to the lowest possible values.
-            Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
-                algorithm: auto
-                cost: 4 # Lowest possible value for bcrypt
-                time_cost: 3 # Lowest possible value for argon
-                memory_cost: 10 # Lowest possible value for argon

config/services.yaml

@@ -6,6 +6,7 @@
 parameters:
     # App
     app.url: '%env(APP_URL)%'
+    app.version: '%env(default:app.default.version:APP_VERSION)%'
 
     # Debrid Services
     app.debrid.real_debrid.key: '%env(REAL_DEBRID_KEY)%'
@@ -34,7 +35,14 @@ parameters:
     app.default.version: '0.dev'
     app.default.timezone: 'America/Chicago'
 
-    app.version: '%env(default:app.default.version:APP_VERSION)%'
+    # Auth
+    auth.default.method: 'form_login'
+    auth.method: '%env(default:auth.default.method:AUTH_METHOD)%'
+
+    auth.oidc.well_known_url: '%env(OIDC_WELL_KNOWN_URL)%'
+    auth.oidc.client_id: '%env(OIDC_CLIENT_ID)%'
+    auth.oidc.client_secret: '%env(OIDC_CLIENT_SECRET)%'
+    auth.oidc.bypass_form_login: '%env(bool:OIDC_BYPASS_FORM_LOGIN)%'
 
 services:
     # default configuration for services in *this* file

docs/examples/compose.yml

@@ -1,22 +1,4 @@
 services:
-  caddy:
-    image: caddy:2.9.1
-    restart: unless-stopped
-    cap_add:
-      - NET_ADMIN
-    ports:
-      - "80:80"
-      - "443:443"
-      - "443:443/udp"
-    volumes:
-      - $PWD/../../bash/caddy:/etc/caddy
-      - $PWD/../../bash/certs:/etc/ssl
-  # The "entrypoint" into the application. This reverse proxy
-  # proxies traffic back to their respective services. If not
-  # running behind a reverse proxy inject your SSL certificates
-  # into this container.
-  # This container runs the actual web app in a php:8.4-fpm
-  # base container.
   app:
     image: code.caldwell.digital/home/torsearch-app:latest
     ports:
@@ -48,7 +30,7 @@ services:
       - ./downloads/tvshows:/var/download/tvshows
     environment:
       TZ: America/Chicago
-    command: -vvv
+    command: -vv --time-limit=3600 --limit=10
     env_file:
       - .env
     restart: always
@@ -68,6 +50,7 @@ services:
       - ./downloads/tvshows:/var/download/tvshows
     env_file:
       - .env
+    command: -vv
     environment:
       TZ: America/Chicago
     restart: always

migrations/Version20250709161037.php

@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20250709161037 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->addSql(<<<'SQL'
+            ALTER TABLE download CHANGE batch_id episode_id VARCHAR(255) DEFAULT NULL
+        SQL);
+    }
+
+    public function down(Schema $schema): void
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->addSql(<<<'SQL'
+            ALTER TABLE download CHANGE episode_id batch_id VARCHAR(255) DEFAULT NULL
+        SQL);
+    }
+}

migrations/Version20250709200956.php

@@ -0,0 +1,47 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20250709200956 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->addSql(<<<'SQL'
+            CREATE TABLE reset_password_request (id INT AUTO_INCREMENT NOT NULL, user_id INT NOT NULL, selector VARCHAR(20) NOT NULL, hashed_token VARCHAR(100) NOT NULL, requested_at DATETIME NOT NULL COMMENT '(DC2Type:datetime_immutable)', expires_at DATETIME NOT NULL COMMENT '(DC2Type:datetime_immutable)', INDEX IDX_7CE748AA76ED395 (user_id), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB
+        SQL);
+        $this->addSql(<<<'SQL'
+            ALTER TABLE reset_password_request ADD CONSTRAINT FK_7CE748AA76ED395 FOREIGN KEY (user_id) REFERENCES user (id)
+        SQL);
+        $this->addSql(<<<'SQL'
+            ALTER TABLE monitor CHANGE only_future only_future TINYINT(1) NOT NULL
+        SQL);
+    }
+
+    public function down(Schema $schema): void
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->addSql(<<<'SQL'
+            ALTER TABLE reset_password_request DROP FOREIGN KEY FK_7CE748AA76ED395
+        SQL);
+        $this->addSql(<<<'SQL'
+            DROP TABLE reset_password_request
+        SQL);
+        $this->addSql(<<<'SQL'
+            ALTER TABLE monitor CHANGE only_future only_future TINYINT(1) DEFAULT 1 NOT NULL
+        SQL);
+    }
+}

src/Base/ConfigResolver.php

@@ -23,6 +23,21 @@ final class ConfigResolver
 
         #[Autowire(param: 'media.tvshows.path')]
         private readonly ?string $tvshowsPath = null,
+
+        #[Autowire(param: 'auth.method')]
+        private readonly ?string $authMethod = null,
+
+        #[Autowire(param: 'auth.oidc.well_known_url')]
+        private readonly ?string $authOidcWellKnownUrl = null,
+
+        #[Autowire(param: 'auth.oidc.client_id')]
+        private readonly ?string $authOidcClientId = null,
+
+        #[Autowire(param: 'auth.oidc.client_secret')]
+        private readonly ?string $authOidcClientSecret = null,
+
+        #[Autowire(param: 'auth.oidc.bypass_form_login')]
+        private ?bool $authOidcBypassFormLogin = null,
     ) {}
 
     public function validate(): bool
@@ -46,4 +61,35 @@ final class ConfigResolver
     {
         return $this->messages;
     }
+
+    public function authIs(string $method): bool
+    {
+        if (strtolower($method) === strtolower($this->getAuthMethod())) {
+            return true;
+        }
+        return false;
+    }
+
+    public function getAuthMethod(): string
+    {
+        return strtolower($this->authMethod);
+    }
+
+    public function bypassFormLogin(): bool
+    {
+        return $this->authOidcBypassFormLogin;
+    }
+
+    public function getAuthConfig(): array
+    {
+        return [
+            'method' => $this->authMethod,
+            'oidc' => [
+                'well_known_url' => $this->authOidcWellKnownUrl,
+                'client_id' => $this->authOidcClientId,
+                'client_secret' => $this->authOidcClientSecret,
+                'bypass_form_login' => $this->authOidcBypassFormLogin,
+            ]
+        ];
+    }
 }

src/Base/Framework/Command/ConfigSetCommand.php

@@ -11,7 +11,7 @@ use Symfony\Component\Console\Style\SymfonyStyle;
 
 #[AsCommand(
     name: 'config:set',
-    description: 'Add a short description for your command',
+    description: '[deprecated] This command currently serves no use. It may be re-purposed or removed in the future.',
 )]
 class ConfigSetCommand extends Command
 {

src/Base/Framework/Command/SeedDatabaseCommand.php

@@ -15,7 +15,7 @@ use Symfony\Component\Console\Style\SymfonyStyle;
 
 #[AsCommand(
     name: 'db:seed',
-    description: 'Seed the database with required data.',
+    description: 'Seeds the database with required data. This command is run every time a new container is created from the torsearch-app image and is part of the init process.',
 )]
 class SeedDatabaseCommand extends Command
 {

src/Base/Framework/Command/StartupStatusCommand.php

@@ -11,7 +11,7 @@ use Symfony\Component\Console\Style\SymfonyStyle;
 
 #[AsCommand(
     name: 'startup:status',
-    description: 'Add a short description for your command',
+    description: 'Used by the Docker healthcheck system to signal when the container is healthy.',
 )]
 class StartupStatusCommand extends Command
 {

src/Base/Framework/Command/UserResetPasswordCommand.php

@@ -0,0 +1,112 @@
+<?php
+
+namespace App\Base\Framework\Command;
+
+use App\User\Framework\Repository\UserRepository;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Helper\QuestionHelper;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\Question;
+use Symfony\Component\Console\Style\SymfonyStyle;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+#[AsCommand(name: 'user:reset-password', description: 'Resets the password for the given user. Requires either the ID or email of the User. You will be asked for the password after running the command.')]
+class UserResetPasswordCommand extends Command
+{
+    private readonly Security $security;
+    private readonly UserRepository $userRepository;
+    private readonly UserPasswordHasherInterface $hasher;
+
+    public function __construct(
+        Security $security,
+        UserRepository $userRepository,
+        UserPasswordHasherInterface $hasher,
+    ) {
+        parent::__construct();
+        $this->security = $security;
+        $this->userRepository = $userRepository;
+        $this->hasher = $hasher;
+    }
+
+    protected function configure(): void
+    {
+        $this
+            ->addOption('id', null, InputOption::VALUE_REQUIRED, 'The ID of the user in the database.')
+            ->addOption('email', null, InputOption::VALUE_REQUIRED, 'The email of the user.')
+        ;
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new SymfonyStyle($input, $output);
+
+        $queryParams = $this->parseInput($input, $io);
+        if ([] === $queryParams) {
+            $io->error('No ID or Email specified. Please run again and pass the "--id" or "--email" option.');
+            return Command::FAILURE;
+        }
+
+        $user = $this->userRepository->findOneBy($queryParams);
+        if (null === $user) {
+            $io->error('No such user exists.');
+            return Command::FAILURE;
+        }
+
+        try {
+            $newPassword = $this->askForPassword($input, $output);
+            $this->updateUsersPassword($user, $newPassword);
+        } catch (\Throwable $exception) {
+            $io->error($exception->getMessage());
+            return Command::FAILURE;
+        }
+
+        $io->success('Success. The password has been reset.');
+
+        return Command::SUCCESS;
+    }
+
+    private function parseInput(InputInterface $input, SymfonyStyle $io): array
+    {
+        if ($input->getOption('id')) {
+            return ['id' => $input->getOption('id')];
+        } elseif ($input->getOption('email')) {
+            return ['email' => $input->getOption('email')];
+        }
+
+        return [];
+    }
+
+    private function askForPassword(InputInterface $input, OutputInterface $output): ?string
+    {
+        $questionHelper = new QuestionHelper();
+        $question = new Question('New password (input is hidden): ')
+            ->setHidden(true)
+            ->setHiddenFallback(false)
+            ->setNormalizer(function (?string $value): string {
+                return $value ?? '';
+            })
+            ->setValidator(function (string $value): string {
+                if ('' === trim($value)) {
+                    throw new \Exception('The password cannot be empty');
+                }
+                return $value;
+            })
+            ->setMaxAttempts(5)
+        ;
+
+        return $questionHelper->ask($input, $output, $question);
+    }
+
+    private function updateUsersPassword(UserInterface $user, string $newPassword): void
+    {
+        $user->setPassword(
+            $this->hasher->hashPassword($user, $newPassword)
+        );
+        $this->userRepository->getEntityManager()->flush();
+    }
+}

src/Base/Framework/Controller/IndexController.php

@@ -8,6 +8,8 @@ use App\User\Framework\Entity\User;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Mailer\MailerInterface;
+use Symfony\Component\Mime\Email;
 use Symfony\Component\Routing\Attribute\Route;
 
 final class IndexController extends AbstractController
@@ -29,4 +31,21 @@ final class IndexController extends AbstractController
             'popular_tvshows' => $this->tmdb->popularTvShows(1, 6),
         ]);
     }
+
+    #[Route('/email')]
+    public function sendEmail(MailerInterface $mailer): Response
+    {
+        $email = (new Email())
+            ->to('brock@caldwell.digital')
+            ->subject('Time for Symfony Mailer!')
+            ->text('Sending emails is fun again!')
+            ->html('<p>See Twig integration for better HTML integration!</p>');
+
+        $mailer->send($email);
+
+        return $this->json([
+            'success' => true,
+            'message' => 'Email sent!'
+        ]);
+    }
 }

src/Base/Service/MediaFiles.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace App\Monitor\Service;
+namespace App\Base\Service;
 
 use Aimeos\Map;
 use App\Download\Framework\Entity\Download;

src/Base/Util/EpisodeId.php

@@ -0,0 +1,12 @@
+<?php
+
+namespace App\Base\Util;
+
+class EpisodeId
+{
+    public static function fromSeasonEpisodeNumbers(int $season, int $episode): string
+    {
+        return "S". str_pad($season, 2, "0", STR_PAD_LEFT) .
+            "E". str_pad($episode, 2, "0", STR_PAD_LEFT);
+    }
+}

src/Download/Action/Handler/DownloadSeasonHandler.php

@@ -3,17 +3,12 @@
 namespace App\Download\Action\Handler;
 
 use Aimeos\Map;
+use App\Base\Service\MediaFiles;
 use App\Download\Action\Command\DownloadMediaCommand;
 use App\Download\Action\Command\DownloadSeasonCommand;
 use App\Download\Action\Result\DownloadMediaResult;
 use App\Download\Action\Result\DownloadSeasonResult;
 use App\Download\DownloadOptionEvaluator;
-use App\Download\Framework\Repository\DownloadRepository;
-use App\Download\Downloader\DownloaderInterface;
-use App\Monitor\Action\Command\MonitorTvEpisodeCommand;
-use App\Monitor\Action\Handler\MonitorTvEpisodeHandler;
-use App\Monitor\Framework\Entity\Monitor;
-use App\Monitor\Service\MediaFiles;
 use App\Tmdb\Tmdb;
 use App\Torrentio\Action\Command\GetTvShowOptionsCommand;
 use App\Torrentio\Action\Handler\GetTvShowOptionsHandler;

src/Download/Downloader/ProcessDownloader.php

@@ -2,8 +2,8 @@
 
 namespace App\Download\Downloader;
 
+use App\Base\Service\MediaFiles;
 use App\Download\Framework\Entity\Download;
-use App\Monitor\Service\MediaFiles;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Component\Cache\Adapter\RedisAdapter;
 use Symfony\Component\Process\Exception\ProcessFailedException;
@@ -15,7 +15,6 @@ class ProcessDownloader implements DownloaderInterface
     /**
      * @var RedisAdapter $cache
      */
-
     public function __construct(
         private EntityManagerInterface $entityManager,
         private MediaFiles $mediaFiles,
@@ -34,11 +33,11 @@ class ProcessDownloader implements DownloaderInterface
         $downloadPreferences = $downloadEntity->getUser()->getDownloadPreferences();
         $path = $this->getDownloadPath($mediaType, $title, $downloadPreferences);
 
-        $processArgs = ['wget', $url];
+        $processArgs = ['wget', '-O', $downloadEntity->getFilename(), $url];
 
         if ($downloadEntity->getStatus() === 'Paused') {
             $downloadEntity->setStatus('In Progress');
-            $processArgs = ['wget', '-c', $url];
+            $processArgs = ['wget', '-c', '-O', $downloadEntity->getFilename(), $url];
         } else {
             $downloadEntity->setProgress(0);
         }

src/Download/Framework/Controller/ApiController.php

@@ -32,13 +32,6 @@ class ApiController extends AbstractController
     public function download(
         DownloadMediaInput $input,
     ): Response {
-        $ptn = (object) new Ptn()->parse($input->filename);
-        if ($input->mediaType === "tvshows" &&
-            !property_exists($ptn, 'episode') && !property_exists($ptn, 'season')
-        ) {
-            $input->filename = $input->episodeId . '_' . $input->filename;
-        }
-
         $download = $this->downloadRepository->insert(
             $this->getUser(),
             $input->url,
@@ -46,10 +39,8 @@ class ApiController extends AbstractController
             $input->filename,
             $input->imdbId,
             $input->mediaType,
-            "",
+            $input->episodeId,
         );
-        $this->downloadRepository->getEntityManager()->persist($download);
-        $this->downloadRepository->getEntityManager()->flush();
         $input->downloadId = $download->getId();
         $input->userId = $this->getUser()->getId();
 

src/Download/Framework/Entity/Download.php

@@ -42,7 +42,7 @@ class Download
     private ?int $progress = null;
 
     #[ORM\Column(length: 255, nullable: true)]
-    private ?string $batchId = null;
+    private ?string $episodeId = null;
 
     #[ORM\ManyToOne(inversedBy: 'downloads')]
     private ?User $user = null;
@@ -143,14 +143,14 @@ class Download
         return $this;
     }
 
-    public function getBatchId(): ?string
+    public function getEpisodeId(): ?string
     {
-        return $this->batchId;
+        return $this->episodeId;
     }
 
-    public function setBatchId(?string $batchId): static
+    public function setEpisodeId(?string $episodeId): static
     {
-        $this->batchId = $batchId;
+        $this->episodeId = $episodeId;
 
         return $this;
     }

src/Download/Framework/Repository/DownloadRepository.php

@@ -7,6 +7,7 @@ use App\Download\Framework\Entity\Download;
 use App\User\Framework\Entity\User;
 use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
 use Doctrine\Persistence\ManagerRegistry;
+use Nihilarr\PTN;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 /**
@@ -62,9 +63,15 @@ class DownloadRepository extends ServiceEntityRepository
         string $filename,
         string $imdbId,
         string $mediaType,
-        string $batchId,
+        ?string $episodeId = null,
         string $status = 'New'
     ): Download {
+        $ptn = (object) new Ptn()->parse($filename);
+        if ($mediaType === "tvshows" &&
+            !property_exists($ptn, 'episode') && !property_exists($ptn, 'season')
+        ) {
+            $filename = $episodeId . '_' . $filename;
+        }
         /** @var User $user */
         $download = (new Download())
             ->setUser($user)
@@ -73,7 +80,7 @@ class DownloadRepository extends ServiceEntityRepository
             ->setFilename($filename)
             ->setImdbId($imdbId)
             ->setMediaType($mediaType)
-            ->setBatchId($batchId)
+            ->setEpisodeId($episodeId)
             ->setProgress(0)
             ->setStatus($status);
 

src/Monitor/Action/Handler/MonitorMovieHandler.php

@@ -25,7 +25,6 @@ readonly class MonitorMovieHandler implements HandlerInterface
     public function __construct(
         private MonitorRepository $movieMonitorRepository,
         private GetMovieOptionsHandler $getMovieOptionsHandler,
-        private MonitorOptionEvaluator $monitorOptionEvaluator,
         private EntityManagerInterface $entityManager,
         private MessageBusInterface $bus,
         private LoggerInterface $logger,

src/Monitor/Action/Handler/MonitorTvEpisodeHandler.php

@@ -2,8 +2,11 @@
 
 namespace App\Monitor\Action\Handler;
 
+use App\Base\Util\EpisodeId;
 use App\Download\Action\Command\DownloadMediaCommand;
 use App\Download\DownloadOptionEvaluator;
+use App\Download\Framework\Entity\Download;
+use App\Download\Framework\Repository\DownloadRepository;
 use App\Monitor\Action\Command\MonitorMovieCommand;
 use App\Monitor\Action\Result\MonitorTvEpisodeResult;
 use App\Monitor\Framework\Repository\MonitorRepository;
@@ -31,6 +34,7 @@ readonly class MonitorTvEpisodeHandler implements HandlerInterface
         private LoggerInterface $logger,
         private MonitorRepository $monitorRepository,
         private Tmdb $tmdb,
+        private DownloadRepository $downloadRepository,
     ) {}
 
     public function handle(CommandInterface $command): ResultInterface
@@ -69,13 +73,23 @@ readonly class MonitorTvEpisodeHandler implements HandlerInterface
 
             if (null !== $result) {
                 $this->logger->info('> [MonitorTvEpisodeHandler] ...Found 1 matching result found: dispatching DownloadMediaCommand for "' . $result->title . '"');
+                $download = $this->downloadRepository->insert(
+                    user: $monitor->getUser(),
+                    url: $result->url,
+                    title: $monitor->getTitle(),
+                    filename: $result->filename,
+                    imdbId: $monitor->getImdbId(),
+                    mediaType: 'tvshows',
+                    episodeId: EpisodeId::fromSeasonEpisodeNumbers($monitor->getSeason(), $monitor->getEpisode()),
+                );
                 $this->bus->dispatch(new DownloadMediaCommand(
-                    $result->url,
-                    $monitor->getTitle(),
-                    $result->filename,
+                    $download->getUrl(),
+                    $download->getTitle(),
+                    $download->getFilename(),
                     'tvshows',
-                    $monitor->getImdbId(),
+                    $download->getImdbId(),
                     $monitor->getUser()->getId(),
+                    $download->getId(),
                 ));
                 $monitor->setStatus('Complete');
                 $monitor->setDownloadedAt(new DateTimeImmutable());

src/Monitor/Action/Handler/MonitorTvSeasonHandler.php

@@ -3,12 +3,12 @@
 namespace App\Monitor\Action\Handler;
 
 use Aimeos\Map;
+use App\Base\Service\MediaFiles;
 use App\Monitor\Action\Command\MonitorTvEpisodeCommand;
 use App\Monitor\Action\Command\MonitorTvSeasonCommand;
 use App\Monitor\Action\Result\MonitorTvSeasonResult;
 use App\Monitor\Framework\Entity\Monitor;
 use App\Monitor\Framework\Repository\MonitorRepository;
-use App\Monitor\Service\MediaFiles;
 use App\Tmdb\Tmdb;
 use DateTimeImmutable;
 use Doctrine\ORM\EntityManagerInterface;

src/Monitor/Action/Handler/MonitorTvShowHandler.php

@@ -3,12 +3,12 @@
 namespace App\Monitor\Action\Handler;
 
 use Aimeos\Map;
+use App\Base\Service\MediaFiles;
 use App\Monitor\Action\Command\MonitorMovieCommand;
 use App\Monitor\Action\Command\MonitorTvEpisodeCommand;
 use App\Monitor\Action\Result\MonitorTvShowResult;
 use App\Monitor\Framework\Entity\Monitor;
 use App\Monitor\Framework\Repository\MonitorRepository;
-use App\Monitor\Service\MediaFiles;
 use App\Tmdb\Tmdb;
 use Carbon\Carbon;
 use DateTimeImmutable;

src/Monitor/Service/MonitorOptionEvaluator.php

@@ -1,95 +0,0 @@
-<?php
-
-namespace App\Monitor\Service;
-
-use Aimeos\Map;
-use App\Monitor\Framework\Entity\Monitor;
-use App\Torrentio\Result\TorrentioResult;
-
-class MonitorOptionEvaluator
-{
-    /**
-     * @param Monitor $monitor
-     * @param TorrentioResult[] $results
-     * @return TorrentioResult|null
-     * @throws \Throwable
-     */
-    public function evaluateOptions(Monitor $monitor, array $results): ?TorrentioResult
-    {
-        $sizeLow = 000;
-        $sizeHigh = 4096;
-
-        $bestMatches = [];
-        $matches = [];
-
-        $userPreferences = $monitor->getUser()->getUserPreferenceValues();
-
-        foreach ($results as $result) {
-            if (!in_array($userPreferences['language'], $result->languages)) {
-                continue;
-            }
-
-            if ($result->resolution === $userPreferences['resolution']
-                && $result->codec === $userPreferences['codec']
-            ) {
-                $bestMatches[] = $result;
-            }
-
-            if ($userPreferences['resolution'] === '2160p'
-                && $userPreferences['codec'] === $result->codec
-                && $result->resolution === '1080p'
-            ) {
-                $matches[] = $result;
-            }
-
-            if ($userPreferences['codec'] === 'h264'
-                && $userPreferences['resolution'] === $result->resolution
-                && $result->codec === 'h265'
-            ) {
-                $matches[] = $result;
-            }
-
-            if (($userPreferences['codec'] === null )
-                && ($userPreferences['resolution'] === null )) {
-                $matches[] = $result;
-            }
-        }
-
-        $sizeMatches = [];
-
-        foreach ($bestMatches as $result) {
-            if (str_contains($result->size, 'GB')) {
-                $size = (int) trim(str_replace('GB', '', $result->size)) * 1024;
-            } else {
-                $size = (int) trim(str_replace('MB', '', $result->size));
-            }
-
-            if ($size > $sizeLow && $size < $sizeHigh) {
-                $sizeMatches[] = $result;
-            }
-        }
-
-        if (!empty($sizeMatches)) {
-            return Map::from($sizeMatches)->usort(fn($a, $b) => $a->seeders <=> $b->seeders)->last();
-        }
-
-        foreach ($matches as $result) {
-            $size = 0;
-            if (str_contains($result->size, 'GB')) {
-                $size = (int) trim(str_replace('GB', '', $result->size)) * 1024;
-            } else {
-                $size = (int) trim(str_replace('MB', '', $result->size));
-            }
-
-            if ($size > $sizeLow && $size < $sizeHigh) {
-                $sizeMatches[] = $result;
-            }
-        }
-
-        if (!empty($sizeMatches)) {
-            return Map::from($sizeMatches)->usort(fn($a, $b) => $a->seeders <=> $b->seeders)->last();
-        }
-
-        return null;
-    }
-}

src/Search/Action/Handler/GetMediaInfoHandler.php

@@ -2,6 +2,7 @@
 
 namespace App\Search\Action\Handler;
 
+use App\Base\Service\MediaFiles;
 use App\Search\Action\Command\GetMediaInfoCommand;
 use App\Search\Action\Result\GetMediaInfoResult;
 use App\Tmdb\Tmdb;
@@ -14,12 +15,19 @@ class GetMediaInfoHandler implements HandlerInterface
 {
     public function __construct(
         private readonly Tmdb $tmdb,
+        private readonly MediaFiles $mediaFiles
     ) {}
 
     public function handle(CommandInterface $command): ResultInterface
     {
         $media = $this->tmdb->mediaDetails($command->imdbId, $command->mediaType);
 
+        if ("tvshows" === $command->mediaType) {
+            foreach ($media->episodes[$command->season] as $key => $episode) {
+                $media->episodes[$command->season][$key]['file'] = $this->mediaFiles->episodeExists($media->title, $command->season, $episode['episode_number']);
+            }
+        }
+
         return new GetMediaInfoResult($media, $command->season);
     }
 }

src/Torrentio/Action/Handler/GetMovieOptionsHandler.php

@@ -2,7 +2,7 @@
 
 namespace App\Torrentio\Action\Handler;
 
-use App\Monitor\Service\MediaFiles;
+use App\Base\Service\MediaFiles;
 use App\Tmdb\Tmdb;
 use App\Torrentio\Action\Result\GetMovieOptionsResult;
 use App\Torrentio\Client\Torrentio;

src/Torrentio/Action/Handler/GetTvShowOptionsHandler.php

@@ -2,7 +2,7 @@
 
 namespace App\Torrentio\Action\Handler;
 
-use App\Monitor\Service\MediaFiles;
+use App\Base\Service\MediaFiles;
 use App\Tmdb\Tmdb;
 use App\Torrentio\Action\Command\GetTvShowOptionsCommand;
 use App\Torrentio\Action\Result\GetTvShowOptionsResult;

src/Torrentio/Result/ResultFactory.php

@@ -21,7 +21,6 @@ class ResultFactory
         string $bingeGroup = "-"
     ) {
         $ptn = (object) (new PTN())->parse($title);
-//        dump($ptn);
         return new TorrentioResult(
             self::trimTitle($title),
             urldecode($url),
@@ -40,7 +39,8 @@ class ResultFactory
             $ptn->episode ?? "-",
             self::setLanguages($title),
             self::setLanguageFlags($title),
-            false
+            false,
+            uniqid()
         );
     }
 

src/Torrentio/Result/TorrentioResult.php

@@ -23,5 +23,6 @@ class TorrentioResult
         public ?array $languages = [],
         public ?string $languageFlags = "-",
         public ?bool $selected = false,
+        public ?string $localId = "-"
     ) {}
 }

src/Twig/Extensions/UtilExtension.php

@@ -2,12 +2,9 @@
 
 namespace App\Twig\Extensions;
 
-use App\Monitor\Framework\Entity\Monitor;
-use App\Monitor\Service\MediaFiles;
+use App\Base\Service\MediaFiles;
 use App\Torrentio\Action\Result\GetTvShowOptionsResult;
-use App\Torrentio\Result\TorrentioResult;
 use ChrisUllyott\FileSize;
-use Tmdb\Model\Tv\Episode;
 use Twig\Attribute\AsTwigFilter;
 use Twig\Attribute\AsTwigFunction;
 

src/User/Framework/Controller/Web/LoginController.php

@@ -2,22 +2,30 @@
 
 namespace App\User\Framework\Controller\Web;
 
+use App\Base\ConfigResolver;
 use App\User\Framework\Repository\UserRepository;
 use Doctrine\Common\Collections\ArrayCollection;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
+
 use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
 
 class LoginController extends AbstractController
 {
     #[Route(path: '/login', name: 'app_login')]
-    public function login(AuthenticationUtils $authenticationUtils, UserRepository $userRepository): Response
+    public function login(ConfigResolver $config, AuthenticationUtils $authenticationUtils, UserRepository $userRepository): Response
     {
         if ((new ArrayCollection($userRepository->findAll()))->count() === 0) {
             return $this->redirectToRoute('app_getting_started');
         }
 
+        if ($config->authIs('oidc') && $config->bypassFormLogin()) {
+            return $this->redirectToRoute('app_login_oidc');
+        }
+
         // get the login error if there is one
         $error = $authenticationUtils->getLastAuthenticationError();
 
@@ -25,13 +33,14 @@ class LoginController extends AbstractController
         $lastUsername = $authenticationUtils->getLastUsername();
 
         return $this->render('user/login.html.twig', [
+            'show_oidc_button' => $config->authIs('oidc'),
             'last_username' => $lastUsername,
             'error' => $error,
         ]);
     }
 
     #[Route(path: '/logout', name: 'app_logout')]
-    public function logout(): void
+    public function logout(Security $security, Request $request): void
     {
         throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
     }

src/User/Framework/Controller/Web/LoginOidcController.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace App\User\Framework\Controller\Web;
+
+use App\Base\ConfigResolver;
+use Drenso\OidcBundle\OidcClientInterface;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Attribute\Route;
+
+class LoginOidcController extends AbstractController
+{
+
+    public function __construct(
+        private ConfigResolver $configResolver,
+    ) {}
+
+    #[Route('/login/oidc', name: 'app_login_oidc')]
+    public function oidcStart(OidcClientInterface $oidcClient): RedirectResponse
+    {
+        if (false === $this->configResolver->authIs('oidc')) {
+            throw new \Exception('You must configure the OIDC environment variables before logging in at this route.');
+        }
+
+        // Redirect to authorization @ OIDC provider
+        return $oidcClient->generateAuthorizationRedirect(scopes: ['openid', 'profile']);
+    }
+
+    #[Route('/login/oidc/auth', name: 'app_login_oidc_auth')]
+    public function oidcAuthenticate(): RedirectResponse
+    {
+        if (false === $this->configResolver->authIs('oidc')) {
+            throw new \Exception('You must configure the OIDC environment variables before logging in at this route.');
+        }
+
+        throw new \LogicException('This method can be blank - it will be intercepted by the "oidc" key on your firewall.');
+    }
+
+    #[Route('/logout/oidc', 'app_logout_oidc')]
+    public function oidcLogout(OidcClientInterface $oidcClient, Request $request, Security $security): RedirectResponse
+    {
+        // ToDo: Configure multiple authentication methods and redirect to the form login here
+    }
+}

src/User/Framework/Controller/Web/ResetPasswordController.php

@@ -0,0 +1,191 @@
+<?php
+
+namespace App\User\Framework\Controller\Web;
+
+use App\Base\ConfigResolver;
+use App\User\Framework\Entity\User;
+use App\User\Framework\Form\ChangePasswordForm;
+use App\User\Framework\Form\ResetPasswordRequestForm;
+use Doctrine\ORM\EntityManagerInterface;
+use Psr\Log\LoggerInterface;
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Mailer\MailerInterface;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Contracts\Translation\TranslatorInterface;
+use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
+use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
+use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
+
+#[Route('/reset-password')]
+class ResetPasswordController extends AbstractController
+{
+    use ResetPasswordControllerTrait;
+
+    public function __construct(
+        private ResetPasswordHelperInterface $resetPasswordHelper,
+        private EntityManagerInterface $entityManager,
+        private readonly ConfigResolver $configResolver,
+        private readonly Security $security
+    ) {
+    }
+
+    /**
+     * Display & process form to request a password reset.
+     */
+    #[Route('', name: 'app_forgot_password_request')]
+    public function request(
+        Request $request,
+        MailerInterface $mailer,
+        LoggerInterface $logger
+    ): Response {
+        $form = $this->createForm(ResetPasswordRequestForm::class);
+        $form->handleRequest($request);
+
+        if ($this->configResolver->authIs('oidc')) {
+            $this->addFlash('reset_password_error', 'Your auth method is set to "oidc", so you will need to reset your password with your identity provider.');
+            return $this->render('user/reset_password/request.html.twig', [
+                'requestForm' => $form,
+            ])->setStatusCode(Response::HTTP_ACCEPTED);
+        }
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            /** @var string $email */
+            $email = $form->get('email')->getData();
+            return $this->processSendingPasswordResetEmail($email, $mailer, $logger);
+        }
+
+        return $this->render('user/reset_password/request.html.twig', [
+            'requestForm' => $form,
+        ]);
+    }
+
+    /**
+     * Confirmation page after a user has requested a password reset.
+     */
+    #[Route('/check-email', name: 'app_check_email')]
+    public function checkEmail(): Response
+    {
+        // Generate a fake token if the user does not exist or someone hit this page directly.
+        // This prevents exposing whether or not a user was found with the given email address or not
+        if (null === ($resetToken = $this->getTokenObjectFromSession())) {
+            $resetToken = $this->resetPasswordHelper->generateFakeResetToken();
+        }
+
+        return $this->render('user/reset_password/check_email.html.twig', [
+            'resetToken' => $resetToken,
+        ]);
+    }
+
+    /**
+     * Validates and process the reset URL that the user clicked in their email.
+     */
+    #[Route('/reset/{token}', name: 'app_reset_password')]
+    public function reset(
+        Request $request,
+        UserPasswordHasherInterface $passwordHasher,
+        TranslatorInterface $translator,
+        ?string $token = null
+    ): Response {
+        if ($token) {
+            // We store the token in session and remove it from the URL, to avoid the URL being
+            // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
+            $this->storeTokenInSession($token);
+
+            return $this->redirectToRoute('app_reset_password');
+        }
+
+        $token = $this->getTokenFromSession();
+
+        if (null === $token) {
+            throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
+        }
+
+        try {
+            /** @var User $user */
+            $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
+        } catch (ResetPasswordExceptionInterface $e) {
+            $this->addFlash('reset_password_error', sprintf(
+                '%s - %s',
+                $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [], 'ResetPasswordBundle'),
+                $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
+            ));
+
+            return $this->redirectToRoute('app_forgot_password_request');
+        }
+
+        // The token is valid; allow the user to change their password.
+        $form = $this->createForm(ChangePasswordForm::class);
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            // A password reset token should be used only once, remove it.
+            $this->resetPasswordHelper->removeResetRequest($token);
+
+            /** @var string $plainPassword */
+            $plainPassword = $form->get('plainPassword')->getData();
+
+            // Encode(hash) the plain password, and set it.
+            $user->setPassword($passwordHasher->hashPassword($user, $plainPassword));
+            $this->entityManager->flush();
+
+            // The session is cleaned up after the password has been changed.
+            $this->cleanSessionAfterReset();
+
+            return $this->redirectToRoute('app_index');
+        }
+
+        return $this->render('user/reset_password/reset.html.twig', [
+            'resetForm' => $form,
+        ]);
+    }
+
+    private function processSendingPasswordResetEmail(
+        string $emailFormData,
+        MailerInterface $mailer,
+        LoggerInterface $logger
+    ): RedirectResponse {
+        $user = $this->entityManager->getRepository(User::class)->findOneBy([
+            'email' => $emailFormData,
+        ]);
+
+        // Do not reveal whether a user account was found or not.
+        if (!$user) {
+            return $this->redirectToRoute('app_check_email');
+        }
+
+        try {
+            $resetToken = $this->resetPasswordHelper->generateResetToken($user);
+        } catch (ResetPasswordExceptionInterface $e) {
+            $logger->error('> [ResetPasswordController@processSendingPasswordResetEmail] ' . $e->getMessage());
+
+            $this->addFlash(
+                'reset_password_error',
+                'Your password reset token could not be generated. If you\'re the system administrator, check the server logs for more details.'
+            );
+
+            return $this->redirectToRoute('app_check_email');
+        }
+
+        $email = (new TemplatedEmail())
+            ->to((string) $user->getEmail())
+            ->subject('Your password reset request')
+            ->htmlTemplate('user/reset_password/email.html.twig')
+            ->context([
+                'resetToken' => $resetToken,
+            ])
+        ;
+
+        $mailer->send($email);
+
+        // Store the token object in session for retrieval in check-email route.
+        $this->setTokenObjectInSession($resetToken);
+
+        return $this->redirectToRoute('app_check_email');
+    }
+}

src/User/Framework/Entity/ResetPasswordRequest.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace App\User\Framework\Entity;
+
+use App\User\Framework\Repository\ResetPasswordRequestRepository;
+use Doctrine\ORM\Mapping as ORM;
+use SymfonyCasts\Bundle\ResetPassword\Model\ResetPasswordRequestInterface;
+use SymfonyCasts\Bundle\ResetPassword\Model\ResetPasswordRequestTrait;
+
+#[ORM\Entity(repositoryClass: ResetPasswordRequestRepository::class)]
+class ResetPasswordRequest implements ResetPasswordRequestInterface
+{
+    use ResetPasswordRequestTrait;
+
+    #[ORM\Id]
+    #[ORM\GeneratedValue]
+    #[ORM\Column]
+    private ?int $id = null;
+
+    #[ORM\ManyToOne]
+    #[ORM\JoinColumn(nullable: false)]
+    private ?User $user = null;
+
+    public function __construct(User $user, \DateTimeInterface $expiresAt, string $selector, string $hashedToken)
+    {
+        $this->user = $user;
+        $this->initialize($expiresAt, $selector, $hashedToken);
+    }
+
+    public function getId(): ?int
+    {
+        return $this->id;
+    }
+
+    public function getUser(): User
+    {
+        return $this->user;
+    }
+}

src/User/Framework/Entity/User.php

@@ -99,7 +99,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
      */
     public function getUserIdentifier(): string
     {
-        return (string) $this->username ?? $this->email;
+        return (string) $this->email;
     }
 
     /**

src/User/Framework/Form/ChangePasswordForm.php

@@ -0,0 +1,62 @@
+<?php
+
+namespace App\User\Framework\Form;
+
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\PasswordType;
+use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Validator\Constraints\Length;
+use Symfony\Component\Validator\Constraints\NotBlank;
+use Symfony\Component\Validator\Constraints\NotCompromisedPassword;
+use Symfony\Component\Validator\Constraints\PasswordStrength;
+
+class ChangePasswordForm extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $builder
+            ->add('plainPassword', RepeatedType::class, [
+                'type' => PasswordType::class,
+                'options' => [
+                    'attr' => [
+                        'autocomplete' => 'new-password',
+                        'class' => 'text-input w-full mb-4'
+                    ],
+                    'label_attr' => [
+                        'class' => 'block'
+                    ]
+                ],
+                'first_options' => [
+                    'constraints' => [
+                        new NotBlank([
+                            'message' => 'Please enter a password',
+                        ]),
+                        new Length([
+                            'min' => 12,
+                            'minMessage' => 'Your password should be at least {{ limit }} characters',
+                            // max length allowed by Symfony for security reasons
+                            'max' => 4096,
+                        ]),
+                        new PasswordStrength(),
+                        new NotCompromisedPassword(),
+                    ],
+                    'label' => 'New password',
+                ],
+                'second_options' => [
+                    'label' => 'Repeat Password',
+                ],
+                'invalid_message' => 'The password fields must match.',
+                // Instead of being set onto the object directly,
+                // this is read and encoded in the controller
+                'mapped' => false,
+            ])
+        ;
+    }
+
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver->setDefaults([]);
+    }
+}

src/User/Framework/Form/ResetPasswordRequestForm.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace App\User\Framework\Form;
+
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\EmailType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Validator\Constraints\NotBlank;
+
+class ResetPasswordRequestForm extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $builder
+            ->add('email', EmailType::class, [
+                'attr' => ['autocomplete' => 'email'],
+                'constraints' => [
+                    new NotBlank([
+                        'message' => 'Please enter your email',
+                    ]),
+                ],
+            ])
+        ;
+    }
+
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver->setDefaults([]);
+    }
+}

src/User/Framework/Repository/ResetPasswordRequestRepository.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\User\Framework\Repository;
+
+use App\User\Framework\Entity\ResetPasswordRequest;
+use App\User\Framework\Entity\User;
+use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
+use Doctrine\Persistence\ManagerRegistry;
+use SymfonyCasts\Bundle\ResetPassword\Model\ResetPasswordRequestInterface;
+use SymfonyCasts\Bundle\ResetPassword\Persistence\Repository\ResetPasswordRequestRepositoryTrait;
+use SymfonyCasts\Bundle\ResetPassword\Persistence\ResetPasswordRequestRepositoryInterface;
+
+/**
+ * @extends ServiceEntityRepository<ResetPasswordRequest>
+ */
+class ResetPasswordRequestRepository extends ServiceEntityRepository implements ResetPasswordRequestRepositoryInterface
+{
+    use ResetPasswordRequestRepositoryTrait;
+
+    public function __construct(ManagerRegistry $registry)
+    {
+        parent::__construct($registry, ResetPasswordRequest::class);
+    }
+
+    /**
+     * @param User $user
+     */
+    public function createResetPasswordRequest(object $user, \DateTimeInterface $expiresAt, string $selector, string $hashedToken): ResetPasswordRequestInterface
+    {
+        return new ResetPasswordRequest($user, $expiresAt, $selector, $hashedToken);
+    }
+}

src/User/Framework/Security/OidcUserProvider.php

@@ -0,0 +1,57 @@
+<?php
+
+namespace App\User\Framework\Security;
+
+use App\User\Framework\Entity\User;
+use App\User\Framework\Repository\UserRepository;
+use Drenso\OidcBundle\Exception\OidcException;
+use Drenso\OidcBundle\Model\OidcTokens;
+use Drenso\OidcBundle\Model\OidcUserData;
+use Drenso\OidcBundle\Security\UserProvider\OidcUserProviderInterface;
+use Symfony\Component\PasswordHasher\PasswordHasherInterface;
+use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
+use Symfony\Component\Security\Core\Exception\UserNotFoundException;
+use Symfony\Component\Security\Core\User\OidcUser;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class OidcUserProvider implements OidcUserProviderInterface
+{
+    public function __construct(
+        private readonly UserRepository $userRepository,
+    ) {}
+
+    public function ensureUserExists(string $userIdentifier, OidcUserData $userData, OidcTokens $tokens): void
+    {
+        $user = $this->userRepository->findOneBy(['email' => $userIdentifier]);
+
+        if (null === $user) {
+            $user = new User()
+                ->setEmail(!empty($userData->getEmail()) ? $userData->getEmail() : $userData->getSub())
+                ->setName(!empty($userData->getFullName()) ? $userData->getFullName() : $userData->getGivenName())
+                ->setPassword('n/a')
+                ;
+            $this->userRepository->getEntityManager()->persist($user);
+            $this->userRepository->getEntityManager()->flush();
+        }
+    }
+
+    public function loadOidcUser(string $userIdentifier): UserInterface
+    {
+        return $this->userRepository->findOneBy(['email' => $userIdentifier]);
+    }
+
+    public function refreshUser(UserInterface $user): UserInterface
+    {
+        return $this->userRepository->findOneBy(['email' => $user->getUserIdentifier()]);
+    }
+
+    public function supportsClass(string $class): bool
+    {
+        return User::class === $class || OidcUser::class === $class;
+    }
+
+    public function loadUserByIdentifier(string $identifier): UserInterface
+    {
+        return $this->userRepository->findOneBy(['email' => $identifier]);
+    }
+}

symfony.lock

@@ -50,6 +50,18 @@
             "migrations/.gitignore"
         ]
     },
+    "drenso/symfony-oidc-bundle": {
+        "version": "4.2",
+        "recipe": {
+            "repo": "github.com/symfony/recipes-contrib",
+            "branch": "main",
+            "version": "2.0",
+            "ref": "e2b975158d940a191f48e3ff2c59108a1d7225e6"
+        },
+        "files": [
+            "config/packages/drenso_oidc.yaml"
+        ]
+    },
     "php-http/discovery": {
         "version": "1.20",
         "recipe": {
@@ -157,6 +169,18 @@
             "src/Kernel.php"
         ]
     },
+    "symfony/mailer": {
+        "version": "7.3",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "main",
+            "version": "4.3",
+            "ref": "09051cfde49476e3c12cd3a0e44289ace1c75a4f"
+        },
+        "files": [
+            "config/packages/mailer.yaml"
+        ]
+    },
     "symfony/maker-bundle": {
         "version": "1.62",
         "recipe": {
@@ -363,6 +387,18 @@
             "config/routes/web_profiler.yaml"
         ]
     },
+    "symfonycasts/reset-password-bundle": {
+        "version": "1.23",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "main",
+            "version": "1.0",
+            "ref": "97c1627c0384534997ae1047b93be517ca16de43"
+        },
+        "files": [
+            "config/packages/reset_password.yaml"
+        ]
+    },
     "symfonycasts/tailwind-bundle": {
         "version": "0.10",
         "recipe": {

tailwind.config.js

@@ -32,7 +32,8 @@ module.exports = {
       "truncate",
       "text-wrap",
       "rounded-sm",
-      "rounded-md"
+      "rounded-md",
+      "r-tablecell",
   ],
   theme: {
       extend: {

templates/bare.html.twig

@@ -15,8 +15,12 @@
     </head>
     <body class="bg-cyan-950 flex flex-col h-full">
         <h1 class="px-4 py-4 text-3xl font-extrabold text-orange-500">Torsearch</h1>
-        <div class="flex flex-col justify-center items-center">
+        <div class="p-4 flex flex-col justify-center items-center">
             {% block body %}{% endblock %}
+            <div class="mt-2 inline-flex gap-4 justify-between text-white">
+                <a class="text-sm" href="{{ path('app_login') }}">Sign In</a>
+                <span class="text-sm">v{{ version }}</span>
+            </div>
         </div>
     </body>
 </html>

templates/components/DownloadList.html.twig

@@ -1,4 +1,4 @@
-<div{{ attributes.defaults(stimulus_controller('download_list')) }} class="min-w-48" >
+<div{{ attributes.defaults(stimulus_controller('download_list')) }} class="min-w-48 overflow-scroll" >
     {% set table_body_id = (type == "complete") ? "complete_downloads" : "active_downloads" %}
 
     {% if this.isWidget == false %}

templates/components/DownloadListRow.html.twig

@@ -6,8 +6,8 @@
             {{ download.title }}
         </a>
 
-        {% if download.mediaType == "tvshows" %}
-            &mdash; <span class="ml-1">(S{{ download.ptn.season }}E{{ download.ptn.episode }})</span>
+        {% if download.mediaType == "tvshows" and download.episodeId != null %}
+            &mdash; <span class="ml-1">(S{{ download.episodeId }})</span>
         {% endif %}
     </td>
 
@@ -25,7 +25,7 @@
                 <div class="text-black text-center rounded-sm text-bold bg-green-300 h-5 relative z-10"
                      style="width:{{ download.progress }}%">
                 </div>
-                <div class="absolute text-black text-center" style="z-index: 400;margin-top: -1.25rem; margin-left: 1.2rem">{{ download.progress }}%</div>
+                <div class="text-black text-center" style="z-index: 400;margin-top: -1.25rem; margin-left: 1.2rem">{{ download.progress }}%</div>
             </div>
         {% else %}
             <twig:StatusBadge color="green" status="Complete" />

templates/components/Filter.html.twig

@@ -99,7 +99,7 @@
                 <a href="{{ path('app_user_preferences') }}" class="text-underline">preferences</a> to choose
                 the appropriate file(s).
                 <br /><br />
-                Do you wish to download <strong>season {{ results.season }}</strong> of "<strong>{{ results.media.title }}</strong>"?
+                Do you wish to download <strong>season <span id="downloadSeasonModal">{{ results.season }}</span></strong> of "<strong>{{ results.media.title }}</strong>"?
             </twig:Modal>
 
             <button class="px-1.5 py-1 bg-green-600 hover:bg-green-700 rounded-ms text-sm font-semibold"

templates/components/MonitorList.html.twig

@@ -1,4 +1,4 @@
-<div{{ attributes.defaults(stimulus_controller('monitor_list')) }}>
+<div{{ attributes.defaults(stimulus_controller('monitor_list')) }} class="overflow-scroll">
     {% if this.isWidget == false %}
         <div class="flex flex-row mb-2 justify-end">
             <twig:DownloadSearch search_path="app_search" placeholder="Find {{ type == "complete" ? "a" : "an" }} {{ type }} monitor..." />

templates/components/Poster.html.twig

@@ -9,6 +9,6 @@
         mediaType: mediaType,
         imdbId: imdbId
     }) }}">
-        <h3 class="text-center text-white text-xl md:text-base md:max-w-[16ch]">{{ title }}</h3>
+        <h3 class="text-center text-white md:text-xl md:text-base md:max-w-[16ch]">{{ title }}</h3>
     </a>
 </div>

templates/components/TvEpisodeList.html.twig

@@ -39,6 +39,31 @@
                                 <small class="py-1 px-1.5 mr-1 grow-0 font-bold bg-gray-700 rounded-lg font-normal text-white" title="Air date {{ episode['name'] }}">
                                     {{ episode['air_date']|date(null, 'UTC') }}
                                 </small>
+
+                                {% if episode['file'] != false %}
+                                    <span data-controller="popover">
+                                        <template data-popover-target="content">
+                                            <div data-popover-target="card" class="absolute z-40 p-1 bg-stone-400 p-1 text-black rounded-md m-1 animate-fade">
+                                                <p class="font-bold text-sm text-left">Existing file(s) for this episode:</p>
+                                                <ul class="list-disc ml-3">
+                                                    <li class="font-normal">{{ episode['file'].realPath|strip_media_path }} &mdash; <strong>{{ episode['file'].size|filesize }}</strong></li>
+                                                </ul>
+                                            </div>
+                                        </template>
+                                        <small
+                                                class="py-1 px-1.5 mr-1 grow-0 font-bold bg-blue-600 rounded-lg text-center text-white"
+                                                data-action="mouseenter->popover#show mouseleave->popover#hide"
+                                        >
+                                            exists
+                                        </small>
+                                    </span>
+                                {% endif %}
+
+                                {% if episode['file'] == false %}
+                                    <small class="py-1 px-1.5 mr-1 grow-0 font-bold bg-rose-600 rounded-lg text-white" title="Episode has not been downloaded yet.">
+                                        missing
+                                    </small>
+                                {% endif %}
                             </div>
                         </div>
                         <div class="flex flex-col gap-4 justify-between">

templates/index/index.html.twig

@@ -20,7 +20,7 @@
             </twig:Card>
         </div>
         <div class="flex flex-col gap-4">
-            <twig:Card title="Popular Movies" contentClass="flex flex-col gap-4 md:flex-row md:justify-between w-full">
+            <twig:Card title="Popular Movies" contentClass="grid grid-cols-2 gap-4 md:flex md:flex-row md:justify-between w-full">
                 {% for movie in popular_movies %}
                     <twig:Poster imdbId="{{ movie.imdbId }}"
                                  tmdbId="{{ movie.tmdbId }}"
@@ -32,7 +32,7 @@
                     />
                 {% endfor %}
             </twig:Card>
-            <twig:Card title="Popular TV Shows" contentClass="flex flex-col md:flex-row justify-between w-full">
+            <twig:Card title="Popular TV Shows" contentClass="grid grid-cols-2 gap-4 md:flex flex-col md:flex-row justify-between w-full">
                 {% for movie in popular_tvshows %}
                     <twig:Poster imdbId="{{ movie.imdbId }}"
                                  tmdbId="{{ movie.tmdbId }}"

templates/torrentio/movies.html.twig

@@ -2,7 +2,7 @@
     {% if results.file != false %}
     <div class="p-3 bg-stone-400 p-1 text-black rounded-md m-1 animate-fade">
         <p class="font-bold text-sm text-left">Existing file(s) for this movie:</p>
-        <ul class="list-disc ml-3">
+        <ul class="list-disc ml-3 overflow-scroll">
             <li class="font-normal">{{ results.file.realPath|strip_media_path }} &mdash; <strong>{{ results.file.size|filesize }}</strong></li>
         </ul>
     </div>

templates/torrentio/partial/option-table.html.twig

@@ -3,7 +3,7 @@
 >
     <thead class="text-xs text-gray-700 uppercase dark:text-gray-400">
     {% for result in results.results %}
-    <tr class="dark:bg-stone-600 overflow-hidden flex flex-col md:flex-col flex-no wrap md:table-row border-b border-gray-500">
+    <tr data-option-id="{{ result.localId }}" class="dark:bg-stone-600 overflow-hidden flex flex-col md:flex-col flex-no wrap md:table-row border-b border-gray-500">
         <th scope="col"
             class="px-4 py-4 leading-[20px] font-medium text-gray-900 whitespace-nowrap dark:text-white">
             Size
@@ -41,7 +41,7 @@
     </thead>
     <tbody class="flex-1 sm:flex-none">
     {% for result in results.results %}
-        <tr class="bg-white dark:bg-slate-700 flex flex-col flex-no wrap r-tablerow border-b border-gray-500" data-provider="{{ result.provider }}" data-quality="{{ result.quality }}" data-languages="{{ result.languages|json_encode }}" {% if "tvshows" == results.media.mediaType %} data-season="{{ results.season }}"{% endif %}>
+        <tr class="bg-white dark:bg-slate-700 flex flex-col flex-no wrap r-tablerow border-b border-gray-500" data-local-id="{{ result.localId }}" data-provider="{{ result.provider }}" data-quality="{{ result.quality }}" data-languages="{{ result.languages|json_encode }}" {% if "tvshows" == results.media.mediaType %} data-season="{{ results.season }}"{% endif %}>
             <td id="size" class="px-4 py-4 whitespace-nowrap text-sm font-medium text-gray-800 dark:text-gray-50">
                 {{ result.size }}
             </td>

templates/user/getting-started.html.twig

@@ -3,7 +3,7 @@
 {% block title %}Getting Started — Torsearch{% endblock %}
 
 {% block body %}
-    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 min-w-96 border-orange-500 border-2 text-gray-50">
+    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 w-full md:w-[420px] border-orange-500 border-2 text-gray-50">
         <h2 class="text-2xl text-bold text-center text-gray-50">Getting Started</h2>
         <p class="mb-2">Let's get started by creating your first User.</p>
 

templates/user/login.html.twig

@@ -3,7 +3,7 @@
 {% block title %}Log in — Torsearch{% endblock %}
 
 {% block body %}
-    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 min-w-96 border-orange-500 border-2 text-gray-50">
+    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 w-full md:w-[420px] border-orange-500 border-2 text-gray-50">
         <h2 class="text-xl font-bold">Login</h2>
         <form method="post" class="flex flex-col gap-2">
             {% if error %}
@@ -40,14 +40,28 @@
             </label>
             <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}" data-controller="csrf-protection">
 
-            <div class="mb-2">
-                <input type="checkbox" name="_remember_me" id="_remember_me">
-                <label for="_remember_me">Remember me</label>
-            </div>
+
+                <div class="mb-2 flex flex-row justify-between">
+                    <div>
+                        <input type="checkbox" name="_remember_me" id="_remember_me">
+                        <label for="_remember_me">Remember me</label>
+                    </div>
+                </div>
+
 
             <button type="submit" class="bg-green-600/40 px-1.5 py-1 w-full rounded-md text-gray-50 backdrop-filter backdrop-blur-sm border-2 border-green-500 hover:bg-green-700/40">
                 Sign in
             </button>
         </form>
+
+        {% if show_oidc_button == "oidc" %}
+        <a href="{{ path('app_login_oidc') }}" class="bg-sky-950/60 px-1.5 py-1 w-full rounded-md text-gray-50 text-center backdrop-filter backdrop-blur-sm border-2 border-gray-950 hover:bg-orange-700/40">
+            Sign in with OIDC
+        </a>
+        {% endif %}
+
+        <div class="flex">
+            <a href="{{ path('app_forgot_password_request') }}">Forgot password?</a>
+        </div>
     </div>
 {% endblock %}

templates/user/reset_password/check_email.html.twig

@@ -0,0 +1,21 @@
+{% extends 'bare.html.twig' %}
+
+{% block title %}Password Reset Email Sent — Torsearch{% endblock %}
+
+{% block body %}
+    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 w-full md:w-[420px] border-orange-500 border-2 text-gray-50">
+        <h2 class="text-xl font-bold">Head over to your email</h2>
+
+        <div class="mb-3 flex flex-col gap-4">
+            <p>
+                If an account matching your email exists, then an email was just sent that contains a
+                link that you can use to reset your password. This link will expire in
+                {{ resetToken.expirationMessageKey|trans(resetToken.expirationMessageData, 'ResetPasswordBundle') }}.
+            </p>
+            <p>
+                If you don't receive an email please check your spam folder or
+                <a href="{{ path('app_forgot_password_request') }}">try again</a>.
+            </p>
+        </div>
+    </div>
+{% endblock %}

templates/user/reset_password/email.html.twig

@@ -0,0 +1,9 @@
+<h1>Hi!</h1>
+
+<p>To reset your password, please visit the following link</p>
+
+<a href="{{ url('app_reset_password', {token: resetToken.token}) }}">{{ url('app_reset_password', {token: resetToken.token}) }}</a>
+
+<p>This link will expire in {{ resetToken.expirationMessageKey|trans(resetToken.expirationMessageData, 'ResetPasswordBundle') }}.</p>
+
+<p>Cheers!</p>

templates/user/reset_password/request.html.twig

@@ -0,0 +1,32 @@
+{% extends 'bare.html.twig' %}
+
+{% block title %}Reset your password — Torsearch{% endblock %}
+
+{% block body %}
+    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 w-full md:w-[420px] border-orange-500 border-2 text-gray-50">
+        <h2 class="text-xl font-bold">Reset your password</h2>
+
+        <div class="mb-3">
+            Enter your email address, and we'll send you a link to reset your password.
+        </div>
+
+        <form name="reset_password_request_form" method="post" class="flex flex-col gap-2">
+            {% for flash_error in app.flashes('reset_password_error') %}
+                <div class="mb-3 p-2 bg-rose-500 text-black font-semibold rounded-md" role="alert">{{ flash_error }}</div>
+            {% endfor %}
+
+            <label for="reset_password_request_form_email" class="required flex flex-col mb-2">
+                Email
+                <input type="email"
+                       class="text-input"
+                       id="reset_password_request_form_email"
+                       name="reset_password_request_form[email]"
+                       required="required" autocomplete="email">
+            </label>
+
+            <input type="hidden" id="reset_password_request_form__token" name="reset_password_request_form[_token]" data-controller="csrf-protection" value="csrf-token">
+
+            <button class="submit-button">Send password reset email</button>
+        </form>
+    </div>
+{% endblock %}

templates/user/reset_password/reset.html.twig

@@ -0,0 +1,18 @@
+{% extends 'bare.html.twig' %}
+
+{% block title %}Reset your password — Torsearch{% endblock %}
+
+{% block body %}
+    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 w-full md:w-[420px] border-orange-500 border-2 text-gray-50">
+        <h2 class="text-xl font-bold text-white">Reset your password</h2>
+
+        <div class="mb-2">
+            Enter a new password for your account.
+        </div>
+
+        {{ form_start(resetForm) }}
+        {{ form_row(resetForm.plainPassword) }}
+        <button class="submit-button">Reset password</button>
+        {{ form_end(resetForm) }}
+    </div>
+{% endblock %}