vendor/symfony/maker-bundle/src/Maker/MakeAuthenticator.php line 408

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony MakerBundle package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Bundle\MakerBundle\Maker;
  14. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  15. use Symfony\Bundle\MakerBundle\ConsoleStyle;
  16. use Symfony\Bundle\MakerBundle\DependencyBuilder;
  17. use Symfony\Bundle\MakerBundle\Doctrine\DoctrineHelper;
  18. use Symfony\Bundle\MakerBundle\Exception\RuntimeCommandException;
  19. use Symfony\Bundle\MakerBundle\FileManager;
  20. use Symfony\Bundle\MakerBundle\Generator;
  21. use Symfony\Bundle\MakerBundle\InputConfiguration;
  22. use Symfony\Bundle\MakerBundle\Security\InteractiveSecurityHelper;
  23. use Symfony\Bundle\MakerBundle\Security\SecurityConfigUpdater;
  24. use Symfony\Bundle\MakerBundle\Security\SecurityControllerBuilder;
  25. use Symfony\Bundle\MakerBundle\Str;
  26. use Symfony\Bundle\MakerBundle\Util\ClassSourceManipulator;
  27. use Symfony\Bundle\MakerBundle\Util\UseStatementGenerator;
  28. use Symfony\Bundle\MakerBundle\Util\YamlManipulationFailedException;
  29. use Symfony\Bundle\MakerBundle\Util\YamlSourceManipulator;
  30. use Symfony\Bundle\MakerBundle\Validator;
  31. use Symfony\Bundle\SecurityBundle\SecurityBundle;
  32. use Symfony\Bundle\TwigBundle\TwigBundle;
  33. use Symfony\Component\Console\Command\Command;
  34. use Symfony\Component\Console\Input\InputArgument;
  35. use Symfony\Component\Console\Input\InputInterface;
  36. use Symfony\Component\Console\Input\InputOption;
  37. use Symfony\Component\Console\Question\Question;
  38. use Symfony\Component\HttpFoundation\RedirectResponse;
  39. use Symfony\Component\HttpFoundation\Request;
  40. use Symfony\Component\HttpFoundation\Response;
  41. use Symfony\Component\Routing\Annotation\Route;
  42. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  43. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  44. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  45. use Symfony\Component\Security\Core\Security;
  46. use Symfony\Component\Security\Guard\AuthenticatorInterface as GuardAuthenticatorInterface;
  47. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  48. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  49. use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
  50. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  51. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  52. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  53. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  54. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  55. use Symfony\Component\Yaml\Yaml;
  57. /**
  58.  * @author Ryan Weaver   <ryan@symfonycasts.com>
  59.  * @author Jesse Rushlow <jr@rushlow.dev>
  60.  *
  61.  * @internal
  62.  */
  63. final class MakeAuthenticator extends AbstractMaker
  64. {
  65.     private const AUTH_TYPE_EMPTY_AUTHENTICATOR 'empty-authenticator';
  66.     private const AUTH_TYPE_FORM_LOGIN 'form-login';
  68.     private $fileManager;
  69.     private $configUpdater;
  70.     private $generator;
  71.     private $doctrineHelper;
  72.     private $securityControllerBuilder;
  74.     public function __construct(FileManager $fileManagerSecurityConfigUpdater $configUpdaterGenerator $generatorDoctrineHelper $doctrineHelperSecurityControllerBuilder $securityControllerBuilder)
  75.     {
  76.         $this->fileManager $fileManager;
  77.         $this->configUpdater $configUpdater;
  78.         $this->generator $generator;
  79.         $this->doctrineHelper $doctrineHelper;
  80.         $this->securityControllerBuilder $securityControllerBuilder;
  81.     }
  83.     public static function getCommandName(): string
  84.     {
  85.         return 'make:auth';
  86.     }
  88.     public static function getCommandDescription(): string
  89.     {
  90.         return 'Creates a Guard authenticator of different flavors';
  91.     }
  93.     public function configureCommand(Command $commandInputConfiguration $inputConfig): void
  94.     {
  95.         $command
  96.             ->setHelp(file_get_contents(__DIR__.'/../Resources/help/MakeAuth.txt'));
  97.     }
  99.     public function interact(InputInterface $inputConsoleStyle $ioCommand $command): void
  100.     {
  101.         if (!$this->fileManager->fileExists($path 'config/packages/security.yaml')) {
  102.             throw new RuntimeCommandException('The file "config/packages/security.yaml" does not exist. This command requires that file to exist so that it can be updated.');
  103.         }
  104.         $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents($path));
  105.         $securityData $manipulator->getData();
  107.         // @legacy - Can be removed when Symfony 5.4 support is dropped
  108.         if (interface_exists(GuardAuthenticatorInterface::class) && !($securityData['security']['enable_authenticator_manager'] ?? false)) {
  109.             throw new RuntimeCommandException('MakerBundle only supports the new authenticator based security system. See https://symfony.com/doc/current/security.html');
  110.         }
  112.         // authenticator type
  113.         $authenticatorTypeValues = [
  114.             'Empty authenticator' => self::AUTH_TYPE_EMPTY_AUTHENTICATOR,
  115.             'Login form authenticator' => self::AUTH_TYPE_FORM_LOGIN,
  116.         ];
  117.         $command->addArgument('authenticator-type'InputArgument::REQUIRED);
  118.         $authenticatorType $io->choice(
  119.             'What style of authentication do you want?',
  120.             array_keys($authenticatorTypeValues),
  121.             key($authenticatorTypeValues)
  122.         );
  123.         $input->setArgument(
  124.             'authenticator-type',
  125.             $authenticatorTypeValues[$authenticatorType]
  126.         );
  128.         if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  129.             $neededDependencies = [TwigBundle::class => 'twig'];
  130.             $missingPackagesMessage $this->addDependencies($neededDependencies'Twig must be installed to display the login form.');
  132.             if ($missingPackagesMessage) {
  133.                 throw new RuntimeCommandException($missingPackagesMessage);
  134.             }
  136.             if (!isset($securityData['security']['providers']) || !$securityData['security']['providers']) {
  137.                 throw new RuntimeCommandException('To generate a form login authentication, you must configure at least one entry under "providers" in "security.yaml".');
  138.             }
  139.         }
  141.         // authenticator class
  142.         $command->addArgument('authenticator-class'InputArgument::REQUIRED);
  143.         $questionAuthenticatorClass = new Question('The class name of the authenticator to create (e.g. <fg=yellow>AppCustomAuthenticator</>)');
  144.         $questionAuthenticatorClass->setValidator(
  145.             function ($answer) {
  146.                 Validator::notBlank($answer);
  148.                 return Validator::classDoesNotExist(
  149.                     $this->generator->createClassNameDetails($answer'Security\\''Authenticator')->getFullName()
  150.                 );
  151.             }
  152.         );
  153.         $input->setArgument('authenticator-class'$io->askQuestion($questionAuthenticatorClass));
  155.         $interactiveSecurityHelper = new InteractiveSecurityHelper();
  156.         $command->addOption('firewall-name'nullInputOption::VALUE_OPTIONAL);
  157.         $input->setOption('firewall-name'$firewallName $interactiveSecurityHelper->guessFirewallName($io$securityData));
  159.         $command->addOption('entry-point'nullInputOption::VALUE_OPTIONAL);
  161.         if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  162.             $command->addArgument('controller-class'InputArgument::REQUIRED);
  163.             $input->setArgument(
  164.                 'controller-class',
  165.                 $io->ask(
  166.                     'Choose a name for the controller class (e.g. <fg=yellow>SecurityController</>)',
  167.                     'SecurityController',
  168.                     [Validator::class, 'validateClassName']
  169.                 )
  170.             );
  172.             $command->addArgument('user-class'InputArgument::REQUIRED);
  173.             $input->setArgument(
  174.                 'user-class',
  175.                 $userClass $interactiveSecurityHelper->guessUserClass($io$securityData['security']['providers'])
  176.             );
  178.             $command->addArgument('username-field'InputArgument::REQUIRED);
  179.             $input->setArgument(
  180.                 'username-field',
  181.                 $interactiveSecurityHelper->guessUserNameField($io$userClass$securityData['security']['providers'])
  182.             );
  184.             $command->addArgument('logout-setup'InputArgument::REQUIRED);
  185.             $input->setArgument(
  186.                 'logout-setup',
  187.                 $io->confirm(
  188.                     'Do you want to generate a \'/logout\' URL?',
  189.                     true
  190.                 )
  191.             );
  192.         }
  193.     }
  195.     public function generate(InputInterface $inputConsoleStyle $ioGenerator $generator): void
  196.     {
  197.         $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents('config/packages/security.yaml'));
  198.         $securityData $manipulator->getData();
  200.         $this->generateAuthenticatorClass(
  201.             $securityData,
  202.             $input->getArgument('authenticator-type'),
  203.             $input->getArgument('authenticator-class'),
  204.             $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  205.             $input->hasArgument('username-field') ? $input->getArgument('username-field') : null
  206.         );
  208.         // update security.yaml with guard config
  209.         $securityYamlUpdated false;
  211.         $entryPoint $input->getOption('entry-point');
  213.         if (self::AUTH_TYPE_FORM_LOGIN !== $input->getArgument('authenticator-type')) {
  214.             $entryPoint false;
  215.         }
  217.         try {
  218.             $newYaml $this->configUpdater->updateForAuthenticator(
  219.                 $this->fileManager->getFileContents($path 'config/packages/security.yaml'),
  220.                 $input->getOption('firewall-name'),
  221.                 $entryPoint,
  222.                 $input->getArgument('authenticator-class'),
  223.                 $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false
  224.             );
  225.             $generator->dumpFile($path$newYaml);
  226.             $securityYamlUpdated true;
  227.         } catch (YamlManipulationFailedException $e) {
  228.         }
  230.         if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  231.             $this->generateFormLoginFiles(
  232.                 $input->getArgument('controller-class'),
  233.                 $input->getArgument('username-field'),
  234.                 $input->getArgument('logout-setup')
  235.             );
  236.         }
  238.         $generator->writeChanges();
  240.         $this->writeSuccessMessage($io);
  242.         $io->text(
  243.             $this->generateNextMessage(
  244.                 $securityYamlUpdated,
  245.                 $input->getArgument('authenticator-type'),
  246.                 $input->getArgument('authenticator-class'),
  247.                 $securityData,
  248.                 $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  249.                 $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false
  250.             )
  251.         );
  252.     }
  254.     private function generateAuthenticatorClass(array $securityDatastring $authenticatorTypestring $authenticatorClass$userClass$userNameField): void
  255.     {
  256.         $useStatements = new UseStatementGenerator([
  257.             Request::class,
  258.             Response::class,
  259.             TokenInterface::class,
  260.             Passport::class,
  261.         ]);
  263.         // generate authenticator class
  264.         if (self::AUTH_TYPE_EMPTY_AUTHENTICATOR === $authenticatorType) {
  265.             $useStatements->addUseStatement([
  266.                 AuthenticationException::class,
  267.                 AbstractAuthenticator::class,
  268.             ]);
  270.             $this->generator->generateClass(
  271.                 $authenticatorClass,
  272.                 'authenticator/EmptyAuthenticator.tpl.php',
  273.                 ['use_statements' => $useStatements]
  274.             );
  276.             return;
  277.         }
  279.         $useStatements->addUseStatement([
  280.             RedirectResponse::class,
  281.             UrlGeneratorInterface::class,
  282.             Security::class,
  283.             AbstractLoginFormAuthenticator::class,
  284.             CsrfTokenBadge::class,
  285.             UserBadge::class,
  286.             PasswordCredentials::class,
  287.             TargetPathTrait::class,
  288.         ]);
  290.         $userClassNameDetails $this->generator->createClassNameDetails(
  291.             '\\'.$userClass,
  292.             'Entity\\'
  293.         );
  295.         $this->generator->generateClass(
  296.             $authenticatorClass,
  297.             'authenticator/LoginFormAuthenticator.tpl.php',
  298.             [
  299.                 'use_statements' => $useStatements,
  300.                 'user_fully_qualified_class_name' => trim($userClassNameDetails->getFullName(), '\\'),
  301.                 'user_class_name' => $userClassNameDetails->getShortName(),
  302.                 'username_field' => $userNameField,
  303.                 'username_field_label' => Str::asHumanWords($userNameField),
  304.                 'username_field_var' => Str::asLowerCamelCase($userNameField),
  305.                 'user_needs_encoder' => $this->userClassHasEncoder($securityData$userClass),
  306.                 'user_is_entity' => $this->doctrineHelper->isClassAMappedEntity($userClass),
  307.             ]
  308.         );
  309.     }
  311.     private function generateFormLoginFiles(string $controllerClassstring $userNameFieldbool $logoutSetup): void
  312.     {
  313.         $controllerClassNameDetails $this->generator->createClassNameDetails(
  314.             $controllerClass,
  315.             'Controller\\',
  316.             'Controller'
  317.         );
  319.         if (!class_exists($controllerClassNameDetails->getFullName())) {
  320.             $useStatements = new UseStatementGenerator([
  321.                 AbstractController::class,
  322.                 Route::class,
  323.                 AuthenticationUtils::class,
  324.             ]);
  326.             $controllerPath $this->generator->generateController(
  327.                 $controllerClassNameDetails->getFullName(),
  328.                 'authenticator/EmptySecurityController.tpl.php',
  329.                 ['use_statements' => $useStatements]
  330.             );
  332.             $controllerSourceCode $this->generator->getFileContentsForPendingOperation($controllerPath);
  333.         } else {
  334.             $controllerPath $this->fileManager->getRelativePathForFutureClass($controllerClassNameDetails->getFullName());
  335.             $controllerSourceCode $this->fileManager->getFileContents($controllerPath);
  336.         }
  338.         if (method_exists($controllerClassNameDetails->getFullName(), 'login')) {
  339.             throw new RuntimeCommandException(sprintf('Method "login" already exists on class %s'$controllerClassNameDetails->getFullName()));
  340.         }
  342.         $manipulator = new ClassSourceManipulator($controllerSourceCodetrue);
  344.         $this->securityControllerBuilder->addLoginMethod($manipulator);
  346.         if ($logoutSetup) {
  347.             $this->securityControllerBuilder->addLogoutMethod($manipulator);
  348.         }
  350.         $this->generator->dumpFile($controllerPath$manipulator->getSourceCode());
  352.         // create login form template
  353.         $this->generator->generateTemplate(
  354.             'security/login.html.twig',
  355.             'authenticator/login_form.tpl.php',
  356.             [
  357.                 'username_field' => $userNameField,
  358.                 'username_is_email' => false !== stripos($userNameField'email'),
  359.                 'username_label' => ucfirst(Str::asHumanWords($userNameField)),
  360.                 'logout_setup' => $logoutSetup,
  361.             ]
  362.         );
  363.     }
  365.     private function generateNextMessage(bool $securityYamlUpdatedstring $authenticatorTypestring $authenticatorClass, array $securityData$userClassbool $logoutSetup): array
  366.     {
  367.         $nextTexts = ['Next:'];
  368.         $nextTexts[] = '- Customize your new authenticator.';
  370.         if (!$securityYamlUpdated) {
  371.             $yamlExample $this->configUpdater->updateForAuthenticator(
  372.                 'security: {}',
  373.                 'main',
  374.                 null,
  375.                 $authenticatorClass,
  376.                 $logoutSetup
  377.             );
  378.             $nextTexts[] = "- Your <info>security.yaml</info> could not be updated automatically. You'll need to add the following config manually:\n\n".$yamlExample;
  379.         }
  381.         if (self::AUTH_TYPE_FORM_LOGIN === $authenticatorType) {
  382.             $nextTexts[] = sprintf('- Finish the redirect "TODO" in the <info>%s::onAuthenticationSuccess()</info> method.'$authenticatorClass);
  384.             if (!$this->doctrineHelper->isClassAMappedEntity($userClass)) {
  385.                 $nextTexts[] = sprintf('- Review <info>%s::getUser()</info> to make sure it matches your needs.'$authenticatorClass);
  386.             }
  388.             $nextTexts[] = '- Review & adapt the login template: <info>'.$this->fileManager->getPathForTemplate('security/login.html.twig').'</info>.';
  389.         }
  391.         return $nextTexts;
  392.     }
  394.     private function userClassHasEncoder(array $securityDatastring $userClass): bool
  395.     {
  396.         $userNeedsEncoder false;
  397.         $hashersData $securityData['security']['encoders'] ?? $securityData['security']['encoders'] ?? [];
  399.         foreach ($hashersData as $userClassWithEncoder => $encoder) {
  400.             if ($userClass === $userClassWithEncoder || is_subclass_of($userClass$userClassWithEncoder) || class_implements($userClass$userClassWithEncoder)) {
  401.                 $userNeedsEncoder true;
  402.             }
  403.         }
  405.         return $userNeedsEncoder;
  406.     }
  408.     public function configureDependencies(DependencyBuilder $dependenciesInputInterface $input null): void
  409.     {
  410.         $dependencies->addClassDependency(
  411.             SecurityBundle::class,
  412.             'security'
  413.         );
  415.         // needed to update the YAML files
  416.         $dependencies->addClassDependency(
  417.             Yaml::class,
  418.             'yaml'
  419.         );
  420.     }
  421. }