vendor/symfony/maker-bundle/src/Maker/MakeAuthenticator.php line 408

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony MakerBundle package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Bundle\MakerBundle\Maker;
  14. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  15. use Symfony\Bundle\MakerBundle\ConsoleStyle;
  16. use Symfony\Bundle\MakerBundle\DependencyBuilder;
  17. use Symfony\Bundle\MakerBundle\Doctrine\DoctrineHelper;
  18. use Symfony\Bundle\MakerBundle\Exception\RuntimeCommandException;
  19. use Symfony\Bundle\MakerBundle\FileManager;
  20. use Symfony\Bundle\MakerBundle\Generator;
  21. use Symfony\Bundle\MakerBundle\InputConfiguration;
  22. use Symfony\Bundle\MakerBundle\Security\InteractiveSecurityHelper;
  23. use Symfony\Bundle\MakerBundle\Security\SecurityConfigUpdater;
  24. use Symfony\Bundle\MakerBundle\Security\SecurityControllerBuilder;
  25. use Symfony\Bundle\MakerBundle\Str;
  26. use Symfony\Bundle\MakerBundle\Util\ClassSourceManipulator;
  27. use Symfony\Bundle\MakerBundle\Util\UseStatementGenerator;
  28. use Symfony\Bundle\MakerBundle\Util\YamlManipulationFailedException;
  29. use Symfony\Bundle\MakerBundle\Util\YamlSourceManipulator;
  30. use Symfony\Bundle\MakerBundle\Validator;
  31. use Symfony\Bundle\SecurityBundle\SecurityBundle;
  32. use Symfony\Bundle\TwigBundle\TwigBundle;
  33. use Symfony\Component\Console\Command\Command;
  34. use Symfony\Component\Console\Input\InputArgument;
  35. use Symfony\Component\Console\Input\InputInterface;
  36. use Symfony\Component\Console\Input\InputOption;
  37. use Symfony\Component\Console\Question\Question;
  38. use Symfony\Component\HttpFoundation\RedirectResponse;
  39. use Symfony\Component\HttpFoundation\Request;
  40. use Symfony\Component\HttpFoundation\Response;
  41. use Symfony\Component\Routing\Annotation\Route;
  42. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  43. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  44. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  45. use Symfony\Component\Security\Core\Security;
  46. use Symfony\Component\Security\Guard\AuthenticatorInterface as GuardAuthenticatorInterface;
  47. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  48. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  49. use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
  50. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  51. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  52. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  53. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  54. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  55. use Symfony\Component\Yaml\Yaml;
  57. /**
  58. * @author Ryan Weaver <ryan@symfonycasts.com>
  59. * @author Jesse Rushlow <jr@rushlow.dev>
  60. *
  61. * @internal
  62. */
  63. final class MakeAuthenticator extends AbstractMaker
  64. {
  65. private const AUTH_TYPE_EMPTY_AUTHENTICATOR = 'empty-authenticator';
  66. private const AUTH_TYPE_FORM_LOGIN = 'form-login';
  68. private $fileManager;
  69. private $configUpdater;
  70. private $generator;
  71. private $doctrineHelper;
  72. private $securityControllerBuilder;
  74. public function __construct(FileManager $fileManager, SecurityConfigUpdater $configUpdater, Generator $generator, DoctrineHelper $doctrineHelper, SecurityControllerBuilder $securityControllerBuilder)
  75. {
  76. $this->fileManager = $fileManager;
  77. $this->configUpdater = $configUpdater;
  78. $this->generator = $generator;
  79. $this->doctrineHelper = $doctrineHelper;
  80. $this->securityControllerBuilder = $securityControllerBuilder;
  81. }
  83. public static function getCommandName(): string
  84. {
  85. return 'make:auth';
  86. }
  88. public static function getCommandDescription(): string
  89. {
  90. return 'Creates a Guard authenticator of different flavors';
  91. }
  93. public function configureCommand(Command $command, InputConfiguration $inputConfig): void
  94. {
  95. $command
  96. ->setHelp(file_get_contents(__DIR__.'/../Resources/help/MakeAuth.txt'));
  97. }
  99. public function interact(InputInterface $input, ConsoleStyle $io, Command $command): void
  100. {
  101. if (!$this->fileManager->fileExists($path = 'config/packages/security.yaml')) {
  102. throw new RuntimeCommandException('The file "config/packages/security.yaml" does not exist. This command requires that file to exist so that it can be updated.');
  103. }
  104. $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents($path));
  105. $securityData = $manipulator->getData();
  107. // @legacy - Can be removed when Symfony 5.4 support is dropped
  108. if (interface_exists(GuardAuthenticatorInterface::class) && !($securityData['security']['enable_authenticator_manager'] ?? false)) {
  109. throw new RuntimeCommandException('MakerBundle only supports the new authenticator based security system. See https://symfony.com/doc/current/security.html');
  110. }
  112. // authenticator type
  113. $authenticatorTypeValues = [
  114. 'Empty authenticator' => self::AUTH_TYPE_EMPTY_AUTHENTICATOR,
  115. 'Login form authenticator' => self::AUTH_TYPE_FORM_LOGIN,
  116. ];
  117. $command->addArgument('authenticator-type', InputArgument::REQUIRED);
  118. $authenticatorType = $io->choice(
  119. 'What style of authentication do you want?',
  120. array_keys($authenticatorTypeValues),
  121. key($authenticatorTypeValues)
  122. );
  123. $input->setArgument(
  124. 'authenticator-type',
  125. $authenticatorTypeValues[$authenticatorType]
  126. );
  128. if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  129. $neededDependencies = [TwigBundle::class => 'twig'];
  130. $missingPackagesMessage = $this->addDependencies($neededDependencies, 'Twig must be installed to display the login form.');
  132. if ($missingPackagesMessage) {
  133. throw new RuntimeCommandException($missingPackagesMessage);
  134. }
  136. if (!isset($securityData['security']['providers']) || !$securityData['security']['providers']) {
  137. throw new RuntimeCommandException('To generate a form login authentication, you must configure at least one entry under "providers" in "security.yaml".');
  138. }
  139. }
  141. // authenticator class
  142. $command->addArgument('authenticator-class', InputArgument::REQUIRED);
  143. $questionAuthenticatorClass = new Question('The class name of the authenticator to create (e.g. <fg=yellow>AppCustomAuthenticator</>)');
  144. $questionAuthenticatorClass->setValidator(
  145. function ($answer) {
  146. Validator::notBlank($answer);
  148. return Validator::classDoesNotExist(
  149. $this->generator->createClassNameDetails($answer, 'Security\\', 'Authenticator')->getFullName()
  150. );
  151. }
  152. );
  153. $input->setArgument('authenticator-class', $io->askQuestion($questionAuthenticatorClass));
  155. $interactiveSecurityHelper = new InteractiveSecurityHelper();
  156. $command->addOption('firewall-name', null, InputOption::VALUE_OPTIONAL);
  157. $input->setOption('firewall-name', $firewallName = $interactiveSecurityHelper->guessFirewallName($io, $securityData));
  159. $command->addOption('entry-point', null, InputOption::VALUE_OPTIONAL);
  161. if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  162. $command->addArgument('controller-class', InputArgument::REQUIRED);
  163. $input->setArgument(
  164. 'controller-class',
  165. $io->ask(
  166. 'Choose a name for the controller class (e.g. <fg=yellow>SecurityController</>)',
  167. 'SecurityController',
  168. [Validator::class, 'validateClassName']
  169. )
  170. );
  172. $command->addArgument('user-class', InputArgument::REQUIRED);
  173. $input->setArgument(
  174. 'user-class',
  175. $userClass = $interactiveSecurityHelper->guessUserClass($io, $securityData['security']['providers'])
  176. );
  178. $command->addArgument('username-field', InputArgument::REQUIRED);
  179. $input->setArgument(
  180. 'username-field',
  181. $interactiveSecurityHelper->guessUserNameField($io, $userClass, $securityData['security']['providers'])
  182. );
  184. $command->addArgument('logout-setup', InputArgument::REQUIRED);
  185. $input->setArgument(
  186. 'logout-setup',
  187. $io->confirm(
  188. 'Do you want to generate a \'/logout\' URL?',
  189. true
  190. )
  191. );
  192. }
  193. }
  195. public function generate(InputInterface $input, ConsoleStyle $io, Generator $generator): void
  196. {
  197. $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents('config/packages/security.yaml'));
  198. $securityData = $manipulator->getData();
  200. $this->generateAuthenticatorClass(
  201. $securityData,
  202. $input->getArgument('authenticator-type'),
  203. $input->getArgument('authenticator-class'),
  204. $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  205. $input->hasArgument('username-field') ? $input->getArgument('username-field') : null
  206. );
  208. // update security.yaml with guard config
  209. $securityYamlUpdated = false;
  211. $entryPoint = $input->getOption('entry-point');
  213. if (self::AUTH_TYPE_FORM_LOGIN !== $input->getArgument('authenticator-type')) {
  214. $entryPoint = false;
  215. }
  217. try {
  218. $newYaml = $this->configUpdater->updateForAuthenticator(
  219. $this->fileManager->getFileContents($path = 'config/packages/security.yaml'),
  220. $input->getOption('firewall-name'),
  221. $entryPoint,
  222. $input->getArgument('authenticator-class'),
  223. $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false
  224. );
  225. $generator->dumpFile($path, $newYaml);
  226. $securityYamlUpdated = true;
  227. } catch (YamlManipulationFailedException $e) {
  228. }
  230. if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  231. $this->generateFormLoginFiles(
  232. $input->getArgument('controller-class'),
  233. $input->getArgument('username-field'),
  234. $input->getArgument('logout-setup')
  235. );
  236. }
  238. $generator->writeChanges();
  240. $this->writeSuccessMessage($io);
  242. $io->text(
  243. $this->generateNextMessage(
  244. $securityYamlUpdated,
  245. $input->getArgument('authenticator-type'),
  246. $input->getArgument('authenticator-class'),
  247. $securityData,
  248. $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  249. $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false
  250. )
  251. );
  252. }
  254. private function generateAuthenticatorClass(array $securityData, string $authenticatorType, string $authenticatorClass, $userClass, $userNameField): void
  255. {
  256. $useStatements = new UseStatementGenerator([
  257. Request::class,
  258. Response::class,
  259. TokenInterface::class,
  260. Passport::class,
  261. ]);
  263. // generate authenticator class
  264. if (self::AUTH_TYPE_EMPTY_AUTHENTICATOR === $authenticatorType) {
  265. $useStatements->addUseStatement([
  266. AuthenticationException::class,
  267. AbstractAuthenticator::class,
  268. ]);
  270. $this->generator->generateClass(
  271. $authenticatorClass,
  272. 'authenticator/EmptyAuthenticator.tpl.php',
  273. ['use_statements' => $useStatements]
  274. );
  276. return;
  277. }
  279. $useStatements->addUseStatement([
  280. RedirectResponse::class,
  281. UrlGeneratorInterface::class,
  282. Security::class,
  283. AbstractLoginFormAuthenticator::class,
  284. CsrfTokenBadge::class,
  285. UserBadge::class,
  286. PasswordCredentials::class,
  287. TargetPathTrait::class,
  288. ]);
  290. $userClassNameDetails = $this->generator->createClassNameDetails(
  291. '\\'.$userClass,
  292. 'Entity\\'
  293. );
  295. $this->generator->generateClass(
  296. $authenticatorClass,
  297. 'authenticator/LoginFormAuthenticator.tpl.php',
  298. [
  299. 'use_statements' => $useStatements,
  300. 'user_fully_qualified_class_name' => trim($userClassNameDetails->getFullName(), '\\'),
  301. 'user_class_name' => $userClassNameDetails->getShortName(),
  302. 'username_field' => $userNameField,
  303. 'username_field_label' => Str::asHumanWords($userNameField),
  304. 'username_field_var' => Str::asLowerCamelCase($userNameField),
  305. 'user_needs_encoder' => $this->userClassHasEncoder($securityData, $userClass),
  306. 'user_is_entity' => $this->doctrineHelper->isClassAMappedEntity($userClass),
  307. ]
  308. );
  309. }
  311. private function generateFormLoginFiles(string $controllerClass, string $userNameField, bool $logoutSetup): void
  312. {
  313. $controllerClassNameDetails = $this->generator->createClassNameDetails(
  314. $controllerClass,
  315. 'Controller\\',
  316. 'Controller'
  317. );
  319. if (!class_exists($controllerClassNameDetails->getFullName())) {
  320. $useStatements = new UseStatementGenerator([
  321. AbstractController::class,
  322. Route::class,
  323. AuthenticationUtils::class,
  324. ]);
  326. $controllerPath = $this->generator->generateController(
  327. $controllerClassNameDetails->getFullName(),
  328. 'authenticator/EmptySecurityController.tpl.php',
  329. ['use_statements' => $useStatements]
  330. );
  332. $controllerSourceCode = $this->generator->getFileContentsForPendingOperation($controllerPath);
  333. } else {
  334. $controllerPath = $this->fileManager->getRelativePathForFutureClass($controllerClassNameDetails->getFullName());
  335. $controllerSourceCode = $this->fileManager->getFileContents($controllerPath);
  336. }
  338. if (method_exists($controllerClassNameDetails->getFullName(), 'login')) {
  339. throw new RuntimeCommandException(sprintf('Method "login" already exists on class %s', $controllerClassNameDetails->getFullName()));
  340. }
  342. $manipulator = new ClassSourceManipulator($controllerSourceCode, true);
  344. $this->securityControllerBuilder->addLoginMethod($manipulator);
  346. if ($logoutSetup) {
  347. $this->securityControllerBuilder->addLogoutMethod($manipulator);
  348. }
  350. $this->generator->dumpFile($controllerPath, $manipulator->getSourceCode());
  352. // create login form template
  353. $this->generator->generateTemplate(
  354. 'security/login.html.twig',
  355. 'authenticator/login_form.tpl.php',
  356. [
  357. 'username_field' => $userNameField,
  358. 'username_is_email' => false !== stripos($userNameField, 'email'),
  359. 'username_label' => ucfirst(Str::asHumanWords($userNameField)),
  360. 'logout_setup' => $logoutSetup,
  361. ]
  362. );
  363. }
  365. private function generateNextMessage(bool $securityYamlUpdated, string $authenticatorType, string $authenticatorClass, array $securityData, $userClass, bool $logoutSetup): array
  366. {
  367. $nextTexts = ['Next:'];
  368. $nextTexts[] = '- Customize your new authenticator.';
  370. if (!$securityYamlUpdated) {
  371. $yamlExample = $this->configUpdater->updateForAuthenticator(
  372. 'security: {}',
  373. 'main',
  374. null,
  375. $authenticatorClass,
  376. $logoutSetup
  377. );
  378. $nextTexts[] = "- Your <info>security.yaml</info> could not be updated automatically. You'll need to add the following config manually:\n\n".$yamlExample;
  379. }
  381. if (self::AUTH_TYPE_FORM_LOGIN === $authenticatorType) {
  382. $nextTexts[] = sprintf('- Finish the redirect "TODO" in the <info>%s::onAuthenticationSuccess()</info> method.', $authenticatorClass);
  384. if (!$this->doctrineHelper->isClassAMappedEntity($userClass)) {
  385. $nextTexts[] = sprintf('- Review <info>%s::getUser()</info> to make sure it matches your needs.', $authenticatorClass);
  386. }
  388. $nextTexts[] = '- Review & adapt the login template: <info>'.$this->fileManager->getPathForTemplate('security/login.html.twig').'</info>.';
  389. }
  391. return $nextTexts;
  392. }
  394. private function userClassHasEncoder(array $securityData, string $userClass): bool
  395. {
  396. $userNeedsEncoder = false;
  397. $hashersData = $securityData['security']['encoders'] ?? $securityData['security']['encoders'] ?? [];
  399. foreach ($hashersData as $userClassWithEncoder => $encoder) {
  400. if ($userClass === $userClassWithEncoder || is_subclass_of($userClass, $userClassWithEncoder) || class_implements($userClass, $userClassWithEncoder)) {
  401. $userNeedsEncoder = true;
  402. }
  403. }
  405. return $userNeedsEncoder;
  406. }
  408. public function configureDependencies(DependencyBuilder $dependencies, InputInterface $input = null): void
  409. {
  410. $dependencies->addClassDependency(
  411. SecurityBundle::class,
  412. 'security'
  413. );
  415. // needed to update the YAML files
  416. $dependencies->addClassDependency(
  417. Yaml::class,
  418. 'yaml'
  419. );
  420. }
  421. }