vendor/symfony/maker-bundle/src/Maker/MakeAuthenticator.php line 463

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony MakerBundle package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Bundle\MakerBundle\Maker;
  14. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  15. use Symfony\Bundle\MakerBundle\ConsoleStyle;
  16. use Symfony\Bundle\MakerBundle\DependencyBuilder;
  17. use Symfony\Bundle\MakerBundle\Doctrine\DoctrineHelper;
  18. use Symfony\Bundle\MakerBundle\Exception\RuntimeCommandException;
  19. use Symfony\Bundle\MakerBundle\FileManager;
  20. use Symfony\Bundle\MakerBundle\Generator;
  21. use Symfony\Bundle\MakerBundle\InputConfiguration;
  22. use Symfony\Bundle\MakerBundle\Security\InteractiveSecurityHelper;
  23. use Symfony\Bundle\MakerBundle\Security\SecurityConfigUpdater;
  24. use Symfony\Bundle\MakerBundle\Security\SecurityControllerBuilder;
  25. use Symfony\Bundle\MakerBundle\Str;
  26. use Symfony\Bundle\MakerBundle\Util\ClassSourceManipulator;
  27. use Symfony\Bundle\MakerBundle\Util\UseStatementGenerator;
  28. use Symfony\Bundle\MakerBundle\Util\YamlManipulationFailedException;
  29. use Symfony\Bundle\MakerBundle\Util\YamlSourceManipulator;
  30. use Symfony\Bundle\MakerBundle\Validator;
  31. use Symfony\Bundle\SecurityBundle\Security;
  32. use Symfony\Bundle\SecurityBundle\SecurityBundle;
  33. use Symfony\Bundle\TwigBundle\TwigBundle;
  34. use Symfony\Component\Console\Command\Command;
  35. use Symfony\Component\Console\Input\InputArgument;
  36. use Symfony\Component\Console\Input\InputInterface;
  37. use Symfony\Component\Console\Input\InputOption;
  38. use Symfony\Component\Console\Question\Question;
  39. use Symfony\Component\HttpFoundation\RedirectResponse;
  40. use Symfony\Component\HttpFoundation\Request;
  41. use Symfony\Component\HttpFoundation\Response;
  42. use Symfony\Component\Routing\Annotation\Route;
  43. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  44. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  45. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  46. use Symfony\Component\Security\Core\Security as LegacySecurity;
  47. use Symfony\Component\Security\Guard\AuthenticatorInterface as GuardAuthenticatorInterface;
  48. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  49. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  50. use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
  51. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  52. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\RememberMeBadge;
  53. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  54. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  55. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  56. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  57. use Symfony\Component\Yaml\Yaml;
  59. /**
  60.  * @author Ryan Weaver   <ryan@symfonycasts.com>
  61.  * @author Jesse Rushlow <jr@rushlow.dev>
  62.  *
  63.  * @internal
  64.  */
  65. final class MakeAuthenticator extends AbstractMaker
  66. {
  67.     private const AUTH_TYPE_EMPTY_AUTHENTICATOR 'empty-authenticator';
  68.     private const AUTH_TYPE_FORM_LOGIN 'form-login';
  70.     private const REMEMBER_ME_TYPE_ALWAYS 'always';
  71.     private const REMEMBER_ME_TYPE_CHECKBOX 'checkbox';
  73.     public function __construct(
  74.         private FileManager $fileManager,
  75.         private SecurityConfigUpdater $configUpdater,
  76.         private Generator $generator,
  77.         private DoctrineHelper $doctrineHelper,
  78.         private SecurityControllerBuilder $securityControllerBuilder,
  79.     ) {
  80.     }
  82.     public static function getCommandName(): string
  83.     {
  84.         return 'make:auth';
  85.     }
  87.     public static function getCommandDescription(): string
  88.     {
  89.         return 'Creates a Guard authenticator of different flavors';
  90.     }
  92.     public function configureCommand(Command $commandInputConfiguration $inputConfig): void
  93.     {
  94.         $command
  95.             ->setHelp(file_get_contents(__DIR__.'/../Resources/help/MakeAuth.txt'));
  96.     }
  98.     public function interact(InputInterface $inputConsoleStyle $ioCommand $command): void
  99.     {
  100.         if (!$this->fileManager->fileExists($path 'config/packages/security.yaml')) {
  101.             throw new RuntimeCommandException('The file "config/packages/security.yaml" does not exist. PHP & XML configuration formats are currently not supported.');
  102.         }
  103.         $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents($path));
  104.         $securityData $manipulator->getData();
  106.         // @legacy - Can be removed when Symfony 5.4 support is dropped
  107.         if (interface_exists(GuardAuthenticatorInterface::class) && !($securityData['security']['enable_authenticator_manager'] ?? false)) {
  108.             throw new RuntimeCommandException('MakerBundle only supports the new authenticator based security system. See https://symfony.com/doc/current/security.html');
  109.         }
  111.         // authenticator type
  112.         $authenticatorTypeValues = [
  113.             'Empty authenticator' => self::AUTH_TYPE_EMPTY_AUTHENTICATOR,
  114.             'Login form authenticator' => self::AUTH_TYPE_FORM_LOGIN,
  115.         ];
  116.         $command->addArgument('authenticator-type'InputArgument::REQUIRED);
  117.         $authenticatorType $io->choice(
  118.             'What style of authentication do you want?',
  119.             array_keys($authenticatorTypeValues),
  120.             key($authenticatorTypeValues)
  121.         );
  122.         $input->setArgument(
  123.             'authenticator-type',
  124.             $authenticatorTypeValues[$authenticatorType]
  125.         );
  127.         if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  128.             $neededDependencies = [TwigBundle::class => 'twig'];
  129.             $missingPackagesMessage $this->addDependencies($neededDependencies'Twig must be installed to display the login form.');
  131.             if ($missingPackagesMessage) {
  132.                 throw new RuntimeCommandException($missingPackagesMessage);
  133.             }
  135.             if (!isset($securityData['security']['providers']) || !$securityData['security']['providers']) {
  136.                 throw new RuntimeCommandException('To generate a form login authentication, you must configure at least one entry under "providers" in "security.yaml".');
  137.             }
  138.         }
  140.         // authenticator class
  141.         $command->addArgument('authenticator-class'InputArgument::REQUIRED);
  142.         $questionAuthenticatorClass = new Question('The class name of the authenticator to create (e.g. <fg=yellow>AppCustomAuthenticator</>)');
  143.         $questionAuthenticatorClass->setValidator(
  144.             function ($answer) {
  145.                 Validator::notBlank($answer);
  147.                 return Validator::classDoesNotExist(
  148.                     $this->generator->createClassNameDetails($answer'Security\\''Authenticator')->getFullName()
  149.                 );
  150.             }
  151.         );
  152.         $input->setArgument('authenticator-class'$io->askQuestion($questionAuthenticatorClass));
  154.         $interactiveSecurityHelper = new InteractiveSecurityHelper();
  155.         $command->addOption('firewall-name'nullInputOption::VALUE_OPTIONAL);
  156.         $input->setOption('firewall-name'$firewallName $interactiveSecurityHelper->guessFirewallName($io$securityData));
  158.         $command->addOption('entry-point'nullInputOption::VALUE_OPTIONAL);
  160.         if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  161.             $command->addArgument('controller-class'InputArgument::REQUIRED);
  162.             $input->setArgument(
  163.                 'controller-class',
  164.                 $io->ask(
  165.                     'Choose a name for the controller class (e.g. <fg=yellow>SecurityController</>)',
  166.                     'SecurityController',
  167.                     [Validator::class, 'validateClassName']
  168.                 )
  169.             );
  171.             $command->addArgument('user-class'InputArgument::REQUIRED);
  172.             $input->setArgument(
  173.                 'user-class',
  174.                 $userClass $interactiveSecurityHelper->guessUserClass($io$securityData['security']['providers'])
  175.             );
  177.             $command->addArgument('username-field'InputArgument::REQUIRED);
  178.             $input->setArgument(
  179.                 'username-field',
  180.                 $interactiveSecurityHelper->guessUserNameField($io$userClass$securityData['security']['providers'])
  181.             );
  183.             $command->addArgument('logout-setup'InputArgument::REQUIRED);
  184.             $input->setArgument(
  185.                 'logout-setup',
  186.                 $io->confirm(
  187.                     'Do you want to generate a \'/logout\' URL?',
  188.                     true
  189.                 )
  190.             );
  192.             $command->addArgument('support-remember-me'InputArgument::REQUIRED);
  193.             $input->setArgument(
  194.                 'support-remember-me',
  195.                 $io->confirm(
  196.                     'Do you want to support remember me?',
  197.                     true
  198.                 )
  199.             );
  201.             if ($input->getArgument('support-remember-me')) {
  202.                 $supportRememberMeValues = [
  203.                     'Activate when the user checks a box' => self::REMEMBER_ME_TYPE_CHECKBOX,
  204.                     'Always activate remember me' => self::REMEMBER_ME_TYPE_ALWAYS,
  205.                 ];
  206.                 $command->addArgument('always-remember-me'InputArgument::REQUIRED);
  208.                 $supportRememberMeType $io->choice(
  209.                     'How should remember me be activated?',
  210.                     array_keys($supportRememberMeValues),
  211.                     key($supportRememberMeValues)
  212.                 );
  214.                 $input->setArgument(
  215.                     'always-remember-me',
  216.                     $supportRememberMeValues[$supportRememberMeType]
  217.                 );
  218.             }
  219.         }
  220.     }
  222.     public function generate(InputInterface $inputConsoleStyle $ioGenerator $generator): void
  223.     {
  224.         $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents('config/packages/security.yaml'));
  225.         $securityData $manipulator->getData();
  227.         $supportRememberMe $input->hasArgument('support-remember-me') ? $input->getArgument('support-remember-me') : false;
  228.         $alwaysRememberMe $input->hasArgument('always-remember-me') ? $input->getArgument('always-remember-me') : false;
  230.         $this->generateAuthenticatorClass(
  231.             $securityData,
  232.             $input->getArgument('authenticator-type'),
  233.             $input->getArgument('authenticator-class'),
  234.             $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  235.             $input->hasArgument('username-field') ? $input->getArgument('username-field') : null,
  236.             $supportRememberMe,
  237.         );
  239.         // update security.yaml with guard config
  240.         $securityYamlUpdated false;
  242.         $entryPoint $input->getOption('entry-point');
  244.         if (self::AUTH_TYPE_FORM_LOGIN !== $input->getArgument('authenticator-type')) {
  245.             $entryPoint false;
  246.         }
  248.         try {
  249.             $newYaml $this->configUpdater->updateForAuthenticator(
  250.                 $this->fileManager->getFileContents($path 'config/packages/security.yaml'),
  251.                 $input->getOption('firewall-name'),
  252.                 $entryPoint,
  253.                 $input->getArgument('authenticator-class'),
  254.                 $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false,
  255.                 $supportRememberMe,
  256.                 $alwaysRememberMe
  257.             );
  258.             $generator->dumpFile($path$newYaml);
  259.             $securityYamlUpdated true;
  260.         } catch (YamlManipulationFailedException) {
  261.         }
  263.         if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  264.             $this->generateFormLoginFiles(
  265.                 $input->getArgument('controller-class'),
  266.                 $input->getArgument('username-field'),
  267.                 $input->getArgument('logout-setup'),
  268.                 $supportRememberMe,
  269.                 $alwaysRememberMe,
  270.             );
  271.         }
  273.         $generator->writeChanges();
  275.         $this->writeSuccessMessage($io);
  277.         $io->text(
  278.             $this->generateNextMessage(
  279.                 $securityYamlUpdated,
  280.                 $input->getArgument('authenticator-type'),
  281.                 $input->getArgument('authenticator-class'),
  282.                 $securityData,
  283.                 $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  284.                 $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false,
  285.                 $supportRememberMe,
  286.                 $alwaysRememberMe
  287.             )
  288.         );
  289.     }
  291.     private function generateAuthenticatorClass(array $securityDatastring $authenticatorTypestring $authenticatorClass$userClass$userNameFieldbool $supportRememberMe): void
  292.     {
  293.         $useStatements = new UseStatementGenerator([
  294.             Request::class,
  295.             Response::class,
  296.             TokenInterface::class,
  297.             Passport::class,
  298.         ]);
  300.         // generate authenticator class
  301.         if (self::AUTH_TYPE_EMPTY_AUTHENTICATOR === $authenticatorType) {
  302.             $useStatements->addUseStatement([
  303.                 AuthenticationException::class,
  304.                 AbstractAuthenticator::class,
  305.             ]);
  307.             $this->generator->generateClass(
  308.                 $authenticatorClass,
  309.                 'authenticator/EmptyAuthenticator.tpl.php',
  310.                 ['use_statements' => $useStatements]
  311.             );
  313.             return;
  314.         }
  316.         $useStatements->addUseStatement([
  317.             RedirectResponse::class,
  318.             UrlGeneratorInterface::class,
  319.             AbstractLoginFormAuthenticator::class,
  320.             CsrfTokenBadge::class,
  321.             UserBadge::class,
  322.             PasswordCredentials::class,
  323.             TargetPathTrait::class,
  324.         ]);
  326.         // @legacy - Can be removed when Symfony 5.4 support is dropped
  327.         if (class_exists(Security::class)) {
  328.             $useStatements->addUseStatement(Security::class);
  329.         } else {
  330.             $useStatements->addUseStatement(LegacySecurity::class);
  331.         }
  333.         if ($supportRememberMe) {
  334.             $useStatements->addUseStatement(RememberMeBadge::class);
  335.         }
  337.         $userClassNameDetails $this->generator->createClassNameDetails(
  338.             '\\'.$userClass,
  339.             'Entity\\'
  340.         );
  342.         $this->generator->generateClass(
  343.             $authenticatorClass,
  344.             'authenticator/LoginFormAuthenticator.tpl.php',
  345.             [
  346.                 'use_statements' => $useStatements,
  347.                 'user_fully_qualified_class_name' => trim($userClassNameDetails->getFullName(), '\\'),
  348.                 'user_class_name' => $userClassNameDetails->getShortName(),
  349.                 'username_field' => $userNameField,
  350.                 'username_field_label' => Str::asHumanWords($userNameField),
  351.                 'username_field_var' => Str::asLowerCamelCase($userNameField),
  352.                 'user_needs_encoder' => $this->userClassHasEncoder($securityData$userClass),
  353.                 'user_is_entity' => $this->doctrineHelper->isClassAMappedEntity($userClass),
  354.                 'remember_me_badge' => $supportRememberMe,
  355.             ]
  356.         );
  357.     }
  359.     private function generateFormLoginFiles(string $controllerClassstring $userNameFieldbool $logoutSetupbool $supportRememberMebool $alwaysRememberMe): void
  360.     {
  361.         $controllerClassNameDetails $this->generator->createClassNameDetails(
  362.             $controllerClass,
  363.             'Controller\\',
  364.             'Controller'
  365.         );
  367.         if (!class_exists($controllerClassNameDetails->getFullName())) {
  368.             $useStatements = new UseStatementGenerator([
  369.                 AbstractController::class,
  370.                 Route::class,
  371.                 AuthenticationUtils::class,
  372.             ]);
  374.             $controllerPath $this->generator->generateController(
  375.                 $controllerClassNameDetails->getFullName(),
  376.                 'authenticator/EmptySecurityController.tpl.php',
  377.                 ['use_statements' => $useStatements]
  378.             );
  380.             $controllerSourceCode $this->generator->getFileContentsForPendingOperation($controllerPath);
  381.         } else {
  382.             $controllerPath $this->fileManager->getRelativePathForFutureClass($controllerClassNameDetails->getFullName());
  383.             $controllerSourceCode $this->fileManager->getFileContents($controllerPath);
  384.         }
  386.         if (method_exists($controllerClassNameDetails->getFullName(), 'login')) {
  387.             throw new RuntimeCommandException(sprintf('Method "login" already exists on class %s'$controllerClassNameDetails->getFullName()));
  388.         }
  390.         $manipulator = new ClassSourceManipulator(
  391.             sourceCode$controllerSourceCode,
  392.             overwritetrue
  393.         );
  395.         $this->securityControllerBuilder->addLoginMethod($manipulator);
  397.         if ($logoutSetup) {
  398.             $this->securityControllerBuilder->addLogoutMethod($manipulator);
  399.         }
  401.         $this->generator->dumpFile($controllerPath$manipulator->getSourceCode());
  403.         // create login form template
  404.         $this->generator->generateTemplate(
  405.             'security/login.html.twig',
  406.             'authenticator/login_form.tpl.php',
  407.             [
  408.                 'username_field' => $userNameField,
  409.                 'username_is_email' => false !== stripos($userNameField'email'),
  410.                 'username_label' => ucfirst(Str::asHumanWords($userNameField)),
  411.                 'logout_setup' => $logoutSetup,
  412.                 'support_remember_me' => $supportRememberMe,
  413.                 'always_remember_me' => $alwaysRememberMe,
  414.             ]
  415.         );
  416.     }
  418.     private function generateNextMessage(bool $securityYamlUpdatedstring $authenticatorTypestring $authenticatorClass, array $securityData$userClassbool $logoutSetupbool $supportRememberMebool $alwaysRememberMe): array
  419.     {
  420.         $nextTexts = ['Next:'];
  421.         $nextTexts[] = '- Customize your new authenticator.';
  423.         if (!$securityYamlUpdated) {
  424.             $yamlExample $this->configUpdater->updateForAuthenticator(
  425.                 'security: {}',
  426.                 'main',
  427.                 null,
  428.                 $authenticatorClass,
  429.                 $logoutSetup,
  430.                 $supportRememberMe,
  431.                 $alwaysRememberMe
  432.             );
  433.             $nextTexts[] = "- Your <info>security.yaml</info> could not be updated automatically. You'll need to add the following config manually:\n\n".$yamlExample;
  434.         }
  436.         if (self::AUTH_TYPE_FORM_LOGIN === $authenticatorType) {
  437.             $nextTexts[] = sprintf('- Finish the redirect "TODO" in the <info>%s::onAuthenticationSuccess()</info> method.'$authenticatorClass);
  439.             if (!$this->doctrineHelper->isClassAMappedEntity($userClass)) {
  440.                 $nextTexts[] = sprintf('- Review <info>%s::getUser()</info> to make sure it matches your needs.'$authenticatorClass);
  441.             }
  443.             $nextTexts[] = '- Review & adapt the login template: <info>'.$this->fileManager->getPathForTemplate('security/login.html.twig').'</info>.';
  444.         }
  446.         return $nextTexts;
  447.     }
  449.     private function userClassHasEncoder(array $securityDatastring $userClass): bool
  450.     {
  451.         $userNeedsEncoder false;
  452.         $hashersData $securityData['security']['encoders'] ?? $securityData['security']['encoders'] ?? [];
  454.         foreach ($hashersData as $userClassWithEncoder => $encoder) {
  455.             if ($userClass === $userClassWithEncoder || is_subclass_of($userClass$userClassWithEncoder) || class_implements($userClass$userClassWithEncoder)) {
  456.                 $userNeedsEncoder true;
  457.             }
  458.         }
  460.         return $userNeedsEncoder;
  461.     }
  463.     public function configureDependencies(DependencyBuilder $dependenciesInputInterface $input null): void
  464.     {
  465.         $dependencies->addClassDependency(
  466.             SecurityBundle::class,
  467.             'security'
  468.         );
  470.         // needed to update the YAML files
  471.         $dependencies->addClassDependency(
  472.             Yaml::class,
  473.             'yaml'
  474.         );
  475.     }
  476. }