vendor/symfony/maker-bundle/src/Maker/MakeAuthenticator.php line 399

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony MakerBundle package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Bundle\MakerBundle\Maker;
  14. use Symfony\Bundle\MakerBundle\ConsoleStyle;
  15. use Symfony\Bundle\MakerBundle\DependencyBuilder;
  16. use Symfony\Bundle\MakerBundle\Doctrine\DoctrineHelper;
  17. use Symfony\Bundle\MakerBundle\Exception\RuntimeCommandException;
  18. use Symfony\Bundle\MakerBundle\FileManager;
  19. use Symfony\Bundle\MakerBundle\Generator;
  20. use Symfony\Bundle\MakerBundle\InputConfiguration;
  21. use Symfony\Bundle\MakerBundle\Security\InteractiveSecurityHelper;
  22. use Symfony\Bundle\MakerBundle\Security\SecurityConfigUpdater;
  23. use Symfony\Bundle\MakerBundle\Security\SecurityControllerBuilder;
  24. use Symfony\Bundle\MakerBundle\Str;
  25. use Symfony\Bundle\MakerBundle\Util\ClassSourceManipulator;
  26. use Symfony\Bundle\MakerBundle\Util\YamlManipulationFailedException;
  27. use Symfony\Bundle\MakerBundle\Util\YamlSourceManipulator;
  28. use Symfony\Bundle\MakerBundle\Validator;
  29. use Symfony\Bundle\SecurityBundle\SecurityBundle;
  30. use Symfony\Bundle\TwigBundle\TwigBundle;
  31. use Symfony\Component\Console\Command\Command;
  32. use Symfony\Component\Console\Input\InputArgument;
  33. use Symfony\Component\Console\Input\InputInterface;
  34. use Symfony\Component\Console\Input\InputOption;
  35. use Symfony\Component\Console\Question\Question;
  36. use Symfony\Component\Form\Form;
  37. use Symfony\Component\HttpKernel\Kernel;
  38. use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
  39. use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
  40. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  41. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  42. use Symfony\Component\Yaml\Yaml;
  44. /**
  45. * @author Ryan Weaver <ryan@symfonycasts.com>
  46. * @author Jesse Rushlow <jr@rushlow.dev>
  47. *
  48. * @internal
  49. */
  50. final class MakeAuthenticator extends AbstractMaker
  51. {
  52. private const AUTH_TYPE_EMPTY_AUTHENTICATOR = 'empty-authenticator';
  53. private const AUTH_TYPE_FORM_LOGIN = 'form-login';
  55. private $fileManager;
  57. private $configUpdater;
  59. private $generator;
  61. private $doctrineHelper;
  63. private $securityControllerBuilder;
  65. private $useSecurity52 = false;
  67. public function __construct(FileManager $fileManager, SecurityConfigUpdater $configUpdater, Generator $generator, DoctrineHelper $doctrineHelper, SecurityControllerBuilder $securityControllerBuilder)
  68. {
  69. $this->fileManager = $fileManager;
  70. $this->configUpdater = $configUpdater;
  71. $this->generator = $generator;
  72. $this->doctrineHelper = $doctrineHelper;
  73. $this->securityControllerBuilder = $securityControllerBuilder;
  74. }
  76. public static function getCommandName(): string
  77. {
  78. return 'make:auth';
  79. }
  81. public static function getCommandDescription(): string
  82. {
  83. return 'Creates a Guard authenticator of different flavors';
  84. }
  86. public function configureCommand(Command $command, InputConfiguration $inputConfig)
  87. {
  88. $command
  89. ->setHelp(file_get_contents(__DIR__.'/../Resources/help/MakeAuth.txt'));
  90. }
  92. public function interact(InputInterface $input, ConsoleStyle $io, Command $command)
  93. {
  94. if (!$this->fileManager->fileExists($path = 'config/packages/security.yaml')) {
  95. throw new RuntimeCommandException('The file "config/packages/security.yaml" does not exist. This command requires that file to exist so that it can be updated.');
  96. }
  97. $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents($path));
  98. $securityData = $manipulator->getData();
  100. // Determine if we should use new security features introduced in Symfony 5.2
  101. if ($securityData['security']['enable_authenticator_manager'] ?? false) {
  102. $this->useSecurity52 = true;
  103. }
  105. if ($this->useSecurity52 && !class_exists(UserBadge::class)) {
  106. throw new RuntimeCommandException('MakerBundle does not support generating authenticators using the new authenticator system before symfony/security-bundle 5.2. Please upgrade to 5.2 and try again.');
  107. }
  109. // authenticator type
  110. $authenticatorTypeValues = [
  111. 'Empty authenticator' => self::AUTH_TYPE_EMPTY_AUTHENTICATOR,
  112. 'Login form authenticator' => self::AUTH_TYPE_FORM_LOGIN,
  113. ];
  114. $command->addArgument('authenticator-type', InputArgument::REQUIRED);
  115. $authenticatorType = $io->choice(
  116. 'What style of authentication do you want?',
  117. array_keys($authenticatorTypeValues),
  118. key($authenticatorTypeValues)
  119. );
  120. $input->setArgument(
  121. 'authenticator-type',
  122. $authenticatorTypeValues[$authenticatorType]
  123. );
  125. if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  126. $neededDependencies = [TwigBundle::class => 'twig'];
  127. $missingPackagesMessage = 'Twig must be installed to display the login form.';
  129. if (Kernel::VERSION_ID < 40100) {
  130. $neededDependencies[Form::class] = 'symfony/form';
  131. $missingPackagesMessage = 'Twig and symfony/form must be installed to display the login form';
  132. }
  134. $missingPackagesMessage = $this->addDependencies($neededDependencies, $missingPackagesMessage);
  135. if ($missingPackagesMessage) {
  136. throw new RuntimeCommandException($missingPackagesMessage);
  137. }
  139. if (!isset($securityData['security']['providers']) || !$securityData['security']['providers']) {
  140. throw new RuntimeCommandException('To generate a form login authentication, you must configure at least one entry under "providers" in "security.yaml".');
  141. }
  142. }
  144. // authenticator class
  145. $command->addArgument('authenticator-class', InputArgument::REQUIRED);
  146. $questionAuthenticatorClass = new Question('The class name of the authenticator to create (e.g. <fg=yellow>AppCustomAuthenticator</>)');
  147. $questionAuthenticatorClass->setValidator(
  148. function ($answer) {
  149. Validator::notBlank($answer);
  151. return Validator::classDoesNotExist(
  152. $this->generator->createClassNameDetails($answer, 'Security\\', 'Authenticator')->getFullName()
  153. );
  154. }
  155. );
  156. $input->setArgument('authenticator-class', $io->askQuestion($questionAuthenticatorClass));
  158. $interactiveSecurityHelper = new InteractiveSecurityHelper();
  159. $command->addOption('firewall-name', null, InputOption::VALUE_OPTIONAL);
  160. $input->setOption('firewall-name', $firewallName = $interactiveSecurityHelper->guessFirewallName($io, $securityData));
  162. $command->addOption('entry-point', null, InputOption::VALUE_OPTIONAL);
  164. if (!$this->useSecurity52) {
  165. $input->setOption(
  166. 'entry-point',
  167. $interactiveSecurityHelper->guessEntryPoint($io, $securityData, $input->getArgument('authenticator-class'), $firewallName)
  168. );
  169. }
  171. if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  172. $command->addArgument('controller-class', InputArgument::REQUIRED);
  173. $input->setArgument(
  174. 'controller-class',
  175. $io->ask(
  176. 'Choose a name for the controller class (e.g. <fg=yellow>SecurityController</>)',
  177. 'SecurityController',
  178. [Validator::class, 'validateClassName']
  179. )
  180. );
  182. $command->addArgument('user-class', InputArgument::REQUIRED);
  183. $input->setArgument(
  184. 'user-class',
  185. $userClass = $interactiveSecurityHelper->guessUserClass($io, $securityData['security']['providers'])
  186. );
  188. $command->addArgument('username-field', InputArgument::REQUIRED);
  189. $input->setArgument(
  190. 'username-field',
  191. $interactiveSecurityHelper->guessUserNameField($io, $userClass, $securityData['security']['providers'])
  192. );
  194. $command->addArgument('logout-setup', InputArgument::REQUIRED);
  195. $input->setArgument(
  196. 'logout-setup',
  197. $io->confirm(
  198. 'Do you want to generate a \'/logout\' URL?',
  199. true
  200. )
  201. );
  202. }
  203. }
  205. public function generate(InputInterface $input, ConsoleStyle $io, Generator $generator)
  206. {
  207. $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents('config/packages/security.yaml'));
  208. $securityData = $manipulator->getData();
  210. $this->generateAuthenticatorClass(
  211. $securityData,
  212. $input->getArgument('authenticator-type'),
  213. $input->getArgument('authenticator-class'),
  214. $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  215. $input->hasArgument('username-field') ? $input->getArgument('username-field') : null
  216. );
  218. // update security.yaml with guard config
  219. $securityYamlUpdated = false;
  221. $entryPoint = $input->getOption('entry-point');
  223. if ($this->useSecurity52 && self::AUTH_TYPE_FORM_LOGIN !== $input->getArgument('authenticator-type')) {
  224. $entryPoint = false;
  225. }
  227. try {
  228. $newYaml = $this->configUpdater->updateForAuthenticator(
  229. $this->fileManager->getFileContents($path = 'config/packages/security.yaml'),
  230. $input->getOption('firewall-name'),
  231. $entryPoint,
  232. $input->getArgument('authenticator-class'),
  233. $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false,
  234. $this->useSecurity52
  235. );
  236. $generator->dumpFile($path, $newYaml);
  237. $securityYamlUpdated = true;
  238. } catch (YamlManipulationFailedException $e) {
  239. }
  241. if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  242. $this->generateFormLoginFiles(
  243. $input->getArgument('controller-class'),
  244. $input->getArgument('username-field'),
  245. $input->getArgument('logout-setup')
  246. );
  247. }
  249. $generator->writeChanges();
  251. $this->writeSuccessMessage($io);
  253. $io->text(
  254. $this->generateNextMessage(
  255. $securityYamlUpdated,
  256. $input->getArgument('authenticator-type'),
  257. $input->getArgument('authenticator-class'),
  258. $securityData,
  259. $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  260. $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false
  261. )
  262. );
  263. }
  265. private function generateAuthenticatorClass(array $securityData, string $authenticatorType, string $authenticatorClass, $userClass, $userNameField)
  266. {
  267. // generate authenticator class
  268. if (self::AUTH_TYPE_EMPTY_AUTHENTICATOR === $authenticatorType) {
  269. $this->generator->generateClass(
  270. $authenticatorClass,
  271. sprintf('authenticator/%sEmptyAuthenticator.tpl.php', $this->useSecurity52 ? 'Security52' : ''),
  272. [
  273. 'provider_key_type_hint' => $this->getGuardProviderKeyTypeHint(),
  274. 'use_legacy_passport_interface' => $this->shouldUseLegacyPassportInterface(),
  275. ]
  276. );
  278. return;
  279. }
  281. $userClassNameDetails = $this->generator->createClassNameDetails(
  282. '\\'.$userClass,
  283. 'Entity\\'
  284. );
  286. $this->generator->generateClass(
  287. $authenticatorClass,
  288. sprintf('authenticator/%sLoginFormAuthenticator.tpl.php', $this->useSecurity52 ? 'Security52' : ''),
  289. [
  290. 'user_fully_qualified_class_name' => trim($userClassNameDetails->getFullName(), '\\'),
  291. 'user_class_name' => $userClassNameDetails->getShortName(),
  292. 'username_field' => $userNameField,
  293. 'username_field_label' => Str::asHumanWords($userNameField),
  294. 'username_field_var' => Str::asLowerCamelCase($userNameField),
  295. 'user_needs_encoder' => $this->userClassHasEncoder($securityData, $userClass),
  296. 'user_is_entity' => $this->doctrineHelper->isClassAMappedEntity($userClass),
  297. 'provider_key_type_hint' => $this->getGuardProviderKeyTypeHint(),
  298. 'use_legacy_passport_interface' => $this->shouldUseLegacyPassportInterface(),
  299. ]
  300. );
  301. }
  303. private function generateFormLoginFiles(string $controllerClass, string $userNameField, bool $logoutSetup)
  304. {
  305. $controllerClassNameDetails = $this->generator->createClassNameDetails(
  306. $controllerClass,
  307. 'Controller\\',
  308. 'Controller'
  309. );
  311. if (!class_exists($controllerClassNameDetails->getFullName())) {
  312. $controllerPath = $this->generator->generateController(
  313. $controllerClassNameDetails->getFullName(),
  314. 'authenticator/EmptySecurityController.tpl.php'
  315. );
  317. $controllerSourceCode = $this->generator->getFileContentsForPendingOperation($controllerPath);
  318. } else {
  319. $controllerPath = $this->fileManager->getRelativePathForFutureClass($controllerClassNameDetails->getFullName());
  320. $controllerSourceCode = $this->fileManager->getFileContents($controllerPath);
  321. }
  323. if (method_exists($controllerClassNameDetails->getFullName(), 'login')) {
  324. throw new RuntimeCommandException(sprintf('Method "login" already exists on class %s', $controllerClassNameDetails->getFullName()));
  325. }
  327. $manipulator = new ClassSourceManipulator($controllerSourceCode, true);
  329. $this->securityControllerBuilder->addLoginMethod($manipulator);
  331. if ($logoutSetup) {
  332. $this->securityControllerBuilder->addLogoutMethod($manipulator);
  333. }
  335. $this->generator->dumpFile($controllerPath, $manipulator->getSourceCode());
  337. // create login form template
  338. $this->generator->generateTemplate(
  339. 'security/login.html.twig',
  340. 'authenticator/login_form.tpl.php',
  341. [
  342. 'username_field' => $userNameField,
  343. 'username_is_email' => false !== stripos($userNameField, 'email'),
  344. 'username_label' => ucfirst(Str::asHumanWords($userNameField)),
  345. 'logout_setup' => $logoutSetup,
  346. ]
  347. );
  348. }
  350. private function generateNextMessage(bool $securityYamlUpdated, string $authenticatorType, string $authenticatorClass, array $securityData, $userClass, bool $logoutSetup): array
  351. {
  352. $nextTexts = ['Next:'];
  353. $nextTexts[] = '- Customize your new authenticator.';
  355. if (!$securityYamlUpdated) {
  356. $yamlExample = $this->configUpdater->updateForAuthenticator(
  357. 'security: {}',
  358. 'main',
  359. null,
  360. $authenticatorClass,
  361. $logoutSetup,
  362. $this->useSecurity52
  363. );
  364. $nextTexts[] = "- Your <info>security.yaml</info> could not be updated automatically. You'll need to add the following config manually:\n\n".$yamlExample;
  365. }
  367. if (self::AUTH_TYPE_FORM_LOGIN === $authenticatorType) {
  368. $nextTexts[] = sprintf('- Finish the redirect "TODO" in the <info>%s::onAuthenticationSuccess()</info> method.', $authenticatorClass);
  370. if (!$this->doctrineHelper->isClassAMappedEntity($userClass)) {
  371. $nextTexts[] = sprintf('- Review <info>%s::getUser()</info> to make sure it matches your needs.', $authenticatorClass);
  372. }
  374. // this only applies to Guard authentication AND if the user does not have a hasher configured
  375. if (!$this->useSecurity52 && !$this->userClassHasEncoder($securityData, $userClass)) {
  376. $nextTexts[] = sprintf('- Check the user\'s password in <info>%s::checkCredentials()</info>.', $authenticatorClass);
  377. }
  379. $nextTexts[] = '- Review & adapt the login template: <info>'.$this->fileManager->getPathForTemplate('security/login.html.twig').'</info>.';
  380. }
  382. return $nextTexts;
  383. }
  385. private function userClassHasEncoder(array $securityData, string $userClass): bool
  386. {
  387. $userNeedsEncoder = false;
  388. $hashersData = $securityData['security']['encoders'] ?? $securityData['security']['encoders'] ?? [];
  390. foreach ($hashersData as $userClassWithEncoder => $encoder) {
  391. if ($userClass === $userClassWithEncoder || is_subclass_of($userClass, $userClassWithEncoder) || class_implements($userClass, $userClassWithEncoder)) {
  392. $userNeedsEncoder = true;
  393. }
  394. }
  396. return $userNeedsEncoder;
  397. }
  399. public function configureDependencies(DependencyBuilder $dependencies, InputInterface $input = null)
  400. {
  401. $dependencies->addClassDependency(
  402. SecurityBundle::class,
  403. 'security'
  404. );
  406. // needed to update the YAML files
  407. $dependencies->addClassDependency(
  408. Yaml::class,
  409. 'yaml'
  410. );
  411. }
  413. /**
  414. * Calculates the type-hint used for the $provider argument (string or nothing) for Guard.
  415. */
  416. private function getGuardProviderKeyTypeHint(): string
  417. {
  418. // doesn't matter: this only applies to non-Guard authenticators
  419. if (!class_exists(AbstractFormLoginAuthenticator::class)) {
  420. return '';
  421. }
  423. $reflectionMethod = new \ReflectionMethod(AbstractFormLoginAuthenticator::class, 'onAuthenticationSuccess');
  424. $type = $reflectionMethod->getParameters()[2]->getType();
  426. if (!$type instanceof \ReflectionNamedType) {
  427. return '';
  428. }
  430. return sprintf('%s ', $type->getName());
  431. }
  433. private function shouldUseLegacyPassportInterface(): bool
  434. {
  435. // only applies to new authenticator security
  436. if (!$this->useSecurity52) {
  437. return false;
  438. }
  440. // legacy: checking for Symfony 5.2 & 5.3 before PassportInterface deprecation
  441. $class = new \ReflectionClass(AuthenticatorInterface::class);
  442. $method = $class->getMethod('authenticate');
  444. // 5.4 where return type is temporarily removed
  445. if (!$method->getReturnType()) {
  446. return false;
  447. }
  449. return PassportInterface::class === $method->getReturnType()->getName();
  450. }
  451. }