vendor/symfony/maker-bundle/src/Maker/MakeAuthenticator.php line 463

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony MakerBundle package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Bundle\MakerBundle\Maker;
  14. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  15. use Symfony\Bundle\MakerBundle\ConsoleStyle;
  16. use Symfony\Bundle\MakerBundle\DependencyBuilder;
  17. use Symfony\Bundle\MakerBundle\Doctrine\DoctrineHelper;
  18. use Symfony\Bundle\MakerBundle\Exception\RuntimeCommandException;
  19. use Symfony\Bundle\MakerBundle\FileManager;
  20. use Symfony\Bundle\MakerBundle\Generator;
  21. use Symfony\Bundle\MakerBundle\InputConfiguration;
  22. use Symfony\Bundle\MakerBundle\Security\InteractiveSecurityHelper;
  23. use Symfony\Bundle\MakerBundle\Security\SecurityConfigUpdater;
  24. use Symfony\Bundle\MakerBundle\Security\SecurityControllerBuilder;
  25. use Symfony\Bundle\MakerBundle\Str;
  26. use Symfony\Bundle\MakerBundle\Util\ClassSourceManipulator;
  27. use Symfony\Bundle\MakerBundle\Util\UseStatementGenerator;
  28. use Symfony\Bundle\MakerBundle\Util\YamlManipulationFailedException;
  29. use Symfony\Bundle\MakerBundle\Util\YamlSourceManipulator;
  30. use Symfony\Bundle\MakerBundle\Validator;
  31. use Symfony\Bundle\SecurityBundle\Security;
  32. use Symfony\Bundle\SecurityBundle\SecurityBundle;
  33. use Symfony\Bundle\TwigBundle\TwigBundle;
  34. use Symfony\Component\Console\Command\Command;
  35. use Symfony\Component\Console\Input\InputArgument;
  36. use Symfony\Component\Console\Input\InputInterface;
  37. use Symfony\Component\Console\Input\InputOption;
  38. use Symfony\Component\Console\Question\Question;
  39. use Symfony\Component\HttpFoundation\RedirectResponse;
  40. use Symfony\Component\HttpFoundation\Request;
  41. use Symfony\Component\HttpFoundation\Response;
  42. use Symfony\Component\Routing\Annotation\Route;
  43. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  44. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  45. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  46. use Symfony\Component\Security\Core\Security as LegacySecurity;
  47. use Symfony\Component\Security\Guard\AuthenticatorInterface as GuardAuthenticatorInterface;
  48. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  49. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  50. use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
  51. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  52. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\RememberMeBadge;
  53. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  54. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  55. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  56. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  57. use Symfony\Component\Yaml\Yaml;
  59. /**
  60. * @author Ryan Weaver <ryan@symfonycasts.com>
  61. * @author Jesse Rushlow <jr@rushlow.dev>
  62. *
  63. * @internal
  64. */
  65. final class MakeAuthenticator extends AbstractMaker
  66. {
  67. private const AUTH_TYPE_EMPTY_AUTHENTICATOR = 'empty-authenticator';
  68. private const AUTH_TYPE_FORM_LOGIN = 'form-login';
  70. private const REMEMBER_ME_TYPE_ALWAYS = 'always';
  71. private const REMEMBER_ME_TYPE_CHECKBOX = 'checkbox';
  73. public function __construct(
  74. private FileManager $fileManager,
  75. private SecurityConfigUpdater $configUpdater,
  76. private Generator $generator,
  77. private DoctrineHelper $doctrineHelper,
  78. private SecurityControllerBuilder $securityControllerBuilder,
  79. ) {
  80. }
  82. public static function getCommandName(): string
  83. {
  84. return 'make:auth';
  85. }
  87. public static function getCommandDescription(): string
  88. {
  89. return 'Creates a Guard authenticator of different flavors';
  90. }
  92. public function configureCommand(Command $command, InputConfiguration $inputConfig): void
  93. {
  94. $command
  95. ->setHelp(file_get_contents(__DIR__.'/../Resources/help/MakeAuth.txt'));
  96. }
  98. public function interact(InputInterface $input, ConsoleStyle $io, Command $command): void
  99. {
  100. if (!$this->fileManager->fileExists($path = 'config/packages/security.yaml')) {
  101. throw new RuntimeCommandException('The file "config/packages/security.yaml" does not exist. PHP & XML configuration formats are currently not supported.');
  102. }
  103. $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents($path));
  104. $securityData = $manipulator->getData();
  106. // @legacy - Can be removed when Symfony 5.4 support is dropped
  107. if (interface_exists(GuardAuthenticatorInterface::class) && !($securityData['security']['enable_authenticator_manager'] ?? false)) {
  108. throw new RuntimeCommandException('MakerBundle only supports the new authenticator based security system. See https://symfony.com/doc/current/security.html');
  109. }
  111. // authenticator type
  112. $authenticatorTypeValues = [
  113. 'Empty authenticator' => self::AUTH_TYPE_EMPTY_AUTHENTICATOR,
  114. 'Login form authenticator' => self::AUTH_TYPE_FORM_LOGIN,
  115. ];
  116. $command->addArgument('authenticator-type', InputArgument::REQUIRED);
  117. $authenticatorType = $io->choice(
  118. 'What style of authentication do you want?',
  119. array_keys($authenticatorTypeValues),
  120. key($authenticatorTypeValues)
  121. );
  122. $input->setArgument(
  123. 'authenticator-type',
  124. $authenticatorTypeValues[$authenticatorType]
  125. );
  127. if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  128. $neededDependencies = [TwigBundle::class => 'twig'];
  129. $missingPackagesMessage = $this->addDependencies($neededDependencies, 'Twig must be installed to display the login form.');
  131. if ($missingPackagesMessage) {
  132. throw new RuntimeCommandException($missingPackagesMessage);
  133. }
  135. if (!isset($securityData['security']['providers']) || !$securityData['security']['providers']) {
  136. throw new RuntimeCommandException('To generate a form login authentication, you must configure at least one entry under "providers" in "security.yaml".');
  137. }
  138. }
  140. // authenticator class
  141. $command->addArgument('authenticator-class', InputArgument::REQUIRED);
  142. $questionAuthenticatorClass = new Question('The class name of the authenticator to create (e.g. <fg=yellow>AppCustomAuthenticator</>)');
  143. $questionAuthenticatorClass->setValidator(
  144. function ($answer) {
  145. Validator::notBlank($answer);
  147. return Validator::classDoesNotExist(
  148. $this->generator->createClassNameDetails($answer, 'Security\\', 'Authenticator')->getFullName()
  149. );
  150. }
  151. );
  152. $input->setArgument('authenticator-class', $io->askQuestion($questionAuthenticatorClass));
  154. $interactiveSecurityHelper = new InteractiveSecurityHelper();
  155. $command->addOption('firewall-name', null, InputOption::VALUE_OPTIONAL);
  156. $input->setOption('firewall-name', $firewallName = $interactiveSecurityHelper->guessFirewallName($io, $securityData));
  158. $command->addOption('entry-point', null, InputOption::VALUE_OPTIONAL);
  160. if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  161. $command->addArgument('controller-class', InputArgument::REQUIRED);
  162. $input->setArgument(
  163. 'controller-class',
  164. $io->ask(
  165. 'Choose a name for the controller class (e.g. <fg=yellow>SecurityController</>)',
  166. 'SecurityController',
  167. [Validator::class, 'validateClassName']
  168. )
  169. );
  171. $command->addArgument('user-class', InputArgument::REQUIRED);
  172. $input->setArgument(
  173. 'user-class',
  174. $userClass = $interactiveSecurityHelper->guessUserClass($io, $securityData['security']['providers'])
  175. );
  177. $command->addArgument('username-field', InputArgument::REQUIRED);
  178. $input->setArgument(
  179. 'username-field',
  180. $interactiveSecurityHelper->guessUserNameField($io, $userClass, $securityData['security']['providers'])
  181. );
  183. $command->addArgument('logout-setup', InputArgument::REQUIRED);
  184. $input->setArgument(
  185. 'logout-setup',
  186. $io->confirm(
  187. 'Do you want to generate a \'/logout\' URL?',
  188. true
  189. )
  190. );
  192. $command->addArgument('support-remember-me', InputArgument::REQUIRED);
  193. $input->setArgument(
  194. 'support-remember-me',
  195. $io->confirm(
  196. 'Do you want to support remember me?',
  197. true
  198. )
  199. );
  201. if ($input->getArgument('support-remember-me')) {
  202. $supportRememberMeValues = [
  203. 'Activate when the user checks a box' => self::REMEMBER_ME_TYPE_CHECKBOX,
  204. 'Always activate remember me' => self::REMEMBER_ME_TYPE_ALWAYS,
  205. ];
  206. $command->addArgument('always-remember-me', InputArgument::REQUIRED);
  208. $supportRememberMeType = $io->choice(
  209. 'How should remember me be activated?',
  210. array_keys($supportRememberMeValues),
  211. key($supportRememberMeValues)
  212. );
  214. $input->setArgument(
  215. 'always-remember-me',
  216. $supportRememberMeValues[$supportRememberMeType]
  217. );
  218. }
  219. }
  220. }
  222. public function generate(InputInterface $input, ConsoleStyle $io, Generator $generator): void
  223. {
  224. $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents('config/packages/security.yaml'));
  225. $securityData = $manipulator->getData();
  227. $supportRememberMe = $input->hasArgument('support-remember-me') ? $input->getArgument('support-remember-me') : false;
  228. $alwaysRememberMe = $input->hasArgument('always-remember-me') ? $input->getArgument('always-remember-me') : false;
  230. $this->generateAuthenticatorClass(
  231. $securityData,
  232. $input->getArgument('authenticator-type'),
  233. $input->getArgument('authenticator-class'),
  234. $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  235. $input->hasArgument('username-field') ? $input->getArgument('username-field') : null,
  236. $supportRememberMe,
  237. );
  239. // update security.yaml with guard config
  240. $securityYamlUpdated = false;
  242. $entryPoint = $input->getOption('entry-point');
  244. if (self::AUTH_TYPE_FORM_LOGIN !== $input->getArgument('authenticator-type')) {
  245. $entryPoint = false;
  246. }
  248. try {
  249. $newYaml = $this->configUpdater->updateForAuthenticator(
  250. $this->fileManager->getFileContents($path = 'config/packages/security.yaml'),
  251. $input->getOption('firewall-name'),
  252. $entryPoint,
  253. $input->getArgument('authenticator-class'),
  254. $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false,
  255. $supportRememberMe,
  256. $alwaysRememberMe
  257. );
  258. $generator->dumpFile($path, $newYaml);
  259. $securityYamlUpdated = true;
  260. } catch (YamlManipulationFailedException) {
  261. }
  263. if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  264. $this->generateFormLoginFiles(
  265. $input->getArgument('controller-class'),
  266. $input->getArgument('username-field'),
  267. $input->getArgument('logout-setup'),
  268. $supportRememberMe,
  269. $alwaysRememberMe,
  270. );
  271. }
  273. $generator->writeChanges();
  275. $this->writeSuccessMessage($io);
  277. $io->text(
  278. $this->generateNextMessage(
  279. $securityYamlUpdated,
  280. $input->getArgument('authenticator-type'),
  281. $input->getArgument('authenticator-class'),
  282. $securityData,
  283. $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  284. $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false,
  285. $supportRememberMe,
  286. $alwaysRememberMe
  287. )
  288. );
  289. }
  291. private function generateAuthenticatorClass(array $securityData, string $authenticatorType, string $authenticatorClass, $userClass, $userNameField, bool $supportRememberMe): void
  292. {
  293. $useStatements = new UseStatementGenerator([
  294. Request::class,
  295. Response::class,
  296. TokenInterface::class,
  297. Passport::class,
  298. ]);
  300. // generate authenticator class
  301. if (self::AUTH_TYPE_EMPTY_AUTHENTICATOR === $authenticatorType) {
  302. $useStatements->addUseStatement([
  303. AuthenticationException::class,
  304. AbstractAuthenticator::class,
  305. ]);
  307. $this->generator->generateClass(
  308. $authenticatorClass,
  309. 'authenticator/EmptyAuthenticator.tpl.php',
  310. ['use_statements' => $useStatements]
  311. );
  313. return;
  314. }
  316. $useStatements->addUseStatement([
  317. RedirectResponse::class,
  318. UrlGeneratorInterface::class,
  319. AbstractLoginFormAuthenticator::class,
  320. CsrfTokenBadge::class,
  321. UserBadge::class,
  322. PasswordCredentials::class,
  323. TargetPathTrait::class,
  324. ]);
  326. // @legacy - Can be removed when Symfony 5.4 support is dropped
  327. if (class_exists(Security::class)) {
  328. $useStatements->addUseStatement(Security::class);
  329. } else {
  330. $useStatements->addUseStatement(LegacySecurity::class);
  331. }
  333. if ($supportRememberMe) {
  334. $useStatements->addUseStatement(RememberMeBadge::class);
  335. }
  337. $userClassNameDetails = $this->generator->createClassNameDetails(
  338. '\\'.$userClass,
  339. 'Entity\\'
  340. );
  342. $this->generator->generateClass(
  343. $authenticatorClass,
  344. 'authenticator/LoginFormAuthenticator.tpl.php',
  345. [
  346. 'use_statements' => $useStatements,
  347. 'user_fully_qualified_class_name' => trim($userClassNameDetails->getFullName(), '\\'),
  348. 'user_class_name' => $userClassNameDetails->getShortName(),
  349. 'username_field' => $userNameField,
  350. 'username_field_label' => Str::asHumanWords($userNameField),
  351. 'username_field_var' => Str::asLowerCamelCase($userNameField),
  352. 'user_needs_encoder' => $this->userClassHasEncoder($securityData, $userClass),
  353. 'user_is_entity' => $this->doctrineHelper->isClassAMappedEntity($userClass),
  354. 'remember_me_badge' => $supportRememberMe,
  355. ]
  356. );
  357. }
  359. private function generateFormLoginFiles(string $controllerClass, string $userNameField, bool $logoutSetup, bool $supportRememberMe, bool $alwaysRememberMe): void
  360. {
  361. $controllerClassNameDetails = $this->generator->createClassNameDetails(
  362. $controllerClass,
  363. 'Controller\\',
  364. 'Controller'
  365. );
  367. if (!class_exists($controllerClassNameDetails->getFullName())) {
  368. $useStatements = new UseStatementGenerator([
  369. AbstractController::class,
  370. Route::class,
  371. AuthenticationUtils::class,
  372. ]);
  374. $controllerPath = $this->generator->generateController(
  375. $controllerClassNameDetails->getFullName(),
  376. 'authenticator/EmptySecurityController.tpl.php',
  377. ['use_statements' => $useStatements]
  378. );
  380. $controllerSourceCode = $this->generator->getFileContentsForPendingOperation($controllerPath);
  381. } else {
  382. $controllerPath = $this->fileManager->getRelativePathForFutureClass($controllerClassNameDetails->getFullName());
  383. $controllerSourceCode = $this->fileManager->getFileContents($controllerPath);
  384. }
  386. if (method_exists($controllerClassNameDetails->getFullName(), 'login')) {
  387. throw new RuntimeCommandException(sprintf('Method "login" already exists on class %s', $controllerClassNameDetails->getFullName()));
  388. }
  390. $manipulator = new ClassSourceManipulator(
  391. sourceCode: $controllerSourceCode,
  392. overwrite: true
  393. );
  395. $this->securityControllerBuilder->addLoginMethod($manipulator);
  397. if ($logoutSetup) {
  398. $this->securityControllerBuilder->addLogoutMethod($manipulator);
  399. }
  401. $this->generator->dumpFile($controllerPath, $manipulator->getSourceCode());
  403. // create login form template
  404. $this->generator->generateTemplate(
  405. 'security/login.html.twig',
  406. 'authenticator/login_form.tpl.php',
  407. [
  408. 'username_field' => $userNameField,
  409. 'username_is_email' => false !== stripos($userNameField, 'email'),
  410. 'username_label' => ucfirst(Str::asHumanWords($userNameField)),
  411. 'logout_setup' => $logoutSetup,
  412. 'support_remember_me' => $supportRememberMe,
  413. 'always_remember_me' => $alwaysRememberMe,
  414. ]
  415. );
  416. }
  418. private function generateNextMessage(bool $securityYamlUpdated, string $authenticatorType, string $authenticatorClass, array $securityData, $userClass, bool $logoutSetup, bool $supportRememberMe, bool $alwaysRememberMe): array
  419. {
  420. $nextTexts = ['Next:'];
  421. $nextTexts[] = '- Customize your new authenticator.';
  423. if (!$securityYamlUpdated) {
  424. $yamlExample = $this->configUpdater->updateForAuthenticator(
  425. 'security: {}',
  426. 'main',
  427. null,
  428. $authenticatorClass,
  429. $logoutSetup,
  430. $supportRememberMe,
  431. $alwaysRememberMe
  432. );
  433. $nextTexts[] = "- Your <info>security.yaml</info> could not be updated automatically. You'll need to add the following config manually:\n\n".$yamlExample;
  434. }
  436. if (self::AUTH_TYPE_FORM_LOGIN === $authenticatorType) {
  437. $nextTexts[] = sprintf('- Finish the redirect "TODO" in the <info>%s::onAuthenticationSuccess()</info> method.', $authenticatorClass);
  439. if (!$this->doctrineHelper->isClassAMappedEntity($userClass)) {
  440. $nextTexts[] = sprintf('- Review <info>%s::getUser()</info> to make sure it matches your needs.', $authenticatorClass);
  441. }
  443. $nextTexts[] = '- Review & adapt the login template: <info>'.$this->fileManager->getPathForTemplate('security/login.html.twig').'</info>.';
  444. }
  446. return $nextTexts;
  447. }
  449. private function userClassHasEncoder(array $securityData, string $userClass): bool
  450. {
  451. $userNeedsEncoder = false;
  452. $hashersData = $securityData['security']['encoders'] ?? $securityData['security']['encoders'] ?? [];
  454. foreach ($hashersData as $userClassWithEncoder => $encoder) {
  455. if ($userClass === $userClassWithEncoder || is_subclass_of($userClass, $userClassWithEncoder) || class_implements($userClass, $userClassWithEncoder)) {
  456. $userNeedsEncoder = true;
  457. }
  458. }
  460. return $userNeedsEncoder;
  461. }
  463. public function configureDependencies(DependencyBuilder $dependencies, InputInterface $input = null): void
  464. {
  465. $dependencies->addClassDependency(
  466. SecurityBundle::class,
  467. 'security'
  468. );
  470. // needed to update the YAML files
  471. $dependencies->addClassDependency(
  472. Yaml::class,
  473. 'yaml'
  474. );
  475. }
  476. }