vendor/symfony/maker-bundle/src/Maker/MakeAuthenticator.php line 405

  1. <?php
  3. /*
  4.  * This file is part of the Symfony MakerBundle package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Bundle\MakerBundle\Maker;
  14. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  15. use Symfony\Bundle\MakerBundle\ConsoleStyle;
  16. use Symfony\Bundle\MakerBundle\DependencyBuilder;
  17. use Symfony\Bundle\MakerBundle\Doctrine\DoctrineHelper;
  18. use Symfony\Bundle\MakerBundle\Exception\RuntimeCommandException;
  19. use Symfony\Bundle\MakerBundle\FileManager;
  20. use Symfony\Bundle\MakerBundle\Generator;
  21. use Symfony\Bundle\MakerBundle\InputConfiguration;
  22. use Symfony\Bundle\MakerBundle\Security\InteractiveSecurityHelper;
  23. use Symfony\Bundle\MakerBundle\Security\SecurityConfigUpdater;
  24. use Symfony\Bundle\MakerBundle\Security\SecurityControllerBuilder;
  25. use Symfony\Bundle\MakerBundle\Str;
  26. use Symfony\Bundle\MakerBundle\Util\ClassSourceManipulator;
  27. use Symfony\Bundle\MakerBundle\Util\UseStatementGenerator;
  28. use Symfony\Bundle\MakerBundle\Util\YamlManipulationFailedException;
  29. use Symfony\Bundle\MakerBundle\Util\YamlSourceManipulator;
  30. use Symfony\Bundle\MakerBundle\Validator;
  31. use Symfony\Bundle\SecurityBundle\SecurityBundle;
  32. use Symfony\Bundle\TwigBundle\TwigBundle;
  33. use Symfony\Component\Console\Command\Command;
  34. use Symfony\Component\Console\Input\InputArgument;
  35. use Symfony\Component\Console\Input\InputInterface;
  36. use Symfony\Component\Console\Input\InputOption;
  37. use Symfony\Component\Console\Question\Question;
  38. use Symfony\Component\HttpFoundation\RedirectResponse;
  39. use Symfony\Component\HttpFoundation\Request;
  40. use Symfony\Component\HttpFoundation\Response;
  41. use Symfony\Component\Routing\Annotation\Route;
  42. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  43. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  44. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  45. use Symfony\Component\Security\Core\Security;
  46. use Symfony\Component\Security\Guard\AuthenticatorInterface as GuardAuthenticatorInterface;
  47. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  48. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  49. use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
  50. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  51. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  52. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  53. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  54. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  55. use Symfony\Component\Yaml\Yaml;
  57. /**
  58.  * @author Ryan Weaver   <ryan@symfonycasts.com>
  59.  * @author Jesse Rushlow <jr@rushlow.dev>
  60.  *
  61.  * @internal
  62.  */
  63. final class MakeAuthenticator extends AbstractMaker
  64. {
  65.     private const AUTH_TYPE_EMPTY_AUTHENTICATOR 'empty-authenticator';
  66.     private const AUTH_TYPE_FORM_LOGIN 'form-login';
  68.     public function __construct(
  69.         private FileManager $fileManager,
  70.         private SecurityConfigUpdater $configUpdater,
  71.         private Generator $generator,
  72.         private DoctrineHelper $doctrineHelper,
  73.         private SecurityControllerBuilder $securityControllerBuilder,
  74.     ) {
  75.     }
  77.     public static function getCommandName(): string
  78.     {
  79.         return 'make:auth';
  80.     }
  82.     public static function getCommandDescription(): string
  83.     {
  84.         return 'Creates a Guard authenticator of different flavors';
  85.     }
  87.     public function configureCommand(Command $commandInputConfiguration $inputConfig): void
  88.     {
  89.         $command
  90.             ->setHelp(file_get_contents(__DIR__.'/../Resources/help/MakeAuth.txt'));
  91.     }
  93.     public function interact(InputInterface $inputConsoleStyle $ioCommand $command): void
  94.     {
  95.         if (!$this->fileManager->fileExists($path 'config/packages/security.yaml')) {
  96.             throw new RuntimeCommandException('The file "config/packages/security.yaml" does not exist. This command requires that file to exist so that it can be updated.');
  97.         }
  98.         $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents($path));
  99.         $securityData $manipulator->getData();
  101.         // @legacy - Can be removed when Symfony 5.4 support is dropped
  102.         if (interface_exists(GuardAuthenticatorInterface::class) && !($securityData['security']['enable_authenticator_manager'] ?? false)) {
  103.             throw new RuntimeCommandException('MakerBundle only supports the new authenticator based security system. See https://symfony.com/doc/current/security.html');
  104.         }
  106.         // authenticator type
  107.         $authenticatorTypeValues = [
  108.             'Empty authenticator' => self::AUTH_TYPE_EMPTY_AUTHENTICATOR,
  109.             'Login form authenticator' => self::AUTH_TYPE_FORM_LOGIN,
  110.         ];
  111.         $command->addArgument('authenticator-type'InputArgument::REQUIRED);
  112.         $authenticatorType $io->choice(
  113.             'What style of authentication do you want?',
  114.             array_keys($authenticatorTypeValues),
  115.             key($authenticatorTypeValues)
  116.         );
  117.         $input->setArgument(
  118.             'authenticator-type',
  119.             $authenticatorTypeValues[$authenticatorType]
  120.         );
  122.         if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  123.             $neededDependencies = [TwigBundle::class => 'twig'];
  124.             $missingPackagesMessage $this->addDependencies($neededDependencies'Twig must be installed to display the login form.');
  126.             if ($missingPackagesMessage) {
  127.                 throw new RuntimeCommandException($missingPackagesMessage);
  128.             }
  130.             if (!isset($securityData['security']['providers']) || !$securityData['security']['providers']) {
  131.                 throw new RuntimeCommandException('To generate a form login authentication, you must configure at least one entry under "providers" in "security.yaml".');
  132.             }
  133.         }
  135.         // authenticator class
  136.         $command->addArgument('authenticator-class'InputArgument::REQUIRED);
  137.         $questionAuthenticatorClass = new Question('The class name of the authenticator to create (e.g. <fg=yellow>AppCustomAuthenticator</>)');
  138.         $questionAuthenticatorClass->setValidator(
  139.             function ($answer) {
  140.                 Validator::notBlank($answer);
  142.                 return Validator::classDoesNotExist(
  143.                     $this->generator->createClassNameDetails($answer'Security\\''Authenticator')->getFullName()
  144.                 );
  145.             }
  146.         );
  147.         $input->setArgument('authenticator-class'$io->askQuestion($questionAuthenticatorClass));
  149.         $interactiveSecurityHelper = new InteractiveSecurityHelper();
  150.         $command->addOption('firewall-name'nullInputOption::VALUE_OPTIONAL);
  151.         $input->setOption('firewall-name'$firewallName $interactiveSecurityHelper->guessFirewallName($io$securityData));
  153.         $command->addOption('entry-point'nullInputOption::VALUE_OPTIONAL);
  155.         if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  156.             $command->addArgument('controller-class'InputArgument::REQUIRED);
  157.             $input->setArgument(
  158.                 'controller-class',
  159.                 $io->ask(
  160.                     'Choose a name for the controller class (e.g. <fg=yellow>SecurityController</>)',
  161.                     'SecurityController',
  162.                     [Validator::class, 'validateClassName']
  163.                 )
  164.             );
  166.             $command->addArgument('user-class'InputArgument::REQUIRED);
  167.             $input->setArgument(
  168.                 'user-class',
  169.                 $userClass $interactiveSecurityHelper->guessUserClass($io$securityData['security']['providers'])
  170.             );
  172.             $command->addArgument('username-field'InputArgument::REQUIRED);
  173.             $input->setArgument(
  174.                 'username-field',
  175.                 $interactiveSecurityHelper->guessUserNameField($io$userClass$securityData['security']['providers'])
  176.             );
  178.             $command->addArgument('logout-setup'InputArgument::REQUIRED);
  179.             $input->setArgument(
  180.                 'logout-setup',
  181.                 $io->confirm(
  182.                     'Do you want to generate a \'/logout\' URL?',
  183.                     true
  184.                 )
  185.             );
  186.         }
  187.     }
  189.     public function generate(InputInterface $inputConsoleStyle $ioGenerator $generator): void
  190.     {
  191.         $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents('config/packages/security.yaml'));
  192.         $securityData $manipulator->getData();
  194.         $this->generateAuthenticatorClass(
  195.             $securityData,
  196.             $input->getArgument('authenticator-type'),
  197.             $input->getArgument('authenticator-class'),
  198.             $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  199.             $input->hasArgument('username-field') ? $input->getArgument('username-field') : null
  200.         );
  202.         // update security.yaml with guard config
  203.         $securityYamlUpdated false;
  205.         $entryPoint $input->getOption('entry-point');
  207.         if (self::AUTH_TYPE_FORM_LOGIN !== $input->getArgument('authenticator-type')) {
  208.             $entryPoint false;
  209.         }
  211.         try {
  212.             $newYaml $this->configUpdater->updateForAuthenticator(
  213.                 $this->fileManager->getFileContents($path 'config/packages/security.yaml'),
  214.                 $input->getOption('firewall-name'),
  215.                 $entryPoint,
  216.                 $input->getArgument('authenticator-class'),
  217.                 $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false
  218.             );
  219.             $generator->dumpFile($path$newYaml);
  220.             $securityYamlUpdated true;
  221.         } catch (YamlManipulationFailedException) {
  222.         }
  224.         if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
  225.             $this->generateFormLoginFiles(
  226.                 $input->getArgument('controller-class'),
  227.                 $input->getArgument('username-field'),
  228.                 $input->getArgument('logout-setup')
  229.             );
  230.         }
  232.         $generator->writeChanges();
  234.         $this->writeSuccessMessage($io);
  236.         $io->text(
  237.             $this->generateNextMessage(
  238.                 $securityYamlUpdated,
  239.                 $input->getArgument('authenticator-type'),
  240.                 $input->getArgument('authenticator-class'),
  241.                 $securityData,
  242.                 $input->hasArgument('user-class') ? $input->getArgument('user-class') : null,
  243.                 $input->hasArgument('logout-setup') ? $input->getArgument('logout-setup') : false
  244.             )
  245.         );
  246.     }
  248.     private function generateAuthenticatorClass(array $securityDatastring $authenticatorTypestring $authenticatorClass$userClass$userNameField): void
  249.     {
  250.         $useStatements = new UseStatementGenerator([
  251.             Request::class,
  252.             Response::class,
  253.             TokenInterface::class,
  254.             Passport::class,
  255.         ]);
  257.         // generate authenticator class
  258.         if (self::AUTH_TYPE_EMPTY_AUTHENTICATOR === $authenticatorType) {
  259.             $useStatements->addUseStatement([
  260.                 AuthenticationException::class,
  261.                 AbstractAuthenticator::class,
  262.             ]);
  264.             $this->generator->generateClass(
  265.                 $authenticatorClass,
  266.                 'authenticator/EmptyAuthenticator.tpl.php',
  267.                 ['use_statements' => $useStatements]
  268.             );
  270.             return;
  271.         }
  273.         $useStatements->addUseStatement([
  274.             RedirectResponse::class,
  275.             UrlGeneratorInterface::class,
  276.             Security::class,
  277.             AbstractLoginFormAuthenticator::class,
  278.             CsrfTokenBadge::class,
  279.             UserBadge::class,
  280.             PasswordCredentials::class,
  281.             TargetPathTrait::class,
  282.         ]);
  284.         $userClassNameDetails $this->generator->createClassNameDetails(
  285.             '\\'.$userClass,
  286.             'Entity\\'
  287.         );
  289.         $this->generator->generateClass(
  290.             $authenticatorClass,
  291.             'authenticator/LoginFormAuthenticator.tpl.php',
  292.             [
  293.                 'use_statements' => $useStatements,
  294.                 'user_fully_qualified_class_name' => trim($userClassNameDetails->getFullName(), '\\'),
  295.                 'user_class_name' => $userClassNameDetails->getShortName(),
  296.                 'username_field' => $userNameField,
  297.                 'username_field_label' => Str::asHumanWords($userNameField),
  298.                 'username_field_var' => Str::asLowerCamelCase($userNameField),
  299.                 'user_needs_encoder' => $this->userClassHasEncoder($securityData$userClass),
  300.                 'user_is_entity' => $this->doctrineHelper->isClassAMappedEntity($userClass),
  301.             ]
  302.         );
  303.     }
  305.     private function generateFormLoginFiles(string $controllerClassstring $userNameFieldbool $logoutSetup): void
  306.     {
  307.         $controllerClassNameDetails $this->generator->createClassNameDetails(
  308.             $controllerClass,
  309.             'Controller\\',
  310.             'Controller'
  311.         );
  313.         if (!class_exists($controllerClassNameDetails->getFullName())) {
  314.             $useStatements = new UseStatementGenerator([
  315.                 AbstractController::class,
  316.                 Route::class,
  317.                 AuthenticationUtils::class,
  318.             ]);
  320.             $controllerPath $this->generator->generateController(
  321.                 $controllerClassNameDetails->getFullName(),
  322.                 'authenticator/EmptySecurityController.tpl.php',
  323.                 ['use_statements' => $useStatements]
  324.             );
  326.             $controllerSourceCode $this->generator->getFileContentsForPendingOperation($controllerPath);
  327.         } else {
  328.             $controllerPath $this->fileManager->getRelativePathForFutureClass($controllerClassNameDetails->getFullName());
  329.             $controllerSourceCode $this->fileManager->getFileContents($controllerPath);
  330.         }
  332.         if (method_exists($controllerClassNameDetails->getFullName(), 'login')) {
  333.             throw new RuntimeCommandException(sprintf('Method "login" already exists on class %s'$controllerClassNameDetails->getFullName()));
  334.         }
  336.         $manipulator = new ClassSourceManipulator(
  337.             sourceCode$controllerSourceCode,
  338.             overwritetrue
  339.         );
  341.         $this->securityControllerBuilder->addLoginMethod($manipulator);
  343.         if ($logoutSetup) {
  344.             $this->securityControllerBuilder->addLogoutMethod($manipulator);
  345.         }
  347.         $this->generator->dumpFile($controllerPath$manipulator->getSourceCode());
  349.         // create login form template
  350.         $this->generator->generateTemplate(
  351.             'security/login.html.twig',
  352.             'authenticator/login_form.tpl.php',
  353.             [
  354.                 'username_field' => $userNameField,
  355.                 'username_is_email' => false !== stripos($userNameField'email'),
  356.                 'username_label' => ucfirst(Str::asHumanWords($userNameField)),
  357.                 'logout_setup' => $logoutSetup,
  358.             ]
  359.         );
  360.     }
  362.     private function generateNextMessage(bool $securityYamlUpdatedstring $authenticatorTypestring $authenticatorClass, array $securityData$userClassbool $logoutSetup): array
  363.     {
  364.         $nextTexts = ['Next:'];
  365.         $nextTexts[] = '- Customize your new authenticator.';
  367.         if (!$securityYamlUpdated) {
  368.             $yamlExample $this->configUpdater->updateForAuthenticator(
  369.                 'security: {}',
  370.                 'main',
  371.                 null,
  372.                 $authenticatorClass,
  373.                 $logoutSetup
  374.             );
  375.             $nextTexts[] = "- Your <info>security.yaml</info> could not be updated automatically. You'll need to add the following config manually:\n\n".$yamlExample;
  376.         }
  378.         if (self::AUTH_TYPE_FORM_LOGIN === $authenticatorType) {
  379.             $nextTexts[] = sprintf('- Finish the redirect "TODO" in the <info>%s::onAuthenticationSuccess()</info> method.'$authenticatorClass);
  381.             if (!$this->doctrineHelper->isClassAMappedEntity($userClass)) {
  382.                 $nextTexts[] = sprintf('- Review <info>%s::getUser()</info> to make sure it matches your needs.'$authenticatorClass);
  383.             }
  385.             $nextTexts[] = '- Review & adapt the login template: <info>'.$this->fileManager->getPathForTemplate('security/login.html.twig').'</info>.';
  386.         }
  388.         return $nextTexts;
  389.     }
  391.     private function userClassHasEncoder(array $securityDatastring $userClass): bool
  392.     {
  393.         $userNeedsEncoder false;
  394.         $hashersData $securityData['security']['encoders'] ?? $securityData['security']['encoders'] ?? [];
  396.         foreach ($hashersData as $userClassWithEncoder => $encoder) {
  397.             if ($userClass === $userClassWithEncoder || is_subclass_of($userClass$userClassWithEncoder) || class_implements($userClass$userClassWithEncoder)) {
  398.                 $userNeedsEncoder true;
  399.             }
  400.         }
  402.         return $userNeedsEncoder;
  403.     }
  405.     public function configureDependencies(DependencyBuilder $dependenciesInputInterface $input null): void
  406.     {
  407.         $dependencies->addClassDependency(
  408.             SecurityBundle::class,
  409.             'security'
  410.         );
  412.         // needed to update the YAML files
  413.         $dependencies->addClassDependency(
  414.             Yaml::class,
  415.             'yaml'
  416.         );
  417.     }
  418. }