form login : guess if encoder is needed

Author: nikophil

src/Maker/MakeAuthenticator.php

@@ -154,59 +154,26 @@ function ($answer) {
 
             $command->addArgument('user-class', InputArgument::OPTIONAL);
             $userClass = $interactiveSecurityHelper->guessUserClass($io, $securityData['security']['providers']);
-            if (0 !== strpos($userClass, '\\')) {
-                $userClass = '\\'.$userClass;
-            }
             $input->setArgument('user-class', $userClass);
         }
     }
 
     public function generate(InputInterface $input, ConsoleStyle $io, Generator $generator)
     {
-        // generate authenticator class
-        if (self::AUTH_TYPE_EMPTY_AUTHENTICATOR === $input->getArgument('authenticator-type')) {
-            $generator->generateClass(
-                $input->getArgument('authenticator-class'),
-                'authenticator/EmptyAuthenticator.tpl.php',
-                []
-            );
-        } elseif ($this->doctrineHelper->isClassAMappedEntity($input->getArgument('user-class'))) {
-            $userClassNameDetails = $generator->createClassNameDetails(
-                $input->getArgument('user-class'),
-                'Entity\\'
-            );
-
-            $generator->generateClass(
-                $input->getArgument('authenticator-class'),
-                'authenticator/LoginFormEntityAuthenticator.tpl.php',
-                [
-                    'user_fully_qualified_class_name' => trim($userClassNameDetails->getFullName(), '\\'),
-                    'user_class_name' => $userClassNameDetails->getShortName(),
-                ]
-            );
-        } else {
-            $generator->generateClass(
-                $input->getArgument('authenticator-class'),
-                'authenticator/LoginFormNotEntityAuthenticator.tpl.php',
-                []
-            );
-        }
+        $this->generateAuthenticatorClass($input);
 
         // update security.yaml with guard config
         $securityYamlUpdated = false;
-        $path = 'config/packages/security.yaml';
-        if ($this->fileManager->fileExists($path)) {
-            try {
-                $newYaml = $this->configUpdater->updateForAuthenticator(
-                    $this->fileManager->getFileContents($path),
-                    $input->getOption('firewall-name'),
-                    $input->getOption('entry-point'),
-                    $input->getArgument('authenticator-class')
-                );
-                $generator->dumpFile($path, $newYaml);
-                $securityYamlUpdated = true;
-            } catch (YamlManipulationFailedException $e) {
-            }
+        try {
+            $newYaml = $this->configUpdater->updateForAuthenticator(
+                $this->fileManager->getFileContents($path = 'config/packages/security.yaml'),
+                $input->getOption('firewall-name'),
+                $input->getOption('entry-point'),
+                $input->getArgument('authenticator-class')
+            );
+            $generator->dumpFile($path, $newYaml);
+            $securityYamlUpdated = true;
+        } catch (YamlManipulationFailedException $e) {
         }
 
         if (self::AUTH_TYPE_FORM_LOGIN === $input->getArgument('authenticator-type')) {
@@ -230,6 +197,52 @@ public function generate(InputInterface $input, ConsoleStyle $io, Generator $gen
         $io->text($text);
     }
 
+    private function generateAuthenticatorClass(InputInterface $input)
+    {
+        // generate authenticator class
+        if (self::AUTH_TYPE_EMPTY_AUTHENTICATOR === $input->getArgument('authenticator-type')) {
+            $this->generator->generateClass(
+                $input->getArgument('authenticator-class'),
+                'authenticator/EmptyAuthenticator.tpl.php',
+                []
+            );
+        } else {
+            $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents('config/packages/security.yaml'));
+            $securityData = $manipulator->getData();
+
+            $userNeedsEncoder = false;
+            if (isset($securityData['security']['encoders']) && $securityData['security']['encoders']) {
+                foreach ($securityData['security']['encoders'] as $userClassWithEncoder => $encoder) {
+                    if ($input->getArgument('user-class') === $userClassWithEncoder || is_subclass_of($input->getArgument('user-class'), $userClassWithEncoder)) {
+                        $userNeedsEncoder = true;
+                    }
+                }
+            }
+
+            if ($this->doctrineHelper->isClassAMappedEntity($input->getArgument('user-class'))) {
+                $userClassNameDetails = $this->generator->createClassNameDetails(
+                    '\\'.$input->getArgument('user-class'),
+                    'Entity\\'
+                );
+
+                $this->generator->generateClass(
+                    $input->getArgument('authenticator-class'),
+                    $userNeedsEncoder ? 'authenticator/LoginFormEntityAuthenticator.tpl.php' : 'authenticator/LoginFormEntityAuthenticatorNoEncoder.tpl.php',
+                    [
+                        'user_fully_qualified_class_name' => trim($userClassNameDetails->getFullName(), '\\'),
+                        'user_class_name' => $userClassNameDetails->getShortName(),
+                    ]
+                );
+            } else {
+                $this->generator->generateClass(
+                    $input->getArgument('authenticator-class'),
+                    $userNeedsEncoder ? 'authenticator/LoginFormNotEntityAuthenticator.tpl.php' : 'authenticator/LoginFormNotEntityAuthenticatorNoEncoder.tpl.php',
+                    []
+                );
+            }
+        }
+    }
+
     private function generateFormLoginFiles(InputInterface $input)
     {
         $controllerClassNameDetails = $this->generator->createClassNameDetails(

src/Resources/skeleton/authenticator/LoginFormEntityAuthenticatorNoEncoder.tpl.php

@@ -0,0 +1,84 @@
+<?= "<?php\n" ?>
+
+namespace <?= $namespace ?>;
+
+use <?= $user_fully_qualified_class_name ?>;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Csrf\CsrfToken;
+use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
+use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
+use Symfony\Component\Security\Http\Util\TargetPathTrait;
+
+class <?= $class_name; ?> extends AbstractFormLoginAuthenticator
+{
+    use TargetPathTrait;
+
+    private $entityManager;
+    private $router;
+    private $csrfTokenManager;
+
+    public function __construct(EntityManagerInterface $entityManager, RouterInterface $router, CsrfTokenManagerInterface $csrfTokenManager)
+    {
+        $this->entityManager = $entityManager;
+        $this->router = $router;
+        $this->csrfTokenManager = $csrfTokenManager;
+    }
+
+    public function supports(Request $request)
+    {
+        return 'app_login' === $request->attributes->get('_route')
+            && $request->isMethod('POST');
+    }
+
+    public function getCredentials(Request $request)
+    {
+        $credentials = [
+            'email' => $request->request->get('email'),
+            'password' => $request->request->get('password'),
+            'csrf_token' => $request->request->get('_csrf_token'),
+        ];
+        $request->getSession()->set(
+            Security::LAST_USERNAME,
+            $credentials['email']
+        );
+
+        return $credentials;
+    }
+
+    public function getUser($credentials, UserProviderInterface $userProvider)
+    {
+        $token = new CsrfToken('authenticate', $credentials['csrf_token']);
+        if (!$this->csrfTokenManager->isTokenValid($token)) {
+            throw new InvalidCsrfTokenException();
+        }
+
+        return $this->entityManager->getRepository(<?= $user_class_name ?>::class)->findOneBy(['email' => $credentials['email']]);
+    }
+
+    public function checkCredentials($credentials, UserInterface $user)
+    {
+        return true;
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
+    {
+        if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
+            return new RedirectResponse($targetPath);
+        }
+
+        throw new \Exception('TODO: provide a valid redirection inside '.__FILE__);
+    }
+
+    protected function getLoginUrl()
+    {
+        return $this->router->generate('app_login');
+    }
+}

src/Resources/skeleton/authenticator/LoginFormNotEntityAuthenticatorNoEncoder.tpl.php

@@ -0,0 +1,82 @@
+<?= "<?php\n" ?>
+
+namespace <?= $namespace ?>;
+
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Csrf\CsrfToken;
+use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
+use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
+use Symfony\Component\Security\Http\Util\TargetPathTrait;
+
+class <?= $class_name; ?> extends AbstractFormLoginAuthenticator
+{
+    use TargetPathTrait;
+
+    private $router;
+    private $csrfTokenManager;
+
+    public function __construct(RouterInterface $router, CsrfTokenManagerInterface $csrfTokenManager)
+    {
+        $this->router = $router;
+        $this->csrfTokenManager = $csrfTokenManager;
+    }
+
+    public function supports(Request $request)
+    {
+        return 'app_login' === $request->attributes->get('_route')
+            && $request->isMethod('POST');
+    }
+
+    public function getCredentials(Request $request)
+    {
+        $credentials = [
+            'email' => $request->request->get('email'),
+            'password' => $request->request->get('password'),
+            'csrf_token' => $request->request->get('_csrf_token'),
+        ];
+        $request->getSession()->set(
+            Security::LAST_USERNAME,
+            $credentials['email']
+        );
+
+        return $credentials;
+    }
+
+    public function getUser($credentials, UserProviderInterface $userProvider)
+    {
+        $token = new CsrfToken('authenticate', $credentials['csrf_token']);
+        if (!$this->csrfTokenManager->isTokenValid($token)) {
+            throw new InvalidCsrfTokenException();
+        }
+
+        // Load / create our user however you need.
+        // You can do this by calling the user provider, or with custom logic here.
+        return $userProvider->loadUserByUsername($credentials['email']);
+    }
+
+    public function checkCredentials($credentials, UserInterface $user)
+    {
+        return true;
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
+    {
+        if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
+            return new RedirectResponse($targetPath);
+        }
+
+        throw new \Exception('TODO: provide a valid redirection inside '.__FILE__);
+    }
+
+    protected function getLoginUrl()
+    {
+        return $this->router->generate('app_login');
+    }
+}

tests/Maker/FunctionalTest.php

@@ -420,6 +420,25 @@ function (string $output, string $directory) {
                 ),
         ];
 
+        yield 'auth_login_form_user_entity_no_encoder' => [
+            MakerTestDetails::createTest(
+                $this->getMakerInstance(MakeAuthenticator::class),
+                [
+                    // authenticator type => login-form
+                    1,
+                    // class name
+                    'AppCustomAuthenticator',
+                    // controller name
+                    'SecurityController',
+                ]
+            )
+                ->addExtraDependencies('doctrine')
+                ->addExtraDependencies('twig')
+                ->setFixtureFilesPath(__DIR__.'/../fixtures/MakeAuthenticatorLoginFormUserEntityNoEncoder')
+                ->configureDatabase()
+                ->updateSchemaAfterCommand(),
+        ];
+
         yield 'auth_login_form_user_not_entity' => [
             MakerTestDetails::createTest(
                 $this->getMakerInstance(MakeAuthenticator::class),
@@ -440,6 +459,26 @@ function (string $output, string $directory) {
                 ->setFixtureFilesPath(__DIR__.'/../fixtures/MakeAuthenticatorLoginFormUserNotEntity'),
         ];
 
+        yield 'auth_login_form_user_not_entity_no_encoder' => [
+            MakerTestDetails::createTest(
+                $this->getMakerInstance(MakeAuthenticator::class),
+                [
+                    // authenticator type => login-form
+                    1,
+                    // class name
+                    'AppCustomAuthenticator',
+                    // controller name
+                    'SecurityController',
+                    // user class
+                    'App\Security\User',
+                ]
+            )
+                ->addExtraDependencies('twig')
+                ->addExtraDependencies('doctrine/annotations')
+                ->addExtraDependencies('symfony/form')
+                ->setFixtureFilesPath(__DIR__.'/../fixtures/MakeAuthenticatorLoginFormUserNotEntityNoEncoder'),
+        ];
+
         yield 'auth_login_form_existing_controller' => [
             MakerTestDetails::createTest(
                 $this->getMakerInstance(MakeAuthenticator::class),

tests/Security/InteractiveSecurityHelperTest.php

@@ -124,13 +124,13 @@ public function getEntryPointTests()
     /**
      * @dataProvider getUserClassTests
      */
-    public function testGuessUserClass(array $securityData, string $expectedUserClass, bool $userClassAutomaticallyGuessed, string $providedClass = '')
+    public function testGuessUserClass(array $securityData, string $expectedUserClass, bool $userClassAutomaticallyGuessed)
     {
         /** @var SymfonyStyle|\PHPUnit_Framework_MockObject_MockObject $io */
         $io = $this->createMock(SymfonyStyle::class);
         $io->expects($this->exactly(true === $userClassAutomaticallyGuessed ? 0 : 1))
             ->method('ask')
-            ->willReturn($providedClass);
+            ->willReturn($expectedUserClass);
 
         $helper = new InteractiveSecurityHelper();
         $this->assertEquals(
@@ -143,22 +143,20 @@ public function getUserClassTests()
     {
         yield 'user_from_provider' => [
             ['app_provider' => ['entity' => ['class' => 'App\\Entity\\User']]],
-            '\\App\\Entity\\User',
+            'App\\Entity\\User',
             true,
         ];
 
         yield 'multiple_providers' => [
             ['provider_1' => ['id' => 'app.provider_1'], 'provider_2' => ['id' => 'app.provider_2']],
-            '\\App\\Entity\\User',
+            'App\\Entity\\User',
             false,
-            '\\App\\Entity\\User'
         ];
 
         yield 'no_provider' => [
             [[]],
-            '\\App\\Entity\\User',
+            'App\\Entity\\User',
             false,
-            'App\\Entity\\User'
         ];
     }
 }