Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[make:registration] drop guard authentication support #1243

Merged
merged 9 commits into from Mar 4, 2024
Merged

[make:registration] drop guard authentication support #1243

merged 9 commits into from Mar 4, 2024

Conversation

jrushlow
Copy link
Collaborator

@jrushlow jrushlow commented Nov 28, 2022
edited

A wee bit late - but this pr drops the use of the old guard authenticators from 4.x

DX

  • login after registration:
    Previously we asked which firewall to use -> which authenticator, etc... Now we just grab all of the authenticators available and let the user choose in one question.

internally we iterate through all of the security.firewalls to looking for a built in authenticator or a custom_authenticator. If multiple choices are found, we ask the user which one to use. e.g.

image

If only 1 authenticator was found, obviously don't ask which one to use...

we support

custom_authenticator: App\My\Authenticator

&&

custom_authenticator:
    - App\My\Authenticator

Both of which appear to be valid way to declare a custom authenticator.

Under the hood

  • an Authenticator value object && a AuthenticatorType enum are introduced to get us away from passing around array's of array's of array's... Goal is to bring better visibility at a glance when reviewing code && get us closer to implementing static analysis without headaches..

  • we generate the code to login a user by calling Security::login($user, 'name_of_authenticator', 'name_of_firewall') in the template. Most users do not need the 3rd firewall parameter, but I'm pulling the "keep maintainers lives easier by writing less code" card. If this bug's folks, later, we can add in additional logic && conditionals to determine if there are multiple firewalls.

refs: SymfonyCasts/verify-email-bundle#126

@jrushlow jrushlow added Feature New Feature Status: Needs Work Additional work is needed labels Nov 28, 2022
@thobaier thobaier mentioned this pull request Feb 15, 2023
Closed
jrushlow
jrushlow commented Feb 28, 2024
View reviewed changes
src/Security/InteractiveSecurityHelper.php Outdated
}

foreach ($configData as $customAuthenticatorClass) {
// if (!class_exists($customAuthenticatorClass)) {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if we should check if the authenticator exists and that it implements AuthenticatorInterface::class. Doing so would be a bonus? but it would also require refactoring the test suite to implement a concrete CustomAuthenticatorFixture::class Thoughts?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm actually a bit lost in this method. We're looping over the keys under a firewall, right? And the first if statement with tryFrom will exit unless the key matches the specific set we have in AuthenticatorType, right? So then, $configData is represents the values beneath those keys. So if I have:

firewalls:
    main:
        form_login:
            path: /login

Won't $configData at this point be ['path' => '/login']? Or am I totally misreading the method?

@jrushlow jrushlow added Status: Needs Review Needs to be reviewed and removed Status: Needs Work Additional work is needed labels Feb 28, 2024
@jrushlow jrushlow marked this pull request as ready for review February 28, 2024 23:14
@jrushlow jrushlow changed the title WIP - [make:registration] drop guard authentication support [make:registration] drop guard authentication support Feb 28, 2024
weaverryan
weaverryan requested changes Mar 1, 2024
View reviewed changes
src/Maker/MakeRegistrationForm.php Outdated
'redirect_route_name' => $this->redirectRouteName,
'password_hasher_class_details' => $generator->createClassNameDetails(UserPasswordHasherInterface::class, '\\'),
'password_hasher_class_details' => $hasherDetails = $generator->createClassNameDetails(UserPasswordHasherInterface::class, '\\'),
'password_hasher_variable_name' => sprintf('$%s', lcfirst($hasherDetails->getShortName())),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this stuff still need to be dynamic?

Copy link
Collaborator Author

@jrushlow jrushlow Mar 1, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dunno, I thought it was a good idea 2 years ago :D I'll check haha If it doesn't - ill refactor the template before hitting the big ol merge button nope, i think i was going for "if they use another hasher interface..." but thats their problem to change the hasher signature here...

done

src/Security/InteractiveSecurityHelper.php Outdated
}

foreach ($configData as $customAuthenticatorClass) {
// if (!class_exists($customAuthenticatorClass)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm actually a bit lost in this method. We're looping over the keys under a firewall, right? And the first if statement with tryFrom will exit unless the key matches the specific set we have in AuthenticatorType, right? So then, $configData is represents the values beneath those keys. So if I have:

firewalls:
    main:
        form_login:
            path: /login

Won't $configData at this point be ['path' => '/login']? Or am I totally misreading the method?

jrushlow
jrushlow commented Mar 1, 2024
View reviewed changes
src/Security/InteractiveSecurityHelper.php
{
$authenticators = [];

foreach ($firewallConfig as $potentialAuthenticator => $configData) {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ahh... lost the review comment on push...

@weaverryan:
I'm actually a bit lost in this method. We're looping over the keys under a firewall, right? And the first if statement with tryFrom will exit unless the key matches the specific set we have in AuthenticatorType, right? So then, $configData is represents the values beneath those keys. So if I have:

firewalls:
    main:
        form_login:
            path: /login

Won't $configData at this point be ['path' => '/login']? Or am I totally misreading the method?

Copy link
Collaborator Author

@jrushlow jrushlow Mar 1, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no I think you're thinking 1 level too deep..

i refactored this to split up iterating over firewalls, the keys of firewalls (main, anotherFirewall), and the custom_authenticators

We pass in security.firewalls -> iterate over each key in firewalls to give us:

main:
    path: '/some-path'
    form_login:
        - option
        ....
    custom_authenticators:
        - some authenticator    
anotherFirewall:
dev:
test:

tryFrom($potentialAuthenticator) checks if the "key" is form_login, custom_authenticator, or path. If it is path, tryFrom() returns null and we continue.

Now $potentialAuthenticator is either form_login or custom_authenticator and $configData is the array of either of their stuff..

If its form_login, we create the value object and add it to authenticators[] otherwiser we now know that $potentialAuthenticator === 'custom_authenticator' and configData is either (string) MyCustom or [MyCustom, NotSureWhyYouCanHave2ButYouCan]

Atleast this is what im trying todo, but i could be missing something myself 🤕

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, it looks clear now 👍

jrushlow
jrushlow commented Mar 1, 2024
View reviewed changes
src/Security/InteractiveSecurityHelper.php
*
* @return Authenticator[]
*/
public function getAuthenticatorsFromConfig(array $firewalls): array
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getAuthenticatorsInFirewallsConfig?

weaverryan
weaverryan approved these changes Mar 1, 2024
View reviewed changes
Copy link
Member

@weaverryan weaverryan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If things are working, let's roll with this 👍

src/Security/InteractiveSecurityHelper.php
{
$authenticators = [];

foreach ($firewallConfig as $potentialAuthenticator => $configData) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, it looks clear now 👍

@jrushlow jrushlow merged commit cbf2646 into symfony:main Mar 4, 2024
6 checks passed
@jrushlow jrushlow deleted the refactor/make-reg branch March 4, 2024 06:08
@jrushlow jrushlow mentioned this pull request Mar 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weaverryan weaverryan weaverryan approved these changes

Assignees
No one assigned
Labels
Feature New Feature Status: Needs Review Needs to be reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jrushlow @weaverryan