[make:security:json-login] WIP #1246
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| * This file is part of the Symfony MakerBundle package. | ||
| * | ||
| * (c) Fabien Potencier <fabien@symfony.com> | ||
| * | ||
| * For the full copyright and license information, please view the LICENSE | ||
| * file that was distributed with this source code. | ||
| */ | ||
|
|
||
| namespace Symfony\Bundle\MakerBundle\Maker\Security; | ||
|
|
||
| use Doctrine\Bundle\DoctrineBundle\DoctrineBundle; | ||
| use Symfony\Bundle\MakerBundle\ConsoleStyle; | ||
| use Symfony\Bundle\MakerBundle\DependencyBuilder; | ||
| use Symfony\Bundle\MakerBundle\Exception\RuntimeCommandException; | ||
| use Symfony\Bundle\MakerBundle\FileManager; | ||
| use Symfony\Bundle\MakerBundle\Maker\AbstractMaker; | ||
| use Symfony\Bundle\MakerBundle\Security\InteractiveSecurityHelper; | ||
| use Symfony\Bundle\MakerBundle\Security\SecurityConfigUpdater; | ||
| use Symfony\Bundle\MakerBundle\Security\SecurityControllerBuilder; | ||
| use Symfony\Bundle\MakerBundle\Util\YamlSourceManipulator; | ||
| use Symfony\Bundle\MakerBundle\Validator; | ||
| use Symfony\Bundle\SecurityBundle\SecurityBundle; | ||
| use Symfony\Component\Console\Command\Command; | ||
| use Symfony\Component\Console\Input\InputInterface; | ||
| use Symfony\Component\Process\Process; | ||
| use Symfony\Component\Yaml\Yaml; | ||
|
|
||
| /** | ||
| * @author Jesse Rushlow <jr@rushlow.dev> | ||
| * | ||
| * @internal | ||
| */ | ||
| abstract class AbstractSecurityMaker extends AbstractMaker | ||
| { | ||
| protected const SECURITY_CONFIG_PATH = 'config/packages/security.yaml'; | ||
|
|
||
| protected YamlSourceManipulator $ysm; | ||
| protected string $securityControllerName; | ||
| protected string $firewallToUpdate; | ||
| protected string $userClass; | ||
| protected string $userNameField; | ||
| protected bool $willLogout; | ||
|
|
||
| public function __construct( | ||
| protected FileManager $fileManager, | ||
| protected SecurityConfigUpdater $securityConfigUpdater, | ||
| protected SecurityControllerBuilder $securityControllerBuilder, | ||
| ) { | ||
| } | ||
|
|
||
| public function configureDependencies(DependencyBuilder $dependencies): void | ||
| { | ||
| $dependencies->addClassDependency(SecurityBundle::class, 'security'); | ||
| $dependencies->addClassDependency(Process::class, 'process'); | ||
| $dependencies->addClassDependency(Yaml::class, 'yaml'); | ||
| $dependencies->addClassDependency(DoctrineBundle::class, 'orm'); | ||
| } | ||
|
|
||
| public function interact(InputInterface $input, ConsoleStyle $io, Command $command): void | ||
| { | ||
| if (!$this->fileManager->fileExists(self::SECURITY_CONFIG_PATH)) { | ||
| throw new RuntimeCommandException(sprintf('The file "%s" does not exist. PHP & XML configuration formats are currently not supported.', self::SECURITY_CONFIG_PATH)); | ||
| } | ||
|
|
||
| $this->securityControllerName = $io->ask( | ||
| 'Choose a name for the controller class (e.g. <fg=yellow>ApiLoginController</>)', | ||
| 'ApiLoginController', | ||
| [Validator::class, 'validateClassName'] | ||
| ); | ||
|
Member
There was a problem hiding this comment. This question and the suggestion of |
||
|
|
||
| $this->ysm = new YamlSourceManipulator($this->fileManager->getFileContents(self::SECURITY_CONFIG_PATH)); | ||
| $securityData = $this->ysm->getData(); | ||
|
|
||
| $securityHelper = new InteractiveSecurityHelper(); | ||
| $this->firewallToUpdate = $securityHelper->guessFirewallName($io, $securityData); | ||
| $this->userClass = $securityHelper->guessUserClass($io, $securityData['security']['providers']); | ||
| $this->userNameField = $securityHelper->guessUserNameField($io, $this->userClass, $securityData['security']['providers']); | ||
| $this->willLogout = $io->confirm('Do you want to generate a \'/logout\' URL?'); | ||
| } | ||
| } | ||
|
Collaborator
Author
There was a problem hiding this comment. We could probably find more repeated code between |
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,111 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| * This file is part of the Symfony MakerBundle package. | ||
| * | ||
| * (c) Fabien Potencier <fabien@symfony.com> | ||
| * | ||
| * For the full copyright and license information, please view the LICENSE | ||
| * file that was distributed with this source code. | ||
| */ | ||
|
|
||
| namespace Symfony\Bundle\MakerBundle\Maker\Security; | ||
|
|
||
| use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; | ||
| use Symfony\Bundle\MakerBundle\ConsoleStyle; | ||
| use Symfony\Bundle\MakerBundle\Generator; | ||
| use Symfony\Bundle\MakerBundle\InputConfiguration; | ||
| use Symfony\Bundle\MakerBundle\Util\ClassNameDetails; | ||
| use Symfony\Bundle\MakerBundle\Util\ClassSourceManipulator; | ||
| use Symfony\Bundle\MakerBundle\Util\UseStatementGenerator; | ||
| use Symfony\Component\Console\Command\Command; | ||
| use Symfony\Component\Console\Input\InputInterface; | ||
| use Symfony\Component\HttpFoundation\JsonResponse; | ||
| use Symfony\Component\HttpFoundation\Response; | ||
| use Symfony\Component\Routing\Annotation\Route; | ||
| use Symfony\Component\Security\Http\Attribute\CurrentUser; | ||
|
|
||
| /** | ||
| * Generate Form Login Security using SecurityBundle's Authenticator. | ||
| * | ||
| * @see https://symfony.com/doc/current/security.html#form-login | ||
| * | ||
| * @author Jesse Rushlow <jr@rushlow.dev> | ||
| * | ||
| * @internal | ||
| */ | ||
| final class MakeJsonLogin extends AbstractSecurityMaker | ||
| { | ||
| public static function getCommandName(): string | ||
| { | ||
| return 'make:security:json-login'; | ||
| } | ||
|
|
||
| public function configureCommand(Command $command, InputConfiguration $inputConfig): void | ||
| { | ||
| $command->setHelp(file_get_contents(\dirname(__DIR__, 2).'/Resources/help/security/MakeJsonLogin.txt')); | ||
| } | ||
|
|
||
| public static function getCommandDescription(): string | ||
| { | ||
| return 'Generate the code needed for the json_login authenticator'; | ||
| } | ||
|
|
||
| public function generate(InputInterface $input, ConsoleStyle $io, Generator $generator): void | ||
| { | ||
| $userClassDetails = new ClassNameDetails($this->userClass, ''); | ||
|
|
||
| $useStatements = new UseStatementGenerator([ | ||
| $userClassDetails->getFullName(), | ||
| AbstractController::class, | ||
| JsonResponse::class, | ||
| Response::class, | ||
| Route::class, | ||
| CurrentUser::class, | ||
| ]); | ||
|
|
||
| $controllerNameDetails = $generator->createClassNameDetails($this->securityControllerName, 'Controller\\', 'Controller'); | ||
|
|
||
| $controllerPath = $this->fileManager->getRelativePathForFutureClass($controllerNameDetails->getFullName()); | ||
|
|
||
| $controllerExists = $this->fileManager->fileExists($controllerPath); | ||
|
|
||
| if (!$controllerExists) { | ||
| $generator->generateController( | ||
| $controllerNameDetails->getFullName(), | ||
| 'EmptyController.tpl.php', | ||
| [ | ||
| 'use_statements' => $useStatements, | ||
| 'controller_name' => $controllerNameDetails->getShortName(), | ||
| ] | ||
| ); | ||
|
Member
There was a problem hiding this comment. This could be a new |
||
| } | ||
|
|
||
| $controllerSource = $controllerExists ? file_get_contents($controllerPath) : $generator->getFileContentsForPendingOperation($controllerPath); | ||
|
|
||
| $manipulator = new ClassSourceManipulator($controllerSource); | ||
|
|
||
| $this->securityControllerBuilder->addJsonLoginMethod($manipulator, $userClassDetails); | ||
|
|
||
| $securityData = $this->securityConfigUpdater->updateForJsonLogin($this->ysm->getContents(), $this->firewallToUpdate, 'app_api_login'); | ||
|
|
||
| if ($this->willLogout) { | ||
| $this->securityControllerBuilder->addLogoutMethod($manipulator); | ||
|
|
||
| $securityData = $this->securityConfigUpdater->updateForLogout($securityData, $this->firewallToUpdate); | ||
| } | ||
|
|
||
| $generator->dumpFile(self::SECURITY_CONFIG_PATH, $securityData); | ||
| $generator->dumpFile($controllerPath, $manipulator->getSourceCode()); | ||
|
|
||
| $generator->writeChanges(); | ||
|
|
||
| $this->writeSuccessMessage($io); | ||
|
|
||
| $io->text([ | ||
| 'Next: Make a <info>POST</info> request to <info>/api/login</info> with a <info>username</info> and <info>password</info> to login.', | ||
|
Member
There was a problem hiding this comment. The user also needs to set |
||
| 'Then: The security system intercepts the requests and authenticates the user.', | ||
| sprintf('And Finally: The <info>%s::apiLogin</info> method creates and returns a JsonResponse.', $controllerNameDetails->getShortName()), | ||
| ]); | ||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| The <info>%command.name%</info> command generates a controller to allow users to | ||
| login using the json_login authenticator. | ||
|
|
||
| The controller name, and logout ability can be customized by answering the | ||
| questions asked when running <info>%command.name%</info>. | ||
|
|
||
| This will also update your <info>security.yaml</info> for the new authenticator. | ||
|
|
||
| <info>php %command.full_name%</info> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| <?= "<?php\n" ?> | ||
|
|
||
| namespace <?= $namespace; ?>; | ||
|
|
||
| <?= $use_statements; ?> | ||
|
|
||
| class <?= $controller_name ?> extends AbstractController | ||
| { | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this actually needed?