Add authenticator : let the user chose which firewall to update

nikophil · nikophil · commit c63a86a2aa49 · 2018-09-06T16:13:36.000+02:00
diff --git a/src/Maker/MakeAuthenticator.php b/src/Maker/MakeAuthenticator.php
@@ -16,13 +16,17 @@
 use Symfony\Bundle\MakerBundle\FileManager;
 use Symfony\Bundle\MakerBundle\Generator;
 use Symfony\Bundle\MakerBundle\InputConfiguration;
+use Symfony\Bundle\MakerBundle\Security\InteractiveSecurityHelper;
 use Symfony\Bundle\MakerBundle\Security\SecurityConfigUpdater;
 use Symfony\Bundle\MakerBundle\Util\YamlManipulationFailedException;
 use Symfony\Bundle\MakerBundle\Util\YamlSourceManipulator;
 use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Exception\InvalidOptionException;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Bundle\SecurityBundle\SecurityBundle;
 use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Filesystem\Filesystem;
 
 /**
  * @author Ryan Weaver <ryan@knpuniversity.com>
@@ -53,6 +57,22 @@ public function configureCommand(Command $command, InputConfiguration $inputConf
         ;
     }
 
+    public function interact(InputInterface $input, ConsoleStyle $io, Command $command)
+    {
+        $fs = new Filesystem();
+
+        if (!$fs->exists($path = 'config/packages/security.yaml')) {
+            return;
+        }
+
+        $manipulator = new YamlSourceManipulator($this->fileManager->getFileContents($path));
+        $securityData = $manipulator->getData();
+
+        $interactiveSecurityHelper = new InteractiveSecurityHelper();
+        $command->addOption('firewall-name', null, InputOption::VALUE_OPTIONAL, '');
+        $interactiveSecurityHelper->guessFirewallName($input, $io, $securityData);
+    }
+
     public function generate(InputInterface $input, ConsoleStyle $io, Generator $generator)
     {
         $classNameDetails = $generator->createClassNameDetails(
@@ -66,14 +86,17 @@ public function generate(InputInterface $input, ConsoleStyle $io, Generator $gen
             []
         );
 
+        $securityYamlUpdated = false;
         $path = 'config/packages/security.yaml';
         if ($this->fileManager->fileExists($path)) {
             try {
                 $newYaml = $this->configUpdater->updateForAuthenticator(
                     $this->fileManager->getFileContents($path),
+                    $input->getOption('firewall-name'),
                     $classNameDetails->getFullName()
                 );
                 $generator->dumpFile($path, $newYaml);
+                $securityYamlUpdated = true;
             } catch (YamlManipulationFailedException $e) {
             }
         }
@@ -82,10 +105,11 @@ public function generate(InputInterface $input, ConsoleStyle $io, Generator $gen
 
         $this->writeSuccessMessage($io);
 
-        $io->text([
-            'Next: Customize your new authenticator.',
-            'Then, configure the "guard" key on your firewall to use it.',
-        ]);
+        $text = ['Next: Customize your new authenticator.'];
+        if (!$securityYamlUpdated) {
+            $text[] = 'Then, configure the "guard" key on your firewall to use it.';
+        }
+        $io->text($text);
     }
 
     public function configureDependencies(DependencyBuilder $dependencies)
diff --git a/src/Security/InteractiveSecurityHelper.php b/src/Security/InteractiveSecurityHelper.php
@@ -0,0 +1,44 @@
+<?php
+
+/*
+ * This file is part of the Symfony MakerBundle package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\MakerBundle\Security;
+
+use Symfony\Bundle\MakerBundle\ConsoleStyle;
+use Symfony\Component\Console\Input\InputInterface;
+
+/**
+ * @internal
+ */
+final class InteractiveSecurityHelper
+{
+    public function guessFirewallName(InputInterface $input, ConsoleStyle $io, array $securityData)
+    {
+        $firewalls = array_filter(
+            $securityData['security']['firewalls'],
+            function ($item) {
+                return !isset($item['security']) || true === $item['security'];
+            }
+        );
+
+        if (count($firewalls) < 2) {
+            if ($firewalls) {
+                $input->setOption('firewall-name', key($firewalls));
+            } else {
+                $input->setOption('firewall-name', 'main');
+            }
+
+            return;
+        }
+
+        $firewallName = $io->choice('Which firewall you want to update ?', array_keys($firewalls), key($firewalls));
+        $input->setOption('firewall-name', $firewallName);
+    }
+}
diff --git a/src/Security/SecurityConfigUpdater.php b/src/Security/SecurityConfigUpdater.php
@@ -48,7 +48,7 @@ public function updateForUserClass(string $yamlSource, UserClassConfiguration $u
         return $contents;
     }
 
-    public function updateForAuthenticator(string $yamlSource, string $authenticatorFQCN)
+    public function updateForAuthenticator(string $yamlSource, string $firewallName, string $userClass)
     {
         $this->manipulator = new YamlSourceManipulator($yamlSource);
 
@@ -60,18 +60,12 @@ public function updateForAuthenticator(string $yamlSource, string $authenticator
             $newData['security']['firewalls'] = [];
         }
 
-        $firewalls = array_filter(
-            $newData['security']['firewalls'],
-            function ($item) {
-                return !isset($item['security']) || true === $item['security'];
-            }
-        );
-
-        if (!$firewalls) {
-            $firewalls['main'] = ['anonymous' => true];
+        if (!isset($newData['security']['firewalls'][$firewallName])) {
+            $newData['security']['firewalls'][$firewallName] = [];
         }
 
-        $firewall = $firewalls['main'];
+        $firewall = $newData['security']['firewalls'][$firewallName];
+
         if (!isset($firewall['guard'])) {
             $firewall['guard'] = [];
         }
@@ -80,11 +74,14 @@ function ($item) {
             $firewall['guard']['authenticators'] = [];
         }
 
-        $firewall['guard']['authenticators'][] = $authenticatorFQCN;
+        $firewall['guard']['authenticators'][] = $userClass;
 
-        $newData['security']['firewalls']['main'] = $firewall;
-        $this->manipulator->setData($newData);
+        if (count($firewall['guard']['authenticators']) > 1) {
+            $firewall['guard']['entry_point'] = current($firewall['guard']['authenticators']);
+        }
 
+        $newData['security']['firewalls'][$firewallName] = $firewall;
+        $this->manipulator->setData($newData);
         $contents = $this->manipulator->getContents();
 
         return $contents;
diff --git a/tests/Maker/FunctionalTest.php b/tests/Maker/FunctionalTest.php
@@ -35,6 +35,7 @@
 use Symfony\Component\Finder\Finder;
 use Symfony\Component\HttpKernel\Kernel;
 use Symfony\Component\Routing\RouteCollectionBuilder;
+use Symfony\Component\Yaml\Yaml;
 
 class FunctionalTest extends MakerTestCase
 {
@@ -282,12 +283,63 @@ public function getCommandTests()
             ])
         ];
 
-        yield 'auth_empty' => [MakerTestDetails::createTest(
-            $this->getMakerInstance(MakeAuthenticator::class),
-            [
-                // class name
-                'AppCustomAuthenticator',
-            ])
+        yield 'auth_empty_one_firewall' => [
+            MakerTestDetails::createTest(
+                $this->getMakerInstance(MakeAuthenticator::class),
+                [
+                    // class name
+                    'AppCustomAuthenticator',
+                ]
+            )
+                ->addExtraDependencies('security')
+                ->setFixtureFilesPath(__DIR__.'/../fixtures/MakeAuthenticator')
+                ->setRequiredPhpVersion(70100)
+                ->assert(
+                    function (string $output, string $directory) {
+                        $this->assertContains('Success', $output);
+
+                        $finder = new Finder();
+                        $finder->in($directory.'/src/Security')
+                            ->name('AppCustomAuthenticator.php');
+                        $this->assertCount(1, $finder);
+
+                        $securityConfig = Yaml::parse(file_get_contents("$directory/config/packages/security.yaml"));
+                        $this->assertEquals(
+                            'App\\Security\\AppCustomAuthenticator',
+                            $securityConfig['security']['firewalls']['main']['guard']['authenticators'][0]
+                        );
+                    }
+                ),
+        ];
+
+        yield 'auth_empty_multiple_firewalls' => [
+            MakerTestDetails::createTest(
+                $this->getMakerInstance(MakeAuthenticator::class),
+                [
+                    // class name
+                    'AppCustomAuthenticator',
+                    1
+                ]
+            )
+                ->addExtraDependencies('security')
+                ->setFixtureFilesPath(__DIR__.'/../fixtures/MakeAuthenticatorMultipleFirewalls')
+                ->setRequiredPhpVersion(70100)
+                ->assert(
+                    function (string $output, string $directory) {
+                        $this->assertContains('Success', $output);
+
+                        $finder = new Finder();
+                        $finder->in($directory.'/src/Security')
+                            ->name('AppCustomAuthenticator.php');
+                        $this->assertCount(1, $finder);
+
+                        $securityConfig = Yaml::parse(file_get_contents("$directory/config/packages/security.yaml"));
+                        $this->assertEquals(
+                            'App\\Security\\AppCustomAuthenticator',
+                            $securityConfig['security']['firewalls']['second']['guard']['authenticators'][0]
+                        );
+                    }
+                ),
         ];
 
         yield 'user_security_entity_with_password' => [MakerTestDetails::createTest(
diff --git a/tests/Security/SecurityConfigUpdaterTest.php b/tests/Security/SecurityConfigUpdaterTest.php
@@ -67,4 +67,39 @@ public function getUserClassTests()
             'empty_security.yaml'
         ];
     }
+
+    /**
+     * @dataProvider getAuthenticatorTests
+     */
+    public function testUpdateForAuthenticator(string $firewallName, string $expectedSourceFilename, string $startingSourceFilename)
+    {
+        $updater = new SecurityConfigUpdater();
+        $source = file_get_contents(__DIR__.'/yaml_fixtures/source/'.$startingSourceFilename);
+        $actualSource = $updater->updateForAuthenticator($source, $firewallName, 'App\\Security\\AppCustomAuthenticator');
+        $expectedSource = file_get_contents(__DIR__.'/yaml_fixtures/expected_authenticator/'.$expectedSourceFilename);
+
+        $this->assertSame($expectedSource, $actualSource);
+    }
+
+    public function getAuthenticatorTests()
+    {
+        yield 'empty_source' => [
+            'main',
+            'empty_source.yaml',
+            'empty_security.yaml'
+        ];
+
+        // waiting for YamlSourceManipulator to be debugged
+//        yield 'empty_source' => [
+//            'main',
+//            'simple_security_source.yaml',
+//            'simple_security.yaml'
+//        ];
+
+        yield 'simple_security_with_firewalls' => [
+            'main',
+            'simple_security_with_firewalls.yaml',
+            'simple_security_with_firewalls.yaml'
+        ];
+    }
 }
diff --git a/tests/Security/yaml_fixtures/expected_authenticator/empty_source.yaml b/tests/Security/yaml_fixtures/expected_authenticator/empty_source.yaml
@@ -0,0 +1,5 @@
+security:
+    firewalls:
+        main:
+            guard:
+                authenticators: [App\Security\AppCustomAuthenticator]
diff --git a/tests/Security/yaml_fixtures/expected_authenticator/simple_security_source.yaml b/tests/Security/yaml_fixtures/expected_authenticator/simple_security_source.yaml
@@ -0,0 +1,8 @@
+security:
+    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
+    providers:
+        in_memory: { memory: ~ }
+
+    firewalls:
+        dev: ~
+        main: ~
diff --git a/tests/Security/yaml_fixtures/expected_authenticator/simple_security_with_firewalls.yaml b/tests/Security/yaml_fixtures/expected_authenticator/simple_security_with_firewalls.yaml
@@ -0,0 +1,14 @@
+security:
+    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
+    providers:
+        in_memory: { memory: ~ }
+
+    firewalls:
+        dev:
+            pattern: ^/(_(profiler|wdt)|css|images|js)/
+            security: false
+        main:
+            anonymous: true
+            guard:
+                authenticators:
+                    - App\Security\AppCustomAuthenticator
diff --git a/tests/Security/yaml_fixtures/source/simple_security_with_firewalls.yaml b/tests/Security/yaml_fixtures/source/simple_security_with_firewalls.yaml
@@ -0,0 +1,11 @@
+security:
+    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
+    providers:
+        in_memory: { memory: ~ }
+
+    firewalls:
+        dev:
+            pattern: ^/(_(profiler|wdt)|css|images|js)/
+            security: false
+        main:
+            anonymous: true
diff --git a/tests/fixtures/MakeAuthenticator/config/packages/security.yaml b/tests/fixtures/MakeAuthenticator/config/packages/security.yaml
@@ -0,0 +1,24 @@
+security:
+    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
+    providers:
+        in_memory: { memory: ~ }
+    firewalls:
+        dev:
+            pattern: ^/(_(profiler|wdt)|css|images|js)/
+            security: false
+        main:
+            anonymous: true
+
+            # activate different ways to authenticate
+
+            # http_basic: true
+            # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
+
+            # form_login: true
+            # https://symfony.com/doc/current/security/form_login_setup.html
+
+    # Easy way to control access for large sections of your site
+    # Note: Only the *first* access control that matches will be used
+    access_control:
+    # - { path: ^/admin, roles: ROLE_ADMIN }
+    # - { path: ^/profile, roles: ROLE_USER }
diff --git a/tests/fixtures/MakeAuthenticatorMultipleFirewalls/config/packages/security.yaml b/tests/fixtures/MakeAuthenticatorMultipleFirewalls/config/packages/security.yaml
@@ -0,0 +1,26 @@
+security:
+    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
+    providers:
+        in_memory: { memory: ~ }
+    firewalls:
+        dev:
+            pattern: ^/(_(profiler|wdt)|css|images|js)/
+            security: false
+        main:
+            anonymous: true
+        second:
+            anonymous: true
+
+            # activate different ways to authenticate
+
+            # http_basic: true
+            # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
+
+            # form_login: true
+            # https://symfony.com/doc/current/security/form_login_setup.html
+
+    # Easy way to control access for large sections of your site
+    # Note: Only the *first* access control that matches will be used
+    access_control:
+    # - { path: ^/admin, roles: ROLE_ADMIN }
+    # - { path: ^/profile, roles: ROLE_USER }
