Add a "me" query and modify login return type

Now that the "@type" annotation is supported in the interfaces, we can create a "me" query and modify the return type of the "login" query to return a `UserInterface`!

Author: moufmouf

Controller/GraphQL/LoginController.php

@@ -9,6 +9,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
 use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
+use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
 use TheCodingMachine\GraphQLite\Annotations\Mutation;
@@ -55,12 +56,12 @@ public function __construct(UserProviderInterface $userProvider, UserPasswordEnc
     /**
      * @Mutation()
      */
-    public function login(string $userName, string $password, Request $request): bool
+    public function login(string $userName, string $password, Request $request): UserInterface
     {
         try {
             $user = $this->userProvider->loadUserByUsername($userName);
         } catch (UsernameNotFoundException $e) {
-            // FIXME: should we return false instead???
+            // FIXME: should we return null instead???
             throw InvalidUserPasswordException::create($e);
         }
 
@@ -83,7 +84,7 @@ public function login(string $userName, string $password, Request $request): boo
         $event = new InteractiveLoginEvent($request, $token);
         $this->eventDispatcher->dispatch($event, 'security.interactive_login');
 
-        return true;
+        return $user;
     }
 
     /**

Controller/GraphQL/MeController.php

@@ -0,0 +1,51 @@
+<?php
+namespace TheCodingMachine\Graphqlite\Bundle\Controller\GraphQL;
+
+
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
+use TheCodingMachine\GraphQLite\Annotations\Mutation;
+use TheCodingMachine\GraphQLite\Annotations\Query;
+use TheCodingMachine\Graphqlite\Bundle\Types\BasicUser;
+
+class MeController
+{
+    /**
+     * @var TokenStorageInterface
+     */
+    private $tokenStorage;
+
+    public function __construct(TokenStorageInterface $tokenStorage)
+    {
+        $this->tokenStorage = $tokenStorage;
+    }
+
+    /**
+     * @Query()
+     */
+    public function me(): ?UserInterface
+    {
+        $token = $this->tokenStorage->getToken();
+        if ($token === null) {
+            return null;
+        }
+
+        $user = $this->tokenStorage->getToken()->getUser();
+
+        if (!$user instanceof UserInterface) {
+            // getUser() can be an object with a toString or a string
+            $userName = (string) $user;
+            $user = new BasicUser($userName);
+        }
+
+        return $user;
+    }
+}

DependencyInjection/Configuration.php

@@ -40,6 +40,7 @@ public function getConfigTreeBuilder()
             ->arrayNode('security')
                 ->children()
                 ->enumNode('enable_login')->values(['on', 'off', 'auto'])->defaultValue('auto')->info('Enable to automatically create a login/logout mutation. "on": enable, "auto": enable if security bundle is available.')->end()
+                ->enumNode('enable_me')->values(['on', 'off', 'auto'])->defaultValue('auto')->info('Enable to automatically create a "me" query to fetch the current user. "on": enable, "auto": enable if security bundle is available.')->end()
                 ->scalarNode('firewall_name')->defaultValue('main')->info('The name of the firewall to use for login')->end()
                 ->end()
             ->end()

DependencyInjection/GraphqliteCompilerPass.php

@@ -47,6 +47,7 @@
 use TheCodingMachine\GraphQLite\Annotations\Parameter;
 use TheCodingMachine\GraphQLite\Annotations\Query;
 use TheCodingMachine\Graphqlite\Bundle\Controller\GraphQL\LoginController;
+use TheCodingMachine\Graphqlite\Bundle\Controller\GraphQL\MeController;
 use TheCodingMachine\GraphQLite\FieldsBuilder;
 use TheCodingMachine\GraphQLite\FieldsBuilderFactory;
 use TheCodingMachine\GraphQLite\GraphQLException;
@@ -115,7 +116,6 @@ public function process(ContainerBuilder $container)
         // If the security is disabled, let's remove the LoginController
         if ($disableLogin === true) {
             $container->removeDefinition(LoginController::class);
-            $container->removeDefinition(AggregateControllerQueryProviderFactory::class);
         }
 
         if ($container->getParameter('graphqlite.security.enable_login') === 'on') {
@@ -132,6 +132,36 @@ public function process(ContainerBuilder $container)
             $provider = $container->findDefinition('security.firewall.map.config.'.$firewallName)->getArgument(5);
 
             $container->findDefinition(LoginController::class)->setArgument(0, new Reference($provider));
+
+            $this->registerController(LoginController::class, $container);
+        }
+
+        $disableMe = false;
+        if ($container->getParameter('graphqlite.security.enable_me') === 'auto'
+            && !$container->has(TokenStorageInterface::class)) {
+            $disableMe = true;
+        }
+        if ($container->getParameter('graphqlite.security.enable_me') === 'off') {
+            $disableMe = true;
+        }
+        // If the security is disabled, let's remove the LoginController
+        if ($disableMe === true) {
+            $container->removeDefinition(MeController::class);
+        }
+
+        if ($container->getParameter('graphqlite.security.enable_me') === 'on') {
+            if (!$container->has(TokenStorageInterface::class)) {
+                throw new GraphQLException('In order to enable the "me" query (via the graphqlite.security.enable_me parameter), you need to install the security bundle.');
+            }
+        }
+
+        if ($disableMe === false) {
+            $this->registerController(MeController::class, $container);
+        }
+
+        // Perf improvement: let's remove the AggregateControllerQueryProviderFactory if it is empty.
+        if (empty($container->findDefinition(AggregateControllerQueryProviderFactory::class)->getArgument(0))) {
+            $container->removeDefinition(AggregateControllerQueryProviderFactory::class);
         }
 
 
@@ -220,6 +250,14 @@ public function process(ContainerBuilder $container)
         $this->mapAdderToTag('graphql.type_mapper_factory', 'addTypeMapperFactory', $container, $schemaFactory);
     }
 
+    private function registerController(string $controllerClassName, ContainerBuilder $container): void
+    {
+        $aggregateQueryProvider = $container->findDefinition(AggregateControllerQueryProviderFactory::class);
+        $controllersList = $aggregateQueryProvider->getArgument(0);
+        $controllersList[] = $controllerClassName;
+        $aggregateQueryProvider->setArgument(0, $controllersList);
+    }
+
     /**
      * Register a method call on SchemaFactory for each tagged service, passing the service in parameter.
      *

DependencyInjection/GraphqliteExtension.php

@@ -55,10 +55,12 @@ public function load(array $configs, ContainerBuilder $container)
         }
 
         $enableLogin = $configs[0]['security']['enable_login'] ?? 'auto';
+        $enableMe = $configs[0]['security']['enable_me'] ?? 'auto';
 
         $container->setParameter('graphqlite.namespace.controllers', $namespaceController);
         $container->setParameter('graphqlite.namespace.types', $namespaceType);
         $container->setParameter('graphqlite.security.enable_login', $enableLogin);
+        $container->setParameter('graphqlite.security.enable_me', $enableMe);
         $container->setParameter('graphqlite.security.firewall_name', $configs[0]['security']['firewall_name'] ?? 'main');
 
         $loader->load('graphqlite.xml');

Resources/config/container/graphqlite.xml

@@ -20,6 +20,11 @@
             <call method="setAuthorizationService">
                 <argument type="service" id="TheCodingMachine\GraphQLite\Security\AuthorizationServiceInterface" />
             </call>
+            <!-- Ideally, we would not need to go through the GlobTypeMapper for types in packages. We shoul
+             have the opportunity to add types / models through another class (like the AggregateControllerQueryProviderFactory for queries) -->
+            <call method="addTypeNamespace">
+                <argument type="string">TheCodingMachine\Graphqlite\Bundle\Types</argument>
+            </call>
         </service>
 
         <service id="TheCodingMachine\GraphQLite\Schema" public="true">
@@ -30,7 +35,6 @@
 
         <service id="TheCodingMachine\GraphQLite\AggregateControllerQueryProviderFactory">
             <argument type="collection">
-                <argument>TheCodingMachine\Graphqlite\Bundle\Controller\GraphQL\LoginController</argument>
             </argument>
             <tag name="graphql.queryprovider_factory" />
         </service>
@@ -77,5 +81,9 @@
         <service id="TheCodingMachine\Graphqlite\Bundle\Controller\GraphQL\LoginController" public="true">
             <argument key="$firewallName">%graphqlite.security.firewall_name%</argument>
         </service>
+
+        <service id="TheCodingMachine\Graphqlite\Bundle\Controller\GraphQL\MeController" public="true" />
+
+        <service id="TheCodingMachine\Graphqlite\Bundle\Types\UserType" public="true"/>
     </services>
 </container>

Tests/FunctionalTest.php

@@ -220,7 +220,9 @@ public function testLoginQuery(): void
 
         $request = Request::create('/graphql', 'POST', ['query' => '
         mutation login { 
-          login(userName: "foo", password: "bar")
+          login(userName: "foo", password: "bar") {
+            userName
+          }
         }']);
 
         $response = $kernel->handle($request);
@@ -229,9 +231,34 @@ public function testLoginQuery(): void
 
         $this->assertSame([
             'data' => [
-                'login' => true
+                'login' => [
+                    'userName' => 'foo'
+                ]
             ]
         ], $result);
+
+        $request = Request::create('/graphql', 'POST', ['query' => '
+        {
+          me {
+            userName
+            roles
+          }
+        }
+        ']);
+
+        $response = $kernel->handle($request);
+
+        $result = json_decode($response->getContent(), true);
+
+        $this->assertSame([
+            'data' => [
+                'me' => [
+                    'userName' => 'foo',
+                    'roles' => [],
+                ]
+            ]
+        ], $result);
+
     }
 
     public function testNoLoginNoSessionQuery(): void
@@ -241,7 +268,9 @@ public function testNoLoginNoSessionQuery(): void
 
         $request = Request::create('/graphql', 'POST', ['query' => '
         mutation login { 
-          login(userName: "foo", password: "bar")
+          login(userName: "foo", password: "bar") {
+            userName
+          }
         }']);
 
         $response = $kernel->handle($request);

Types/BasicUser.php

@@ -0,0 +1,87 @@
+<?php
+
+
+namespace TheCodingMachine\Graphqlite\Bundle\Types;
+
+use TheCodingMachine\GraphQLite\Annotations\Field;
+use TheCodingMachine\GraphQLite\Annotations\SourceField;
+use TheCodingMachine\GraphQLite\Annotations\Type;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class BasicUser implements UserInterface
+{
+    /**
+     * @var string
+     */
+    private $name;
+
+    public function __construct(string $name)
+    {
+        $this->name = $name;
+    }
+
+    /**
+     * Returns the roles granted to the user.
+     *
+     *     public function getRoles()
+     *     {
+     *         return ['ROLE_USER'];
+     *     }
+     *
+     * Alternatively, the roles might be stored on a ``roles`` property,
+     * and populated in any number of different ways when the user object
+     * is created.
+     *
+     * @return (Role|string)[] The user roles
+     */
+    public function getRoles()
+    {
+        return [];
+    }
+
+    /**
+     * Returns the password used to authenticate the user.
+     *
+     * This should be the encoded password. On authentication, a plain-text
+     * password will be salted, encoded, and then compared to this value.
+     *
+     * @return string The password
+     */
+    public function getPassword()
+    {
+        throw new \RuntimeException('getPassword is not implemented by BasicUser');
+    }
+
+    /**
+     * Returns the salt that was originally used to encode the password.
+     *
+     * This can return null if the password was not encoded using a salt.
+     *
+     * @return string|null The salt
+     */
+    public function getSalt()
+    {
+        throw new \RuntimeException('getSalt is not implemented by BasicUser');
+    }
+
+    /**
+     * Returns the username used to authenticate the user.
+     *
+     * @return string The username
+     */
+    public function getUsername()
+    {
+        return $this->name;
+    }
+
+    /**
+     * Removes sensitive data from the user.
+     *
+     * This is important if, at any given point, sensitive information like
+     * the plain-text password is stored on this object.
+     */
+    public function eraseCredentials()
+    {
+        throw new \RuntimeException('eraseCredentials is not implemented by BasicUser');
+    }
+}

Types/UserType.php

@@ -0,0 +1,29 @@
+<?php
+
+
+namespace TheCodingMachine\Graphqlite\Bundle\Types;
+
+use TheCodingMachine\GraphQLite\Annotations\Field;
+use TheCodingMachine\GraphQLite\Annotations\SourceField;
+use TheCodingMachine\GraphQLite\Annotations\Type;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * @Type(class=UserInterface::class)
+ * @SourceField(name="userName")
+ */
+class UserType
+{
+    /**
+     * @Field()
+     * @return string[]
+     */
+    public function getRoles(UserInterface $user): array
+    {
+        $roles = [];
+        foreach ($user->getRoles() as $role) {
+            $roles[] = (string) $role;
+        }
+        return $roles;
+    }
+}