首頁 探索 說明
登入
dima
/
balticrest
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: 8967e8d364
分支列表 標籤列表
balticrest
/
vendor
/
symfony
/
security-bundle
/
Command
/
UserPasswordEncoderCommand.php

UserPasswordEncoderCommand.php 7.2 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of the Symfony package.
    5. 

  5.  *
    6. 

  6.  * (c) Fabien Potencier <fabien@symfony.com>
    7. 

  7.  *
    8. 

  8.  * For the full copyright and license information, please view the LICENSE
    9. 

  9.  * file that was distributed with this source code.
    10. 

  10.  */
    11. 

  11. 

  12. namespace Symfony\Bundle\SecurityBundle\Command;
    13. 

  13. 

  14. use Symfony\Component\Console\Command\Command;
    15. 

  15. use Symfony\Component\Console\Exception\InvalidArgumentException;
    16. 

  16. use Symfony\Component\Console\Exception\RuntimeException;
    17. 

  17. use Symfony\Component\Console\Input\InputArgument;
    18. 

  18. use Symfony\Component\Console\Input\InputInterface;
    19. 

  19. use Symfony\Component\Console\Input\InputOption;
    20. 

  20. use Symfony\Component\Console\Output\ConsoleOutputInterface;
    21. 

  21. use Symfony\Component\Console\Output\OutputInterface;
    22. 

  22. use Symfony\Component\Console\Question\Question;
    23. 

  23. use Symfony\Component\Console\Style\SymfonyStyle;
    24. 

  24. use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
    25. 

  25. use Symfony\Component\Security\Core\Encoder\SelfSaltingEncoderInterface;
    26. 

  26. 

  27. /**
    28. 

  28.  * Encode a user's password.
    29. 

  29.  *
    30. 

  30.  * @author Sarah Khalil <mkhalil.sarah@gmail.com>
    31. 

  31.  *
    32. 

  32.  * @final
    33. 

  33.  */
    34. 

  34. class UserPasswordEncoderCommand extends Command
    35. 

  35. {
    36. 

  36.     protected static $defaultName = 'security:encode-password';
    37. 

  37. 

  38.     private $encoderFactory;
    39. 

  39.     private $userClasses;
    40. 

  40. 

  41.     public function __construct(EncoderFactoryInterface $encoderFactory, array $userClasses = [])
    42. 

  42.     {
    43. 

  43.         $this->encoderFactory = $encoderFactory;
    44. 

  44.         $this->userClasses = $userClasses;
    45. 

  45. 

  46.         parent::__construct();
    47. 

  47.     }
    48. 

  48. 

  49.     /**
    50. 

  50.      * {@inheritdoc}
    51. 

  51.      */
    52. 

  52.     protected function configure()
    53. 

  53.     {
    54. 

  54.         $this
    55. 

  55.             ->setDescription('Encode a password')
    56. 

  56.             ->addArgument('password', InputArgument::OPTIONAL, 'The plain password to encode.')
    57. 

  57.             ->addArgument('user-class', InputArgument::OPTIONAL, 'The User entity class path associated with the encoder used to encode the password.')
    58. 

  58.             ->addOption('empty-salt', null, InputOption::VALUE_NONE, 'Do not generate a salt or let the encoder generate one.')
    59. 

  59.             ->setHelp(<<<EOF
    60. 

  60. 

  61. The <info>%command.name%</info> command encodes passwords according to your
    62. 

  62. security configuration. This command is mainly used to generate passwords for
    63. 

  63. the <comment>in_memory</comment> user provider type and for changing passwords
    64. 

  64. in the database while developing the application.
    65. 

  65. 

  66. Suppose that you have the following security configuration in your application:
    67. 

  67. 

  68. <comment>
    69. 

  69. # app/config/security.yml
    70. 

  70. security:
    71. 

  71.     encoders:
    72. 

  72.         Symfony\Component\Security\Core\User\User: plaintext
    73. 

  73.         App\Entity\User: auto
    74. 

  74. </comment>
    75. 

  75. 

  76. If you execute the command non-interactively, the first available configured
    77. 

  77. user class under the <comment>security.encoders</comment> key is used and a random salt is
    78. 

  78. generated to encode the password:
    79. 

  79. 

  80.   <info>php %command.full_name% --no-interaction [password]</info>
    81. 

  81. 

  82. Pass the full user class path as the second argument to encode passwords for
    83. 

  83. your own entities:
    84. 

  84. 

  85.   <info>php %command.full_name% --no-interaction [password] 'App\Entity\User'</info>
    86. 

  86. 

  87. Executing the command interactively allows you to generate a random salt for
    88. 

  88. encoding the password:
    89. 

  89. 

  90.   <info>php %command.full_name% [password] 'App\Entity\User'</info>
    91. 

  91. 

  92. In case your encoder doesn't require a salt, add the <comment>empty-salt</comment> option:
    93. 

  93. 

  94.   <info>php %command.full_name% --empty-salt [password] 'App\Entity\User'</info>
    95. 

  95. 

  96. EOF
    97. 

  97.             )
    98. 

  98.         ;
    99. 

  99.     }
    100. 

  100. 

  101.     /**
    102. 

  102.      * {@inheritdoc}
    103. 

  103.      */
    104. 

  104.     protected function execute(InputInterface $input, OutputInterface $output): int
    105. 

  105.     {
    106. 

  106.         $io = new SymfonyStyle($input, $output);
    107. 

  107.         $errorIo = $output instanceof ConsoleOutputInterface ? new SymfonyStyle($input, $output->getErrorOutput()) : $io;
    108. 

  108. 

  109.         $input->isInteractive() ? $errorIo->title('Symfony Password Encoder Utility') : $errorIo->newLine();
    110. 

  110. 

  111.         $password = $input->getArgument('password');
    112. 

  112.         $userClass = $this->getUserClass($input, $io);
    113. 

  113.         $emptySalt = $input->getOption('empty-salt');
    114. 

  114. 

  115.         $encoder = $this->encoderFactory->getEncoder($userClass);
    116. 

  116.         $saltlessWithoutEmptySalt = !$emptySalt && $encoder instanceof SelfSaltingEncoderInterface;
    117. 

  117. 

  118.         if ($saltlessWithoutEmptySalt) {
    119. 

  119.             $emptySalt = true;
    120. 

  120.         }
    121. 

  121. 

  122.         if (!$password) {
    123. 

  123.             if (!$input->isInteractive()) {
    124. 

  124.                 $errorIo->error('The password must not be empty.');
    125. 

  125. 

  126.                 return 1;
    127. 

  127.             }
    128. 

  128.             $passwordQuestion = $this->createPasswordQuestion();
    129. 

  129.             $password = $errorIo->askQuestion($passwordQuestion);
    130. 

  130.         }
    131. 

  131. 

  132.         $salt = null;
    133. 

  133. 

  134.         if ($input->isInteractive() && !$emptySalt) {
    135. 

  135.             $emptySalt = true;
    136. 

  136. 

  137.             $errorIo->note('The command will take care of generating a salt for you. Be aware that some encoders advise to let them generate their own salt. If you\'re using one of those encoders, please answer \'no\' to the question below. '.\PHP_EOL.'Provide the \'empty-salt\' option in order to let the encoder handle the generation itself.');
    138. 

  138. 

  139.             if ($errorIo->confirm('Confirm salt generation ?')) {
    140. 

  140.                 $salt = $this->generateSalt();
    141. 

  141.                 $emptySalt = false;
    142. 

  142.             }
    143. 

  143.         } elseif (!$emptySalt) {
    144. 

  144.             $salt = $this->generateSalt();
    145. 

  145.         }
    146. 

  146. 

  147.         $encodedPassword = $encoder->encodePassword($password, $salt);
    148. 

  148. 

  149.         $rows = [
    150. 

  150.             ['Encoder used', \get_class($encoder)],
    151. 

  151.             ['Encoded password', $encodedPassword],
    152. 

  152.         ];
    153. 

  153.         if (!$emptySalt) {
    154. 

  154.             $rows[] = ['Generated salt', $salt];
    155. 

  155.         }
    156. 

  156.         $io->table(['Key', 'Value'], $rows);
    157. 

  157. 

  158.         if (!$emptySalt) {
    159. 

  159.             $errorIo->note(sprintf('Make sure that your salt storage field fits the salt length: %s chars', \strlen($salt)));
    160. 

  160.         } elseif ($saltlessWithoutEmptySalt) {
    161. 

  161.             $errorIo->note('Self-salting encoder used: the encoder generated its own built-in salt.');
    162. 

  162.         }
    163. 

  163. 

  164.         $errorIo->success('Password encoding succeeded');
    165. 

  165. 

  166.         return 0;
    167. 

  167.     }
    168. 

  168. 

  169.     /**
    170. 

  170.      * Create the password question to ask the user for the password to be encoded.
    171. 

  171.      */
    172. 

  172.     private function createPasswordQuestion(): Question
    173. 

  173.     {
    174. 

  174.         $passwordQuestion = new Question('Type in your password to be encoded');
    175. 

  175. 

  176.         return $passwordQuestion->setValidator(function ($value) {
    177. 

  177.             if ('' === trim($value)) {
    178. 

  178.                 throw new InvalidArgumentException('The password must not be empty.');
    179. 

  179.             }
    180. 

  180. 

  181.             return $value;
    182. 

  182.         })->setHidden(true)->setMaxAttempts(20);
    183. 

  183.     }
    184. 

  184. 

  185.     private function generateSalt(): string
    186. 

  186.     {
    187. 

  187.         return base64_encode(random_bytes(30));
    188. 

  188.     }
    189. 

  189. 

  190.     private function getUserClass(InputInterface $input, SymfonyStyle $io): string
    191. 

  191.     {
    192. 

  192.         if (null !== $userClass = $input->getArgument('user-class')) {
    193. 

  193.             return $userClass;
    194. 

  194.         }
    195. 

  195. 

  196.         if (empty($this->userClasses)) {
    197. 

  197.             throw new RuntimeException('There are no configured encoders for the "security" extension.');
    198. 

  198.         }
    199. 

  199. 

  200.         if (!$input->isInteractive() || 1 === \count($this->userClasses)) {
    201. 

  201.             return reset($this->userClasses);
    202. 

  202.         }
    203. 

  203. 

  204.         $userClasses = $this->userClasses;
    205. 

  205.         natcasesort($userClasses);
    206. 

  206.         $userClasses = array_values($userClasses);
    207. 

  207. 

  208.         return $io->choice('For which user class would you like to encode a password?', $userClasses, reset($userClasses));
    209. 

  209.     }
    210. 

  210. }
    211.