Merge pull request #36 from crf-devs/feature/organization-authentication-layer

Make `Organization` usable as authenticated users

Author: hhamon

Diff for: config/packages/security.yaml

@@ -5,20 +5,43 @@ security:
             entity:
                 class: App\Entity\User
 
+        organizations:
+            entity:
+                class: App\Entity\Organization
+
     encoders:
-        App\Entity\User:
+        Symfony\Component\Security\Core\User\UserInterface:
             algorithm: auto
 
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
+
+        organizations:
+            pattern: ^/organizations
+            anonymous: lazy
+            provider: organizations
+            guard:
+                authenticators:
+                    - App\Security\OrganizationLoginFormAuthenticator
+
+            logout:
+                path: app_organization_logout
+                target: app_organization_index
+
+            remember_me:
+                secret:   '%kernel.secret%'
+                lifetime: 604800 # 1 week in seconds
+                path:     /
+
         main:
             anonymous: lazy
             provider: users
             guard:
                 authenticators:
-                    - App\Security\LoginFormAuthenticator
+                    - App\Security\UserLoginFormAuthenticator
+
             logout:
                 path: app_logout
                 target: user_home
@@ -29,5 +52,6 @@ security:
                 path:     /
 
     access_control:
-        - { path: ^/(user\/new|login)$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/(user\/new|login|organizations\/login)$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/organizations, roles: ROLE_ORGANIZATION }
         - { path: ^/, roles: ROLE_USER }

Diff for: config/routes.yaml

@@ -1,3 +1,4 @@
-#index:
-#    path: /
-#    controller: App\Controller\DefaultController::index
+_organizations:
+    resource: ../src/Controller/Organization/
+    type: annotation
+    prefix: /organizations

Diff for: config/services.yaml

@@ -46,6 +46,6 @@ services:
         arguments:
             $availableSkillSets: '%app.available_skill_sets%'
 
-    App\Security\LoginFormAuthenticator:
+    App\Security\UserLoginFormAuthenticator:
         arguments:
             $password: 'covid19'

Diff for: src/Controller/Organization/IndexController.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller\Organization;
+
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+
+/**
+ * @Route("", name="app_organization_index")
+ */
+final class IndexController extends AbstractController
+{
+    public function __invoke(): Response
+    {
+        return $this->render('organization/index.html.twig');
+    }
+}

Diff for: src/Controller/Organization/Security/LoginController.php

@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller\Organization\Security;
+
+use App\Repository\OrganizationRepository;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
+
+/**
+ * @Route("/login", name="app_organization_login")
+ */
+final class LoginController extends AbstractController
+{
+    private AuthenticationUtils $authenticationUtils;
+    private OrganizationRepository $organizationRepository;
+
+    public function __construct(AuthenticationUtils $authenticationUtils, OrganizationRepository $organizationRepository)
+    {
+        $this->authenticationUtils = $authenticationUtils;
+        $this->organizationRepository = $organizationRepository;
+    }
+
+    public function __invoke(): Response
+    {
+        return $this->render('organization/login.html.twig', [
+            'organizations' => $this->organizationRepository->loadActiveOrganizations(),
+            'last_username' => $this->authenticationUtils->getLastUsername(),
+            'error' => $this->authenticationUtils->getLastAuthenticationError(),
+        ]);
+    }
+}

Diff for: src/Controller/Organization/Security/LogoutController.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller\Organization\Security;
+
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+
+/**
+ * @Route("/logout", name="app_organization_logout")
+ */
+final class LogoutController extends AbstractController
+{
+    public function __invoke(): Response
+    {
+        throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
+    }
+}

Diff for: src/Controller/Security/LoginController.php

@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller\User\Security;
+
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
+
+/**
+ * @Route("/login", name="app_login")
+ */
+final class LoginController extends AbstractController
+{
+    private AuthenticationUtils $authenticationUtils;
+
+    public function __construct(AuthenticationUtils $authenticationUtils)
+    {
+        $this->authenticationUtils = $authenticationUtils;
+    }
+
+    public function __invoke(): Response
+    {
+        return $this->render('user/login.html.twig', [
+            'last_username' => $this->authenticationUtils->getLastUsername(),
+            'error' => $this->authenticationUtils->getLastAuthenticationError(),
+        ]);
+    }
+}

Diff for: src/Controller/User/Security/LoginController.php

@@ -2,17 +2,17 @@
 
 declare(strict_types=1);
 
-namespace App\Controller\Security;
+namespace App\Controller\User\Security;
 
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
+/**
+ * @Route("/logout", name="app_logout")
+ */
 final class LogoutController extends AbstractController
 {
-    /**
-     * @Route("/logout", name="app_logout")
-     */
     public function __invoke(): Response
     {
         throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');

Diff for: src/Controller/Security/LogoutController.php renamed to src/Controller/User/Security/LogoutController.php

@@ -10,6 +10,7 @@
 use App\Entity\UserAvailability;
 use Doctrine\Bundle\FixturesBundle\Fixture;
 use Doctrine\Persistence\ObjectManager;
+use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
 
 final class ApplicationFixtures extends Fixture
 {
@@ -35,10 +36,17 @@ final class ApplicationFixtures extends Fixture
     ];
 
     /** @var Organization[] */
-    private $organizations = [];
+    private array $organizations = [];
 
     /** @var User[] */
-    private $users = [];
+    private array $users = [];
+
+    private EncoderFactoryInterface $encoders;
+
+    public function __construct(EncoderFactoryInterface $encoders)
+    {
+        $this->encoders = $encoders;
+    }
 
     public function load(ObjectManager $manager): void
     {
@@ -52,12 +60,20 @@ public function load(ObjectManager $manager): void
 
     private function loadOrganizations(ObjectManager $manager): void
     {
-        $this->organizations['DT75'] = $main = new Organization(null, 'DT75');
+        // Yield same password for all organizations.
+        // Password generation can be expensive and time consuming.
+        $encoder = $this->encoders->getEncoder(Organization::class);
+        $password = $encoder->encodePassword('organization2020', null);
 
-        $manager->persist($main);
+        $this->addOrganization($this->makeOrganization('INACTIVE_ORG'));
+        $this->addOrganization($this->makeOrganization('DT75', $password));
 
         foreach (self::ORGANIZATIONS as $name) {
-            $this->organizations[$name] = $organization = new Organization(null, $name, $main);
+            $this->addOrganization($this->makeOrganization($name, $password, $this->organizations['DT75']));
+        }
+
+        // Persist all organizations
+        foreach ($this->organizations as $organization) {
             $manager->persist($organization);
         }
     }
@@ -139,4 +155,20 @@ private function loadUserAvailabilities(ObjectManager $manager): void
             }
         }
     }
+
+    private function makeOrganization(string $name, string $password = null, Organization $parent = null): Organization
+    {
+        $organization = new Organization(null, $name, $parent);
+
+        if ($password) {
+            $organization->password = $password;
+        }
+
+        return $organization;
+    }
+
+    private function addOrganization(Organization $organization): void
+    {
+        $this->organizations[$organization->name] = $organization;
+    }
 }

Diff for: src/DataFixtures/ApplicationFixtures.php

@@ -5,11 +5,17 @@
 namespace App\Entity;
 
 use Doctrine\ORM\Mapping as ORM;
+use Symfony\Component\Security\Core\User\UserInterface;
 
 /**
+ * @ORM\Table(
+ *   uniqueConstraints={
+ *     @ORM\UniqueConstraint(name="organisation_name_unique", columns={"name"})
+ *   }
+ * )
  * @ORM\Entity(repositoryClass="App\Repository\OrganizationRepository")
  */
-class Organization
+class Organization implements UserInterface
 {
     /**
      * @ORM\Id
@@ -48,4 +54,28 @@ public function __toString(): string
 
         return $this->name;
     }
+
+    public function getRoles(): array
+    {
+        return ['ROLE_ORGANIZATION'];
+    }
+
+    public function getPassword(): ?string
+    {
+        return $this->password;
+    }
+
+    public function getSalt(): ?string
+    {
+        return null;
+    }
+
+    public function getUsername(): string
+    {
+        return $this->name;
+    }
+
+    public function eraseCredentials(): void
+    {
+    }
 }

Diff for: src/Entity/Organization.php

@@ -0,0 +1,25 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+final class Version20200322144012 extends AbstractMigration
+{
+    public function up(Schema $schema): void
+    {
+        $this->abortIf('postgresql' !== $this->connection->getDatabasePlatform()->getName(), 'Migration can only be executed safely on \'postgresql\'.');
+
+        $this->addSql('CREATE UNIQUE INDEX organisation_name_unique ON organization (name)');
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->abortIf('postgresql' !== $this->connection->getDatabasePlatform()->getName(), 'Migration can only be executed safely on \'postgresql\'.');
+
+        $this->addSql('DROP INDEX organisation_name_unique');
+    }
+}

Diff for: src/Migrations/Version20200322144012.php

@@ -20,4 +20,24 @@ public function __construct(ManagerRegistry $registry)
     {
         parent::__construct($registry, Organization::class);
     }
+
+    public function loadUserByUsername(string $name): ?Organization
+    {
+        return $this->findOneBy(['name' => $name]);
+    }
+
+    /**
+     * @return Organization[]
+     */
+    public function loadActiveOrganizations(): array
+    {
+        $qb = $this->createQueryBuilder('o');
+
+        return $qb
+            ->where($qb->expr()->isNotNull('o.password'))
+            ->orderBy('o.name', 'ASC')
+            ->getQuery()
+            ->getResult()
+        ;
+    }
 }