[Form] Add hash_mapping option to PasswordType

Seb33300 · Seb33300 · commit 2724b72f310a · 2022-05-01T22:36:51.000+07:00
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -170,6 +170,7 @@
 use Symfony\Component\Notifier\Notifier;
 use Symfony\Component\Notifier\Recipient\Recipient;
 use Symfony\Component\Notifier\Transport\TransportFactoryInterface as NotifierTransportFactoryInterface;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasher;
 use Symfony\Component\PropertyAccess\PropertyAccessor;
 use Symfony\Component\PropertyInfo\Extractor\PhpDocExtractor;
 use Symfony\Component\PropertyInfo\Extractor\PhpStanExtractor;
@@ -723,6 +724,10 @@ private function registerFormConfiguration(array $config, ContainerBuilder $cont
                 ->clearTag('kernel.reset')
             ;
         }
+
+        if (!ContainerBuilder::willBeAvailable('symfony/security-bundle', UserPasswordHasher::class, [], true)) {
+            $container->removeDefinition('form.type_extension.password.password_hasher');
+        }
     }
 
     private function registerHttpCacheConfiguration(array $config, ContainerBuilder $container, bool $httpMethodOverride)
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.php b/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.php
@@ -18,11 +18,13 @@
 use Symfony\Component\Form\Extension\Core\Type\ColorType;
 use Symfony\Component\Form\Extension\Core\Type\FileType;
 use Symfony\Component\Form\Extension\Core\Type\FormType;
+use Symfony\Component\Form\Extension\Core\Type\PasswordType;
 use Symfony\Component\Form\Extension\Core\Type\SubmitType;
 use Symfony\Component\Form\Extension\Core\Type\TransformationFailureExtension;
 use Symfony\Component\Form\Extension\DependencyInjection\DependencyInjectionExtension;
 use Symfony\Component\Form\Extension\HttpFoundation\HttpFoundationRequestHandler;
 use Symfony\Component\Form\Extension\HttpFoundation\Type\FormTypeHttpFoundationExtension;
+use Symfony\Component\Form\Extension\PasswordHasher\Type\PasswordTypePasswordHasherExtension;
 use Symfony\Component\Form\Extension\Validator\Type\FormTypeValidatorExtension;
 use Symfony\Component\Form\Extension\Validator\Type\RepeatedTypeValidatorExtension;
 use Symfony\Component\Form\Extension\Validator\Type\SubmitTypeValidatorExtension;
@@ -144,5 +146,12 @@
                 param('validator.translation_domain'),
             ])
             ->tag('form.type_extension')
+
+        ->set('form.type_extension.password.password_hasher', PasswordTypePasswordHasherExtension::class)
+            ->args([
+                service('security.password_hasher'),
+                service('form.property_accessor'),
+            ])
+            ->tag('form.type_extension', ['extended-type' => PasswordType::class])
     ;
 };
diff --git a/src/Symfony/Component/Form/CHANGELOG.md b/src/Symfony/Component/Form/CHANGELOG.md
@@ -5,6 +5,7 @@ CHANGELOG
 ---
 
  * Add a `prototype_options` option to `CollectionType`
+ * Add a `hash_mapping` option to `PasswordType`
 
 6.0
 ---
diff --git a/src/Symfony/Component/Form/Extension/PasswordHasher/EventListener/PasswordHasherListener.php b/src/Symfony/Component/Form/Extension/PasswordHasher/EventListener/PasswordHasherListener.php
@@ -0,0 +1,61 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Form\Extension\PasswordHasher\EventListener;
+
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
+use Symfony\Component\Form\FormEvent;
+use Symfony\Component\Form\FormEvents;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\PropertyAccess\PropertyAccess;
+use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
+
+/**
+ * @author Sébastien Alfaiate <s.alfaiate@webarea.fr>
+ */
+class PasswordHasherListener implements EventSubscriberInterface
+{
+    private $passwordHasher;
+    private $propertyAccessor;
+
+    public function __construct(UserPasswordHasherInterface $passwordHasher, PropertyAccessorInterface $propertyAccessor = null)
+    {
+        $this->passwordHasher = $passwordHasher;
+        $this->propertyAccessor = $propertyAccessor ?? PropertyAccess::createPropertyAccessor();
+    }
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            FormEvents::SUBMIT => ['hashPassword', -256],
+        ];
+    }
+
+    public function hashPassword(FormEvent $event)
+    {
+        $form = $event->getForm();
+        $parentForm = $form->getParent();
+
+        if ($parentForm && $parentForm->getConfig()->getType()->getInnerType() instanceof RepeatedType) {
+            $parentForm = $parentForm->getParent();
+        }
+
+        if ($parentForm && ($user = $parentForm->getData()) && ($user instanceof PasswordAuthenticatedUserInterface)) {
+            $this->propertyAccessor->setValue(
+                $user,
+                $form->getConfig()->getOption('hash_mapping'),
+                $this->passwordHasher->hashPassword($user, $event->getData())
+            );
+        }
+    }
+}
diff --git a/src/Symfony/Component/Form/Extension/PasswordHasher/PasswordHasherExtension.php b/src/Symfony/Component/Form/Extension/PasswordHasher/PasswordHasherExtension.php
@@ -0,0 +1,44 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Form\Extension\PasswordHasher;
+
+use Symfony\Component\Form\AbstractExtension;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\PropertyAccess\PropertyAccess;
+use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
+
+/**
+ * Integrates the PasswordHasher component with the Form library.
+ *
+ * @author Sébastien Alfaiate <s.alfaiate@webarea.fr>
+ */
+class PasswordHasherExtension extends AbstractExtension
+{
+    private $passwordHasher;
+    private $propertyAccessor;
+
+    public function __construct(UserPasswordHasherInterface $passwordHasher, PropertyAccessorInterface $propertyAccessor = null)
+    {
+        $this->passwordHasher = $passwordHasher;
+        $this->propertyAccessor = $propertyAccessor ?? PropertyAccess::createPropertyAccessor();
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function loadTypeExtensions(): array
+    {
+        return [
+            new Type\PasswordTypePasswordHasherExtension($this->passwordHasher, $this->propertyAccessor),
+        ];
+    }
+}
diff --git a/src/Symfony/Component/Form/Extension/PasswordHasher/Type/PasswordTypePasswordHasherExtension.php b/src/Symfony/Component/Form/Extension/PasswordHasher/Type/PasswordTypePasswordHasherExtension.php
@@ -0,0 +1,68 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Form\Extension\PasswordHasher\Type;
+
+use Symfony\Component\Form\AbstractTypeExtension;
+use Symfony\Component\Form\Exception\InvalidConfigurationException;
+use Symfony\Component\Form\Extension\Core\Type\PasswordType;
+use Symfony\Component\Form\Extension\PasswordHasher\EventListener\PasswordHasherListener;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\PropertyAccess\PropertyAccess;
+use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
+
+/**
+ * @author Sébastien Alfaiate <s.alfaiate@webarea.fr>
+ */
+class PasswordTypePasswordHasherExtension extends AbstractTypeExtension
+{
+    private $passwordHasher;
+    private $propertyAccessor;
+
+    public function __construct(UserPasswordHasherInterface $passwordHasher, PropertyAccessorInterface $propertyAccessor = null)
+    {
+        $this->passwordHasher = $passwordHasher;
+        $this->propertyAccessor = $propertyAccessor ?? PropertyAccess::createPropertyAccessor();
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function buildForm(FormBuilderInterface $builder, array $options)
+    {
+        if ($options['hash_mapping']) {
+            if ($options['mapped']) {
+                throw new InvalidConfigurationException('The hash_mapping option cannot be used on mapped field.');
+            }
+            $builder->addEventSubscriber(new PasswordHasherListener($this->passwordHasher, $this->propertyAccessor));
+        }
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function configureOptions(OptionsResolver $resolver)
+    {
+        $resolver->setDefaults([
+            'hash_mapping' => null,
+        ]);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getExtendedTypes(): iterable
+    {
+        return [PasswordType::class];
+    }
+}
diff --git a/src/Symfony/Component/Form/Tests/Extension/PasswordHasher/Type/PasswordTypePasswordHasherExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/PasswordHasher/Type/PasswordTypePasswordHasherExtensionTest.php
@@ -0,0 +1,85 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Form\Tests\Extension\PasswordHasher\Type;
+
+use PHPUnit\Framework\MockObject\MockObject;
+use Symfony\Component\Form\Exception\InvalidConfigurationException;
+use Symfony\Component\Form\Extension\PasswordHasher\PasswordHasherExtension;
+use Symfony\Component\Form\Test\TypeTestCase;
+use Symfony\Component\Form\Tests\Fixtures\User;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+
+class PasswordTypePasswordHasherExtensionTest extends TypeTestCase
+{
+    /**
+     * @var MockObject&UserPasswordHasherInterface
+     */
+    protected $passwordHasher;
+
+    protected function setUp(): void
+    {
+        $this->passwordHasher = $this->createMock(UserPasswordHasherInterface::class);
+
+        parent::setUp();
+    }
+
+    protected function getExtensions()
+    {
+        return array_merge(parent::getExtensions(), [
+            new PasswordHasherExtension($this->passwordHasher),
+        ]);
+    }
+
+    public function testPasswordHashSuccess()
+    {
+        $user = new User();
+
+        $plainPassword = 'PlainPassword';
+        $hashedPassword = 'HashedPassword';
+
+        $this->passwordHasher->expects($this->once())
+            ->method('hashPassword')
+            ->with($user, $plainPassword)
+            ->willReturn($hashedPassword)
+        ;
+
+        $this->assertNull($user->getPassword());
+
+        $form = $this->factory
+            ->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', $user)
+            ->add('plainPassword', 'Symfony\Component\Form\Extension\Core\Type\PasswordType', [
+                'hash_mapping' => 'password',
+                'mapped' => false,
+            ])
+            ->getForm()
+        ;
+
+        $form->submit(['plainPassword' => $plainPassword]);
+
+        $this->assertSame($user->getPassword(), $hashedPassword);
+    }
+
+    public function testPasswordHashOnMappedFieldForbidden()
+    {
+        $this->expectException(InvalidConfigurationException::class);
+        $this->expectExceptionMessage('The hash_mapping option cannot be used on mapped field.');
+
+        $this->factory
+            ->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', new User())
+            ->add('password', 'Symfony\Component\Form\Extension\Core\Type\PasswordType', [
+                'hash_mapping' => 'password',
+                'mapped' => true,
+            ])
+            ->getForm()
+        ;
+    }
+}
diff --git a/src/Symfony/Component/Form/Tests/Fixtures/User.php b/src/Symfony/Component/Form/Tests/Fixtures/User.php
@@ -0,0 +1,31 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Form\Tests\Fixtures;
+
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
+
+class User implements PasswordAuthenticatedUserInterface
+{
+    private $password;
+
+    public function getPassword(): ?string
+    {
+        return $this->password;
+    }
+
+    public function setPassword(string $password): self
+    {
+        $this->password = $password;
+
+        return $this;
+    }
+}
diff --git a/src/Symfony/Component/Form/composer.json b/src/Symfony/Component/Form/composer.json
@@ -56,7 +56,8 @@
     "suggest": {
         "symfony/validator": "For form validation.",
         "symfony/security-csrf": "For protecting forms against CSRF attacks.",
-        "symfony/twig-bridge": "For templating with Twig."
+        "symfony/twig-bridge": "For templating with Twig.",
+        "symfony/password-hasher": "For password hashing."
     },
     "autoload": {
         "psr-4": { "Symfony\\Component\\Form\\": "" },

Original file line number	Diff line number	Diff line change
`@@ -170,6 +170,7 @@`
`170`	`170`	`use Symfony\Component\Notifier\Notifier;`
`171`	`171`	`use Symfony\Component\Notifier\Recipient\Recipient;`
`172`	`172`	`use Symfony\Component\Notifier\Transport\TransportFactoryInterface as NotifierTransportFactoryInterface;`
	`173`	`+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasher;`
`173`	`174`	`use Symfony\Component\PropertyAccess\PropertyAccessor;`
`174`	`175`	`use Symfony\Component\PropertyInfo\Extractor\PhpDocExtractor;`
`175`	`176`	`use Symfony\Component\PropertyInfo\Extractor\PhpStanExtractor;`
`@@ -723,6 +724,10 @@ private function registerFormConfiguration(array $config, ContainerBuilder $cont`
`723`	`724`	`->clearTag('kernel.reset')`
`724`	`725`	`;`
`725`	`726`	`}`
	`727`	`+`
	`728`	`+ if (!ContainerBuilder::willBeAvailable('symfony/security-bundle', UserPasswordHasher::class, [], true)) {`
	`729`	`+ $container->removeDefinition('form.type_extension.password.password_hasher');`
	`730`	`+ }`
`726`	`731`	`}`
`727`	`732`
`728`	`733`	`private function registerHttpCacheConfiguration(array $config, ContainerBuilder $container, bool $httpMethodOverride)`