symfony
diff --git a/‎src/Symfony/Bridge/Doctrine/Security/MagicLink/MagicLoginLinkTokenEntityTrait.php‎
Lines changed: 73 additions & 0 deletions b/‎src/Symfony/Bridge/Doctrine/Security/MagicLink/MagicLoginLinkTokenEntityTrait.php‎
Lines changed: 73 additions & 0 deletions
diff --git a/‎src/Symfony/Bridge/Doctrine/Security/MagicLink/MagicLoginLinkTokenRepositoryTrait.php‎
Lines changed: 74 additions & 0 deletions b/‎src/Symfony/Bridge/Doctrine/Security/MagicLink/MagicLoginLinkTokenRepositoryTrait.php‎
Lines changed: 74 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/UnusedTagsPass.php‎
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/UnusedTagsPass.php‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/MagicLinkLoginFactory.php‎
Lines changed: 127 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/MagicLinkLoginFactory.php‎
Lines changed: 127 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php‎
Lines changed: 4 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_magic_link.php‎
Lines changed: 49 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_magic_link.php‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/SecurityBundle.php‎
Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/SecurityBundle.php‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Exception/InvalidMagicLinkAuthenticationException.php‎
Lines changed: 28 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Exception/InvalidMagicLinkAuthenticationException.php‎
Lines changed: 28 additions & 0 deletions
@@ -0,0 +1,73 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bridge\Doctrine\Security\MagicLink;
+
+use Doctrine\ORM\Mapping as ORM;
+
+/**
+ * Trait that can be used by your entity to help implement StoredMagicLinkTokenInterface
+ *
+ * @author Ryan Weaver <ryan@symfonycasts.com>
+ */
+trait MagicLoginLinkTokenEntityTrait
+{
+    /**
+     * @ORM\Column(type="string", length=20)
+     */
+    private $selector;
+
+    /**
+     * @ORM\Column(type="string", length=100)
+     */
+    private $hashedVerifier;
+
+    /**
+     * @ORM\Column(type="datetime_immutable")
+     */
+    private $createdAt;
+
+    /**
+     * @ORM\Column(type="datetime_immutable")
+     */
+    private $expiresAt;
+
+    /**
+     * Call this from your constructor to initialize the fieds
+     */
+    private function initialize(\DateTimeInterface $expiresAt, string $selector, string $hashedVerifier)
+    {
+        $this->createdAt = new \DateTimeImmutable('now');
+        $this->expiresAt = $expiresAt;
+        $this->selector = $selector;
+        $this->hashedVerifier = $hashedVerifier;
+    }
+
+    public function getSelector()
+    {
+        return $this->selector;
+    }
+
+    public function getCreatedAt(): \DateTimeInterface
+    {
+        return $this->createdAt;
+    }
+
+    public function getExpiresAt(): \DateTimeInterface
+    {
+        return $this->expiresAt;
+    }
+
+    public function getHashedVerifier(): string
+    {
+        return $this->hashedVerifier;
+    }
+}
@@ -0,0 +1,74 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bridge\Doctrine\Security\MagicLink;
+
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\MagicLink\StoredMagicLinkTokenInterface;
+
+/**
+ * Trait that can be used on a Doctrine entity to help implement MagicLinkTokenStorageInterface.
+ *
+ * Using this trait requires following a few conventions:
+ *
+ *      A) Your repository needs a createMagicToken method that returns
+ *          a new instance of your entity:
+ *
+ *          private function createMagicToken(string $selector, string $hashedVerifier, UserInterface $user, \DateTimeInterface $expiresAt): StoredMagicLinkTokenInterface
+ *
+ *      B) Your entity needs a "selector" and "expiresAt" properties.
+ *
+ * @author Ryan Weaver <ryan@symfonycasts.com>
+ */
+trait MagicLoginLinkTokenRepositoryTrait
+{
+    public function storeToken(string $selector, string $hashedVerifier, UserInterface $user, \DateTimeInterface $expiresAt): void
+    {
+        if (!method_exists($this, 'createMagicToken')) {
+            throw new \LogicException(sprintf('In order to use MagicLinkRepositoryTrait, the class "%s" must either have a createMagicToken() or override the storeToken() method.', get_class($this)));
+        }
+
+        $magicLoginToken = $this->createMagicToken($selector, $hashedVerifier, $user, $expiresAt);
+
+        $this->getEntityManager()->persist($magicLoginToken);
+        $this->getEntityManager()->flush();
+    }
+
+    public function findToken(string $selector): ?StoredMagicLinkTokenInterface
+    {
+        return $this->findOneBy(['selector' => $selector]);
+    }
+
+    public function invalidateToken(string $selector): void
+    {
+        $this->createQueryBuilder('mlt')
+            ->delete()
+            ->where('mlt.selector = :selector')
+            ->setParameter('selector', $selector)
+            ->getQuery()
+            ->execute();
+    }
+
+    public function removeExpiredTokens(): void
+    {
+        // keep very-recently expired tokens so that you
+        // can show "token is expired" message if desired
+        $time = new \DateTimeImmutable('-1 day');
+        $query = $this->createQueryBuilder('mlt')
+            ->delete()
+            ->where('mlt.expiresAt <= :time')
+            ->setParameter('time', $time)
+            ->getQuery()
+        ;
+
+        $query->execute();
+    }
+}
@@ -74,6 +74,7 @@ class UnusedTagsPass implements CompilerPassInterface
         'routing.route_loader',
         'security.expression_language_provider',
         'security.remember_me_aware',
+        'security.authenticator.magic_linker',
         'security.voter',
         'serializer.encoder',
         'serializer.normalizer',
 
@@ -0,0 +1,127 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
+
+use Symfony\Component\Config\Definition\Builder\NodeBuilder;
+use Symfony\Component\Config\Definition\Builder\NodeDefinition;
+use Symfony\Component\Config\FileLocator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Loader\PhpFileLoader;
+use Symfony\Component\DependencyInjection\Reference;
+use Symfony\Component\Security\Http\MagicLink\MagicLinkTokenStorageInterface;
+use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
+use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
+
+/**
+ * @internal
+ */
+class MagicLinkLoginFactory extends AbstractFactory implements AuthenticatorFactoryInterface
+{
+    public function addConfiguration(NodeDefinition $node)
+    {
+        /** @var NodeBuilder $builder */
+        $builder = $node->children();
+
+        $builder
+            ->scalarNode('check_route')
+                ->isRequired()
+                ->info('Route that will validate the magic link - e.g. app_magic_link_verify')
+            ->end()
+            ->scalarNode('storage_service')
+                ->isRequired()
+                ->info(sprintf('A service id that implements %s', MagicLinkTokenStorageInterface::class))
+            ->end()
+            ->integerNode('lifetime')
+                ->defaultValue(1800)
+                ->info('The lifetime of the magic link in seconds')
+            ->end()
+            ->scalarNode('token_parameter')
+                ->defaultValue('token')
+            ->end()
+            ->scalarNode('success_handler')
+                ->info(sprintf('A service id that implements %s', AuthenticationSuccessHandlerInterface::class))
+            ->end()
+            ->scalarNode('failure_handler')
+                ->info(sprintf('A service id that implements %s', AuthenticationFailureHandlerInterface::class))
+            ->end()
+        ;
+
+        foreach (array_merge($this->defaultSuccessHandlerOptions, $this->defaultFailureHandlerOptions) as $name => $default) {
+            if (\is_bool($default)) {
+                $builder->booleanNode($name)->defaultValue($default);
+            } else {
+                $builder->scalarNode($name)->defaultValue($default);
+            }
+        }
+    }
+
+    public function getKey()
+    {
+        return 'magic-link';
+    }
+
+    public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
+    {
+        if (!$container->hasDefinition('security.authenticator.magic_link')) {
+            $loader = new PhpFileLoader($container, new FileLocator(\dirname(__DIR__).'/../../Resources/config'));
+            $loader->load('security_authenticator_magic_link.php');
+        }
+
+        $linkerId = 'security.authenticator.magic_login_linker.'.$firewallName;
+        $container
+            ->setDefinition($linkerId, new ChildDefinition('security.authenticator.abstract_magic_login_linker'))
+            ->replaceArgument(0, new Reference($config['storage_service']))
+            ->replaceArgument(3, $config['lifetime'])
+            ->replaceArgument(4, $config['check_route'])
+            ->addTag('security.authenticator.magic_linker', ['firewall' => $firewallName])
+        ;
+
+        $authenticatorId = 'security.authenticator.magic_link.'.$firewallName;
+        $container
+            ->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.magic_link'))
+            ->replaceArgument(0, new Reference($linkerId))
+            ->replaceArgument(2, new Reference($this->createAuthenticationSuccessHandler($container, $firewallName, $config)))
+            ->replaceArgument(3, new Reference($this->createAuthenticationFailureHandler($container, $firewallName, $config)))
+            ->replaceArgument(4, [
+                'check_route' => $config['check_route'],
+                'token_parameter' => $config['token_parameter'],
+            ]);
+
+        return $authenticatorId;
+    }
+
+    public function getPosition()
+    {
+        return 'form';
+    }
+
+    protected function createAuthProvider(ContainerBuilder $container, string $id, array $config, string $userProviderId)
+    {
+        throw new \Exception('The old authentication system is not supported with magic_link');
+    }
+
+    protected function getListenerId()
+    {
+        throw new \Exception('The old authentication system is not supported with magic_link');
+    }
+
+    protected function createListener(ContainerBuilder $container, string $id, array $config, string $userProvider)
+    {
+        throw new \Exception('The old authentication system is not supported with magic_link');
+    }
+
+    protected function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId)
+    {
+        throw new \Exception('The old authentication system is not supported with magic_link');
+    }
+}
@@ -20,6 +20,7 @@
 use Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\JsonLoginAuthenticator;
+use Symfony\Component\Security\Http\Authenticator\MagicLinkAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\RememberMeAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\RemoteUserAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\X509Authenticator;
@@ -31,6 +32,9 @@
 use Symfony\Component\Security\Http\EventListener\UserCheckerListener;
 use Symfony\Component\Security\Http\EventListener\UserProviderListener;
 use Symfony\Component\Security\Http\Firewall\AuthenticatorManagerListener;
+use Symfony\Component\Security\Http\MagicLink\FirewallAwareMagicLoginLinker;
+use Symfony\Component\Security\Http\MagicLink\MagicLoginLinker;
+use Symfony\Component\Security\Http\MagicLink\MagicLoginLinkerInterface;
 
 return static function (ContainerConfigurator $container) {
     $container->services()
 
@@ -0,0 +1,49 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\DependencyInjection\Loader\Configurator;
+
+use Symfony\Component\Security\Http\Authenticator\MagicLinkAuthenticator;
+use Symfony\Component\Security\Http\MagicLink\FirewallAwareMagicLoginLinker;
+use Symfony\Component\Security\Http\MagicLink\MagicLoginLinker;
+use Symfony\Component\Security\Http\MagicLink\MagicLoginLinkerInterface;
+
+return static function (ContainerConfigurator $container) {
+    $container->services()
+        ->set('security.authenticator.magic_link', MagicLinkAuthenticator::class)
+            ->abstract()
+            ->args([
+                abstract_arg('the magic login linker instance'),
+                service('security.http_utils'),
+                abstract_arg('authentication success handler'),
+                abstract_arg('authentication failure handler'),
+                abstract_arg('options'),
+            ])
+
+        ->set('security.authenticator.abstract_magic_login_linker', MagicLoginLinker::class)
+            ->abstract()
+            ->args([
+                abstract_arg('authenticatable token storage'),
+                service('router'),
+                '%kernel.secret%',
+                abstract_arg('lifetime'),
+                abstract_arg('route name'),
+            ])
+
+        ->set('security.authenticator.firewall_aware_magic_login_linker', FirewallAwareMagicLoginLinker::class)
+            ->args([
+                service('security.firewall.map'),
+                tagged_locator('security.authenticator.magic_linker', 'firewall'),
+                service('request_stack'),
+            ])
+        ->alias(MagicLoginLinkerInterface::class, 'security.authenticator.firewall_aware_magic_login_linker')
+    ;
+};
@@ -28,6 +28,7 @@
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\HttpBasicLdapFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\JsonLoginFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\JsonLoginLdapFactory;
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\MagicLinkLoginFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RememberMeFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RemoteUserFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\X509Factory;
@@ -64,6 +65,7 @@ public function build(ContainerBuilder $container)
         $extension->addSecurityListenerFactory(new GuardAuthenticationFactory());
         $extension->addSecurityListenerFactory(new AnonymousFactory());
         $extension->addSecurityListenerFactory(new CustomAuthenticatorFactory());
+        $extension->addSecurityListenerFactory(new MagicLinkLoginFactory());
 
         $extension->addUserProviderFactory(new InMemoryFactory());
         $extension->addUserProviderFactory(new LdapFactory());
 
@@ -0,0 +1,28 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Exception;
+
+/**
+ * Thrown when a magic link is invalid.
+ *
+ * @author Ryan Weaver <ryan@symfonycasts.com>
+ */
+class InvalidMagicLinkAuthenticationException extends AuthenticationException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function getMessageKey()
+    {
+        return 'Invalid or expired login link.';
+    }
+}