Ref #320: replaced all PasswordEncoder with passwordHasher

LUCILE-DECROZANT-TRIQUENAUX-EIRL · Jun 10, 2023 · edb7fbb · edb7fbb
1 parent 3a929ff
commit edb7fbb
Show file tree

Hide file tree

Showing 8 changed files with 62 additions and 68 deletions.
diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
@@ -1,14 +1,15 @@
 framework:
     secret: '%env(APP_SECRET)%'
     #csrf_protection: true
-    #http_method_override: true
+    http_method_override: false
 
     # Enables session support. Note that the session will ONLY be started if you read or write from it.
     # Remove or comment this section to explicitly disable session support.
     session:
-        handler_id: ~
+        handler_id: null
         cookie_secure: auto
         cookie_samesite: lax
+        storage_factory_id: session.storage.factory.native
 
     #esi: true
     #fragments: true

diff --git a/src/Controller/MemberController.php b/src/Controller/MemberController.php
@@ -6,23 +6,22 @@
 
 namespace App\Controller;
 
-use App\Entity\User;
 use App\Entity\People;
 use App\Entity\PeopleType;
 use App\Entity\Address;
-use App\Entity\Receipt;
 use App\Form\MemberType;
 use App\Form\GenerateTaxReceiptFromYearType;
 use App\FormDataObject\GenerateTaxReceiptFromYearFDO;
-use App\Service\ReceiptService;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
-use Symfony\Component\Form\FormError;
 use App\FormDataObject\UpdateMemberDataFDO;
+use App\Repository\PeopleRepository;
+use App\Repository\PeopleTypeRepository;
+use App\Repository\ReceiptRepository;
+use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Contracts\Translation\TranslatorInterface;
 
 
@@ -39,10 +38,9 @@ class MemberController extends AbstractController {
      * @Route(path="/", name="member_list", methods={"GET"})
      * @Security("is_granted('ROLE_GESTION')")
      */
-    public function listAction() {
-        $em = $this->getDoctrine()->getManager();
+    public function list(PeopleRepository $peopleRepository) {
 
-        $people = $em->getRepository(People::class)->findWithActiveMembership();
+        $people = $peopleRepository->findWithActiveMembership();
 
         $deleteForms = [];
         foreach ($people as $individual) {
@@ -60,15 +58,13 @@ public function listAction() {
      * Creates a new person entity.
      * @return views
      * @param Request $request The request.
-     * @param UserPasswordEncoderInterface $passwordEncoder Encodes the password.
+     * @param EntityManagerInterface $entityManager
      * @Route("/new", name="member_create", methods={"GET", "POST"})
      * @Security("is_granted('ROLE_GESTION')")
      */
-    public function createAction(Request $request, UserPasswordEncoderInterface $passwordEncoder, TranslatorInterface $translator) {
+    public function create(Request $request, TranslatorInterface $translator, EntityManagerInterface $entityManager) {
         $updateMemberDataFDO = new UpdateMemberDataFDO();
 
-        $em = $this->getDoctrine()->getManager();
-
         $form = $this->createForm(MemberType::class, $updateMemberDataFDO);
         $form->handleRequest($request);
 
@@ -80,7 +76,7 @@ public function createAction(Request $request, UserPasswordEncoderInterface $pas
             $member->setFirstName($updateMemberDataFDO->getFirstName());
             $member->setLastName($updateMemberDataFDO->getLastName());
 
-            $type = $em->getRepository(PeopleType::class)->findOneBy([
+            $type = $entityManager->getRepository(PeopleType::class)->findOneBy([
                 'code' => PeopleType::CONTACT_CODE,
             ]);
             if ($updateMemberDataFDO->isContact())
@@ -92,7 +88,7 @@ public function createAction(Request $request, UserPasswordEncoderInterface $pas
                 $member->removeType($type);
             }
 
-            $typeSocialPole = $em->getRepository(PeopleType::class)->findOneBy([
+            $typeSocialPole = $entityManager->getRepository(PeopleType::class)->findOneBy([
                 'code' => PeopleType::SOCIAL_POLE_CODE,
             ]);
             if ($updateMemberDataFDO->needHelp())
@@ -152,9 +148,9 @@ public function createAction(Request $request, UserPasswordEncoderInterface $pas
                 $member->setFirstContactYear($updateMemberDataFDO->getFirstContactYear());
             }
 
-            $em->persist($address);
-            $em->persist($member);
-            $em->flush();
+            $entityManager->persist($address);
+            $entityManager->persist($member);
+            $entityManager->flush();
 
             $userTranslation = $translator->trans('L\'utilisateurice');
             $hasBeenCreatedTranslation = $translator->trans('a été créé.e');
@@ -199,13 +195,11 @@ public function createAction(Request $request, UserPasswordEncoderInterface $pas
      * @Route("/{id}", name="member_show", methods={"GET", "POST"})
      * @Security("is_granted('ROLE_GESTION') || (is_granted('ROLE_INSCRIT_E') && (user.getId() == id))")
      */
-    public function showAction(Request $request, People $individual) {
+    public function show(Request $request, People $individual, ReceiptRepository $receiptRepository) {
         $deleteForm = $this->createDeleteForm($individual);
 
-        $em = $this->getDoctrine()->getManager();
-
         // Find fiscal years for which there is receipts to generate
-        $availableYears = $em->getRepository(Receipt::class)->findAvailableYearsByPeople($individual);
+        $availableYears = $receiptRepository->findAvailableYearsByPeople($individual);
 
         // Creating an empty FDO
         $generateTaxReceiptFromYearFDO = new GenerateTaxReceiptFromYearFDO();
@@ -234,36 +228,36 @@ public function showAction(Request $request, People $individual) {
      * @return views
      * @param Request $request The request.
      * @param People $individual The user to edit.
-     * @param UserPasswordEncoderInterface $passwordEncoder Encodes the password.
      * @Route("/{id}/edit", name="member_edit", methods={"GET", "POST"})
      * @Security("is_granted('ROLE_GESTION') || (is_granted('ROLE_INSCRIT_E') && (user.getId() == id))")
      */
-    public function editAction(
+    public function edit(
         Request $request,
         People $individual,
-        UserPasswordEncoderInterface $passwordEncoder,
-        TranslatorInterface $translator
+        TranslatorInterface $translator,
+        PeopleRepository $peopleRepository,
+        PeopleTypeRepository $peopleTypeRepository,
+        EntityManagerInterface $entityManager,
     )
     {
         $updateMemberDataFDO = UpdateMemberDataFDO::fromMember($individual);
 
-        $entityManager = $this->getDoctrine()->getManager();
         $deleteForm = $this->createDeleteForm($individual);
         $editForm = $this->createForm(MemberType::class, $updateMemberDataFDO);
         $editForm->handleRequest($request);
 
         // Submit change of general infos
         if ($editForm->isSubmitted() && $editForm->isValid()) {
             // Get the existing people to keep the sensible data it has if necessary
-            $individual = $entityManager->getRepository(People::class)->findOneBy([
+            $individual = $peopleRepository->findOneBy([
                 'id' => $individual->getId(),
             ]);
 
             $individual->setDenomination($updateMemberDataFDO->getDenomination());
             $individual->setFirstName($updateMemberDataFDO->getFirstName());
             $individual->setLastName($updateMemberDataFDO->getLastName());
 
-            $type = $entityManager->getRepository(PeopleType::class)->findOneBy([
+            $type = $peopleTypeRepository->findOneBy([
                 'code' => PeopleType::CONTACT_CODE,
             ]);
             if ($updateMemberDataFDO->isContact())
@@ -276,7 +270,7 @@ public function editAction(
 
             }
 
-            $typeSocialPole = $entityManager->getRepository(PeopleType::class)->findOneBy([
+            $typeSocialPole = $peopleTypeRepository->findOneBy([
                 'code' => PeopleType::SOCIAL_POLE_CODE,
             ]);
             if ($updateMemberDataFDO->needHelp())
@@ -380,17 +374,16 @@ public function editAction(
      * @Route("/{id}", name="member_delete", methods={"DELETE"})
      * @Security("is_granted('ROLE_GESTION') || (is_granted('ROLE_INSCRIT_E') && (user.getId() == id))")
      */
-    public function deleteAction(Request $request, People $individual, TranslatorInterface $translator) {
+    public function delete(Request $request, People $individual, TranslatorInterface $translator, EntityManagerInterface $entityManager) {
         $form = $this->createDeleteForm($individual);
         $form->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
             $firstname = $individual->getFirstName();
             $lastname = $individual->getLastName();
 
-            $em = $this->getDoctrine()->getManager();
-            $em->remove($individual);
-            $em->flush();
+            $entityManager->remove($individual);
+            $entityManager->flush();
 
             $dataOfTranslation = $translator->trans('Les informations de');
             $hasBeenDeletedTranslation = $translator->trans('ont bien été supprimées');

diff --git a/src/Controller/PeopleController.php b/src/Controller/PeopleController.php
@@ -19,7 +19,7 @@
 use Symfony\Component\Routing\Annotation\Route;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Form\FormError;
 use App\FormDataObject\UpdatePeopleDataFDO;
 use App\FormDataObject\GenerateTaxReceiptFromYearFDO;
@@ -85,11 +85,11 @@ public function listContactsAction() {
      * Creates a new people entity.
      * @return views
      * @param Request $request The request.
-     * @param UserPasswordEncoderInterface $passwordEncoder Encodes the password.
+     * @param UserPasswordHasherInterface $passwordHasher Encodes the password.
      * @Route("/new", name="people_create", methods={"GET", "POST"})
      * @Security("is_granted('ROLE_GESTION')")
      */
-    public function createAction(Request $request, UserPasswordEncoderInterface $passwordEncoder, TranslatorInterface $translator) {
+    public function createAction(Request $request, UserPasswordHasherInterface $passwordHasher, TranslatorInterface $translator) {
         $updatePeopleDataFDO = new UpdatePeopleDataFDO();
 
         $em = $this->getDoctrine()->getManager();
@@ -262,11 +262,11 @@ public function showAction(Request $request, People $people): Response
      * @return views
      * @param Request $request The request.
      * @param People $people The user to edit.
-     * @param UserPasswordEncoderInterface $passwordEncoder Encodes the password.
+     * @param UserPasswordHasherInterface $passwordHasher Encodes the password.
      * @Route("/{id}/edit", name="people_edit", methods={"GET", "POST"})
      * @Security("is_granted('ROLE_GESTION') || (is_granted('ROLE_INSCRIT_E') && (user.getId() == id))")
      */
-    public function editAction(Request $request, People $people, UserPasswordEncoderInterface $passwordEncoder,TranslatorInterface $translator) {
+    public function editAction(Request $request, People $people, UserPasswordHasherInterface $passwordHasher,TranslatorInterface $translator) {
         $updatePeopleDataFDO = UpdatePeopleDataFDO::fromPeople($people);
 
         $entityManager = $this->getDoctrine()->getManager();

diff --git a/src/Controller/ProfileController.php b/src/Controller/ProfileController.php
@@ -17,9 +17,9 @@
 use Symfony\Component\Routing\Annotation\Route;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
 use Symfony\Component\Form\FormError;
 use App\FormDataObject\UpdateUserGeneralDataFDO;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Contracts\Translation\TranslatorInterface;
 
 /**
@@ -152,11 +152,11 @@ public function editPseudonymAction(Request $request, User $currentUser, Transla
      * @return views
      * @param Request $request The request.
      * @param User $currentUser The user to edit.
-     * @param UserPasswordEncoderInterface $passwordEncoder Encodes the password.
+     * @param UserPasswordHasherInterface $passwordHasher Encodes the password.
      * @Route("/{id}/editpassword", name="profile_edit_password", methods={"GET", "POST"})
      * @Security("not is_anonymous() && user.getId() == id")
      */
-    public function editProfileAction(Request $request, User $currentUser, UserPasswordEncoderInterface $passwordEncoder, TranslatorInterface $translator)
+    public function editProfileAction(Request $request, User $currentUser, UserPasswordHasherInterface $passwordHasher, TranslatorInterface $translator)
     {
         if ($currentUser->getPeople() != null)
         {
@@ -185,7 +185,7 @@ public function editProfileAction(Request $request, User $currentUser, UserPassw
 
             // If a password is entered and the old password typed in is correct
             if ($plainPassword !== null && password_verify($plainOldPassword,$oldPassword)) {
-                $password = $passwordEncoder->encodePassword($currentUser, $plainPassword);
+                $password = $passwordHasher->hashPassword($currentUser, $plainPassword);
                 $currentUser->setPassword($password);
 
                 $entityManager->persist($currentUser);

diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
@@ -19,7 +19,7 @@
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Form\FormError;
 use Symfony\Contracts\Translation\TranslatorInterface;
 
@@ -179,11 +179,11 @@ public function historyAction(User $currentUser)
      * @return views
      * @param Request $request The request.
      * @param User $currentUser The user to edit.
-     * @param UserPasswordEncoderInterface $passwordEncoder Encodes the password.
+     * @param UserPasswordHasherInterface $passwordHasher Encodes the password.
      * @Route("/{id}/edit", name="user_edit", methods={"GET", "POST"})
      * @Security("is_granted('ROLE_ADMIN') || (is_granted('ROLE_INSCRIT_E') && (user.getId() == id))")
      */
-    public function editAction(Request $request, User $currentUser, UserPasswordEncoderInterface $passwordEncoder)
+    public function editAction(Request $request, User $currentUser, UserPasswordHasherInterface $passwordHasher)
     {
         $updateUserGeneralDataFDO = UpdateUserGeneralDataFDO::fromUser($currentUser);
 
@@ -271,7 +271,7 @@ public function editAction(Request $request, User $currentUser, UserPasswordEnco
 
             // If a password is entered and the old password typed in is correct
             if ($plainPassword !== null && password_verify($plainOldPassword,$oldPassword)) {
-                $password = $passwordEncoder->encodePassword($currentUser, $plainPassword);
+                $password = $passwordHasher->hashPassword($currentUser, $plainPassword);
                 $currentUser->setPassword($password);
 
                 $this->getDoctrine()->getManager()->persist($currentUser);

diff --git a/src/DataFixtures/DonationFixtures.php b/src/DataFixtures/DonationFixtures.php
@@ -6,7 +6,7 @@
 use Doctrine\Bundle\FixturesBundle\FixtureGroupInterface;
 use Doctrine\Common\DataFixtures\DependentFixtureInterface;
 use Doctrine\Persistence\ObjectManager;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Console\Output\ConsoleOutput;
 use App\Entity\Bank;
 use App\Entity\Donation;

diff --git a/src/DataFixtures/MembershipFixtures.php b/src/DataFixtures/MembershipFixtures.php
@@ -7,7 +7,7 @@
 use Doctrine\Common\DataFixtures\DependentFixtureInterface;
 use Doctrine\Persistence\ObjectManager;
 use Symfony\Component\Console\Output\ConsoleOutput;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use App\Entity\Bank;
 use App\Entity\Membership;
 use App\Entity\MembershipType;