Init admin login page (#82)

![Capture d’écran du 2024-10-03
01-41-53](https://github.com/user-attachments/assets/48882652-6323-4e9b-b7a5-c85f70e57c22)

.github/workflows/ci.yaml

@@ -97,7 +97,7 @@ jobs:
                   (cd src/AdminUi/ && composer config extra.symfony.require "${{ matrix.symfony }}")
 
             -   name: "Install dependencies (Admin Ui)"
-                run: (cd src/AdminUi/ && composer update --no-interaction --no-scripts)
+                run: (cd src/AdminUi/ && composer update --no-interaction --no-scripts --prefer-source)
 
             -   name: Run PHPUnit (Admin Ui)
                 run: (cd src/AdminUi/ && vendor/bin/phpunit)
@@ -110,7 +110,7 @@ jobs:
                   (cd src/BootstrapAdminUi/ && composer config extra.symfony.require "${{ matrix.symfony }}")
 
             -   name: "Install dependencies (Bootstrap Admin Ui)"
-                run: (cd src/BootstrapAdminUi/ && composer update --no-interaction --no-scripts)
+                run: (cd src/BootstrapAdminUi/ && composer update --no-interaction --no-scripts --prefer-source)
 
             -   name: Run PHPUnit (Bootstrap Admin Ui)
                 run: (cd src/BootstrapAdminUi/ && vendor/bin/phpunit)

app/DataFixtures/AppFixtures.php

@@ -17,6 +17,7 @@
 use App\Story\DefaultConferencesStory;
 use App\Story\DefaultSpeakersStory;
 use App\Story\DefaultSyliusCon2024TalksStory;
+use App\Story\DefaultUsersStory;
 use Doctrine\Bundle\FixturesBundle\Fixture;
 use Doctrine\Persistence\ObjectManager;
 
@@ -28,5 +29,6 @@ public function load(ObjectManager $manager): void
         DefaultConferencesStory::load();
         DefaultSpeakersStory::load();
         DefaultSyliusCon2024TalksStory::load();
+        DefaultUsersStory::load();
     }
 }

app/Entity/User.php

@@ -0,0 +1,109 @@
+<?php
+
+/*
+ * This file is part of the Sylius package.
+ *
+ * (c) Sylius Sp. z o.o.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace App\Entity;
+
+use App\Repository\UserRepository;
+use Doctrine\ORM\Mapping as ORM;
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+#[ORM\Entity(repositoryClass: UserRepository::class)]
+#[ORM\Table(name: '`user`')]
+#[ORM\UniqueConstraint(name: 'UNIQ_IDENTIFIER_EMAIL', fields: ['email'])]
+class User implements UserInterface, PasswordAuthenticatedUserInterface
+{
+    #[ORM\Id]
+    #[ORM\GeneratedValue]
+    #[ORM\Column]
+    private ?int $id = null;
+
+    #[ORM\Column(length: 180)]
+    private ?string $email = null;
+
+    /** @var list<string> The user roles */
+    #[ORM\Column]
+    private array $roles = [];
+
+    #[ORM\Column]
+    private ?string $password = null;
+
+    public function getId(): ?int
+    {
+        return $this->id;
+    }
+
+    public function getEmail(): ?string
+    {
+        return $this->email;
+    }
+
+    public function setEmail(?string $email): void
+    {
+        $this->email = $email;
+    }
+
+    /**
+     * A visual identifier that represents this user.
+     *
+     * @see UserInterface
+     */
+    public function getUserIdentifier(): string
+    {
+        return (string) $this->email;
+    }
+
+    /**
+     * @see UserInterface
+     *
+     * @return list<string>
+     */
+    public function getRoles(): array
+    {
+        $roles = $this->roles;
+        // guarantee every user at least has ROLE_USER
+        $roles[] = 'ROLE_USER';
+
+        return array_unique($roles);
+    }
+
+    /**
+     * @param list<string> $roles
+     */
+    public function setRoles(array $roles): void
+    {
+        $this->roles = $roles;
+    }
+
+    /**
+     * @see PasswordAuthenticatedUserInterface
+     */
+    public function getPassword(): ?string
+    {
+        return $this->password;
+    }
+
+    public function setPassword(?string $password): void
+    {
+        $this->password = $password;
+    }
+
+    /**
+     * @see UserInterface
+     */
+    public function eraseCredentials(): void
+    {
+        // If you store any temporary, sensitive data on the user, clear it here
+        // $this->plainPassword = null;
+    }
+}

app/Factory/UserFactory.php

@@ -0,0 +1,68 @@
+<?php
+
+/*
+ * This file is part of the Sylius package.
+ *
+ * (c) Sylius Sp. z o.o.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace App\Factory;
+
+use App\Entity\User;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Zenstruck\Foundry\Persistence\PersistentProxyObjectFactory;
+
+/**
+ * @extends PersistentProxyObjectFactory<User>
+ */
+final class UserFactory extends PersistentProxyObjectFactory
+{
+    public function __construct(
+        private UserPasswordHasherInterface $userPasswordHasher,
+    ) {
+        parent::__construct();
+    }
+
+    public static function class(): string
+    {
+        return User::class;
+    }
+
+    public function withEmail(string $email): self
+    {
+        return $this->with(['email' => $email]);
+    }
+
+    public function admin(): self
+    {
+        return $this->with(['roles' => ['ROLE_ADMIN']]);
+    }
+
+    public function withPassword(string $password): self
+    {
+        return $this->with(['password' => $password]);
+    }
+
+    protected function defaults(): array|callable
+    {
+        return [
+            'email' => self::faker()->email(),
+            'password' => self::faker()->password(),
+            'roles' => [],
+        ];
+    }
+
+    protected function initialize(): static
+    {
+        return $this
+            ->afterInstantiate(function (User $user): void {
+                $user->setPassword($this->userPasswordHasher->hashPassword($user, $user->getPassword() ?? ''));
+            })
+        ;
+    }
+}

app/Menu/AdminMenuBuilder.php

@@ -29,7 +29,9 @@ public function createMenu(array $options): ItemInterface
         $menu = $this->menuBuilder->createMenu($options);
 
         $menu
-            ->addChild('dashboard')
+            ->addChild('dashboard', [
+                'route' => 'sylius_admin_ui_dashboard',
+            ])
             ->setLabel('sylius.ui.dashboard')
             ->setLabelAttribute('icon', 'dashboard')
         ;

app/Repository/UserRepository.php

@@ -0,0 +1,46 @@
+<?php
+
+/*
+ * This file is part of the Sylius package.
+ *
+ * (c) Sylius Sp. z o.o.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace App\Repository;
+
+use App\Entity\User;
+use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
+use Doctrine\Persistence\ManagerRegistry;
+use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
+use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
+
+/**
+ * @extends ServiceEntityRepository<User>
+ */
+class UserRepository extends ServiceEntityRepository implements PasswordUpgraderInterface
+{
+    public function __construct(ManagerRegistry $registry)
+    {
+        parent::__construct($registry, User::class);
+    }
+
+    /**
+     * Used to upgrade (rehash) the user's password automatically over time.
+     */
+    public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void
+    {
+        if (!$user instanceof User) {
+            throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', $user::class));
+        }
+
+        $user->setPassword($newHashedPassword);
+        $this->getEntityManager()->persist($user);
+        $this->getEntityManager()->flush();
+    }
+}

app/Story/DefaultUsersStory.php

@@ -0,0 +1,29 @@
+<?php
+
+/*
+ * This file is part of the Sylius package.
+ *
+ * (c) Sylius Sp. z o.o.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace App\Story;
+
+use App\Factory\UserFactory;
+use Zenstruck\Foundry\Story;
+
+final class DefaultUsersStory extends Story
+{
+    public function build(): void
+    {
+        UserFactory::new()
+            ->admin()
+            ->withEmail('[email protected]')
+            ->withPassword('admin')
+            ->create();
+    }
+}

composer.json

@@ -29,6 +29,8 @@
         "symfony/dependency-injection": "^6.4 || ^7.0",
         "symfony/expression-language": "^6.4 || ^7.0",
         "symfony/http-kernel": "^6.4 || ^7.0",
+        "symfony/security-bundle": "^6.4 || ^7.0",
+        "symfony/security-http": "^6.4 || ^7.0",
         "symfony/stopwatch": "^6.4 || ^7.0",
         "symfony/twig-bundle": "^6.4 || ^7.0",
         "symfony/ux-autocomplete": "^2.17",

config/bundles.php

@@ -24,4 +24,5 @@
     Vich\UploaderBundle\VichUploaderBundle::class => ['all' => true],
     Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
     Symfony\UX\Autocomplete\AutocompleteBundle::class => ['all' => true],
+    Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
 ];

config/packages/security.yaml

@@ -0,0 +1,55 @@
+security:
+    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
+    password_hashers:
+        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
+    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
+    providers:
+        # used to reload user from session & other features (e.g. switch_user)
+        app_user_provider:
+            entity:
+                class: App\Entity\User
+                property: email
+    firewalls:
+        dev:
+            pattern: ^/(_(profiler|wdt)|css|images|js)/
+            security: false
+        main:
+            lazy: true
+            provider: app_user_provider
+
+            # activate different ways to authenticate
+            # https://symfony.com/doc/current/security.html#the-firewall
+
+            # https://symfony.com/doc/current/security/impersonating_user.html
+            # switch_user: true
+
+            form_login:
+                # "app_login" is the name of the route created previously
+                login_path: sylius_admin_ui_login
+                check_path: sylius_admin_ui_login_check
+                default_target_path: app_admin_conference_index
+            logout:
+                path: sylius_admin_ui_logout
+                target: sylius_admin_ui_login
+
+    # Easy way to control access for large sections of your site
+    # Note: Only the *first* access control that matches will be used
+    access_control:
+        - { path: ^/admin/login, roles: PUBLIC_ACCESS }
+        - { path: ^/admin/logout, roles: PUBLIC_ACCESS }
+        - { path: ^/admin, roles: ROLE_ADMIN }
+        - { path: ^/, roles: PUBLIC_ACCESS }
+        # - { path: ^/profile, roles: ROLE_USER }
+
+when@test:
+    security:
+        password_hashers:
+            # By default, password hashers are resource intensive and take time. This is
+            # important to generate secure password hashes. In tests however, secure hashes
+            # are not important, waste resources and increase test times. The following
+            # reduces the work factor to the lowest possible values.
+            Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
+                algorithm: auto
+                cost: 4 # Lowest possible value for bcrypt
+                time_cost: 3 # Lowest possible value for argon
+                memory_cost: 10 # Lowest possible value for argon

config/routes/security.yaml

@@ -0,0 +1,3 @@
+_security_logout:
+    resource: security.route_loader.logout
+    type: service

config/routes/sylius_admin_ui.yaml

@@ -0,0 +1,3 @@
+sylius_admin_ui:
+    resource: '@SyliusAdminUiBundle/config/routes.php'
+    prefix: /admin