Bug fixing (password not hashed on update), fixing CI and refactoring user component

Author: Benoit Ngo

Makefile

@@ -54,11 +54,13 @@ blogs: ## Display logs of back
 flogs: sync-env ## Display logs of front
 	docker compose logs front -f
 .PHONY: init-dev
+## We add `; \` to ignore error. `cp -n .env.dist .env;` could not work if .env exist already, it wont be replaced
 init-dev: sync-env ## Init dev env
-	cp -n docker-compose.override.yml.template docker-compose.override.yml
-	if uname | grep -ivq "linux"; then \
-		echo "Add $(BASE_DOMAIN) and $(API_DOMAIN)  and samltest.$(BASE_DOMAIN) to your /etc/hosts"; \
-		if  grep -q $(BASE_DOMAIN) /etc/hosts ; then echo "not adding to /etc/hosts" ; else echo "\n127.0.0.1 $(BASE_DOMAIN) $(API_DOMAIN) samltest.$(BASE_DOMAIN)" | sudo tee -a /etc/hosts ; fi \
+	cp -n .env.dist .env; \
+	cp -n docker-compose.override.yml.template docker-compose.override.yml; \
+	if uname | grep -iq "linux\|darwin"; then \
+		echo "Add $(BASE_DOMAIN) and $(API_DOMAIN)  mail.${BASE_DOMAIN} and samltest.$(BASE_DOMAIN) to your /etc/hosts"; \
+		if  grep -q $(BASE_DOMAIN) /etc/hosts ; then echo "not adding to /etc/hosts" ; else printf "\n127.0.0.1 $(BASE_DOMAIN) $(API_DOMAIN) samltest.$(BASE_DOMAIN) mail.${BASE_DOMAIN}\n" | sudo tee -a /etc/hosts ; fi \
     fi
 #
 # Theses are usefull when you use docker

apps/back/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker.io/docker/dockerfile:1.4
-ARG IMAGE_VERSION=php:8.1-v4
+ARG IMAGE_VERSION=php:8.2-v4
 ARG APP_ENV=prod
 ARG APP_SOURCE_FILE='./'
 ARG PHP_EXTENSIONS="apcu mysqli pdo_mysql intl gd xdebug"
@@ -51,11 +51,12 @@ ENV PHP_INI_REALPATH_CACHE_TTL="600"
 RUN composer install --no-dev --no-scripts --no-interaction --optimize-autoloader
 
 # This need to be here to prevent docker  to recompile composer layers at each build
-COPY --link --chown=docker:docker  ./config/ /var/www/html/config/
-COPY --link --chown=docker:docker  ./migrations/ /var/www/html/migrations/
-COPY --link --chown=docker:docker  ./phpstan/ /var/www/html/phpstan/
-COPY --link --chown=docker:docker  ./public/ /var/www/html/public/
-COPY --link --chown=docker:docker  ./src/ /var/www/html/src/
-COPY --link --chown=docker:docker  ./migrations/ /var/www/html/migrations/
+COPY --link --chown=1000:1000  ./templates/ /var/www/html/templates/
+COPY --link --chown=1000:1000  ./public/ /var/www/html/public/
+COPY --link --chown=1000:1000  ./phpstan/ /var/www/html/phpstan/
+COPY --link --chown=1000:1000  ./config/ /var/www/html/config/
+COPY --link --chown=1000:1000  ./migrations/ /var/www/html/migrations/
+COPY --link --chown=1000:1000  ./src/ /var/www/html/src/
+
 RUN composer dump-autoload --no-dev --classmap-authoritative
 USER docker

apps/back/composer.json

@@ -10,12 +10,11 @@
         "doctrine/annotations": "^1.0",
         "doctrine/doctrine-bundle": "^2.7",
         "doctrine/doctrine-migrations-bundle": "^3.2",
-        "doctrine/orm": "^2.13",
+        "doctrine/orm": "^2.14",
         "onelogin/php-saml": "^4.1",
         "phpdocumentor/reflection-docblock": "^5.3",
         "phpstan/phpdoc-parser": "^1.13",
         "ramsey/uuid": "^4.5",
-        "sensio/framework-extra-bundle": "^6.2",
         "symfony/apache-pack": "^1.0",
         "symfony/console": "6.3.*",
         "symfony/dotenv": "6.3.*",

apps/back/composer.lock

@@ -6,9 +6,7 @@
     Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle::class => ['all' => true],
     Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
     Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
-    Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle::class => ['all' => true],
     Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
-    Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['dev' => true, 'test' => true],
     Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true],
     DAMA\DoctrineTestBundle\DAMADoctrineTestBundle::class => ['test' => true],
     Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['dev' => true, 'test' => true],

apps/back/config/bundles.php

@@ -19,8 +19,8 @@ security:
             provider: app_user_provider
             json_login:
                 check_path: api_login
-#            custom_authenticators:
-#               - 'App\Authenticator\Saml2Authenticator'
+    #         custom_authenticators:
+    #           - 'App\Authenticator\Saml2Authenticator'
 
             # activate differents ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall
@@ -46,7 +46,7 @@ security:
         ROLE_USER:
             - ROLE_RIGHT_ACCESS
 
-# this shall be removed for kb
+
 when@test:
     security:
         password_hashers:

apps/back/config/packages/security.yaml

@@ -4,6 +4,7 @@
 # Put parameters here that don't need to change on each machine where the app is deployed
 # https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
 parameters:
+    app.mail.host: "%env(MAIL_HOST)%"
     app.url.base: "%env(APP_URL)%"
     app.url.prefix: "%env(APP_PREFIX)%"
    # app.url.webapp: "%env(APP_URL_WEBAPP)%"
@@ -38,7 +39,8 @@ services:
     _defaults:
         autowire: true      # Automatically injects dependencies in your services.
         autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
-
+        bind:
+            $mailHost: "%app.mail.host%"
     # makes classes in src/ available to be used as services
     # this creates a service per class whose id is the fully-qualified class name
     App\:

apps/back/config/packages/sensio_framework_extra.yaml

@@ -9,6 +9,8 @@
     <description>
         My custom rule set that checks my code...
     </description>
+    <!-- Defining another value for the same key in an array literal overrides the previous key/value, which makes it effectively an unused code. -->
+    <rule ref="rulesets/design.xml/EmptyCatchBlock" />
 
     <!-- Defining another value for the same key in an array literal overrides the previous key/value, which makes it effectively an unused code. -->
     <rule ref="rulesets/cleancode.xml/DuplicatedArrayKey" />
@@ -47,6 +49,14 @@
       </properties>
     </rule>
 
+    <!-- Prevent else to ensure early return -->
+    <rule ref="rulesets/cleancode.xml/ErrorControlOperator"/>
+
+    <!-- Prevent assignment in if -->
+    <rule ref="rulesets/cleancode.xml/IfStatementAssignment"/>
+
+    <!-- Prevent else to ensure early return -->
+    <rule ref="rulesets/cleancode.xml/ElseExpression"/>
 
     <!-- Prevent var_dump and debug functions -->
     <rule ref="rulesets/design.xml/DevelopmentCodeFragment"/>
@@ -57,6 +67,20 @@
     <!-- Looks for methods named 'getX()' with 'boolean' as the return type. The convention is to name these methods 'isX()' or 'hasX()'. -->
     <rule ref="rulesets/naming.xml/BooleanGetMethodName"/>
 
+    <!-- Prevent short name -->
+    <rule ref="rulesets/naming.xml/ShortVariable">
+        <properties>
+            <property name="exceptions">
+                <value>
+                    e,url,log,id
+                </value>
+            </property>
+        </properties>
+    </rule>
+
+    <!-- Class/Interface constant names should always be defined in uppercase. -->
+    <rule ref="rulesets/naming.xml/ConstantNamingConventions"/>
+
     <!-- Prevent unused code -->
     <rule ref="rulesets/unusedcode.xml">
       <!--- Should be used (and ignored in some specific case) but would require to understand WHY parameter have to be used -->

apps/back/config/services.yaml

@@ -15,59 +15,8 @@ parameters:
     excludePaths:
         - src/Kernel.php
 includes:
-    - vendor/symplify/astral/config/services.neon
     - vendor/symplify/phpstan-extensions/config/config.neon
-    # for cognitive rules
-    - vendor/symplify/phpstan-rules/packages/cognitive-complexity/config/cognitive-complexity-services.neon
-    - vendor/symplify/phpstan-rules/config/services/services.neon
     - vendor/phpstan/phpstan-doctrine/extension.neon
     - vendor/phpstan/phpstan-doctrine/rules.neon
-#    - vendor/symplify/phpstan-rules/packages/symfony/config/services.neon
 
-services:
-# Must check https://github.com/symplify/phpstan-rules/blob/master/docs/rules_overview.md
-   # Method that return a boolean must start with is**
-    -
-        class: Symplify\PHPStanRules\Rules\BoolishClassMethodPrefixRule
-        tags: [phpstan.rules.rule]
-
-
- # TODO @BEN retest that
-    # Method parameters must be compatible with its parent
- #   -
- #       class: Symplify\PHPStanRules\Rules\CheckParentChildMethodParameterTypeCompatibleRule
- #       tags: [phpstan.rules.rule]
-
-
-
-    # Prevent else / elseif
-    -
-        class: Symplify\PHPStanRules\ObjectCalisthenics\Rules\NoElseAndElseIfRule
-        tags: [phpstan.rules.rule]
-    # Maximum complexity of a function
-    -
-        class: Symplify\PHPStanRules\CognitiveComplexity\Rules\FunctionLikeCognitiveComplexityRule
-        tags: [phpstan.rules.rule]
-        arguments:
-            maxMethodCognitiveComplexity: 16
-
- # TODO @BEN retest that
-    # Prevent Setter Method (promote behavior name)
- #   -
- #       class: Symplify\PHPStanRules\ObjectCalisthenics\Rules\NoSetterClassMethodRule
- #       tags: [phpstan.rules.rule]
-
-
- # TODO @BEN retest that
-    # Forbid assignement in IF
- #   -
- #       class: Symplify\PHPStanRules\Rules\ForbiddenAssignInIfRule
- #       tags: [phpstan.rules.rule]
-    # Forbid short name like $i
-    -
-        class: Symplify\PHPStanRules\ObjectCalisthenics\Rules\NoShortNameRule
-        tags: [phpstan.rules.rule]
-        arguments:
-            minNameLength: 3
-            allowedShortNames: ['id']
 ## May have to add static forbidden

apps/back/migrations/Version20230208155959.php

@@ -6,13 +6,13 @@
 
 use App\Entity\User;
 use OneLogin\Saml2\Auth;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Security\Http\Attribute\CurrentUser;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
 
 class AuthController extends AbstractController
 {
@@ -30,7 +30,7 @@ public function samlLogin(): Response
     }
 
     #[Route('/login', name: 'api_login', methods: ['POST'])]
-    public function login(#[CurrentUser] ?User $user): JsonResponse
+    public function login(#[CurrentUser] User|null $user): JsonResponse
     {
         return new JsonResponse($user);
     }

apps/back/phpmd.xml

@@ -4,9 +4,9 @@
 
 namespace App\Controller;
 
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
 
 class HealthCheckController
 {