use password hasher for make:registration & make:reset-password, includes other improvements

src/Generator.php

@@ -247,7 +247,7 @@ public function generateTemplate(string $targetPath, string $templateName, array
 
     public static function getControllerBaseClass(): ClassNameDetails
     {
-        // Support for Controller::class can be dropped when FrameworkBundle minimum supported version is >=4.1
+        // @legacy Support for Controller::class can be dropped when FrameworkBundle minimum supported version is >=4.1
         $class = method_exists(AbstractController::class, 'getParameter') ? AbstractController::class : Controller::class;
 
         return new ClassNameDetails($class, '\\');

src/Maker/MakeRegistrationForm.php

@@ -42,6 +42,7 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Mailer\MailerInterface;
 use Symfony\Component\Mime\Address;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Routing\RouterInterface;
 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
@@ -60,11 +61,8 @@
 final class MakeRegistrationForm extends AbstractMaker
 {
     private $fileManager;
-
     private $formTypeRenderer;
-
     private $router;
-
     private $doctrineHelper;
 
     private $userClass;
@@ -276,14 +274,24 @@ public function generate(InputInterface $input, ConsoleStyle $io, Generator $gen
             'Controller\\'
         );
 
+        /*
+         * @legacy Conditional can be removed when MakerBundle no longer
+         *         supports Symfony < 5.2
+         */
+        $passwordHasher = UserPasswordEncoderInterface::class;
+
+        if (interface_exists(UserPasswordHasherInterface::class)) {
+            $passwordHasher = UserPasswordHasherInterface::class;
+        }
+
         $useStatements = [
             Generator::getControllerBaseClass()->getFullName(),
             $formClassDetails->getFullName(),
             $userClassNameDetails->getFullName(),
             Request::class,
             Response::class,
             Route::class,
-            UserPasswordEncoderInterface::class,
+            $passwordHasher,
         ];
 
         if ($this->willVerifyEmail) {
@@ -313,15 +321,18 @@ public function generate(InputInterface $input, ConsoleStyle $io, Generator $gen
                     'user_class_name' => $userClassNameDetails->getShortName(),
                     'password_field' => $this->passwordField,
                     'will_verify_email' => $this->willVerifyEmail,
+                    'email_verifier_class_details' => $verifyEmailServiceClassNameDetails,
                     'verify_email_anonymously' => $this->verifyEmailAnonymously,
-                    'verify_email_security_service' => $verifyEmailServiceClassNameDetails->getFullName(),
                     'from_email' => $this->fromEmailAddress,
                     'from_email_name' => $this->fromEmailName,
                     'email_getter' => $this->emailGetter,
                     'authenticator_class_name' => $this->autoLoginAuthenticator ? Str::getShortClassName($this->autoLoginAuthenticator) : null,
                     'authenticator_full_class_name' => $this->autoLoginAuthenticator,
                     'firewall_name' => $this->firewallName,
                     'redirect_route_name' => $this->redirectRouteName,
+                    'password_class_details' => ($passwordClassDetails = $generator->createClassNameDetails($passwordHasher, '\\')),
+                    'password_variable_name' => sprintf('$%s', lcfirst($passwordClassDetails->getShortName())), // @legacy see passwordHasher conditional above
+                    'use_password_hasher' => UserPasswordHasherInterface::class === $passwordHasher, // @legacy see passwordHasher conditional above
                 ],
                 $userRepoVars
             )

src/Maker/MakeResetPassword.php

@@ -13,6 +13,7 @@
 
 use Doctrine\Common\Annotations\Annotation;
 use PhpParser\Builder\Param;
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
 use Symfony\Bundle\MakerBundle\ConsoleStyle;
 use Symfony\Bundle\MakerBundle\DependencyBuilder;
 use Symfony\Bundle\MakerBundle\Doctrine\DoctrineHelper;
@@ -26,17 +27,28 @@
 use Symfony\Bundle\MakerBundle\Security\InteractiveSecurityHelper;
 use Symfony\Bundle\MakerBundle\Util\ClassNameDetails;
 use Symfony\Bundle\MakerBundle\Util\ClassSourceManipulator;
+use Symfony\Bundle\MakerBundle\Util\TemplateComponentGenerator;
 use Symfony\Bundle\MakerBundle\Util\YamlSourceManipulator;
 use Symfony\Bundle\MakerBundle\Validator;
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Mailer\MailerInterface;
+use Symfony\Component\Mime\Address;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
 use Symfony\Component\Yaml\Yaml;
+use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
+use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
 use SymfonyCasts\Bundle\ResetPassword\Model\ResetPasswordRequestInterface;
 use SymfonyCasts\Bundle\ResetPassword\Model\ResetPasswordRequestTrait;
 use SymfonyCasts\Bundle\ResetPassword\Persistence\Repository\ResetPasswordRequestRepositoryTrait;
 use SymfonyCasts\Bundle\ResetPassword\Persistence\ResetPasswordRequestRepositoryInterface;
 use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelper;
+use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
 use SymfonyCasts\Bundle\ResetPassword\SymfonyCastsResetPasswordBundle;
 
 /**
@@ -186,22 +198,51 @@ public function generate(InputInterface $input, ConsoleStyle $io, Generator $gen
             'Form\\'
         );
 
+        /*
+         * @legacy Conditional can be removed when MakerBundle no longer
+         *         supports Symfony < 5.2
+         */
+        $passwordHasher = UserPasswordEncoderInterface::class;
+
+        if (interface_exists(UserPasswordHasherInterface::class)) {
+            $passwordHasher = UserPasswordHasherInterface::class;
+        }
+
+        $useStatements = [
+            Generator::getControllerBaseClass()->getFullName(), // @legacy see getControllerBaseClass comment
+            $userClassNameDetails->getFullName(),
+            $changePasswordFormTypeClassNameDetails->getFullName(),
+            $requestFormTypeClassNameDetails->getFullName(),
+            TemplatedEmail::class,
+            RedirectResponse::class,
+            Request::class,
+            Response::class,
+            MailerInterface::class,
+            Address::class,
+            Route::class,
+            ResetPasswordControllerTrait::class,
+            ResetPasswordExceptionInterface::class,
+            ResetPasswordHelperInterface::class,
+            $passwordHasher,
+        ];
+
         $generator->generateController(
             $controllerClassNameDetails->getFullName(),
             'resetPassword/ResetPasswordController.tpl.php',
             [
-                'user_full_class_name' => $userClassNameDetails->getFullName(),
+                'use_statements' => TemplateComponentGenerator::generateUseStatements($useStatements),
                 'user_class_name' => $userClassNameDetails->getShortName(),
-                'request_form_type_full_class_name' => $requestFormTypeClassNameDetails->getFullName(),
                 'request_form_type_class_name' => $requestFormTypeClassNameDetails->getShortName(),
-                'reset_form_type_full_class_name' => $changePasswordFormTypeClassNameDetails->getFullName(),
                 'reset_form_type_class_name' => $changePasswordFormTypeClassNameDetails->getShortName(),
                 'password_setter' => $this->passwordSetterMethodName,
                 'success_redirect_route' => $this->controllerResetSuccessRedirect,
                 'from_email' => $this->fromEmailAddress,
                 'from_email_name' => $this->fromEmailName,
                 'email_getter' => $this->emailGetterMethodName,
                 'email_field' => $this->emailPropertyName,
+                'password_class_details' => ($passwordClassDetails = $generator->createClassNameDetails($passwordHasher, '\\')),
+                'password_variable_name' => sprintf('$%s', lcfirst($passwordClassDetails->getShortName())), // @legacy see passwordHasher conditional above
+                'use_password_hasher' => UserPasswordHasherInterface::class === $passwordHasher, // @legacy see passwordHasher conditional above
             ]
         );
 

src/Resources/skeleton/registration/RegistrationController.tpl.php

@@ -7,16 +7,16 @@
 class <?= $class_name; ?> extends <?= $parent_class_name; ?><?= "\n" ?>
 {
 <?php if ($will_verify_email): ?>
-    private $emailVerifier;
+    private <?= $generator->getPropertyType($email_verifier_class_details) ?>$emailVerifier;
 
-    public function __construct(EmailVerifier $emailVerifier)
+    public function __construct(<?= $email_verifier_class_details->getShortName() ?> $emailVerifier)
     {
         $this->emailVerifier = $emailVerifier;
     }
 
 <?php endif; ?>
 <?= $generator->generateRouteForControllerMethod($route_path, $route_name) ?>
-    public function register(Request $request, UserPasswordEncoderInterface $passwordEncoder<?= $authenticator_full_class_name ? sprintf(', GuardAuthenticatorHandler $guardHandler, %s $authenticator', $authenticator_class_name) : '' ?>): Response
+    public function register(Request $request, <?= $password_class_details->getShortName() ?> <?= $password_variable_name ?><?= $authenticator_full_class_name ? sprintf(', GuardAuthenticatorHandler $guardHandler, %s $authenticator', $authenticator_class_name) : '' ?>): Response
     {
         $user = new <?= $user_class_name ?>();
         $form = $this->createForm(<?= $form_class_name ?>::class, $user);
@@ -25,7 +25,7 @@ public function register(Request $request, UserPasswordEncoderInterface $passwor
         if ($form->isSubmitted() && $form->isValid()) {
             // encode the plain password
             $user->set<?= ucfirst($password_field) ?>(
-                $passwordEncoder->encodePassword(
+            <?= $password_variable_name ?>-><?= $use_password_hasher ? 'hashPassword' : 'encodePassword' ?>(
                     $user,
                     $form->get('plainPassword')->getData()
                 )

src/Resources/skeleton/resetPassword/ResetPasswordController.tpl.php

@@ -2,21 +2,7 @@
 
 namespace <?= $namespace ?>;
 
-use <?= $user_full_class_name ?>;
-use <?= $reset_form_type_full_class_name ?>;
-use <?= $request_form_type_full_class_name ?>;
-use Symfony\Bridge\Twig\Mime\TemplatedEmail;
-use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
-use Symfony\Component\HttpFoundation\RedirectResponse;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Mailer\MailerInterface;
-use Symfony\Component\Mime\Address;
-use Symfony\Component\Routing\Annotation\Route;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
-use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
-use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
-use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
+<?= $use_statements; ?>
 
 <?php if ($use_attributes) { ?>
 #[Route('/reset-password')]
@@ -96,7 +82,7 @@ public function checkEmail(): Response
      * @Route("/reset/{token}", name="app_reset_password")
      */
 <?php } ?>
-    public function reset(Request $request, UserPasswordEncoderInterface $passwordEncoder, string $token = null): Response
+    public function reset(Request $request, <?= $password_class_details->getShortName() ?> <?= $password_variable_name ?>, string $token = null): Response
     {
         if ($token) {
             // We store the token in session and remove it from the URL, to avoid the URL being
@@ -130,8 +116,8 @@ public function reset(Request $request, UserPasswordEncoderInterface $passwordEn
             // A password reset token should be used only once, remove it.
             $this->resetPasswordHelper->removeResetRequest($token);
 
-            // Encode the plain password, and set it.
-            $encodedPassword = $passwordEncoder->encodePassword(
+            // Encode(hash) the plain password, and set it.
+            $encodedPassword = <?= $password_variable_name ?>-><?= $use_password_hasher ? 'hashPassword' : 'encodePassword' ?>(
                 $user,
                 $form->get('plainPassword')->getData()
             );

src/Util/ClassNameDetails.php

@@ -16,9 +16,7 @@
 final class ClassNameDetails
 {
     private $fullClassName;
-
     private $namespacePrefix;
-
     private $suffix;
 
     public function __construct(string $fullClassName, string $namespacePrefix, string $suffix = null)

src/Util/TemplateComponentGenerator.php

@@ -87,4 +87,13 @@ public function generateRouteForControllerMethod(string $routePath, string $rout
 
         return $annotation;
     }
+
+    public function getPropertyType(ClassNameDetails $classNameDetails): ?string
+    {
+        if (!$this->phpCompatUtil->canUseTypedProperties()) {
+            return null;
+        }
+
+        return sprintf('%s ', $classNameDetails->getShortName());
+    }
 }