vendor/crea/security-bundle/src/Authenticator/FormAuthenticator.php line 168

Open in your IDE?
  1. <?php
  4. namespace Crea\SecurityBundle\Authenticator;
  7. use Crea\SecurityBundle\Entity\User;
  8. use Crea\SecurityBundle\Event\AuthenticationEvent;
  9. use Crea\SecurityBundle\Helper\RedirectionHelperInterface;
  10. use Crea\SecurityBundle\Provider\UserProvider;
  11. use Crea\SecurityBundle\Voter\UserVoter;
  12. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  13. use Symfony\Component\HttpFoundation\JsonResponse;
  14. use Symfony\Component\HttpFoundation\RedirectResponse;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  17. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  18. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  20. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  21. use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
  22. use Symfony\Component\Security\Core\Security;
  23. use Symfony\Component\Security\Core\User\UserInterface;
  24. use Symfony\Component\Security\Core\User\UserProviderInterface;
  25. use Symfony\Component\Security\Csrf\CsrfToken;
  26. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  27. use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
  28. use Symfony\Contracts\Translation\TranslatorInterface;
  30. class FormAuthenticator extends AbstractFormLoginAuthenticator
  31. {
  32.     private UrlGeneratorInterface $urlGenerator;
  33.     private CsrfTokenManagerInterface $csrfTokenManager;
  34.     private TranslatorInterface $translator;
  35.     private EventDispatcherInterface $eventDispatcher;
  36.     private RedirectionHelperInterface $redirectionHelper;
  37.     private UserVoter $userVoter;
  38.     private UserPasswordHasherInterface $passwordHasher;
  40.     public function __construct(UrlGeneratorInterface $urlGenerator,
  41.                                 CsrfTokenManagerInterface $csrfTokenManager,
  42.                                 TranslatorInterface $translator,
  43.                                 EventDispatcherInterface $eventDispatcher,
  44.                                 RedirectionHelperInterface $redirectionHelper,
  45.                                 UserVoter $userVoter,
  46.                                 UserPasswordHasherInterface $passwordHasher)
  47.     {
  48.         $this->urlGenerator $urlGenerator;
  49.         $this->csrfTokenManager $csrfTokenManager;
  50.         $this->translator $translator;
  51.         $this->eventDispatcher $eventDispatcher;
  52.         $this->redirectionHelper $redirectionHelper;
  53.         $this->userVoter $userVoter;
  54.         $this->passwordHasher $passwordHasher;
  55.     }
  57.     /**
  58.      * This will be called on every request and your job is to decide if the authenticator should be used for this
  59.      * request (return true) or if it should be skipped (return false).
  60.      * @inheritDoc
  61.      */
  62.     public function supports(Request $request): bool
  63.     {
  64.         return 'crea_security.login' === $request->attributes->get('_route') && $request->isMethod('POST');
  65.     }
  67.     /**
  68.      * This will be called on every request and your job is to read the token (or whatever your "authentication"
  69.      * information is) from the request and return it. These credentials are later passed as the first argument of
  70.      * getUser().
  71.      * @inheritDoc
  72.      */
  73.     public function getCredentials(Request $request)
  74.     {
  75.         $credentials = [
  76.             'username' => $request->request->get('username'),
  77.             'password' => $request->request->get('password'),
  78.             'csrf_token' => $request->request->get('_csrf_token'),
  79.         ];
  80.         $request->getSession()->set(Security::LAST_USERNAME$credentials['username']);
  82.         $authenticationEvent = new AuthenticationEvent($credentials["username"], $credentials["password"]);
  83.         $this->eventDispatcher->dispatch($authenticationEvent);
  85.         return $credentials;
  86.     }
  88.     /**
  89.      * The $credentials argument is the value returned by getCredentials(). Your job is to return an object that
  90.      * implements UserInterface. If you do, then checkCredentials() will be called. If you return null (or throw an
  91.      * AuthenticationException) authentication will fail.
  92.      * @inheritDoc
  93.      */
  94.     public function getUser($credentialsUserProviderInterface $userProvider)
  95.     {
  96.         $token = new CsrfToken('authenticate'$credentials['csrf_token']);
  97.         if (!$this->csrfTokenManager->isTokenValid($token)) {
  98.             throw new InvalidCsrfTokenException();
  99.         }
  101.         // Load / create our user however you need.
  102.         if (!$userProvider instanceof UserProvider) {
  103.             throw new CustomUserMessageAuthenticationException($this->translator->trans("login.user_provider.missing_function", [], "user"));
  104.         }
  105.         $user $userProvider->loadUserByUsername($credentials["username"]);
  107.         if (!$user) {
  108.             // fail authentication with a custom error
  109.             throw new CustomUserMessageAuthenticationException($this->translator->trans("login.bad_credentials", [], "user"));
  110.         }
  112.         if (!$this->userVoter->voteOnConnect($user)) {
  113.             throw new CustomUserMessageAuthenticationException($this->translator->trans("login.inactive", [], "user"));
  114.         }
  116.         return $user;
  117.     }
  119.     /**
  120.      * If getUser() returns a User object, this method is called. Your job is to verify if the credentials are correct.
  121.      * For a login form, this is where you would check that the password is correct for the user. To pass
  122.      * authentication, return true. If you return false (or throw an AuthenticationException), authentication will fail.
  123.      * @inheritDoc
  124.      */
  125.     public function checkCredentials($credentialsUserInterface $user): bool
  126.     {
  127.         // Check the user's password or other credentials and return true or false
  128.         // If there are no credentials to check, you can just return true
  130.         /** @var User $user */
  131.         if (!$this->passwordHasher->isPasswordValid($user$credentials["password"])) {
  132.             throw new AuthenticationException();
  133.         }
  135.         $authenticationEvent = new AuthenticationEvent($credentials["username"], $credentials["password"]);
  136.         $this->eventDispatcher->dispatch($authenticationEvent);
  138.         return true;
  139.     }
  141.     /**
  142.      * This is called after successful authentication and your job is to either return a Response object that will be
  143.      * sent to the client or null to continue the request (e.g. allow the route/controller to be called like normal).
  144.      * Since this is an API where each request authenticates itself, you want to return null.
  145.      * @inheritDoc
  146.      */
  147.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey)
  148.     {
  149.         $previous $request->getSession()->get('previous');
  150.         return new RedirectResponse($previous ?: $this->redirectionHelper->getUrlAfterLogin());
  151.     }
  153.     /**
  154.      * Override to control what happens when the user hits a secure page
  155.      * but isn't logged in yet.
  156.      *
  157.      * @return RedirectResponse|JsonResponse
  158.      */
  159.     public function start(Request $requestAuthenticationException $authException null)
  160.     {
  161.         if ($request->isXmlHttpRequest()) {
  162.             return new JsonResponse([
  163.                 "statusText" => htmlentities($this->translator->trans("login.logout", [], "user")),
  164.                 "reloadPage" => true
  165.             ], 403);
  166.         }
  167.         else {
  168.             $request->getSession()->set('previous'$request->getUri());
  169.         }
  170.         return new RedirectResponse($this->getLoginUrl());
  171.     }
  173.     /**
  174.      * @inheritDoc
  175.      */
  176.     protected function getLoginUrl(): string
  177.     {
  178.         return $this->urlGenerator->generate('crea_security.login');
  179.     }
  180. }