vendor/symfony/security/Guard/Firewall/GuardAuthenticationListener.php line 33

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <[email protected]>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Guard\Firewall;
  14. use Psr\Log\LoggerInterface;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\HttpKernel\Event\GetResponseEvent;
  18. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  19. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  20. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  21. use Symfony\Component\Security\Guard\AuthenticatorInterface;
  22. use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
  23. use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
  24. use Symfony\Component\Security\Http\Firewall\ListenerInterface;
  25. use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
  27. /**
  28.  * Authentication listener for the "guard" system.
  29.  *
  30.  * @author Ryan Weaver <[email protected]>
  31.  * @author Amaury Leroux de Lens <[email protected]>
  32.  */
  33. class GuardAuthenticationListener implements ListenerInterface
  34. {
  35.     private $guardHandler;
  36.     private $authenticationManager;
  37.     private $providerKey;
  38.     private $guardAuthenticators;
  39.     private $logger;
  40.     private $rememberMeServices;
  42.     /**
  43.      * @param GuardAuthenticatorHandler         $guardHandler          The Guard handler
  44.      * @param AuthenticationManagerInterface    $authenticationManager An AuthenticationManagerInterface instance
  45.      * @param string                            $providerKey           The provider (i.e. firewall) key
  46.      * @param iterable|AuthenticatorInterface[] $guardAuthenticators   The authenticators, with keys that match what's passed to GuardAuthenticationProvider
  47.      * @param LoggerInterface                   $logger                A LoggerInterface instance
  48.      */
  49.     public function __construct(GuardAuthenticatorHandler $guardHandlerAuthenticationManagerInterface $authenticationManagerstring $providerKey$guardAuthenticatorsLoggerInterface $logger null)
  50.     {
  51.         if (empty($providerKey)) {
  52.             throw new \InvalidArgumentException('$providerKey must not be empty.');
  53.         }
  55.         $this->guardHandler $guardHandler;
  56.         $this->authenticationManager $authenticationManager;
  57.         $this->providerKey $providerKey;
  58.         $this->guardAuthenticators $guardAuthenticators;
  59.         $this->logger $logger;
  60.     }
  62.     /**
  63.      * Iterates over each authenticator to see if each wants to authenticate the request.
  64.      */
  65.     public function handle(GetResponseEvent $event)
  66.     {
  67.         if (null !== $this->logger) {
  68.             $context = array('firewall_key' => $this->providerKey);
  70.             if ($this->guardAuthenticators instanceof \Countable || \is_array($this->guardAuthenticators)) {
  71.                 $context['authenticators'] = \count($this->guardAuthenticators);
  72.             }
  74.             $this->logger->debug('Checking for guard authentication credentials.'$context);
  75.         }
  77.         foreach ($this->guardAuthenticators as $key => $guardAuthenticator) {
  78.             // get a key that's unique to *this* guard authenticator
  79.             // this MUST be the same as GuardAuthenticationProvider
  80.             $uniqueGuardKey $this->providerKey.'_'.$key;
  82.             $this->executeGuardAuthenticator($uniqueGuardKey$guardAuthenticator$event);
  84.             if ($event->hasResponse()) {
  85.                 if (null !== $this->logger) {
  86.                     $this->logger->debug('The "{authenticator}" authenticator set the response. Any later authenticator will not be called', array('authenticator' => \get_class($guardAuthenticator)));
  87.                 }
  89.                 break;
  90.             }
  91.         }
  92.     }
  94.     private function executeGuardAuthenticator($uniqueGuardKeyAuthenticatorInterface $guardAuthenticatorGetResponseEvent $event)
  95.     {
  96.         $request $event->getRequest();
  97.         try {
  98.             if (null !== $this->logger) {
  99.                 $this->logger->debug('Calling getCredentials() on guard configurator.', array('firewall_key' => $this->providerKey'authenticator' => \get_class($guardAuthenticator)));
  100.             }
  102.             // abort the execution of the authenticator if it doesn't support the request
  103.             if (!$guardAuthenticator->supports($request)) {
  104.                 return;
  105.             }
  107.             // allow the authenticator to fetch authentication info from the request
  108.             $credentials $guardAuthenticator->getCredentials($request);
  110.             if (null === $credentials) {
  111.                 throw new \UnexpectedValueException(sprintf('The return value of "%1$s::getCredentials()" must not be null. Return false from "%1$s::supports()" instead.', \get_class($guardAuthenticator)));
  112.             }
  114.             // create a token with the unique key, so that the provider knows which authenticator to use
  115.             $token = new PreAuthenticationGuardToken($credentials$uniqueGuardKey);
  117.             if (null !== $this->logger) {
  118.                 $this->logger->debug('Passing guard token information to the GuardAuthenticationProvider', array('firewall_key' => $this->providerKey'authenticator' => \get_class($guardAuthenticator)));
  119.             }
  120.             // pass the token into the AuthenticationManager system
  121.             // this indirectly calls GuardAuthenticationProvider::authenticate()
  122.             $token $this->authenticationManager->authenticate($token);
  124.             if (null !== $this->logger) {
  125.                 $this->logger->info('Guard authentication successful!', array('token' => $token'authenticator' => \get_class($guardAuthenticator)));
  126.             }
  128.             // sets the token on the token storage, etc
  129.             $this->guardHandler->authenticateWithToken($token$request$this->providerKey);
  130.         } catch (AuthenticationException $e) {
  131.             // oh no! Authentication failed!
  133.             if (null !== $this->logger) {
  134.                 $this->logger->info('Guard authentication failed.', array('exception' => $e'authenticator' => \get_class($guardAuthenticator)));
  135.             }
  137.             $response $this->guardHandler->handleAuthenticationFailure($e$request$guardAuthenticator$this->providerKey);
  139.             if ($response instanceof Response) {
  140.                 $event->setResponse($response);
  141.             }
  143.             return;
  144.         }
  146.         // success!
  147.         $response $this->guardHandler->handleAuthenticationSuccess($token$request$guardAuthenticator$this->providerKey);
  148.         if ($response instanceof Response) {
  149.             if (null !== $this->logger) {
  150.                 $this->logger->debug('Guard authenticator set success response.', array('response' => $response'authenticator' => \get_class($guardAuthenticator)));
  151.             }
  153.             $event->setResponse($response);
  154.         } else {
  155.             if (null !== $this->logger) {
  156.                 $this->logger->debug('Guard authenticator set no success response: request continues.', array('authenticator' => \get_class($guardAuthenticator)));
  157.             }
  158.         }
  160.         // attempt to trigger the remember me functionality
  161.         $this->triggerRememberMe($guardAuthenticator$request$token$response);
  162.     }
  164.     /**
  165.      * Should be called if this listener will support remember me.
  166.      */
  167.     public function setRememberMeServices(RememberMeServicesInterface $rememberMeServices)
  168.     {
  169.         $this->rememberMeServices $rememberMeServices;
  170.     }
  172.     /**
  173.      * Checks to see if remember me is supported in the authenticator and
  174.      * on the firewall. If it is, the RememberMeServicesInterface is notified.
  175.      */
  176.     private function triggerRememberMe(AuthenticatorInterface $guardAuthenticatorRequest $requestTokenInterface $tokenResponse $response null)
  177.     {
  178.         if (null === $this->rememberMeServices) {
  179.             if (null !== $this->logger) {
  180.                 $this->logger->debug('Remember me skipped: it is not configured for the firewall.', array('authenticator' => \get_class($guardAuthenticator)));
  181.             }
  183.             return;
  184.         }
  186.         if (!$guardAuthenticator->supportsRememberMe()) {
  187.             if (null !== $this->logger) {
  188.                 $this->logger->debug('Remember me skipped: your authenticator does not support it.', array('authenticator' => \get_class($guardAuthenticator)));
  189.             }
  191.             return;
  192.         }
  194.         if (!$response instanceof Response) {
  195.             throw new \LogicException(sprintf(
  196.                 '%s::onAuthenticationSuccess *must* return a Response if you want to use the remember me functionality. Return a Response, or set remember_me to false under the guard configuration.',
  197.                 \get_class($guardAuthenticator)
  198.             ));
  199.         }
  201.         $this->rememberMeServices->loginSuccess($request$response$token);
  202.     }
  203. }