vendor/symfony/security/Http/Firewall/ExceptionListener.php line 87

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <[email protected]>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Psr\Log\LoggerInterface;
  15. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpFoundation\Response;
  18. use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
  19. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  20. use Symfony\Component\HttpKernel\HttpKernelInterface;
  21. use Symfony\Component\HttpKernel\KernelEvents;
  22. use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
  23. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  24. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  25. use Symfony\Component\Security\Core\Exception\AccountStatusException;
  26. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  27. use Symfony\Component\Security\Core\Exception\InsufficientAuthenticationException;
  28. use Symfony\Component\Security\Core\Exception\LogoutException;
  29. use Symfony\Component\Security\Core\Security;
  30. use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
  31. use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
  32. use Symfony\Component\Security\Http\HttpUtils;
  33. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  35. /**
  36.  * ExceptionListener catches authentication exception and converts them to
  37.  * Response instances.
  38.  *
  39.  * @author Fabien Potencier <[email protected]>
  40.  */
  41. class ExceptionListener
  42. {
  43.     use TargetPathTrait;
  45.     private $tokenStorage;
  46.     private $providerKey;
  47.     private $accessDeniedHandler;
  48.     private $authenticationEntryPoint;
  49.     private $authenticationTrustResolver;
  50.     private $errorPage;
  51.     private $logger;
  52.     private $httpUtils;
  53.     private $stateless;
  55.     public function __construct(TokenStorageInterface $tokenStorageAuthenticationTrustResolverInterface $trustResolverHttpUtils $httpUtilsstring $providerKeyAuthenticationEntryPointInterface $authenticationEntryPoint nullstring $errorPage nullAccessDeniedHandlerInterface $accessDeniedHandler nullLoggerInterface $logger nullbool $stateless false)
  56.     {
  57.         $this->tokenStorage $tokenStorage;
  58.         $this->accessDeniedHandler $accessDeniedHandler;
  59.         $this->httpUtils $httpUtils;
  60.         $this->providerKey $providerKey;
  61.         $this->authenticationEntryPoint $authenticationEntryPoint;
  62.         $this->authenticationTrustResolver $trustResolver;
  63.         $this->errorPage $errorPage;
  64.         $this->logger $logger;
  65.         $this->stateless $stateless;
  66.     }
  68.     /**
  69.      * Registers a onKernelException listener to take care of security exceptions.
  70.      */
  71.     public function register(EventDispatcherInterface $dispatcher)
  72.     {
  73.         $dispatcher->addListener(KernelEvents::EXCEPTION, array($this'onKernelException'), 1);
  74.     }
  76.     /**
  77.      * Unregisters the dispatcher.
  78.      */
  79.     public function unregister(EventDispatcherInterface $dispatcher)
  80.     {
  81.         $dispatcher->removeListener(KernelEvents::EXCEPTION, array($this'onKernelException'));
  82.     }
  84.     /**
  85.      * Handles security related exceptions.
  86.      */
  87.     public function onKernelException(GetResponseForExceptionEvent $event)
  88.     {
  89.         $exception $event->getException();
  90.         do {
  91.             if ($exception instanceof AuthenticationException) {
  92.                 return $this->handleAuthenticationException($event$exception);
  93.             } elseif ($exception instanceof AccessDeniedException) {
  94.                 return $this->handleAccessDeniedException($event$exception);
  95.             } elseif ($exception instanceof LogoutException) {
  96.                 return $this->handleLogoutException($exception);
  97.             }
  98.         } while (null !== $exception $exception->getPrevious());
  99.     }
  101.     private function handleAuthenticationException(GetResponseForExceptionEvent $eventAuthenticationException $exception): void
  102.     {
  103.         if (null !== $this->logger) {
  104.             $this->logger->info('An AuthenticationException was thrown; redirecting to authentication entry point.', array('exception' => $exception));
  105.         }
  107.         try {
  108.             $event->setResponse($this->startAuthentication($event->getRequest(), $exception));
  109.             $event->allowCustomResponseCode();
  110.         } catch (\Exception $e) {
  111.             $event->setException($e);
  112.         }
  113.     }
  115.     private function handleAccessDeniedException(GetResponseForExceptionEvent $eventAccessDeniedException $exception)
  116.     {
  117.         $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
  119.         $token $this->tokenStorage->getToken();
  120.         if (!$this->authenticationTrustResolver->isFullFledged($token)) {
  121.             if (null !== $this->logger) {
  122.                 $this->logger->debug('Access denied, the user is not fully authenticated; redirecting to authentication entry point.', array('exception' => $exception));
  123.             }
  125.             try {
  126.                 $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.'0$exception);
  127.                 $insufficientAuthenticationException->setToken($token);
  129.                 $event->setResponse($this->startAuthentication($event->getRequest(), $insufficientAuthenticationException));
  130.             } catch (\Exception $e) {
  131.                 $event->setException($e);
  132.             }
  134.             return;
  135.         }
  137.         if (null !== $this->logger) {
  138.             $this->logger->debug('Access denied, the user is neither anonymous, nor remember-me.', array('exception' => $exception));
  139.         }
  141.         try {
  142.             if (null !== $this->accessDeniedHandler) {
  143.                 $response $this->accessDeniedHandler->handle($event->getRequest(), $exception);
  145.                 if ($response instanceof Response) {
  146.                     $event->setResponse($response);
  147.                 }
  148.             } elseif (null !== $this->errorPage) {
  149.                 $subRequest $this->httpUtils->createRequest($event->getRequest(), $this->errorPage);
  150.                 $subRequest->attributes->set(Security::ACCESS_DENIED_ERROR$exception);
  152.                 $event->setResponse($event->getKernel()->handle($subRequestHttpKernelInterface::SUB_REQUESTtrue));
  153.                 $event->allowCustomResponseCode();
  154.             }
  155.         } catch (\Exception $e) {
  156.             if (null !== $this->logger) {
  157.                 $this->logger->error('An exception was thrown when handling an AccessDeniedException.', array('exception' => $e));
  158.             }
  160.             $event->setException(new \RuntimeException('Exception thrown when handling an exception.'0$e));
  161.         }
  162.     }
  164.     private function handleLogoutException(LogoutException $exception): void
  165.     {
  166.         if (null !== $this->logger) {
  167.             $this->logger->info('A LogoutException was thrown.', array('exception' => $exception));
  168.         }
  169.     }
  171.     private function startAuthentication(Request $requestAuthenticationException $authException): Response
  172.     {
  173.         if (null === $this->authenticationEntryPoint) {
  174.             throw $authException;
  175.         }
  177.         if (null !== $this->logger) {
  178.             $this->logger->debug('Calling Authentication entry point.');
  179.         }
  181.         if (!$this->stateless) {
  182.             $this->setTargetPath($request);
  183.         }
  185.         if ($authException instanceof AccountStatusException) {
  186.             // remove the security token to prevent infinite redirect loops
  187.             $this->tokenStorage->setToken(null);
  189.             if (null !== $this->logger) {
  190.                 $this->logger->info('The security token was removed due to an AccountStatusException.', array('exception' => $authException));
  191.             }
  192.         }
  194.         $response $this->authenticationEntryPoint->start($request$authException);
  196.         if (!$response instanceof Response) {
  197.             $given = \is_object($response) ? \get_class($response) : \gettype($response);
  199.             throw new \LogicException(sprintf('The %s::start() method must return a Response object (%s returned)', \get_class($this->authenticationEntryPoint), $given));
  200.         }
  202.         return $response;
  203.     }
  205.     protected function setTargetPath(Request $request)
  206.     {
  207.         // session isn't required when using HTTP basic authentication mechanism for example
  208.         if ($request->hasSession() && $request->isMethodSafe(false) && !$request->isXmlHttpRequest()) {
  209.             $this->saveTargetPath($request->getSession(), $this->providerKey$request->getUri());
  210.         }
  211.     }
  212. }