vendor/symfony/security-guard/GuardAuthenticatorHandler.php line 25

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Guard;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpFoundation\Response;
  16. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  17. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  18. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  19. use Symfony\Component\Security\Core\User\UserInterface;
  20. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  21. use Symfony\Component\Security\Http\SecurityEvents;
  22. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
  23. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  25. trigger_deprecation('symfony/security-guard', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', GuardAuthenticatorHandler::class);
  27. /**
  28. * A utility class that does much of the *work* during the guard authentication process.
  29. *
  30. * By having the logic here instead of the listener, more of the process
  31. * can be called directly (e.g. for manual authentication) or overridden.
  32. *
  33. * @author Ryan Weaver <ryan@knpuniversity.com>
  34. *
  35. * @final
  36. *
  37. * @deprecated since Symfony 5.3, use the new authenticator system instead
  38. */
  39. class GuardAuthenticatorHandler
  40. {
  41. private $tokenStorage;
  42. private $dispatcher;
  43. private $sessionStrategy;
  44. private $statelessProviderKeys;
  46. /**
  47. * @param array $statelessProviderKeys An array of provider/firewall keys that are "stateless" and so do not need the session migrated on success
  48. */
  49. public function __construct(TokenStorageInterface $tokenStorage, ?EventDispatcherInterface $eventDispatcher = null, array $statelessProviderKeys = [])
  50. {
  51. $this->tokenStorage = $tokenStorage;
  52. $this->dispatcher = $eventDispatcher;
  53. $this->statelessProviderKeys = $statelessProviderKeys;
  54. }
  56. /**
  57. * Authenticates the given token in the system.
  58. */
  59. public function authenticateWithToken(TokenInterface $token, Request $request, ?string $providerKey = null, ?TokenInterface $previousToken = null)
  60. {
  61. $this->migrateSession($request, $token, $providerKey, 3 < \func_num_args() ? $previousToken : $this->tokenStorage->getToken());
  62. $this->tokenStorage->setToken($token);
  64. if (null !== $this->dispatcher) {
  65. $loginEvent = new InteractiveLoginEvent($request, $token);
  66. $this->dispatcher->dispatch($loginEvent, SecurityEvents::INTERACTIVE_LOGIN);
  67. }
  68. }
  70. /**
  71. * Returns the "on success" response for the given GuardAuthenticator.
  72. */
  73. public function handleAuthenticationSuccess(TokenInterface $token, Request $request, AuthenticatorInterface $guardAuthenticator, string $providerKey): ?Response
  74. {
  75. $response = $guardAuthenticator->onAuthenticationSuccess($request, $token, $providerKey);
  77. // check that it's a Response or null
  78. if ($response instanceof Response || null === $response) {
  79. return $response;
  80. }
  82. throw new \UnexpectedValueException(sprintf('The "%s::onAuthenticationSuccess()" method must return null or a Response object. You returned "%s".', \get_class($guardAuthenticator), get_debug_type($response)));
  83. }
  85. /**
  86. * Convenience method for authenticating the user and returning the
  87. * Response *if any* for success.
  88. */
  89. public function authenticateUserAndHandleSuccess(UserInterface $user, Request $request, AuthenticatorInterface $authenticator, string $providerKey): ?Response
  90. {
  91. // create an authenticated token for the User
  92. $token = $authenticator->createAuthenticatedToken($user, $providerKey);
  93. // authenticate this in the system
  94. $this->authenticateWithToken($token, $request, $providerKey, $this->tokenStorage->getToken());
  96. // return the success metric
  97. return $this->handleAuthenticationSuccess($token, $request, $authenticator, $providerKey);
  98. }
  100. /**
  101. * Handles an authentication failure and returns the Response for the
  102. * GuardAuthenticator.
  103. */
  104. public function handleAuthenticationFailure(AuthenticationException $authenticationException, Request $request, AuthenticatorInterface $guardAuthenticator, string $providerKey): ?Response
  105. {
  106. $response = $guardAuthenticator->onAuthenticationFailure($request, $authenticationException);
  107. if ($response instanceof Response || null === $response) {
  108. // returning null is ok, it means they want the request to continue
  109. return $response;
  110. }
  112. throw new \UnexpectedValueException(sprintf('The "%s::onAuthenticationFailure()" method must return null or a Response object. You returned "%s".', \get_class($guardAuthenticator), get_debug_type($response)));
  113. }
  115. /**
  116. * Call this method if your authentication token is stored to a session.
  117. *
  118. * @final
  119. */
  120. public function setSessionAuthenticationStrategy(SessionAuthenticationStrategyInterface $sessionStrategy)
  121. {
  122. $this->sessionStrategy = $sessionStrategy;
  123. }
  125. private function migrateSession(Request $request, TokenInterface $token, ?string $providerKey, ?TokenInterface $previousToken)
  126. {
  127. if (\in_array($providerKey, $this->statelessProviderKeys, true) || !$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession()) {
  128. return;
  129. }
  131. if ($previousToken) {
  132. $user = method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername();
  133. $previousUser = method_exists($previousToken, 'getUserIdentifier') ? $previousToken->getUserIdentifier() : $previousToken->getUsername();
  135. if ('' !== ($user ?? '') && $user === $previousUser) {
  136. return;
  137. }
  138. }
  140. $this->sessionStrategy->onAuthentication($request, $token);
  141. }
  142. }