GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases 4 Wiki Activity
upstream V3 development https://www.gnusocial.rocks/v3
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19987 Commits
8 Branches
315 MiB
 
 
 
 
 
 
Tree: 3a5e52ee0d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3a5e52ee0d'
${ noResults }
gnu-social/src/Security/Authenticator.php

169 lines
5.8 KiB
Raw Blame History 

  1. <?php

  2. 

  3. declare(strict_types=1);

  4. 

  5. // {{{ License

  6. // This file is part of GNU social - https://www.gnu.org/software/social

  7. //

  8. // GNU social is free software: you can redistribute it and/or modify

  9. // it under the terms of the GNU Affero General Public License as published by

  10. // the Free Software Foundation, either version 3 of the License, or

  11. // (at your option) any later version.

  12. //

  13. // GNU social is distributed in the hope that it will be useful,

  14. // but WITHOUT ANY WARRANTY; without even the implied warranty of

  15. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  16. // GNU Affero General Public License for more details.

  17. //

  18. // You should have received a copy of the GNU Affero General Public License

  19. // along with GNU social.  If not, see <http://www.gnu.org/licenses/>.

  20. // }}}

  21. 

  22. namespace App\Security;

  23. 

  24. use App\Core\Router\Router;

  25. use App\Entity\LocalUser;

  26. use App\Util\Common;

  27. use App\Util\Exception\NoSuchActorException;

  28. use App\Util\Exception\NotFoundException;

  29. use App\Util\Exception\ServerException;

  30. use App\Util\Nickname;

  31. use Stringable;

  32. use Symfony\Component\HttpFoundation\RedirectResponse;

  33. use Symfony\Component\HttpFoundation\Request;

  34. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;

  35. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;

  36. use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;

  37. use Symfony\Component\Security\Core\Security;

  38. use Symfony\Component\Security\Core\User\UserInterface;

  39. use Symfony\Component\Security\Core\User\UserProviderInterface;

  40. use Symfony\Component\Security\Csrf\CsrfToken;

  41. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;

  42. use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;

  43. use Symfony\Component\Security\Guard\AuthenticatorInterface;

  44. use Symfony\Component\Security\Http\Util\TargetPathTrait;

  45. use function App\Core\I18n\_m;

  46. 

  47. /**

  48.  * User authenticator

  49.  *

  50.  * @category  Authentication

  51.  * @package   GNUsocial

  52.  *

  53.  * @author    Hugo Sales <hugo@hsal.es>

  54.  * @copyright 2020-2021 Free Software Foundation, Inc http://www.fsf.org

  55.  * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later

  56.  */

  57. class Authenticator extends AbstractFormLoginAuthenticator implements AuthenticatorInterface

  58. {

  59.     use TargetPathTrait;

  60. 

  61.     public const LOGIN_ROUTE = 'security_login';

  62. 

  63.     private CsrfTokenManagerInterface $csrfTokenManager;

  64. 

  65.     public function __construct(CsrfTokenManagerInterface $csrfTokenManager)

  66.     {

  67.         $this->csrfTokenManager = $csrfTokenManager;

  68.     }

  69. 

  70.     /**

  71.      * @param Request $request

  72.      * @return bool

  73.      */

  74.     public function supports(Request $request): bool

  75.     {

  76.         return self::LOGIN_ROUTE === $request->attributes->get('_route') && $request->isMethod('POST');

  77.     }

  78. 

  79.     /**

  80.      * @return array<string, string>

  81.      */

  82.     public function getCredentials(Request $request): array

  83.     {

  84.         return [

  85.             'nickname_or_email' => $request->request->get('nickname_or_email'),

  86.             'password' => $request->request->get('password'),

  87.             'csrf_token' => $request->request->get('_csrf_token'),

  88.         ];

  89.     }

  90. 

  91.     /**

  92.      * Get a user given credentials and a CSRF token

  93.      *

  94.      * @param array<string, string> $credentials result of self::getCredentials

  95.      * @param UserProviderInterface $userProvider

  96.      * @return ?LocalUser

  97.      * @throws NoSuchActorException

  98.      * @throws ServerException

  99.      */

  100.     public function getUser($credentials, UserProviderInterface $userProvider): ?LocalUser

  101.     {

  102.         $token = new CsrfToken('authenticate', $credentials['csrf_token']);

  103.         if (!$this->csrfTokenManager->isTokenValid($token)) {

  104.             throw new InvalidCsrfTokenException();

  105.         }

  106.         $user = null;

  107.         try {

  108.             if (Common::isValidEmail($credentials['nickname_or_email'])) {

  109.                 $user = LocalUser::getByEmail($credentials['nickname_or_email']);

  110.             } elseif (Nickname::isValid($credentials['nickname_or_email'])) {

  111.                 $user = LocalUser::getByNickname($credentials['nickname_or_email']);

  112.             }

  113.             if (is_null($user)) {

  114.                 throw new NoSuchActorException('No such local user.');

  115.             }

  116.             $credentials['nickname'] = $user->getNickname();

  117.         } catch (NoSuchActorException|NotFoundException) {

  118.             throw new CustomUserMessageAuthenticationException(

  119.                 _m('Invalid login credentials.'),

  120.             );

  121.         }

  122.         return $user;

  123.     }

  124. 

  125.     /**

  126.      * @param array<string, string> $credentials result of self::getCredentials

  127.      * @param LocalUser $user

  128.      * @return bool

  129.      * @throws ServerException

  130.      */

  131.     public function checkCredentials($credentials, $user): bool

  132.     {

  133.         if (!$user->checkPassword($credentials['password'])) {

  134.             throw new CustomUserMessageAuthenticationException(_m('Invalid login credentials.'));

  135.         } else {

  136.             return true;

  137.         }

  138.     }

  139. 

  140.     /**

  141.      * After a successful login, redirect user to the path saved in their session or to the root of the website

  142.      */

  143.     public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): RedirectResponse

  144.     {

  145.         $nickname = $token->getUser();

  146.         if ($nickname instanceof Stringable) {

  147.             $nickname = (string)$nickname;

  148.         } elseif ($nickname instanceof UserInterface) {

  149.             $nickname = $nickname->getUserIdentifier();

  150.         }

  151. 

  152.         $request->getSession()->set(

  153.             Security::LAST_USERNAME,

  154.             $nickname,

  155.         );

  156. 

  157.         if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {

  158.             return new RedirectResponse($targetPath);

  159.         }

  160. 

  161.         return new RedirectResponse(Router::url('main_all'));

  162.     }

  163. 

  164.     protected function getLoginUrl(): string

  165.     {

  166.         return Router::url(self::LOGIN_ROUTE);

  167.     }

  168. }