Create a new core AuthenticatorInterface
This is an iteration on the AuthenticatorInterface of the Guard, to allow more flexibility so it can be used as a real replaced of the authentication providers and listeners.
This commit is contained in:
parent
50132587a1
commit
5efa892395
@ -0,0 +1,25 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
|
||||||
|
|
||||||
|
use Symfony\Component\DependencyInjection\ContainerBuilder;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Wouter de Jong <wouter@wouterj.nl>
|
||||||
|
*/
|
||||||
|
interface EntryPointFactoryInterface
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Creates the entry point and returns the service ID.
|
||||||
|
*/
|
||||||
|
public function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId): string;
|
||||||
|
}
|
@ -22,7 +22,7 @@ use Symfony\Component\DependencyInjection\Reference;
|
|||||||
* @author Fabien Potencier <fabien@symfony.com>
|
* @author Fabien Potencier <fabien@symfony.com>
|
||||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||||
*/
|
*/
|
||||||
class FormLoginFactory extends AbstractFactory implements GuardFactoryInterface
|
class FormLoginFactory extends AbstractFactory implements GuardFactoryInterface, EntryPointFactoryInterface
|
||||||
{
|
{
|
||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
@ -84,7 +84,7 @@ class FormLoginFactory extends AbstractFactory implements GuardFactoryInterface
|
|||||||
return $listenerId;
|
return $listenerId;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPoint)
|
public function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPoint): string
|
||||||
{
|
{
|
||||||
$entryPointId = 'security.authentication.form_entry_point.'.$id;
|
$entryPointId = 'security.authentication.form_entry_point.'.$id;
|
||||||
$container
|
$container
|
||||||
@ -105,7 +105,8 @@ class FormLoginFactory extends AbstractFactory implements GuardFactoryInterface
|
|||||||
$container
|
$container
|
||||||
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.form_login'))
|
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.form_login'))
|
||||||
->replaceArgument(1, isset($config['csrf_token_generator']) ? new Reference($config['csrf_token_generator']) : null)
|
->replaceArgument(1, isset($config['csrf_token_generator']) ? new Reference($config['csrf_token_generator']) : null)
|
||||||
->replaceArgument(3, $options);
|
->replaceArgument(2, new Reference($userProviderId))
|
||||||
|
->replaceArgument(4, $options);
|
||||||
|
|
||||||
return $authenticatorId;
|
return $authenticatorId;
|
||||||
}
|
}
|
||||||
|
@ -11,6 +11,7 @@
|
|||||||
|
|
||||||
namespace Symfony\Bundle\SecurityBundle\DependencyInjection;
|
namespace Symfony\Bundle\SecurityBundle\DependencyInjection;
|
||||||
|
|
||||||
|
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\EntryPointFactoryInterface;
|
||||||
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\GuardFactoryInterface;
|
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\GuardFactoryInterface;
|
||||||
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RememberMeFactory;
|
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RememberMeFactory;
|
||||||
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
|
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
|
||||||
@ -516,6 +517,10 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
|
|||||||
} else {
|
} else {
|
||||||
$authenticationProviders[$id.'_'.$key] = $authenticators;
|
$authenticationProviders[$id.'_'.$key] = $authenticators;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($factory instanceof EntryPointFactoryInterface) {
|
||||||
|
$defaultEntryPoint = $factory->createEntryPoint($container, $id, $firewall[$key], $defaultEntryPoint);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
list($provider, $listenerId, $defaultEntryPoint) = $factory->create($container, $id, $firewall[$key], $userProvider, $defaultEntryPoint);
|
list($provider, $listenerId, $defaultEntryPoint) = $factory->create($container, $id, $firewall[$key], $userProvider, $defaultEntryPoint);
|
||||||
|
|
||||||
|
@ -33,6 +33,7 @@
|
|||||||
abstract="true">
|
abstract="true">
|
||||||
<argument type="service" id="security.http_utils" />
|
<argument type="service" id="security.http_utils" />
|
||||||
<argument /> <!-- csrf token generator -->
|
<argument /> <!-- csrf token generator -->
|
||||||
|
<argument type="abstract">user provider</argument>
|
||||||
<argument type="service" id="security.encoder_factory" />
|
<argument type="service" id="security.encoder_factory" />
|
||||||
<argument type="abstract">options</argument>
|
<argument type="abstract">options</argument>
|
||||||
</service>
|
</service>
|
||||||
|
@ -0,0 +1,35 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Symfony\Component\Security\Core\Authentication\Authenticator;
|
||||||
|
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
|
use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* An optional base class that creates the necessary tokens for you.
|
||||||
|
*
|
||||||
|
* @author Ryan Weaver <ryan@knpuniversity.com>
|
||||||
|
*/
|
||||||
|
abstract class AbstractAuthenticator implements AuthenticatorInterface
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Shortcut to create a PostAuthenticationGuardToken for you, if you don't really
|
||||||
|
* care about which authenticated token you're using.
|
||||||
|
*
|
||||||
|
* @return PostAuthenticationGuardToken
|
||||||
|
*/
|
||||||
|
public function createAuthenticatedToken(UserInterface $user, string $providerKey): TokenInterface
|
||||||
|
{
|
||||||
|
return new PostAuthenticationGuardToken($user, $providerKey, $user->getRoles());
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,62 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Symfony\Component\Security\Core\Authentication\Authenticator;
|
||||||
|
|
||||||
|
use Symfony\Component\HttpFoundation\RedirectResponse;
|
||||||
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
|
use Symfony\Component\Security\Core\Security;
|
||||||
|
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A base class to make form login authentication easier!
|
||||||
|
*
|
||||||
|
* @author Ryan Weaver <ryan@knpuniversity.com>
|
||||||
|
*/
|
||||||
|
abstract class AbstractFormLoginAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Return the URL to the login page.
|
||||||
|
*/
|
||||||
|
abstract protected function getLoginUrl(): string;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Override to change what happens after a bad username/password is submitted.
|
||||||
|
*/
|
||||||
|
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response
|
||||||
|
{
|
||||||
|
if ($request->hasSession()) {
|
||||||
|
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
|
||||||
|
}
|
||||||
|
|
||||||
|
$url = $this->getLoginUrl();
|
||||||
|
|
||||||
|
return new RedirectResponse($url);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function supportsRememberMe(): bool
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Override to control what happens when the user hits a secure page
|
||||||
|
* but isn't logged in yet.
|
||||||
|
*/
|
||||||
|
public function start(Request $request, AuthenticationException $authException = null): Response
|
||||||
|
{
|
||||||
|
$url = $this->getLoginUrl();
|
||||||
|
|
||||||
|
return new RedirectResponse($url);
|
||||||
|
}
|
||||||
|
}
|
@ -1,5 +1,14 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
namespace Symfony\Component\Security\Core\Authentication\Authenticator;
|
namespace Symfony\Component\Security\Core\Authentication\Authenticator;
|
||||||
|
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
@ -9,9 +18,6 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
use Symfony\Component\Security\Core\User\User;
|
use Symfony\Component\Security\Core\User\User;
|
||||||
use Symfony\Component\Security\Core\User\UserInterface;
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
|
||||||
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
|
||||||
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Wouter de Jong <wouter@wouterj.nl>
|
* @author Wouter de Jong <wouter@wouterj.nl>
|
||||||
@ -25,11 +31,6 @@ class AnonymousAuthenticator implements AuthenticatorInterface
|
|||||||
$this->secret = $secret;
|
$this->secret = $secret;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function start(Request $request, AuthenticationException $authException = null)
|
|
||||||
{
|
|
||||||
return new Response(null, Response::HTTP_UNAUTHORIZED);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function supports(Request $request): ?bool
|
public function supports(Request $request): ?bool
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
@ -40,27 +41,29 @@ class AnonymousAuthenticator implements AuthenticatorInterface
|
|||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getUser($credentials, UserProviderInterface $userProvider)
|
public function getUser($credentials): ?UserInterface
|
||||||
{
|
{
|
||||||
return new User('anon.', null);
|
return new User('anon.', null);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function checkCredentials($credentials, UserInterface $user)
|
public function checkCredentials($credentials, UserInterface $user): bool
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticatedToken(UserInterface $user, string $providerKey)
|
public function createAuthenticatedToken(UserInterface $user, string $providerKey): TokenInterface
|
||||||
{
|
{
|
||||||
return new AnonymousToken($this->secret, 'anon.', []);
|
return new AnonymousToken($this->secret, 'anon.', []);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
|
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
|
||||||
{
|
{
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response
|
||||||
{
|
{
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function supportsRememberMe(): bool
|
public function supportsRememberMe(): bool
|
||||||
|
@ -0,0 +1,129 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Symfony\Component\Security\Core\Authentication\Authenticator;
|
||||||
|
|
||||||
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The interface for all authenticators.
|
||||||
|
*
|
||||||
|
* @author Ryan Weaver <ryan@knpuniversity.com>
|
||||||
|
* @author Amaury Leroux de Lens <amaury@lerouxdelens.com>
|
||||||
|
* @author Wouter de Jong <wouter@wouterj.nl>
|
||||||
|
*/
|
||||||
|
interface AuthenticatorInterface
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Does the authenticator support the given Request?
|
||||||
|
*
|
||||||
|
* If this returns false, the authenticator will be skipped.
|
||||||
|
*/
|
||||||
|
public function supports(Request $request): ?bool;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the authentication credentials from the request and return them
|
||||||
|
* as any type (e.g. an associate array).
|
||||||
|
*
|
||||||
|
* Whatever value you return here will be passed to getUser() and checkCredentials()
|
||||||
|
*
|
||||||
|
* For example, for a form login, you might:
|
||||||
|
*
|
||||||
|
* return [
|
||||||
|
* 'username' => $request->request->get('_username'),
|
||||||
|
* 'password' => $request->request->get('_password'),
|
||||||
|
* ];
|
||||||
|
*
|
||||||
|
* Or for an API token that's on a header, you might use:
|
||||||
|
*
|
||||||
|
* return ['api_key' => $request->headers->get('X-API-TOKEN')];
|
||||||
|
*
|
||||||
|
* @return mixed Any non-null value
|
||||||
|
*
|
||||||
|
* @throws \UnexpectedValueException If null is returned
|
||||||
|
*/
|
||||||
|
public function getCredentials(Request $request);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a UserInterface object based on the credentials.
|
||||||
|
*
|
||||||
|
* You may throw an AuthenticationException if you wish. If you return
|
||||||
|
* null, then a UsernameNotFoundException is thrown for you.
|
||||||
|
*
|
||||||
|
* @param mixed $credentials the value returned from getCredentials()
|
||||||
|
*
|
||||||
|
* @throws AuthenticationException
|
||||||
|
*/
|
||||||
|
public function getUser($credentials): ?UserInterface;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns true if the credentials are valid.
|
||||||
|
*
|
||||||
|
* If false is returned, authentication will fail. You may also throw
|
||||||
|
* an AuthenticationException if you wish to cause authentication to fail.
|
||||||
|
*
|
||||||
|
* @param mixed $credentials the value returned from getCredentials()
|
||||||
|
*
|
||||||
|
* @throws AuthenticationException
|
||||||
|
*/
|
||||||
|
public function checkCredentials($credentials, UserInterface $user): bool;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create an authenticated token for the given user.
|
||||||
|
*
|
||||||
|
* If you don't care about which token class is used or don't really
|
||||||
|
* understand what a "token" is, you can skip this method by extending
|
||||||
|
* the AbstractAuthenticator class from your authenticator.
|
||||||
|
*
|
||||||
|
* @see AbstractAuthenticator
|
||||||
|
*/
|
||||||
|
public function createAuthenticatedToken(UserInterface $user, string $providerKey): TokenInterface;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Called when authentication executed, but failed (e.g. wrong username password).
|
||||||
|
*
|
||||||
|
* This should return the Response sent back to the user, like a
|
||||||
|
* RedirectResponse to the login page or a 403 response.
|
||||||
|
*
|
||||||
|
* If you return null, the request will continue, but the user will
|
||||||
|
* not be authenticated. This is probably not what you want to do.
|
||||||
|
*/
|
||||||
|
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Called when authentication executed and was successful!
|
||||||
|
*
|
||||||
|
* This should return the Response sent back to the user, like a
|
||||||
|
* RedirectResponse to the last page they visited.
|
||||||
|
*
|
||||||
|
* If you return null, the current request will continue, and the user
|
||||||
|
* will be authenticated. This makes sense, for example, with an API.
|
||||||
|
*/
|
||||||
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Does this method support remember me cookies?
|
||||||
|
*
|
||||||
|
* Remember me cookie will be set if *all* of the following are met:
|
||||||
|
* A) This method returns true
|
||||||
|
* B) The remember_me key under your firewall is configured
|
||||||
|
* C) The "remember me" functionality is activated. This is usually
|
||||||
|
* done by having a _remember_me checkbox in your form, but
|
||||||
|
* can be configured by the "always_remember_me" and "remember_me_parameter"
|
||||||
|
* parameters under the "remember_me" firewall key
|
||||||
|
* D) The onAuthenticationSuccess method returns a Response object
|
||||||
|
*/
|
||||||
|
public function supportsRememberMe(): bool;
|
||||||
|
}
|
@ -1,5 +1,14 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
namespace Symfony\Component\Security\Core\Authentication\Authenticator;
|
namespace Symfony\Component\Security\Core\Authentication\Authenticator;
|
||||||
|
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
@ -7,7 +16,6 @@ use Symfony\Component\HttpFoundation\Response;
|
|||||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
|
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|
||||||
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
||||||
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
|
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
|
||||||
use Symfony\Component\Security\Core\Security;
|
use Symfony\Component\Security\Core\Security;
|
||||||
@ -15,7 +23,6 @@ use Symfony\Component\Security\Core\User\UserInterface;
|
|||||||
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
||||||
use Symfony\Component\Security\Csrf\CsrfToken;
|
use Symfony\Component\Security\Csrf\CsrfToken;
|
||||||
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
|
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
|
||||||
use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
|
|
||||||
use Symfony\Component\Security\Http\HttpUtils;
|
use Symfony\Component\Security\Http\HttpUtils;
|
||||||
use Symfony\Component\Security\Http\ParameterBagUtils;
|
use Symfony\Component\Security\Http\ParameterBagUtils;
|
||||||
use Symfony\Component\Security\Http\Util\TargetPathTrait;
|
use Symfony\Component\Security\Http\Util\TargetPathTrait;
|
||||||
@ -25,16 +32,17 @@ use Symfony\Component\Security\Http\Util\TargetPathTrait;
|
|||||||
*/
|
*/
|
||||||
class FormLoginAuthenticator extends AbstractFormLoginAuthenticator
|
class FormLoginAuthenticator extends AbstractFormLoginAuthenticator
|
||||||
{
|
{
|
||||||
use TargetPathTrait, UsernamePasswordTrait, UserProviderTrait {
|
use TargetPathTrait, UsernamePasswordTrait {
|
||||||
UsernamePasswordTrait::checkCredentials as checkPassword;
|
UsernamePasswordTrait::checkCredentials as checkPassword;
|
||||||
}
|
}
|
||||||
|
|
||||||
private $options;
|
private $options;
|
||||||
private $httpUtils;
|
private $httpUtils;
|
||||||
private $csrfTokenManager;
|
private $csrfTokenManager;
|
||||||
|
private $userProvider;
|
||||||
private $encoderFactory;
|
private $encoderFactory;
|
||||||
|
|
||||||
public function __construct(HttpUtils $httpUtils, ?CsrfTokenManagerInterface $csrfTokenManager, EncoderFactoryInterface $encoderFactory, array $options)
|
public function __construct(HttpUtils $httpUtils, ?CsrfTokenManagerInterface $csrfTokenManager, UserProviderInterface $userProvider, EncoderFactoryInterface $encoderFactory, array $options)
|
||||||
{
|
{
|
||||||
$this->httpUtils = $httpUtils;
|
$this->httpUtils = $httpUtils;
|
||||||
$this->csrfTokenManager = $csrfTokenManager;
|
$this->csrfTokenManager = $csrfTokenManager;
|
||||||
@ -52,6 +60,7 @@ class FormLoginAuthenticator extends AbstractFormLoginAuthenticator
|
|||||||
'target_path_parameter' => '_target_path',
|
'target_path_parameter' => '_target_path',
|
||||||
'use_referer' => false,
|
'use_referer' => false,
|
||||||
], $options);
|
], $options);
|
||||||
|
$this->userProvider = $userProvider;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function getLoginUrl(): string
|
protected function getLoginUrl(): string
|
||||||
@ -91,11 +100,16 @@ class FormLoginAuthenticator extends AbstractFormLoginAuthenticator
|
|||||||
throw new BadCredentialsException('Invalid username.');
|
throw new BadCredentialsException('Invalid username.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$request->getSession()->set(Security::LAST_USERNAME, $username);
|
$request->getSession()->set(Security::LAST_USERNAME, $credentials['username']);
|
||||||
|
|
||||||
return $credentials;
|
return $credentials;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function getUser($credentials): ?UserInterface
|
||||||
|
{
|
||||||
|
return $this->userProvider->loadUserByUsername($credentials['username']);
|
||||||
|
}
|
||||||
|
|
||||||
public function checkCredentials($credentials, UserInterface $user): bool
|
public function checkCredentials($credentials, UserInterface $user): bool
|
||||||
{
|
{
|
||||||
if (null !== $this->csrfTokenManager) {
|
if (null !== $this->csrfTokenManager) {
|
||||||
@ -107,7 +121,7 @@ class FormLoginAuthenticator extends AbstractFormLoginAuthenticator
|
|||||||
return $this->checkPassword($credentials, $user);
|
return $this->checkPassword($credentials, $user);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): Response
|
||||||
{
|
{
|
||||||
return $this->httpUtils->createRedirectResponse($request, $this->determineTargetUrl($request, $providerKey));
|
return $this->httpUtils->createRedirectResponse($request, $this->determineTargetUrl($request, $providerKey));
|
||||||
}
|
}
|
||||||
|
@ -19,16 +19,14 @@ use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
|
|||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
use Symfony\Component\Security\Core\User\UserInterface;
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
||||||
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Wouter de Jong <wouter@wouterj.nl>
|
* @author Wouter de Jong <wouter@wouterj.nl>
|
||||||
*/
|
*/
|
||||||
class HttpBasicAuthenticator implements AuthenticatorInterface
|
class HttpBasicAuthenticator implements AuthenticatorInterface, AuthenticationEntryPointInterface
|
||||||
{
|
{
|
||||||
use UserProviderTrait, UsernamePasswordTrait {
|
use UsernamePasswordTrait;
|
||||||
UserProviderTrait::getUser as getUserTrait;
|
|
||||||
}
|
|
||||||
|
|
||||||
private $realmName;
|
private $realmName;
|
||||||
private $userProvider;
|
private $userProvider;
|
||||||
@ -52,16 +50,11 @@ class HttpBasicAuthenticator implements AuthenticatorInterface
|
|||||||
return $response;
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function supports(Request $request): bool
|
public function supports(Request $request): ?bool
|
||||||
{
|
{
|
||||||
return $request->headers->has('PHP_AUTH_USER');
|
return $request->headers->has('PHP_AUTH_USER');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getUser($credentials, UserProviderInterface $userProvider): ?UserInterface
|
|
||||||
{
|
|
||||||
return $this->getUserTrait($credentials, $this->userProvider);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getCredentials(Request $request)
|
public function getCredentials(Request $request)
|
||||||
{
|
{
|
||||||
return [
|
return [
|
||||||
@ -70,6 +63,11 @@ class HttpBasicAuthenticator implements AuthenticatorInterface
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function getUser($credentials): ?UserInterface
|
||||||
|
{
|
||||||
|
return $this->userProvider->loadUserByUsername($credentials['username']);
|
||||||
|
}
|
||||||
|
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): ?Response
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): ?Response
|
||||||
{
|
{
|
||||||
return null;
|
return null;
|
||||||
|
@ -1,26 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
/*
|
|
||||||
* This file is part of the Symfony package.
|
|
||||||
*
|
|
||||||
* (c) Fabien Potencier <fabien@symfony.com>
|
|
||||||
*
|
|
||||||
* For the full copyright and license information, please view the LICENSE
|
|
||||||
* file that was distributed with this source code.
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace Symfony\Component\Security\Core\Authentication\Authenticator;
|
|
||||||
|
|
||||||
use Symfony\Component\Security\Core\User\UserInterface;
|
|
||||||
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author Wouter de Jong <wouter@wouterj.nl>
|
|
||||||
*/
|
|
||||||
trait UserProviderTrait
|
|
||||||
{
|
|
||||||
public function getUser($credentials, UserProviderInterface $userProvider): ?UserInterface
|
|
||||||
{
|
|
||||||
return $userProvider->loadUserByUsername($credentials['username']);
|
|
||||||
}
|
|
||||||
}
|
|
@ -11,11 +11,11 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Core\Authentication\Authenticator;
|
namespace Symfony\Component\Security\Core\Authentication\Authenticator;
|
||||||
|
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
|
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
|
||||||
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
|
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
||||||
use Symfony\Component\Security\Core\User\UserInterface;
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Wouter de Jong <wouter@wouterj.nl>
|
* @author Wouter de Jong <wouter@wouterj.nl>
|
||||||
@ -41,7 +41,7 @@ trait UsernamePasswordTrait
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticatedToken(UserInterface $user, $providerKey): GuardTokenInterface
|
public function createAuthenticatedToken(UserInterface $user, $providerKey): TokenInterface
|
||||||
{
|
{
|
||||||
return new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
|
return new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
|
||||||
}
|
}
|
||||||
|
@ -11,6 +11,7 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Core\Authentication;
|
namespace Symfony\Component\Security\Core\Authentication;
|
||||||
|
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Authenticator\AuthenticatorInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
use Symfony\Component\Security\Core\AuthenticationEvents;
|
use Symfony\Component\Security\Core\AuthenticationEvents;
|
||||||
use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
|
use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
|
||||||
@ -19,7 +20,6 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|||||||
use Symfony\Component\Security\Core\Exception\AuthenticationExpiredException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationExpiredException;
|
||||||
use Symfony\Component\Security\Core\Exception\ProviderNotFoundException;
|
use Symfony\Component\Security\Core\Exception\ProviderNotFoundException;
|
||||||
use Symfony\Component\Security\Core\User\UserCheckerInterface;
|
use Symfony\Component\Security\Core\User\UserCheckerInterface;
|
||||||
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
|
||||||
use Symfony\Component\Security\Guard\Provider\GuardAuthenticationProviderTrait;
|
use Symfony\Component\Security\Guard\Provider\GuardAuthenticationProviderTrait;
|
||||||
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
|
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
|
||||||
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
|
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
|
||||||
|
@ -12,14 +12,13 @@
|
|||||||
namespace Symfony\Component\Security\Core\Authentication\Token;
|
namespace Symfony\Component\Security\Core\Authentication\Token;
|
||||||
|
|
||||||
use Symfony\Component\Security\Core\User\UserInterface;
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* UsernamePasswordToken implements a username and password token.
|
* UsernamePasswordToken implements a username and password token.
|
||||||
*
|
*
|
||||||
* @author Fabien Potencier <fabien@symfony.com>
|
* @author Fabien Potencier <fabien@symfony.com>
|
||||||
*/
|
*/
|
||||||
class UsernamePasswordToken extends AbstractToken implements GuardTokenInterface
|
class UsernamePasswordToken extends AbstractToken
|
||||||
{
|
{
|
||||||
private $credentials;
|
private $credentials;
|
||||||
private $providerKey;
|
private $providerKey;
|
||||||
|
@ -13,14 +13,10 @@ namespace Symfony\Component\Security\Guard\Firewall;
|
|||||||
|
|
||||||
use Psr\Log\LoggerInterface;
|
use Psr\Log\LoggerInterface;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
|
||||||
use Symfony\Component\HttpKernel\Event\RequestEvent;
|
use Symfony\Component\HttpKernel\Event\RequestEvent;
|
||||||
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
|
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|
||||||
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
||||||
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
|
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
|
||||||
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
|
|
||||||
use Symfony\Component\Security\Http\Firewall\AbstractListener;
|
use Symfony\Component\Security\Http\Firewall\AbstractListener;
|
||||||
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
|
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
|
||||||
|
|
||||||
|
@ -1,10 +1,20 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
namespace Symfony\Component\Security\Guard\Firewall;
|
namespace Symfony\Component\Security\Guard\Firewall;
|
||||||
|
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\HttpKernel\Event\RequestEvent;
|
use Symfony\Component\HttpKernel\Event\RequestEvent;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Authenticator\AuthenticatorInterface as CoreAuthenticatorInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
||||||
@ -37,7 +47,7 @@ trait GuardAuthenticatorListenerTrait
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param AuthenticatorInterface[] $guardAuthenticators
|
* @param (CoreAuthenticatorInterface|AuthenticatorInterface)[] $guardAuthenticators
|
||||||
*/
|
*/
|
||||||
protected function executeGuardAuthenticators(array $guardAuthenticators, RequestEvent $event): void
|
protected function executeGuardAuthenticators(array $guardAuthenticators, RequestEvent $event): void
|
||||||
{
|
{
|
||||||
@ -56,8 +66,15 @@ trait GuardAuthenticatorListenerTrait
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private function executeGuardAuthenticator(string $uniqueGuardKey, AuthenticatorInterface $guardAuthenticator, RequestEvent $event)
|
/**
|
||||||
|
* @param CoreAuthenticatorInterface|AuthenticatorInterface $guardAuthenticator
|
||||||
|
*/
|
||||||
|
private function executeGuardAuthenticator(string $uniqueGuardKey, $guardAuthenticator, RequestEvent $event)
|
||||||
{
|
{
|
||||||
|
if (!$guardAuthenticator instanceof AuthenticatorInterface && !$guardAuthenticator instanceof CoreAuthenticatorInterface) {
|
||||||
|
throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.');
|
||||||
|
}
|
||||||
|
|
||||||
$request = $event->getRequest();
|
$request = $event->getRequest();
|
||||||
try {
|
try {
|
||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
@ -124,9 +141,15 @@ trait GuardAuthenticatorListenerTrait
|
|||||||
/**
|
/**
|
||||||
* Checks to see if remember me is supported in the authenticator and
|
* Checks to see if remember me is supported in the authenticator and
|
||||||
* on the firewall. If it is, the RememberMeServicesInterface is notified.
|
* on the firewall. If it is, the RememberMeServicesInterface is notified.
|
||||||
|
*
|
||||||
|
* @param CoreAuthenticatorInterface|AuthenticatorInterface $guardAuthenticator
|
||||||
*/
|
*/
|
||||||
private function triggerRememberMe(AuthenticatorInterface $guardAuthenticator, Request $request, TokenInterface $token, Response $response = null)
|
private function triggerRememberMe($guardAuthenticator, Request $request, TokenInterface $token, Response $response = null)
|
||||||
{
|
{
|
||||||
|
if (!$guardAuthenticator instanceof AuthenticatorInterface && !$guardAuthenticator instanceof CoreAuthenticatorInterface) {
|
||||||
|
throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.');
|
||||||
|
}
|
||||||
|
|
||||||
if (null === $this->rememberMeServices) {
|
if (null === $this->rememberMeServices) {
|
||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
$this->logger->debug('Remember me skipped: it is not configured for the firewall.', ['authenticator' => \get_class($guardAuthenticator)]);
|
$this->logger->debug('Remember me skipped: it is not configured for the firewall.', ['authenticator' => \get_class($guardAuthenticator)]);
|
||||||
|
@ -13,6 +13,7 @@ namespace Symfony\Component\Security\Guard;
|
|||||||
|
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Authenticator\AuthenticatorInterface as CoreAuthenticatorInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
@ -65,9 +66,15 @@ class GuardAuthenticatorHandler
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the "on success" response for the given GuardAuthenticator.
|
* Returns the "on success" response for the given GuardAuthenticator.
|
||||||
|
*
|
||||||
|
* @param CoreAuthenticatorInterface|AuthenticatorInterface $guardAuthenticator
|
||||||
*/
|
*/
|
||||||
public function handleAuthenticationSuccess(TokenInterface $token, Request $request, AuthenticatorInterface $guardAuthenticator, string $providerKey): ?Response
|
public function handleAuthenticationSuccess(TokenInterface $token, Request $request, $guardAuthenticator, string $providerKey): ?Response
|
||||||
{
|
{
|
||||||
|
if (!$guardAuthenticator instanceof AuthenticatorInterface && !$guardAuthenticator instanceof CoreAuthenticatorInterface) {
|
||||||
|
throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.');
|
||||||
|
}
|
||||||
|
|
||||||
$response = $guardAuthenticator->onAuthenticationSuccess($request, $token, $providerKey);
|
$response = $guardAuthenticator->onAuthenticationSuccess($request, $token, $providerKey);
|
||||||
|
|
||||||
// check that it's a Response or null
|
// check that it's a Response or null
|
||||||
@ -81,9 +88,15 @@ class GuardAuthenticatorHandler
|
|||||||
/**
|
/**
|
||||||
* Convenience method for authenticating the user and returning the
|
* Convenience method for authenticating the user and returning the
|
||||||
* Response *if any* for success.
|
* Response *if any* for success.
|
||||||
|
*
|
||||||
|
* @param CoreAuthenticatorInterface|AuthenticatorInterface $authenticator
|
||||||
*/
|
*/
|
||||||
public function authenticateUserAndHandleSuccess(UserInterface $user, Request $request, AuthenticatorInterface $authenticator, string $providerKey): ?Response
|
public function authenticateUserAndHandleSuccess(UserInterface $user, Request $request, $authenticator, string $providerKey): ?Response
|
||||||
{
|
{
|
||||||
|
if (!$authenticator instanceof AuthenticatorInterface && !$authenticator instanceof CoreAuthenticatorInterface) {
|
||||||
|
throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.');
|
||||||
|
}
|
||||||
|
|
||||||
// create an authenticated token for the User
|
// create an authenticated token for the User
|
||||||
$token = $authenticator->createAuthenticatedToken($user, $providerKey);
|
$token = $authenticator->createAuthenticatedToken($user, $providerKey);
|
||||||
// authenticate this in the system
|
// authenticate this in the system
|
||||||
@ -96,9 +109,15 @@ class GuardAuthenticatorHandler
|
|||||||
/**
|
/**
|
||||||
* Handles an authentication failure and returns the Response for the
|
* Handles an authentication failure and returns the Response for the
|
||||||
* GuardAuthenticator.
|
* GuardAuthenticator.
|
||||||
|
*
|
||||||
|
* @param CoreAuthenticatorInterface|AuthenticatorInterface $guardAuthenticator
|
||||||
*/
|
*/
|
||||||
public function handleAuthenticationFailure(AuthenticationException $authenticationException, Request $request, AuthenticatorInterface $guardAuthenticator, string $providerKey): ?Response
|
public function handleAuthenticationFailure(AuthenticationException $authenticationException, Request $request, $guardAuthenticator, string $providerKey): ?Response
|
||||||
{
|
{
|
||||||
|
if (!$guardAuthenticator instanceof AuthenticatorInterface && !$guardAuthenticator instanceof CoreAuthenticatorInterface) {
|
||||||
|
throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.');
|
||||||
|
}
|
||||||
|
|
||||||
$response = $guardAuthenticator->onAuthenticationFailure($request, $authenticationException);
|
$response = $guardAuthenticator->onAuthenticationFailure($request, $authenticationException);
|
||||||
if ($response instanceof Response || null === $response) {
|
if ($response instanceof Response || null === $response) {
|
||||||
// returning null is ok, it means they want the request to continue
|
// returning null is ok, it means they want the request to continue
|
||||||
|
@ -11,14 +11,15 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Guard\Provider;
|
namespace Symfony\Component\Security\Guard\Provider;
|
||||||
|
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Authenticator\AuthenticatorInterface as CoreAuthenticatorInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
||||||
|
use Symfony\Component\Security\Core\Exception\LogicException;
|
||||||
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
|
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
|
||||||
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
|
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
|
||||||
use Symfony\Component\Security\Core\User\UserInterface;
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
||||||
use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
|
use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
|
||||||
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
|
|
||||||
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
|
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -28,10 +29,22 @@ use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
|
|||||||
*/
|
*/
|
||||||
trait GuardAuthenticationProviderTrait
|
trait GuardAuthenticationProviderTrait
|
||||||
{
|
{
|
||||||
private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator, PreAuthenticationGuardToken $token, string $providerKey): TokenInterface
|
/**
|
||||||
|
* @param CoreAuthenticatorInterface|AuthenticatorInterface $guardAuthenticator
|
||||||
|
*/
|
||||||
|
private function authenticateViaGuard($guardAuthenticator, PreAuthenticationGuardToken $token, string $providerKey): TokenInterface
|
||||||
{
|
{
|
||||||
// get the user from the GuardAuthenticator
|
// get the user from the GuardAuthenticator
|
||||||
$user = $guardAuthenticator->getUser($token->getCredentials(), $this->userProvider);
|
if ($guardAuthenticator instanceof AuthenticatorInterface) {
|
||||||
|
if (!isset($this->userProvider)) {
|
||||||
|
throw new LogicException(sprintf('%s only supports authenticators implementing "%s", update "%s" or use the legacy guard integration instead.', __CLASS__, CoreAuthenticatorInterface::class, \get_class($guardAuthenticator)));
|
||||||
|
}
|
||||||
|
$user = $guardAuthenticator->getUser($token->getCredentials(), $this->userProvider);
|
||||||
|
} elseif ($guardAuthenticator instanceof CoreAuthenticatorInterface) {
|
||||||
|
$user = $guardAuthenticator->getUser($token->getCredentials());
|
||||||
|
} else {
|
||||||
|
throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.');
|
||||||
|
}
|
||||||
|
|
||||||
if (null === $user) {
|
if (null === $user) {
|
||||||
throw new UsernameNotFoundException(sprintf('Null returned from "%s::getUser()".', get_debug_type($guardAuthenticator)));
|
throw new UsernameNotFoundException(sprintf('Null returned from "%s::getUser()".', get_debug_type($guardAuthenticator)));
|
||||||
@ -63,7 +76,10 @@ trait GuardAuthenticationProviderTrait
|
|||||||
return $authenticatedToken;
|
return $authenticatedToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function findOriginatingAuthenticator(PreAuthenticationGuardToken $token): ?AuthenticatorInterface
|
/**
|
||||||
|
* @return CoreAuthenticatorInterface|\Symfony\Component\Security\Guard\AuthenticatorInterface|null
|
||||||
|
*/
|
||||||
|
private function findOriginatingAuthenticator(PreAuthenticationGuardToken $token)
|
||||||
{
|
{
|
||||||
// find the *one* GuardAuthenticator that this token originated from
|
// find the *one* GuardAuthenticator that this token originated from
|
||||||
foreach ($this->guardAuthenticators as $key => $guardAuthenticator) {
|
foreach ($this->guardAuthenticators as $key => $guardAuthenticator) {
|
||||||
|
@ -12,10 +12,9 @@
|
|||||||
namespace Symfony\Component\Security\Http\Firewall;
|
namespace Symfony\Component\Security\Http\Firewall;
|
||||||
|
|
||||||
use Psr\Log\LoggerInterface;
|
use Psr\Log\LoggerInterface;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
|
||||||
use Symfony\Component\HttpKernel\Event\RequestEvent;
|
use Symfony\Component\HttpKernel\Event\RequestEvent;
|
||||||
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
|
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
|
||||||
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
use Symfony\Component\Security\Core\Authentication\Authenticator\AuthenticatorInterface;
|
||||||
use Symfony\Component\Security\Guard\Firewall\GuardAuthenticatorListenerTrait;
|
use Symfony\Component\Security\Guard\Firewall\GuardAuthenticatorListenerTrait;
|
||||||
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
|
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user