vendor/symfony/security-http/Firewall/AbstractAuthenticationListener.php line 34

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Psr\Log\LoggerInterface;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\HttpKernel\Event\RequestEvent;
  18. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  19. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  20. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  21. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  22. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  23. use Symfony\Component\Security\Core\Exception\SessionUnavailableException;
  24. use Symfony\Component\Security\Core\Security;
  25. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  26. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  27. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  28. use Symfony\Component\Security\Http\HttpUtils;
  29. use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
  30. use Symfony\Component\Security\Http\SecurityEvents;
  31. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
  32. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  34. trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', AbstractAuthenticationListener::class);
  36. /**
  37. * The AbstractAuthenticationListener is the preferred base class for all
  38. * browser-/HTTP-based authentication requests.
  39. *
  40. * Subclasses likely have to implement the following:
  41. * - an TokenInterface to hold authentication related data
  42. * - an AuthenticationProvider to perform the actual authentication of the
  43. * token, retrieve the UserInterface implementation from a database, and
  44. * perform the specific account checks using the UserChecker
  45. *
  46. * By default, this listener only is active for a specific path, e.g.
  47. * /login_check. If you want to change this behavior, you can overwrite the
  48. * requiresAuthentication() method.
  49. *
  50. * @author Fabien Potencier <fabien@symfony.com>
  51. * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  52. *
  53. * @deprecated since Symfony 5.3, use the new authenticator system instead
  54. */
  55. abstract class AbstractAuthenticationListener extends AbstractListener
  56. {
  57. protected $options;
  58. protected $logger;
  59. protected $authenticationManager;
  60. protected $providerKey;
  61. protected $httpUtils;
  63. private $tokenStorage;
  64. private $sessionStrategy;
  65. private $dispatcher;
  66. private $successHandler;
  67. private $failureHandler;
  68. private $rememberMeServices;
  70. /**
  71. * @throws \InvalidArgumentException
  72. */
  73. public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, string $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = [], ?LoggerInterface $logger = null, ?EventDispatcherInterface $dispatcher = null)
  74. {
  75. if (empty($providerKey)) {
  76. throw new \InvalidArgumentException('$providerKey must not be empty.');
  77. }
  79. $this->tokenStorage = $tokenStorage;
  80. $this->authenticationManager = $authenticationManager;
  81. $this->sessionStrategy = $sessionStrategy;
  82. $this->providerKey = $providerKey;
  83. $this->successHandler = $successHandler;
  84. $this->failureHandler = $failureHandler;
  85. $this->options = array_merge([
  86. 'check_path' => '/login_check',
  87. 'login_path' => '/login',
  88. 'always_use_default_target_path' => false,
  89. 'default_target_path' => '/',
  90. 'target_path_parameter' => '_target_path',
  91. 'use_referer' => false,
  92. 'failure_path' => null,
  93. 'failure_forward' => false,
  94. 'require_previous_session' => true,
  95. ], $options);
  96. $this->logger = $logger;
  97. $this->dispatcher = $dispatcher;
  98. $this->httpUtils = $httpUtils;
  99. }
  101. /**
  102. * Sets the RememberMeServices implementation to use.
  103. */
  104. public function setRememberMeServices(RememberMeServicesInterface $rememberMeServices)
  105. {
  106. $this->rememberMeServices = $rememberMeServices;
  107. }
  109. /**
  110. * {@inheritdoc}
  111. */
  112. public function supports(Request $request): ?bool
  113. {
  114. return $this->requiresAuthentication($request);
  115. }
  117. /**
  118. * Handles form based authentication.
  119. *
  120. * @throws \RuntimeException
  121. * @throws SessionUnavailableException
  122. */
  123. public function authenticate(RequestEvent $event)
  124. {
  125. $request = $event->getRequest();
  127. if (!$request->hasSession()) {
  128. throw new \RuntimeException('This authentication method requires a session.');
  129. }
  131. try {
  132. if ($this->options['require_previous_session'] && !$request->hasPreviousSession()) {
  133. throw new SessionUnavailableException('Your session has timed out, or you have disabled cookies.');
  134. }
  136. $previousToken = $this->tokenStorage->getToken();
  138. if (null === $returnValue = $this->attemptAuthentication($request)) {
  139. return;
  140. }
  142. if ($returnValue instanceof TokenInterface) {
  143. $this->migrateSession($request, $returnValue, $previousToken);
  145. $response = $this->onSuccess($request, $returnValue);
  146. } elseif ($returnValue instanceof Response) {
  147. $response = $returnValue;
  148. } else {
  149. throw new \RuntimeException('attemptAuthentication() must either return a Response, an implementation of TokenInterface, or null.');
  150. }
  151. } catch (AuthenticationException $e) {
  152. $response = $this->onFailure($request, $e);
  153. }
  155. $event->setResponse($response);
  156. }
  158. /**
  159. * Whether this request requires authentication.
  160. *
  161. * The default implementation only processes requests to a specific path,
  162. * but a subclass could change this to only authenticate requests where a
  163. * certain parameters is present.
  164. *
  165. * @return bool
  166. */
  167. protected function requiresAuthentication(Request $request)
  168. {
  169. return $this->httpUtils->checkRequestPath($request, $this->options['check_path']);
  170. }
  172. /**
  173. * Performs authentication.
  174. *
  175. * @return TokenInterface|Response|null The authenticated token, null if full authentication is not possible, or a Response
  176. *
  177. * @throws AuthenticationException if the authentication fails
  178. */
  179. abstract protected function attemptAuthentication(Request $request);
  181. private function onFailure(Request $request, AuthenticationException $failed): Response
  182. {
  183. if (null !== $this->logger) {
  184. $this->logger->info('Authentication request failed.', ['exception' => $failed]);
  185. }
  187. $token = $this->tokenStorage->getToken();
  188. if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getFirewallName()) {
  189. $this->tokenStorage->setToken(null);
  190. }
  192. $response = $this->failureHandler->onAuthenticationFailure($request, $failed);
  194. if (!$response instanceof Response) {
  195. throw new \RuntimeException('Authentication Failure Handler did not return a Response.');
  196. }
  198. return $response;
  199. }
  201. private function onSuccess(Request $request, TokenInterface $token): Response
  202. {
  203. if (null !== $this->logger) {
  204. // @deprecated since Symfony 5.3, change to $token->getUserIdentifier() in 6.0
  205. $this->logger->info('User has been authenticated successfully.', ['username' => method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername()]);
  206. }
  208. $this->tokenStorage->setToken($token);
  210. $session = $request->getSession();
  211. $session->remove(Security::AUTHENTICATION_ERROR);
  212. $session->remove(Security::LAST_USERNAME);
  214. if (null !== $this->dispatcher) {
  215. $loginEvent = new InteractiveLoginEvent($request, $token);
  216. $this->dispatcher->dispatch($loginEvent, SecurityEvents::INTERACTIVE_LOGIN);
  217. }
  219. $response = $this->successHandler->onAuthenticationSuccess($request, $token);
  221. if (!$response instanceof Response) {
  222. throw new \RuntimeException('Authentication Success Handler did not return a Response.');
  223. }
  225. if (null !== $this->rememberMeServices) {
  226. $this->rememberMeServices->loginSuccess($request, $response, $token);
  227. }
  229. return $response;
  230. }
  232. private function migrateSession(Request $request, TokenInterface $token, ?TokenInterface $previousToken)
  233. {
  234. if ($previousToken) {
  235. $user = method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername();
  236. $previousUser = method_exists($previousToken, 'getUserIdentifier') ? $previousToken->getUserIdentifier() : $previousToken->getUsername();
  238. if ('' !== ($user ?? '') && $user === $previousUser) {
  239. return;
  240. }
  241. }
  243. $this->sessionStrategy->onAuthentication($request, $token);
  244. }
  245. }