vendor/symfony/security-http/Authenticator/JsonLoginAuthenticator.php line 76

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Authenticator;
  14. use Symfony\Component\HttpFoundation\JsonResponse;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  18. use Symfony\Component\PropertyAccess\Exception\AccessException;
  19. use Symfony\Component\PropertyAccess\PropertyAccess;
  20. use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
  21. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  22. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  23. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  24. use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
  25. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  26. use Symfony\Component\Security\Core\Security;
  27. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  28. use Symfony\Component\Security\Core\User\UserInterface;
  29. use Symfony\Component\Security\Core\User\UserProviderInterface;
  30. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  31. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  32. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  33. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  34. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  35. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  36. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  37. use Symfony\Component\Security\Http\HttpUtils;
  38. use Symfony\Contracts\Translation\TranslatorInterface;
  40. /**
  41.  * Provides a stateless implementation of an authentication via
  42.  * a JSON document composed of a username and a password.
  43.  *
  44.  * @author Kévin Dunglas <dunglas@gmail.com>
  45.  * @author Wouter de Jong <wouter@wouterj.nl>
  46.  *
  47.  * @final
  48.  * @experimental in 5.2
  49.  */
  50. class JsonLoginAuthenticator implements InteractiveAuthenticatorInterface
  51. {
  52.     private $options;
  53.     private $httpUtils;
  54.     private $userProvider;
  55.     private $propertyAccessor;
  56.     private $successHandler;
  57.     private $failureHandler;
  59.     /**
  60.      * @var TranslatorInterface|null
  61.      */
  62.     private $translator;
  64.     public function __construct(HttpUtils $httpUtilsUserProviderInterface $userProviderAuthenticationSuccessHandlerInterface $successHandler nullAuthenticationFailureHandlerInterface $failureHandler null, array $options = [], PropertyAccessorInterface $propertyAccessor null)
  65.     {
  66.         $this->options array_merge(['username_path' => 'username''password_path' => 'password'], $options);
  67.         $this->httpUtils $httpUtils;
  68.         $this->successHandler $successHandler;
  69.         $this->failureHandler $failureHandler;
  70.         $this->userProvider $userProvider;
  71.         $this->propertyAccessor $propertyAccessor ?: PropertyAccess::createPropertyAccessor();
  72.     }
  74.     public function supports(Request $request): ?bool
  75.     {
  76.         if (false === strpos($request->getRequestFormat(), 'json') && false === strpos($request->getContentType(), 'json')) {
  77.             return false;
  78.         }
  80.         if (isset($this->options['check_path']) && !$this->httpUtils->checkRequestPath($request$this->options['check_path'])) {
  81.             return false;
  82.         }
  84.         return true;
  85.     }
  87.     public function authenticate(Request $request): PassportInterface
  88.     {
  89.         try {
  90.             $credentials $this->getCredentials($request);
  91.         } catch (BadRequestHttpException $e) {
  92.             $request->setRequestFormat('json');
  94.             throw $e;
  95.         }
  97.         $passport = new Passport(new UserBadge($credentials['username'], function ($username) {
  98.             $user $this->userProvider->loadUserByUsername($username);
  99.             if (!$user instanceof UserInterface) {
  100.                 throw new AuthenticationServiceException('The user provider must return a UserInterface object.');
  101.             }
  103.             return $user;
  104.         }), new PasswordCredentials($credentials['password']));
  105.         if ($this->userProvider instanceof PasswordUpgraderInterface) {
  106.             $passport->addBadge(new PasswordUpgradeBadge($credentials['password'], $this->userProvider));
  107.         }
  109.         return $passport;
  110.     }
  112.     public function createAuthenticatedToken(PassportInterface $passportstring $firewallName): TokenInterface
  113.     {
  114.         return new UsernamePasswordToken($passport->getUser(), null$firewallName$passport->getUser()->getRoles());
  115.     }
  117.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  118.     {
  119.         if (null === $this->successHandler) {
  120.             return null// let the original request continue
  121.         }
  123.         return $this->successHandler->onAuthenticationSuccess($request$token);
  124.     }
  126.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  127.     {
  128.         if (null === $this->failureHandler) {
  129.             if (null !== $this->translator) {
  130.                 $errorMessage $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
  131.             } else {
  132.                 $errorMessage strtr($exception->getMessageKey(), $exception->getMessageData());
  133.             }
  135.             return new JsonResponse(['error' => $errorMessage], JsonResponse::HTTP_UNAUTHORIZED);
  136.         }
  138.         return $this->failureHandler->onAuthenticationFailure($request$exception);
  139.     }
  141.     public function isInteractive(): bool
  142.     {
  143.         return true;
  144.     }
  146.     public function setTranslator(TranslatorInterface $translator)
  147.     {
  148.         $this->translator $translator;
  149.     }
  151.     private function getCredentials(Request $request)
  152.     {
  153.         $data json_decode($request->getContent());
  154.         if (!$data instanceof \stdClass) {
  155.             throw new BadRequestHttpException('Invalid JSON.');
  156.         }
  158.         $credentials = [];
  159.         try {
  160.             $credentials['username'] = $this->propertyAccessor->getValue($data$this->options['username_path']);
  162.             if (!\is_string($credentials['username'])) {
  163.                 throw new BadRequestHttpException(sprintf('The key "%s" must be a string.'$this->options['username_path']));
  164.             }
  166.             if (\strlen($credentials['username']) > Security::MAX_USERNAME_LENGTH) {
  167.                 throw new BadCredentialsException('Invalid username.');
  168.             }
  169.         } catch (AccessException $e) {
  170.             throw new BadRequestHttpException(sprintf('The key "%s" must be provided.'$this->options['username_path']), $e);
  171.         }
  173.         try {
  174.             $credentials['password'] = $this->propertyAccessor->getValue($data$this->options['password_path']);
  176.             if (!\is_string($credentials['password'])) {
  177.                 throw new BadRequestHttpException(sprintf('The key "%s" must be a string.'$this->options['password_path']));
  178.             }
  179.         } catch (AccessException $e) {
  180.             throw new BadRequestHttpException(sprintf('The key "%s" must be provided.'$this->options['password_path']), $e);
  181.         }
  183.         return $credentials;
  184.     }
  185. }