vendor/symfony/security-http/Authenticator/FormLoginAuthenticator.php line 43

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Http\Authenticator;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpFoundation\Response;
  16. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  17. use Symfony\Component\HttpKernel\HttpKernelInterface;
  18. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  20. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  21. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  22. use Symfony\Component\Security\Core\Security;
  23. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  24. use Symfony\Component\Security\Core\User\UserProviderInterface;
  25. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  26. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  27. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  28. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  29. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\RememberMeBadge;
  30. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  31. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  32. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  33. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  34. use Symfony\Component\Security\Http\HttpUtils;
  35. use Symfony\Component\Security\Http\ParameterBagUtils;
  37. /**
  38. * @author Wouter de Jong <wouter@wouterj.nl>
  39. * @author Fabien Potencier <fabien@symfony.com>
  40. *
  41. * @final
  42. */
  43. class FormLoginAuthenticator extends AbstractLoginFormAuthenticator
  44. {
  45. private $httpUtils;
  46. private $userProvider;
  47. private $successHandler;
  48. private $failureHandler;
  49. private $options;
  50. private $httpKernel;
  52. public function __construct(HttpUtils $httpUtils, UserProviderInterface $userProvider, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options)
  53. {
  54. $this->httpUtils = $httpUtils;
  55. $this->userProvider = $userProvider;
  56. $this->successHandler = $successHandler;
  57. $this->failureHandler = $failureHandler;
  58. $this->options = array_merge([
  59. 'username_parameter' => '_username',
  60. 'password_parameter' => '_password',
  61. 'check_path' => '/login_check',
  62. 'post_only' => true,
  63. 'form_only' => false,
  64. 'enable_csrf' => false,
  65. 'csrf_parameter' => '_csrf_token',
  66. 'csrf_token_id' => 'authenticate',
  67. ], $options);
  68. }
  70. protected function getLoginUrl(Request $request): string
  71. {
  72. return $this->httpUtils->generateUri($request, $this->options['login_path']);
  73. }
  75. public function supports(Request $request): bool
  76. {
  77. return ($this->options['post_only'] ? $request->isMethod('POST') : true)
  78. && $this->httpUtils->checkRequestPath($request, $this->options['check_path'])
  79. && ($this->options['form_only'] ? 'form' === $request->getContentType() : true);
  80. }
  82. public function authenticate(Request $request): Passport
  83. {
  84. $credentials = $this->getCredentials($request);
  86. // @deprecated since Symfony 5.3, change to $this->userProvider->loadUserByIdentifier() in 6.0
  87. $method = 'loadUserByIdentifier';
  88. if (!method_exists($this->userProvider, 'loadUserByIdentifier')) {
  89. trigger_deprecation('symfony/security-core', '5.3', 'Not implementing method "loadUserByIdentifier()" in user provider "%s" is deprecated. This method will replace "loadUserByUsername()" in Symfony 6.0.', get_debug_type($this->userProvider));
  91. $method = 'loadUserByUsername';
  92. }
  94. $passport = new Passport(
  95. new UserBadge($credentials['username'], [$this->userProvider, $method]),
  96. new PasswordCredentials($credentials['password']),
  97. [new RememberMeBadge()]
  98. );
  99. if ($this->options['enable_csrf']) {
  100. $passport->addBadge(new CsrfTokenBadge($this->options['csrf_token_id'], $credentials['csrf_token']));
  101. }
  103. if ($this->userProvider instanceof PasswordUpgraderInterface) {
  104. $passport->addBadge(new PasswordUpgradeBadge($credentials['password'], $this->userProvider));
  105. }
  107. return $passport;
  108. }
  110. /**
  111. * @deprecated since Symfony 5.4, use {@link createToken()} instead
  112. */
  113. public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
  114. {
  115. trigger_deprecation('symfony/security-http', '5.4', 'Method "%s()" is deprecated, use "%s::createToken()" instead.', __METHOD__, __CLASS__);
  117. return $this->createToken($passport, $firewallName);
  118. }
  120. public function createToken(Passport $passport, string $firewallName): TokenInterface
  121. {
  122. return new UsernamePasswordToken($passport->getUser(), $firewallName, $passport->getUser()->getRoles());
  123. }
  125. public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
  126. {
  127. return $this->successHandler->onAuthenticationSuccess($request, $token);
  128. }
  130. public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response
  131. {
  132. return $this->failureHandler->onAuthenticationFailure($request, $exception);
  133. }
  135. private function getCredentials(Request $request): array
  136. {
  137. $credentials = [];
  138. $credentials['csrf_token'] = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
  140. if ($this->options['post_only']) {
  141. $credentials['username'] = ParameterBagUtils::getParameterBagValue($request->request, $this->options['username_parameter']);
  142. $credentials['password'] = ParameterBagUtils::getParameterBagValue($request->request, $this->options['password_parameter']) ?? '';
  143. } else {
  144. $credentials['username'] = ParameterBagUtils::getRequestParameterValue($request, $this->options['username_parameter']);
  145. $credentials['password'] = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']) ?? '';
  146. }
  148. if (!\is_string($credentials['username']) && (!\is_object($credentials['username']) || !method_exists($credentials['username'], '__toString'))) {
  149. throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($credentials['username'])));
  150. }
  152. $credentials['username'] = trim($credentials['username']);
  154. if (\strlen($credentials['username']) > Security::MAX_USERNAME_LENGTH) {
  155. throw new BadCredentialsException('Invalid username.');
  156. }
  158. $request->getSession()->set(Security::LAST_USERNAME, $credentials['username']);
  160. if (!\is_string($credentials['password']) && (!\is_object($credentials['password']) || !method_exists($credentials['password'], '__toString'))) {
  161. throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['password_parameter'], \gettype($credentials['password'])));
  162. }
  164. if (!\is_string($credentials['csrf_token'] ?? '') && (!\is_object($credentials['csrf_token']) || !method_exists($credentials['csrf_token'], '__toString'))) {
  165. throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['csrf_parameter'], \gettype($credentials['csrf_token'])));
  166. }
  168. return $credentials;
  169. }
  171. public function setHttpKernel(HttpKernelInterface $httpKernel): void
  172. {
  173. $this->httpKernel = $httpKernel;
  174. }
  176. public function start(Request $request, ?AuthenticationException $authException = null): Response
  177. {
  178. if (!$this->options['use_forward']) {
  179. return parent::start($request, $authException);
  180. }
  182. $subRequest = $this->httpUtils->createRequest($request, $this->options['login_path']);
  183. $response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
  184. if (200 === $response->getStatusCode()) {
  185. $response->setStatusCode(401);
  186. }
  188. return $response;
  189. }
  190. }