vendor/symfony/security-http/Authenticator/FormLoginAuthenticator.php line 127

  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Authenticator;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpFoundation\Response;
  16. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  17. use Symfony\Component\HttpKernel\HttpKernelInterface;
  18. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  20. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  21. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  22. use Symfony\Component\Security\Core\User\UserProviderInterface;
  23. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  24. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  25. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  26. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  27. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\RememberMeBadge;
  28. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  29. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  30. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  31. use Symfony\Component\Security\Http\HttpUtils;
  32. use Symfony\Component\Security\Http\ParameterBagUtils;
  33. use Symfony\Component\Security\Http\SecurityRequestAttributes;
  35. /**
  36.  * @author Wouter de Jong <wouter@wouterj.nl>
  37.  * @author Fabien Potencier <fabien@symfony.com>
  38.  *
  39.  * @final
  40.  */
  41. class FormLoginAuthenticator extends AbstractLoginFormAuthenticator
  42. {
  43.     private HttpUtils $httpUtils;
  44.     private UserProviderInterface $userProvider;
  45.     private AuthenticationSuccessHandlerInterface $successHandler;
  46.     private AuthenticationFailureHandlerInterface $failureHandler;
  47.     private array $options;
  48.     private HttpKernelInterface $httpKernel;
  50.     public function __construct(HttpUtils $httpUtilsUserProviderInterface $userProviderAuthenticationSuccessHandlerInterface $successHandlerAuthenticationFailureHandlerInterface $failureHandler, array $options)
  51.     {
  52.         $this->httpUtils $httpUtils;
  53.         $this->userProvider $userProvider;
  54.         $this->successHandler $successHandler;
  55.         $this->failureHandler $failureHandler;
  56.         $this->options array_merge([
  57.             'username_parameter' => '_username',
  58.             'password_parameter' => '_password',
  59.             'check_path' => '/login_check',
  60.             'post_only' => true,
  61.             'form_only' => false,
  62.             'enable_csrf' => false,
  63.             'csrf_parameter' => '_csrf_token',
  64.             'csrf_token_id' => 'authenticate',
  65.         ], $options);
  66.     }
  68.     protected function getLoginUrl(Request $request): string
  69.     {
  70.         return $this->httpUtils->generateUri($request$this->options['login_path']);
  71.     }
  73.     public function supports(Request $request): bool
  74.     {
  75.         return ($this->options['post_only'] ? $request->isMethod('POST') : true)
  76.             && $this->httpUtils->checkRequestPath($request$this->options['check_path'])
  77.             && ($this->options['form_only'] ? 'form' === (method_exists(Request::class, 'getContentTypeFormat') ? $request->getContentTypeFormat() : $request->getContentType()) : true);
  78.     }
  80.     public function authenticate(Request $request): Passport
  81.     {
  82.         $credentials $this->getCredentials($request);
  84.         $userBadge = new UserBadge($credentials['username'], $this->userProvider->loadUserByIdentifier(...));
  85.         $passport = new Passport($userBadge, new PasswordCredentials($credentials['password']), [new RememberMeBadge()]);
  87.         if ($this->options['enable_csrf']) {
  88.             $passport->addBadge(new CsrfTokenBadge($this->options['csrf_token_id'], $credentials['csrf_token']));
  89.         }
  91.         if ($this->userProvider instanceof PasswordUpgraderInterface) {
  92.             $passport->addBadge(new PasswordUpgradeBadge($credentials['password'], $this->userProvider));
  93.         }
  95.         return $passport;
  96.     }
  98.     public function createToken(Passport $passportstring $firewallName): TokenInterface
  99.     {
  100.         return new UsernamePasswordToken($passport->getUser(), $firewallName$passport->getUser()->getRoles());
  101.     }
  103.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  104.     {
  105.         return $this->successHandler->onAuthenticationSuccess($request$token);
  106.     }
  108.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): Response
  109.     {
  110.         return $this->failureHandler->onAuthenticationFailure($request$exception);
  111.     }
  113.     private function getCredentials(Request $request): array
  114.     {
  115.         $credentials = [];
  116.         $credentials['csrf_token'] = ParameterBagUtils::getRequestParameterValue($request$this->options['csrf_parameter']);
  118.         if ($this->options['post_only']) {
  119.             $credentials['username'] = ParameterBagUtils::getParameterBagValue($request->request$this->options['username_parameter']);
  120.             $credentials['password'] = ParameterBagUtils::getParameterBagValue($request->request$this->options['password_parameter']) ?? '';
  121.         } else {
  122.             $credentials['username'] = ParameterBagUtils::getRequestParameterValue($request$this->options['username_parameter']);
  123.             $credentials['password'] = ParameterBagUtils::getRequestParameterValue($request$this->options['password_parameter']) ?? '';
  124.         }
  126.         if (!\is_string($credentials['username']) && !$credentials['username'] instanceof \Stringable) {
  127.             throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.'$this->options['username_parameter'], \gettype($credentials['username'])));
  128.         }
  130.         $credentials['username'] = trim($credentials['username']);
  132.         $request->getSession()->set(SecurityRequestAttributes::LAST_USERNAME$credentials['username']);
  134.         return $credentials;
  135.     }
  137.     public function setHttpKernel(HttpKernelInterface $httpKernel): void
  138.     {
  139.         $this->httpKernel $httpKernel;
  140.     }
  142.     public function start(Request $requestAuthenticationException $authException null): Response
  143.     {
  144.         if (!$this->options['use_forward']) {
  145.             return parent::start($request$authException);
  146.         }
  148.         $subRequest $this->httpUtils->createRequest($request$this->options['login_path']);
  149.         $response $this->httpKernel->handle($subRequestHttpKernelInterface::SUB_REQUEST);
  150.         if (200 === $response->getStatusCode()) {
  151.             $response->setStatusCode(401);
  152.         }
  154.         return $response;
  155.     }
  156. }