vendor/symfony/security-http/Authenticator/FormLoginAuthenticator.php line 158

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Authenticator;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpFoundation\Response;
  16. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  17. use Symfony\Component\HttpKernel\HttpKernelInterface;
  18. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  20. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  21. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  22. use Symfony\Component\Security\Core\Security;
  23. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  24. use Symfony\Component\Security\Core\User\UserProviderInterface;
  25. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  26. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  27. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  28. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  29. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\RememberMeBadge;
  30. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  31. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  32. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  33. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  34. use Symfony\Component\Security\Http\HttpUtils;
  35. use Symfony\Component\Security\Http\ParameterBagUtils;
  37. /**
  38.  * @author Wouter de Jong <wouter@wouterj.nl>
  39.  * @author Fabien Potencier <fabien@symfony.com>
  40.  *
  41.  * @final
  42.  */
  43. class FormLoginAuthenticator extends AbstractLoginFormAuthenticator
  44. {
  45.     private $httpUtils;
  46.     private $userProvider;
  47.     private $successHandler;
  48.     private $failureHandler;
  49.     private $options;
  50.     private $httpKernel;
  52.     public function __construct(HttpUtils $httpUtilsUserProviderInterface $userProviderAuthenticationSuccessHandlerInterface $successHandlerAuthenticationFailureHandlerInterface $failureHandler, array $options)
  53.     {
  54.         $this->httpUtils $httpUtils;
  55.         $this->userProvider $userProvider;
  56.         $this->successHandler $successHandler;
  57.         $this->failureHandler $failureHandler;
  58.         $this->options array_merge([
  59.             'username_parameter' => '_username',
  60.             'password_parameter' => '_password',
  61.             'check_path' => '/login_check',
  62.             'post_only' => true,
  63.             'form_only' => false,
  64.             'enable_csrf' => false,
  65.             'csrf_parameter' => '_csrf_token',
  66.             'csrf_token_id' => 'authenticate',
  67.         ], $options);
  68.     }
  70.     protected function getLoginUrl(Request $request): string
  71.     {
  72.         return $this->httpUtils->generateUri($request$this->options['login_path']);
  73.     }
  75.     public function supports(Request $request): bool
  76.     {
  77.         return ($this->options['post_only'] ? $request->isMethod('POST') : true)
  78.             && $this->httpUtils->checkRequestPath($request$this->options['check_path'])
  79.             && ($this->options['form_only'] ? 'form' === $request->getContentType() : true);
  80.     }
  82.     public function authenticate(Request $request): Passport
  83.     {
  84.         $credentials $this->getCredentials($request);
  86.         // @deprecated since Symfony 5.3, change to $this->userProvider->loadUserByIdentifier() in 6.0
  87.         $method 'loadUserByIdentifier';
  88.         if (!method_exists($this->userProvider'loadUserByIdentifier')) {
  89.             trigger_deprecation('symfony/security-core''5.3''Not implementing method "loadUserByIdentifier()" in user provider "%s" is deprecated. This method will replace "loadUserByUsername()" in Symfony 6.0.'get_debug_type($this->userProvider));
  91.             $method 'loadUserByUsername';
  92.         }
  94.         $passport = new Passport(
  95.             new UserBadge($credentials['username'], [$this->userProvider$method]),
  96.             new PasswordCredentials($credentials['password']),
  97.             [new RememberMeBadge()]
  98.         );
  99.         if ($this->options['enable_csrf']) {
  100.             $passport->addBadge(new CsrfTokenBadge($this->options['csrf_token_id'], $credentials['csrf_token']));
  101.         }
  103.         if ($this->userProvider instanceof PasswordUpgraderInterface) {
  104.             $passport->addBadge(new PasswordUpgradeBadge($credentials['password'], $this->userProvider));
  105.         }
  107.         return $passport;
  108.     }
  110.     /**
  111.      * @deprecated since Symfony 5.4, use {@link createToken()} instead
  112.      */
  113.     public function createAuthenticatedToken(PassportInterface $passportstring $firewallName): TokenInterface
  114.     {
  115.         trigger_deprecation('symfony/security-http''5.4''Method "%s()" is deprecated, use "%s::createToken()" instead.'__METHOD____CLASS__);
  117.         return $this->createToken($passport$firewallName);
  118.     }
  120.     public function createToken(Passport $passportstring $firewallName): TokenInterface
  121.     {
  122.         return new UsernamePasswordToken($passport->getUser(), $firewallName$passport->getUser()->getRoles());
  123.     }
  125.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  126.     {
  127.         return $this->successHandler->onAuthenticationSuccess($request$token);
  128.     }
  130.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): Response
  131.     {
  132.         return $this->failureHandler->onAuthenticationFailure($request$exception);
  133.     }
  135.     private function getCredentials(Request $request): array
  136.     {
  137.         $credentials = [];
  138.         $credentials['csrf_token'] = ParameterBagUtils::getRequestParameterValue($request$this->options['csrf_parameter']);
  140.         if ($this->options['post_only']) {
  141.             $credentials['username'] = ParameterBagUtils::getParameterBagValue($request->request$this->options['username_parameter']);
  142.             $credentials['password'] = ParameterBagUtils::getParameterBagValue($request->request$this->options['password_parameter']) ?? '';
  143.         } else {
  144.             $credentials['username'] = ParameterBagUtils::getRequestParameterValue($request$this->options['username_parameter']);
  145.             $credentials['password'] = ParameterBagUtils::getRequestParameterValue($request$this->options['password_parameter']) ?? '';
  146.         }
  148.         if (!\is_string($credentials['username']) && (!\is_object($credentials['username']) || !method_exists($credentials['username'], '__toString'))) {
  149.             throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.'$this->options['username_parameter'], \gettype($credentials['username'])));
  150.         }
  152.         $credentials['username'] = trim($credentials['username']);
  154.         if (\strlen($credentials['username']) > Security::MAX_USERNAME_LENGTH) {
  155.             throw new BadCredentialsException('Invalid username.');
  156.         }
  158.         $request->getSession()->set(Security::LAST_USERNAME$credentials['username']);
  160.         return $credentials;
  161.     }
  163.     public function setHttpKernel(HttpKernelInterface $httpKernel): void
  164.     {
  165.         $this->httpKernel $httpKernel;
  166.     }
  168.     public function start(Request $requestAuthenticationException $authException null): Response
  169.     {
  170.         if (!$this->options['use_forward']) {
  171.             return parent::start($request$authException);
  172.         }
  174.         $subRequest $this->httpUtils->createRequest($request$this->options['login_path']);
  175.         $response $this->httpKernel->handle($subRequestHttpKernelInterface::SUB_REQUEST);
  176.         if (200 === $response->getStatusCode()) {
  177.             $response->setStatusCode(401);
  178.         }
  180.         return $response;
  181.     }
  182. }