vendor/symfony/security-http/Authenticator/FormLoginAuthenticator.php line 42

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Authenticator;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpFoundation\Response;
  16. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  17. use Symfony\Component\HttpKernel\HttpKernelInterface;
  18. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  20. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  21. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  22. use Symfony\Component\Security\Core\Security;
  23. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  24. use Symfony\Component\Security\Core\User\UserProviderInterface;
  25. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  26. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  27. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  28. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  29. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\RememberMeBadge;
  30. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  31. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  32. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  33. use Symfony\Component\Security\Http\HttpUtils;
  34. use Symfony\Component\Security\Http\ParameterBagUtils;
  36. /**
  37.  * @author Wouter de Jong <wouter@wouterj.nl>
  38.  * @author Fabien Potencier <fabien@symfony.com>
  39.  *
  40.  * @final
  41.  */
  42. class FormLoginAuthenticator extends AbstractLoginFormAuthenticator
  43. {
  44.     private HttpUtils $httpUtils;
  45.     private UserProviderInterface $userProvider;
  46.     private AuthenticationSuccessHandlerInterface $successHandler;
  47.     private AuthenticationFailureHandlerInterface $failureHandler;
  48.     private array $options;
  49.     private HttpKernelInterface $httpKernel;
  51.     public function __construct(HttpUtils $httpUtilsUserProviderInterface $userProviderAuthenticationSuccessHandlerInterface $successHandlerAuthenticationFailureHandlerInterface $failureHandler, array $options)
  52.     {
  53.         $this->httpUtils $httpUtils;
  54.         $this->userProvider $userProvider;
  55.         $this->successHandler $successHandler;
  56.         $this->failureHandler $failureHandler;
  57.         $this->options array_merge([
  58.             'username_parameter' => '_username',
  59.             'password_parameter' => '_password',
  60.             'check_path' => '/login_check',
  61.             'post_only' => true,
  62.             'form_only' => false,
  63.             'enable_csrf' => false,
  64.             'csrf_parameter' => '_csrf_token',
  65.             'csrf_token_id' => 'authenticate',
  66.         ], $options);
  67.     }
  69.     protected function getLoginUrl(Request $request): string
  70.     {
  71.         return $this->httpUtils->generateUri($request$this->options['login_path']);
  72.     }
  74.     public function supports(Request $request): bool
  75.     {
  76.         return ($this->options['post_only'] ? $request->isMethod('POST') : true)
  77.             && $this->httpUtils->checkRequestPath($request$this->options['check_path'])
  78.             && ($this->options['form_only'] ? 'form' === $request->getContentType() : true);
  79.     }
  81.     public function authenticate(Request $request): Passport
  82.     {
  83.         $credentials $this->getCredentials($request);
  85.         $passport = new Passport(
  86.             new UserBadge($credentials['username'], $this->userProvider->loadUserByIdentifier(...)),
  87.             new PasswordCredentials($credentials['password']),
  88.             [new RememberMeBadge()]
  89.         );
  90.         if ($this->options['enable_csrf']) {
  91.             $passport->addBadge(new CsrfTokenBadge($this->options['csrf_token_id'], $credentials['csrf_token']));
  92.         }
  94.         if ($this->userProvider instanceof PasswordUpgraderInterface) {
  95.             $passport->addBadge(new PasswordUpgradeBadge($credentials['password'], $this->userProvider));
  96.         }
  98.         return $passport;
  99.     }
  101.     public function createToken(Passport $passportstring $firewallName): TokenInterface
  102.     {
  103.         return new UsernamePasswordToken($passport->getUser(), $firewallName$passport->getUser()->getRoles());
  104.     }
  106.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  107.     {
  108.         return $this->successHandler->onAuthenticationSuccess($request$token);
  109.     }
  111.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): Response
  112.     {
  113.         return $this->failureHandler->onAuthenticationFailure($request$exception);
  114.     }
  116.     private function getCredentials(Request $request): array
  117.     {
  118.         $credentials = [];
  119.         $credentials['csrf_token'] = ParameterBagUtils::getRequestParameterValue($request$this->options['csrf_parameter']);
  121.         if ($this->options['post_only']) {
  122.             $credentials['username'] = ParameterBagUtils::getParameterBagValue($request->request$this->options['username_parameter']);
  123.             $credentials['password'] = ParameterBagUtils::getParameterBagValue($request->request$this->options['password_parameter']) ?? '';
  124.         } else {
  125.             $credentials['username'] = ParameterBagUtils::getRequestParameterValue($request$this->options['username_parameter']);
  126.             $credentials['password'] = ParameterBagUtils::getRequestParameterValue($request$this->options['password_parameter']) ?? '';
  127.         }
  129.         if (!\is_string($credentials['username']) && !$credentials['username'] instanceof \Stringable) {
  130.             throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.'$this->options['username_parameter'], \gettype($credentials['username'])));
  131.         }
  133.         $credentials['username'] = trim($credentials['username']);
  135.         if (\strlen($credentials['username']) > Security::MAX_USERNAME_LENGTH) {
  136.             throw new BadCredentialsException('Invalid username.');
  137.         }
  139.         $request->getSession()->set(Security::LAST_USERNAME$credentials['username']);
  141.         return $credentials;
  142.     }
  144.     public function setHttpKernel(HttpKernelInterface $httpKernel): void
  145.     {
  146.         $this->httpKernel $httpKernel;
  147.     }
  149.     public function start(Request $requestAuthenticationException $authException null): Response
  150.     {
  151.         if (!$this->options['use_forward']) {
  152.             return parent::start($request$authException);
  153.         }
  155.         $subRequest $this->httpUtils->createRequest($request$this->options['login_path']);
  156.         $response $this->httpKernel->handle($subRequestHttpKernelInterface::SUB_REQUEST);
  157.         if (200 === $response->getStatusCode()) {
  158.             $response->setStatusCode(401);
  159.         }
  161.         return $response;
  162.     }
  163. }