vendor/symfony/security-http/Authenticator/JsonLoginAuthenticator.php line 46

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Authenticator;
  14. use Symfony\Component\HttpFoundation\JsonResponse;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  18. use Symfony\Component\PropertyAccess\Exception\AccessException;
  19. use Symfony\Component\PropertyAccess\PropertyAccess;
  20. use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
  21. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  22. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  23. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  24. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  25. use Symfony\Component\Security\Core\Security;
  26. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  27. use Symfony\Component\Security\Core\User\UserProviderInterface;
  28. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  29. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  30. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  31. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  32. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  33. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  34. use Symfony\Component\Security\Http\HttpUtils;
  35. use Symfony\Contracts\Translation\TranslatorInterface;
  37. /**
  38.  * Provides a stateless implementation of an authentication via
  39.  * a JSON document composed of a username and a password.
  40.  *
  41.  * @author Kévin Dunglas <dunglas@gmail.com>
  42.  * @author Wouter de Jong <wouter@wouterj.nl>
  43.  *
  44.  * @final
  45.  */
  46. class JsonLoginAuthenticator implements InteractiveAuthenticatorInterface
  47. {
  48.     private array $options;
  49.     private HttpUtils $httpUtils;
  50.     private UserProviderInterface $userProvider;
  51.     private PropertyAccessorInterface $propertyAccessor;
  52.     private ?AuthenticationSuccessHandlerInterface $successHandler;
  53.     private ?AuthenticationFailureHandlerInterface $failureHandler;
  54.     private ?TranslatorInterface $translator null;
  56.     public function __construct(HttpUtils $httpUtilsUserProviderInterface $userProviderAuthenticationSuccessHandlerInterface $successHandler nullAuthenticationFailureHandlerInterface $failureHandler null, array $options = [], PropertyAccessorInterface $propertyAccessor null)
  57.     {
  58.         $this->options array_merge(['username_path' => 'username''password_path' => 'password'], $options);
  59.         $this->httpUtils $httpUtils;
  60.         $this->successHandler $successHandler;
  61.         $this->failureHandler $failureHandler;
  62.         $this->userProvider $userProvider;
  63.         $this->propertyAccessor $propertyAccessor ?: PropertyAccess::createPropertyAccessor();
  64.     }
  66.     public function supports(Request $request): ?bool
  67.     {
  68.         if (!str_contains($request->getRequestFormat() ?? '''json') && !str_contains($request->getContentType() ?? '''json')) {
  69.             return false;
  70.         }
  72.         if (isset($this->options['check_path']) && !$this->httpUtils->checkRequestPath($request$this->options['check_path'])) {
  73.             return false;
  74.         }
  76.         return true;
  77.     }
  79.     public function authenticate(Request $request): Passport
  80.     {
  81.         try {
  82.             $credentials $this->getCredentials($request);
  83.         } catch (BadRequestHttpException $e) {
  84.             $request->setRequestFormat('json');
  86.             throw $e;
  87.         }
  89.         $passport = new Passport(
  90.             new UserBadge($credentials['username'], $this->userProvider->loadUserByIdentifier(...)),
  91.             new PasswordCredentials($credentials['password'])
  92.         );
  93.         if ($this->userProvider instanceof PasswordUpgraderInterface) {
  94.             $passport->addBadge(new PasswordUpgradeBadge($credentials['password'], $this->userProvider));
  95.         }
  97.         return $passport;
  98.     }
  100.     public function createToken(Passport $passportstring $firewallName): TokenInterface
  101.     {
  102.         return new UsernamePasswordToken($passport->getUser(), $firewallName$passport->getUser()->getRoles());
  103.     }
  105.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  106.     {
  107.         if (null === $this->successHandler) {
  108.             return null// let the original request continue
  109.         }
  111.         return $this->successHandler->onAuthenticationSuccess($request$token);
  112.     }
  114.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  115.     {
  116.         if (null === $this->failureHandler) {
  117.             if (null !== $this->translator) {
  118.                 $errorMessage $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
  119.             } else {
  120.                 $errorMessage strtr($exception->getMessageKey(), $exception->getMessageData());
  121.             }
  123.             return new JsonResponse(['error' => $errorMessage], JsonResponse::HTTP_UNAUTHORIZED);
  124.         }
  126.         return $this->failureHandler->onAuthenticationFailure($request$exception);
  127.     }
  129.     public function isInteractive(): bool
  130.     {
  131.         return true;
  132.     }
  134.     public function setTranslator(TranslatorInterface $translator)
  135.     {
  136.         $this->translator $translator;
  137.     }
  139.     private function getCredentials(Request $request)
  140.     {
  141.         $data json_decode($request->getContent());
  142.         if (!$data instanceof \stdClass) {
  143.             throw new BadRequestHttpException('Invalid JSON.');
  144.         }
  146.         $credentials = [];
  147.         try {
  148.             $credentials['username'] = $this->propertyAccessor->getValue($data$this->options['username_path']);
  150.             if (!\is_string($credentials['username'])) {
  151.                 throw new BadRequestHttpException(sprintf('The key "%s" must be a string.'$this->options['username_path']));
  152.             }
  154.             if (\strlen($credentials['username']) > Security::MAX_USERNAME_LENGTH) {
  155.                 throw new BadCredentialsException('Invalid username.');
  156.             }
  157.         } catch (AccessException $e) {
  158.             throw new BadRequestHttpException(sprintf('The key "%s" must be provided.'$this->options['username_path']), $e);
  159.         }
  161.         try {
  162.             $credentials['password'] = $this->propertyAccessor->getValue($data$this->options['password_path']);
  164.             if (!\is_string($credentials['password'])) {
  165.                 throw new BadRequestHttpException(sprintf('The key "%s" must be a string.'$this->options['password_path']));
  166.             }
  167.         } catch (AccessException $e) {
  168.             throw new BadRequestHttpException(sprintf('The key "%s" must be provided.'$this->options['password_path']), $e);
  169.         }
  171.         return $credentials;
  172.     }
  173. }