* * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Security\Http\Authenticator; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Security; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; /** * A base class to make form login authentication easier! * * @author Ryan Weaver * * @experimental in 5.2 */ abstract class AbstractLoginFormAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface, InteractiveAuthenticatorInterface { /** * Return the URL to the login page. */ abstract protected function getLoginUrl(Request $request): string; /** * {@inheritdoc} * * Override to change the request conditions that have to be * matched in order to handle the login form submit. * * This default implementation handles all POST requests to the * login path (@see getLoginUrl()). */ public function supports(Request $request): bool { return $request->isMethod('POST') && $this->getLoginUrl($request) === $request->getPathInfo(); } /** * Override to change what happens after a bad username/password is submitted. */ public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response { if ($request->hasSession()) { $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception); } $url = $this->getLoginUrl($request); return new RedirectResponse($url); } /** * Override to control what happens when the user hits a secure page * but isn't logged in yet. */ public function start(Request $request, AuthenticationException $authException = null): Response { $url = $this->getLoginUrl($request); return new RedirectResponse($url); } public function isInteractive(): bool { return true; } }