Kezdőlap Felfedezés Súgó
Bejelentkezés
dima
/
balticrest
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: 8967e8d364
Branch-ok Tag-ek
balticrest
/
vendor
/
symfony
/
security-http
/
RememberMe
/
TokenBasedRememberMeServices.php

TokenBasedRememberMeServices.php 4.2 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of the Symfony package.
    5. 

  5.  *
    6. 

  6.  * (c) Fabien Potencier <fabien@symfony.com>
    7. 

  7.  *
    8. 

  8.  * For the full copyright and license information, please view the LICENSE
    9. 

  9.  * file that was distributed with this source code.
    10. 

  10.  */
    11. 

  11. 

  12. namespace Symfony\Component\Security\Http\RememberMe;
    13. 

  13. 

  14. use Symfony\Component\HttpFoundation\Cookie;
    15. 

  15. use Symfony\Component\HttpFoundation\Request;
    16. 

  16. use Symfony\Component\HttpFoundation\Response;
    17. 

  17. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
    18. 

  18. use Symfony\Component\Security\Core\Exception\AuthenticationException;
    19. 

  19. use Symfony\Component\Security\Core\User\UserInterface;
    20. 

  20. 

  21. /**
    22. 

  22.  * Concrete implementation of the RememberMeServicesInterface providing
    23. 

  23.  * remember-me capabilities without requiring a TokenProvider.
    24. 

  24.  *
    25. 

  25.  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
    26. 

  26.  */
    27. 

  27. class TokenBasedRememberMeServices extends AbstractRememberMeServices
    28. 

  28. {
    29. 

  29.     /**
    30. 

  30.      * {@inheritdoc}
    31. 

  31.      */
    32. 

  32.     protected function processAutoLoginCookie(array $cookieParts, Request $request)
    33. 

  33.     {
    34. 

  34.         if (4 !== \count($cookieParts)) {
    35. 

  35.             throw new AuthenticationException('The cookie is invalid.');
    36. 

  36.         }
    37. 

  37. 

  38.         [$class, $username, $expires, $hash] = $cookieParts;
    39. 

  39.         if (false === $username = base64_decode($username, true)) {
    40. 

  40.             throw new AuthenticationException('$username contains a character from outside the base64 alphabet.');
    41. 

  41.         }
    42. 

  42.         try {
    43. 

  43.             $user = $this->getUserProvider($class)->loadUserByUsername($username);
    44. 

  44.         } catch (\Exception $e) {
    45. 

  45.             if (!$e instanceof AuthenticationException) {
    46. 

  46.                 $e = new AuthenticationException($e->getMessage(), $e->getCode(), $e);
    47. 

  47.             }
    48. 

  48. 

  49.             throw $e;
    50. 

  50.         }
    51. 

  51. 

  52.         if (!$user instanceof UserInterface) {
    53. 

  53.             throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_debug_type($user)));
    54. 

  54.         }
    55. 

  55. 

  56.         if (true !== hash_equals($this->generateCookieHash($class, $username, $expires, $user->getPassword()), $hash)) {
    57. 

  57.             throw new AuthenticationException('The cookie\'s hash is invalid.');
    58. 

  58.         }
    59. 

  59. 

  60.         if ($expires < time()) {
    61. 

  61.             throw new AuthenticationException('The cookie has expired.');
    62. 

  62.         }
    63. 

  63. 

  64.         return $user;
    65. 

  65.     }
    66. 

  66. 

  67.     /**
    68. 

  68.      * {@inheritdoc}
    69. 

  69.      */
    70. 

  70.     protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token)
    71. 

  71.     {
    72. 

  72.         $user = $token->getUser();
    73. 

  73.         $expires = time() + $this->options['lifetime'];
    74. 

  74.         $value = $this->generateCookieValue(\get_class($user), $user->getUsername(), $expires, $user->getPassword());
    75. 

  75. 

  76.         $response->headers->setCookie(
    77. 

  77.             new Cookie(
    78. 

  78.                 $this->options['name'],
    79. 

  79.                 $value,
    80. 

  80.                 $expires,
    81. 

  81.                 $this->options['path'],
    82. 

  82.                 $this->options['domain'],
    83. 

  83.                 $this->options['secure'] ?? $request->isSecure(),
    84. 

  84.                 $this->options['httponly'],
    85. 

  85.                 false,
    86. 

  86.                 $this->options['samesite']
    87. 

  87.             )
    88. 

  88.         );
    89. 

  89.     }
    90. 

  90. 

  91.     /**
    92. 

  92.      * Generates the cookie value.
    93. 

  93.      *
    94. 

  94.      * @param int         $expires  The Unix timestamp when the cookie expires
    95. 

  95.      * @param string|null $password The encoded password
    96. 

  96.      *
    97. 

  97.      * @return string
    98. 

  98.      */
    99. 

  99.     protected function generateCookieValue(string $class, string $username, int $expires, ?string $password)
    100. 

  100.     {
    101. 

  101.         // $username is encoded because it might contain COOKIE_DELIMITER,
    102. 

  102.         // we assume other values don't
    103. 

  103.         return $this->encodeCookie([
    104. 

  104.             $class,
    105. 

  105.             base64_encode($username),
    106. 

  106.             $expires,
    107. 

  107.             $this->generateCookieHash($class, $username, $expires, $password),
    108. 

  108.         ]);
    109. 

  109.     }
    110. 

  110. 

  111.     /**
    112. 

  112.      * Generates a hash for the cookie to ensure it is not being tampered with.
    113. 

  113.      *
    114. 

  114.      * @param int         $expires  The Unix timestamp when the cookie expires
    115. 

  115.      * @param string|null $password The encoded password
    116. 

  116.      *
    117. 

  117.      * @return string
    118. 

  118.      */
    119. 

  119.     protected function generateCookieHash(string $class, string $username, int $expires, ?string $password)
    120. 

  120.     {
    121. 

  121.         return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());
    122. 

  122.     }
    123. 

  123. }
    124.