DaoAuthenticationProvider.php 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\Security\Core\Authentication\Provider;
  11. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  12. use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
  13. use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
  14. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  15. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
  16. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  17. use Symfony\Component\Security\Core\User\UserCheckerInterface;
  18. use Symfony\Component\Security\Core\User\UserInterface;
  19. use Symfony\Component\Security\Core\User\UserProviderInterface;
  20. /**
  21. * DaoAuthenticationProvider uses a UserProviderInterface to retrieve the user
  22. * for a UsernamePasswordToken.
  23. *
  24. * @author Fabien Potencier <fabien@symfony.com>
  25. */
  26. class DaoAuthenticationProvider extends UserAuthenticationProvider
  27. {
  28. private $encoderFactory;
  29. private $userProvider;
  30. public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, string $providerKey, EncoderFactoryInterface $encoderFactory, bool $hideUserNotFoundExceptions = true)
  31. {
  32. parent::__construct($userChecker, $providerKey, $hideUserNotFoundExceptions);
  33. $this->encoderFactory = $encoderFactory;
  34. $this->userProvider = $userProvider;
  35. }
  36. /**
  37. * {@inheritdoc}
  38. */
  39. protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
  40. {
  41. $currentUser = $token->getUser();
  42. if ($currentUser instanceof UserInterface) {
  43. if ($currentUser->getPassword() !== $user->getPassword()) {
  44. throw new BadCredentialsException('The credentials were changed from another session.');
  45. }
  46. } else {
  47. if ('' === ($presentedPassword = $token->getCredentials())) {
  48. throw new BadCredentialsException('The presented password cannot be empty.');
  49. }
  50. if (null === $user->getPassword()) {
  51. throw new BadCredentialsException('The presented password is invalid.');
  52. }
  53. $encoder = $this->encoderFactory->getEncoder($user);
  54. if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
  55. throw new BadCredentialsException('The presented password is invalid.');
  56. }
  57. if ($this->userProvider instanceof PasswordUpgraderInterface && method_exists($encoder, 'needsRehash') && $encoder->needsRehash($user->getPassword())) {
  58. $this->userProvider->upgradePassword($user, $encoder->encodePassword($presentedPassword, $user->getSalt()));
  59. }
  60. }
  61. }
  62. /**
  63. * {@inheritdoc}
  64. */
  65. protected function retrieveUser(string $username, UsernamePasswordToken $token)
  66. {
  67. $user = $token->getUser();
  68. if ($user instanceof UserInterface) {
  69. return $user;
  70. }
  71. try {
  72. $user = $this->userProvider->loadUserByUsername($username);
  73. if (!$user instanceof UserInterface) {
  74. throw new AuthenticationServiceException('The user provider must return a UserInterface object.');
  75. }
  76. return $user;
  77. } catch (UsernameNotFoundException $e) {
  78. $e->setUsername($username);
  79. throw $e;
  80. } catch (\Exception $e) {
  81. $e = new AuthenticationServiceException($e->getMessage(), 0, $e);
  82. $e->setToken($token);
  83. throw $e;
  84. }
  85. }
  86. }