123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 |
- <?php
- /*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
- namespace Symfony\Component\Security\Core\Authentication\Provider;
- use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
- use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
- use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
- use Symfony\Component\Security\Core\Exception\BadCredentialsException;
- use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
- use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
- use Symfony\Component\Security\Core\User\UserCheckerInterface;
- use Symfony\Component\Security\Core\User\UserInterface;
- use Symfony\Component\Security\Core\User\UserProviderInterface;
- /**
- * DaoAuthenticationProvider uses a UserProviderInterface to retrieve the user
- * for a UsernamePasswordToken.
- *
- * @author Fabien Potencier <fabien@symfony.com>
- */
- class DaoAuthenticationProvider extends UserAuthenticationProvider
- {
- private $encoderFactory;
- private $userProvider;
- public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, string $providerKey, EncoderFactoryInterface $encoderFactory, bool $hideUserNotFoundExceptions = true)
- {
- parent::__construct($userChecker, $providerKey, $hideUserNotFoundExceptions);
- $this->encoderFactory = $encoderFactory;
- $this->userProvider = $userProvider;
- }
- /**
- * {@inheritdoc}
- */
- protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
- {
- $currentUser = $token->getUser();
- if ($currentUser instanceof UserInterface) {
- if ($currentUser->getPassword() !== $user->getPassword()) {
- throw new BadCredentialsException('The credentials were changed from another session.');
- }
- } else {
- if ('' === ($presentedPassword = $token->getCredentials())) {
- throw new BadCredentialsException('The presented password cannot be empty.');
- }
- if (null === $user->getPassword()) {
- throw new BadCredentialsException('The presented password is invalid.');
- }
- $encoder = $this->encoderFactory->getEncoder($user);
- if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
- throw new BadCredentialsException('The presented password is invalid.');
- }
- if ($this->userProvider instanceof PasswordUpgraderInterface && method_exists($encoder, 'needsRehash') && $encoder->needsRehash($user->getPassword())) {
- $this->userProvider->upgradePassword($user, $encoder->encodePassword($presentedPassword, $user->getSalt()));
- }
- }
- }
- /**
- * {@inheritdoc}
- */
- protected function retrieveUser(string $username, UsernamePasswordToken $token)
- {
- $user = $token->getUser();
- if ($user instanceof UserInterface) {
- return $user;
- }
- try {
- $user = $this->userProvider->loadUserByUsername($username);
- if (!$user instanceof UserInterface) {
- throw new AuthenticationServiceException('The user provider must return a UserInterface object.');
- }
- return $user;
- } catch (UsernameNotFoundException $e) {
- $e->setUsername($username);
- throw $e;
- } catch (\Exception $e) {
- $e = new AuthenticationServiceException($e->getMessage(), 0, $e);
- $e->setToken($token);
- throw $e;
- }
- }
- }
|