UserAuthenticationProvider.php 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\Security\Core\Authentication\Provider;
  11. use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  14. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  15. use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
  16. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  17. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
  18. use Symfony\Component\Security\Core\User\UserCheckerInterface;
  19. use Symfony\Component\Security\Core\User\UserInterface;
  20. /**
  21. * UserProviderInterface retrieves users for UsernamePasswordToken tokens.
  22. *
  23. * @author Fabien Potencier <fabien@symfony.com>
  24. */
  25. abstract class UserAuthenticationProvider implements AuthenticationProviderInterface
  26. {
  27. private $hideUserNotFoundExceptions;
  28. private $userChecker;
  29. private $providerKey;
  30. /**
  31. * @throws \InvalidArgumentException
  32. */
  33. public function __construct(UserCheckerInterface $userChecker, string $providerKey, bool $hideUserNotFoundExceptions = true)
  34. {
  35. if (empty($providerKey)) {
  36. throw new \InvalidArgumentException('$providerKey must not be empty.');
  37. }
  38. $this->userChecker = $userChecker;
  39. $this->providerKey = $providerKey;
  40. $this->hideUserNotFoundExceptions = $hideUserNotFoundExceptions;
  41. }
  42. /**
  43. * {@inheritdoc}
  44. */
  45. public function authenticate(TokenInterface $token)
  46. {
  47. if (!$this->supports($token)) {
  48. throw new AuthenticationException('The token is not supported by this authentication provider.');
  49. }
  50. $username = $token->getUsername();
  51. if ('' === $username || null === $username) {
  52. $username = AuthenticationProviderInterface::USERNAME_NONE_PROVIDED;
  53. }
  54. try {
  55. $user = $this->retrieveUser($username, $token);
  56. } catch (UsernameNotFoundException $e) {
  57. if ($this->hideUserNotFoundExceptions) {
  58. throw new BadCredentialsException('Bad credentials.', 0, $e);
  59. }
  60. $e->setUsername($username);
  61. throw $e;
  62. }
  63. if (!$user instanceof UserInterface) {
  64. throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.');
  65. }
  66. try {
  67. $this->userChecker->checkPreAuth($user);
  68. $this->checkAuthentication($user, $token);
  69. $this->userChecker->checkPostAuth($user);
  70. } catch (BadCredentialsException $e) {
  71. if ($this->hideUserNotFoundExceptions) {
  72. throw new BadCredentialsException('Bad credentials.', 0, $e);
  73. }
  74. throw $e;
  75. }
  76. if ($token instanceof SwitchUserToken) {
  77. $authenticatedToken = new SwitchUserToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles(), $token->getOriginalToken());
  78. } else {
  79. $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
  80. }
  81. $authenticatedToken->setAttributes($token->getAttributes());
  82. return $authenticatedToken;
  83. }
  84. /**
  85. * {@inheritdoc}
  86. */
  87. public function supports(TokenInterface $token)
  88. {
  89. return $token instanceof UsernamePasswordToken && $this->providerKey === $token->getFirewallName();
  90. }
  91. /**
  92. * Retrieves the user from an implementation-specific location.
  93. *
  94. * @return UserInterface The user
  95. *
  96. * @throws AuthenticationException if the credentials could not be validated
  97. */
  98. abstract protected function retrieveUser(string $username, UsernamePasswordToken $token);
  99. /**
  100. * Does additional checks on the user and token (like validating the
  101. * credentials).
  102. *
  103. * @throws AuthenticationException if the credentials could not be validated
  104. */
  105. abstract protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token);
  106. }