vendor/symfony/security-http/Authenticator/JsonLoginAuthenticator.php line 47

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Authenticator;
  14. use Symfony\Component\HttpFoundation\JsonResponse;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  18. use Symfony\Component\PropertyAccess\Exception\AccessException;
  19. use Symfony\Component\PropertyAccess\PropertyAccess;
  20. use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
  21. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  22. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  23. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  24. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  25. use Symfony\Component\Security\Core\Security;
  26. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  27. use Symfony\Component\Security\Core\User\UserProviderInterface;
  28. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  29. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  30. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  31. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  32. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  33. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  34. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  35. use Symfony\Component\Security\Http\HttpUtils;
  36. use Symfony\Contracts\Translation\TranslatorInterface;
  38. /**
  39.  * Provides a stateless implementation of an authentication via
  40.  * a JSON document composed of a username and a password.
  41.  *
  42.  * @author Kévin Dunglas <dunglas@gmail.com>
  43.  * @author Wouter de Jong <wouter@wouterj.nl>
  44.  *
  45.  * @final
  46.  */
  47. class JsonLoginAuthenticator implements InteractiveAuthenticatorInterface
  48. {
  49.     private $options;
  50.     private $httpUtils;
  51.     private $userProvider;
  52.     private $propertyAccessor;
  53.     private $successHandler;
  54.     private $failureHandler;
  56.     /**
  57.      * @var TranslatorInterface|null
  58.      */
  59.     private $translator;
  61.     public function __construct(HttpUtils $httpUtilsUserProviderInterface $userProviderAuthenticationSuccessHandlerInterface $successHandler nullAuthenticationFailureHandlerInterface $failureHandler null, array $options = [], PropertyAccessorInterface $propertyAccessor null)
  62.     {
  63.         $this->options array_merge(['username_path' => 'username''password_path' => 'password'], $options);
  64.         $this->httpUtils $httpUtils;
  65.         $this->successHandler $successHandler;
  66.         $this->failureHandler $failureHandler;
  67.         $this->userProvider $userProvider;
  68.         $this->propertyAccessor $propertyAccessor ?: PropertyAccess::createPropertyAccessor();
  69.     }
  71.     public function supports(Request $request): ?bool
  72.     {
  73.         if (false === strpos($request->getRequestFormat() ?? '''json') && false === strpos($request->getContentType() ?? '''json')) {
  74.             return false;
  75.         }
  77.         if (isset($this->options['check_path']) && !$this->httpUtils->checkRequestPath($request$this->options['check_path'])) {
  78.             return false;
  79.         }
  81.         return true;
  82.     }
  84.     public function authenticate(Request $request): PassportInterface
  85.     {
  86.         try {
  87.             $credentials $this->getCredentials($request);
  88.         } catch (BadRequestHttpException $e) {
  89.             $request->setRequestFormat('json');
  91.             throw $e;
  92.         }
  94.         // @deprecated since Symfony 5.3, change to $this->userProvider->loadUserByIdentifier() in 6.0
  95.         $method 'loadUserByIdentifier';
  96.         if (!method_exists($this->userProvider'loadUserByIdentifier')) {
  97.             trigger_deprecation('symfony/security-core''5.3''Not implementing method "loadUserByIdentifier()" in user provider "%s" is deprecated. This method will replace "loadUserByUsername()" in Symfony 6.0.'get_debug_type($this->userProvider));
  99.             $method 'loadUserByUsername';
  100.         }
  102.         $passport = new Passport(
  103.             new UserBadge($credentials['username'], [$this->userProvider$method]),
  104.             new PasswordCredentials($credentials['password'])
  105.         );
  106.         if ($this->userProvider instanceof PasswordUpgraderInterface) {
  107.             $passport->addBadge(new PasswordUpgradeBadge($credentials['password'], $this->userProvider));
  108.         }
  110.         return $passport;
  111.     }
  113.     /**
  114.      * @deprecated since Symfony 5.4, use {@link createToken()} instead
  115.      */
  116.     public function createAuthenticatedToken(PassportInterface $passportstring $firewallName): TokenInterface
  117.     {
  118.         trigger_deprecation('symfony/security-http''5.4''Method "%s()" is deprecated, use "%s::createToken()" instead.'__METHOD____CLASS__);
  120.         return $this->createToken($passport$firewallName);
  121.     }
  123.     public function createToken(Passport $passportstring $firewallName): TokenInterface
  124.     {
  125.         return new UsernamePasswordToken($passport->getUser(), $firewallName$passport->getUser()->getRoles());
  126.     }
  128.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  129.     {
  130.         if (null === $this->successHandler) {
  131.             return null// let the original request continue
  132.         }
  134.         return $this->successHandler->onAuthenticationSuccess($request$token);
  135.     }
  137.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  138.     {
  139.         if (null === $this->failureHandler) {
  140.             if (null !== $this->translator) {
  141.                 $errorMessage $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
  142.             } else {
  143.                 $errorMessage strtr($exception->getMessageKey(), $exception->getMessageData());
  144.             }
  146.             return new JsonResponse(['error' => $errorMessage], JsonResponse::HTTP_UNAUTHORIZED);
  147.         }
  149.         return $this->failureHandler->onAuthenticationFailure($request$exception);
  150.     }
  152.     public function isInteractive(): bool
  153.     {
  154.         return true;
  155.     }
  157.     public function setTranslator(TranslatorInterface $translator)
  158.     {
  159.         $this->translator $translator;
  160.     }
  162.     private function getCredentials(Request $request)
  163.     {
  164.         $data json_decode($request->getContent());
  165.         if (!$data instanceof \stdClass) {
  166.             throw new BadRequestHttpException('Invalid JSON.');
  167.         }
  169.         $credentials = [];
  170.         try {
  171.             $credentials['username'] = $this->propertyAccessor->getValue($data$this->options['username_path']);
  173.             if (!\is_string($credentials['username'])) {
  174.                 throw new BadRequestHttpException(sprintf('The key "%s" must be a string.'$this->options['username_path']));
  175.             }
  177.             if (\strlen($credentials['username']) > Security::MAX_USERNAME_LENGTH) {
  178.                 throw new BadCredentialsException('Invalid username.');
  179.             }
  180.         } catch (AccessException $e) {
  181.             throw new BadRequestHttpException(sprintf('The key "%s" must be provided.'$this->options['username_path']), $e);
  182.         }
  184.         try {
  185.             $credentials['password'] = $this->propertyAccessor->getValue($data$this->options['password_path']);
  187.             if (!\is_string($credentials['password'])) {
  188.                 throw new BadRequestHttpException(sprintf('The key "%s" must be a string.'$this->options['password_path']));
  189.             }
  190.         } catch (AccessException $e) {
  191.             throw new BadRequestHttpException(sprintf('The key "%s" must be provided.'$this->options['password_path']), $e);
  192.         }
  194.         return $credentials;
  195.     }
  196. }