|
13 | 13 |
|
14 | 14 | use Psr\Log\LoggerInterface; |
15 | 15 | use Symfony\Component\HttpFoundation\Request; |
| 16 | +use Symfony\Component\HttpFoundation\Response; |
16 | 17 | use Symfony\Component\HttpKernel\Event\RequestEvent; |
17 | 18 | use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; |
18 | 19 | use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticationGuardToken; |
| 20 | +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
| 21 | +use Symfony\Component\Security\Core\Exception\AuthenticationException; |
19 | 22 | use Symfony\Component\Security\Guard\AuthenticatorInterface; |
20 | 23 | use Symfony\Component\Security\Guard\GuardAuthenticatorHandler; |
21 | 24 | use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken as GuardPreAuthenticationGuardToken; |
@@ -104,15 +107,122 @@ public function setRememberMeServices(RememberMeServicesInterface $rememberMeSer |
104 | 107 | $this->rememberMeServices = $rememberMeServices; |
105 | 108 | } |
106 | 109 |
|
107 | | - protected function createPreAuthenticatedToken($credentials, string $uniqueGuardKey, string $providerKey): PreAuthenticationGuardToken |
| 110 | + /** |
| 111 | + * @param AuthenticatorInterface[] $guardAuthenticators |
| 112 | + */ |
| 113 | + protected function executeGuardAuthenticators(array $guardAuthenticators, RequestEvent $event): void |
108 | 114 | { |
109 | | - return new GuardPreAuthenticationGuardToken($credentials, $uniqueGuardKey, $providerKey); |
| 115 | + foreach ($guardAuthenticators as $key => $guardAuthenticator) { |
| 116 | + $uniqueGuardKey = $this->providerKey.'_'.$key;; |
| 117 | + |
| 118 | + $this->executeGuardAuthenticator($uniqueGuardKey, $guardAuthenticator, $event); |
| 119 | + |
| 120 | + if ($event->hasResponse()) { |
| 121 | + if (null !== $this->logger) { |
| 122 | + $this->logger->debug('The "{authenticator}" authenticator set the response. Any later authenticator will not be called', ['authenticator' => \get_class($guardAuthenticator)]); |
| 123 | + } |
| 124 | + |
| 125 | + break; |
| 126 | + } |
| 127 | + } |
110 | 128 | } |
111 | 129 |
|
112 | | - protected function getGuardKey(string $key): string |
| 130 | + private function executeGuardAuthenticator(string $uniqueGuardKey, AuthenticatorInterface $guardAuthenticator, RequestEvent $event) |
113 | 131 | { |
114 | | - // get a key that's unique to *this* guard authenticator |
115 | | - // this MUST be the same as GuardAuthenticationProvider |
116 | | - return $this->providerKey.'_'.$key; |
| 132 | + $request = $event->getRequest(); |
| 133 | + try { |
| 134 | + if (null !== $this->logger) { |
| 135 | + $this->logger->debug('Calling getCredentials() on guard authenticator.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]); |
| 136 | + } |
| 137 | + |
| 138 | + // allow the authenticator to fetch authentication info from the request |
| 139 | + $credentials = $guardAuthenticator->getCredentials($request); |
| 140 | + |
| 141 | + if (null === $credentials) { |
| 142 | + throw new \UnexpectedValueException(sprintf('The return value of "%1$s::getCredentials()" must not be null. Return false from "%1$s::supports()" instead.', get_debug_type($guardAuthenticator))); |
| 143 | + } |
| 144 | + |
| 145 | + // create a token with the unique key, so that the provider knows which authenticator to use |
| 146 | + $token = $this->createPreAuthenticatedToken($credentials, $uniqueGuardKey, $this->providerKey); |
| 147 | + |
| 148 | + if (null !== $this->logger) { |
| 149 | + $this->logger->debug('Passing guard token information to the GuardAuthenticationProvider', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]); |
| 150 | + } |
| 151 | + // pass the token into the AuthenticationManager system |
| 152 | + // this indirectly calls GuardAuthenticationProvider::authenticate() |
| 153 | + $token = $this->authenticationManager->authenticate($token); |
| 154 | + |
| 155 | + if (null !== $this->logger) { |
| 156 | + $this->logger->info('Guard authentication successful!', ['token' => $token, 'authenticator' => \get_class($guardAuthenticator)]); |
| 157 | + } |
| 158 | + |
| 159 | + // sets the token on the token storage, etc |
| 160 | + $this->guardHandler->authenticateWithToken($token, $request, $this->providerKey); |
| 161 | + } catch (AuthenticationException $e) { |
| 162 | + // oh no! Authentication failed! |
| 163 | + |
| 164 | + if (null !== $this->logger) { |
| 165 | + $this->logger->info('Guard authentication failed.', ['exception' => $e, 'authenticator' => \get_class($guardAuthenticator)]); |
| 166 | + } |
| 167 | + |
| 168 | + $response = $this->guardHandler->handleAuthenticationFailure($e, $request, $guardAuthenticator, $this->providerKey); |
| 169 | + |
| 170 | + if ($response instanceof Response) { |
| 171 | + $event->setResponse($response); |
| 172 | + } |
| 173 | + |
| 174 | + return; |
| 175 | + } |
| 176 | + |
| 177 | + // success! |
| 178 | + $response = $this->guardHandler->handleAuthenticationSuccess($token, $request, $guardAuthenticator, $this->providerKey); |
| 179 | + if ($response instanceof Response) { |
| 180 | + if (null !== $this->logger) { |
| 181 | + $this->logger->debug('Guard authenticator set success response.', ['response' => $response, 'authenticator' => \get_class($guardAuthenticator)]); |
| 182 | + } |
| 183 | + |
| 184 | + $event->setResponse($response); |
| 185 | + } else { |
| 186 | + if (null !== $this->logger) { |
| 187 | + $this->logger->debug('Guard authenticator set no success response: request continues.', ['authenticator' => \get_class($guardAuthenticator)]); |
| 188 | + } |
| 189 | + } |
| 190 | + |
| 191 | + // attempt to trigger the remember me functionality |
| 192 | + $this->triggerRememberMe($guardAuthenticator, $request, $token, $response); |
| 193 | + } |
| 194 | + |
| 195 | + protected function triggerRememberMe($guardAuthenticator, Request $request, TokenInterface $token, Response $response = null) |
| 196 | + { |
| 197 | + if (!$guardAuthenticator instanceof AuthenticatorInterface && !$guardAuthenticator instanceof CoreAuthenticatorInterface) { |
| 198 | + throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.'); |
| 199 | + } |
| 200 | + |
| 201 | + if (null === $this->rememberMeServices) { |
| 202 | + if (null !== $this->logger) { |
| 203 | + $this->logger->debug('Remember me skipped: it is not configured for the firewall.', ['authenticator' => \get_class($guardAuthenticator)]); |
| 204 | + } |
| 205 | + |
| 206 | + return; |
| 207 | + } |
| 208 | + |
| 209 | + if (!$guardAuthenticator->supportsRememberMe()) { |
| 210 | + if (null !== $this->logger) { |
| 211 | + $this->logger->debug('Remember me skipped: your authenticator does not support it.', ['authenticator' => \get_class($guardAuthenticator)]); |
| 212 | + } |
| 213 | + |
| 214 | + return; |
| 215 | + } |
| 216 | + |
| 217 | + if (!$response instanceof Response) { |
| 218 | + throw new \LogicException(sprintf('"%s::onAuthenticationSuccess()" *must* return a Response if you want to use the remember me functionality. Return a Response, or set remember_me to false under the guard configuration.', get_debug_type($guardAuthenticator))); |
| 219 | + } |
| 220 | + |
| 221 | + $this->rememberMeServices->loginSuccess($request, $response, $token); |
| 222 | + } |
| 223 | + |
| 224 | + protected function createPreAuthenticatedToken($credentials, string $uniqueGuardKey, string $providerKey): PreAuthenticationGuardToken |
| 225 | + { |
| 226 | + return new GuardPreAuthenticationGuardToken($credentials, $uniqueGuardKey, $providerKey); |
117 | 227 | } |
118 | 228 | } |
0 commit comments