vendor/roothirsch/core-bundle/Security/CoreAuthenticator.php line 68

Open in your IDE?
  1. <?php
  3. namespace Roothirsch\CoreBundle\Security;
  5. use Roothirsch\CoreBundle\Entity\User;
  6. use Doctrine\ORM\EntityManagerInterface;
  7. use Symfony\Component\HttpFoundation\RedirectResponse;
  8. use Symfony\Component\HttpFoundation\Request;
  9. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  12. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  13. use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
  14. use Symfony\Component\Security\Core\Security;
  15. use Symfony\Component\Security\Core\User\UserInterface;
  16. use Symfony\Component\Security\Core\User\UserProviderInterface;
  17. use Symfony\Component\Security\Csrf\CsrfToken;
  18. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  19. use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
  20. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  22. class CoreAuthenticator extends AbstractFormLoginAuthenticator
  23. {
  24.     use TargetPathTrait;
  26.     private $entityManager;
  27.     private $urlGenerator;
  28.     private $csrfTokenManager;
  29.     private $passwordEncoder;
  31.     public function __construct(
  32.         EntityManagerInterface $entityManager,
  33.         UrlGeneratorInterface $urlGenerator,
  34.         CsrfTokenManagerInterface $csrfTokenManager,
  35.         UserPasswordEncoderInterface $passwordEncoder
  36.     ) {
  37.         $this->entityManager $entityManager;
  38.         $this->urlGenerator $urlGenerator;
  39.         $this->csrfTokenManager $csrfTokenManager;
  40.         $this->passwordEncoder $passwordEncoder;
  41.     }
  43.     public function supports(Request $request)
  44.     {
  45.         return 'app_login' === $request->attributes->get('_route')
  46.             && $request->isMethod('POST');
  47.     }
  49.     public function getCredentials(Request $request)
  50.     {
  51.         $credentials = [
  52.             'username' => $request->request->get('username'),
  53.             'password' => $request->request->get('password'),
  54.             'csrf_token' => $request->request->get('_csrf_token'),
  55.         ];
  56.         $request->getSession()->set(
  57.             Security::LAST_USERNAME,
  58.             $credentials['username']
  59.         );
  61.         return $credentials;
  62.     }
  64.     public function getUser($credentialsUserProviderInterface $userProvider)
  65.     {
  66.         $token = new CsrfToken('authenticate'$credentials['csrf_token']);
  67.         if (!$this->csrfTokenManager->isTokenValid($token)) {
  68.             throw new InvalidCsrfTokenException();
  69.         }
  71.         $user $this->entityManager->getRepository(User::class)->findOneBy(['username' => $credentials['username']]);
  73.         if (!$user) {
  74.             // fail authentication with a custom error
  75.             throw new CustomUserMessageAuthenticationException('Username could not be found.');
  76.         }
  78.         return $user;
  79.     }
  81.     public function checkCredentials($credentialsUserInterface $user)
  82.     {
  83.         return $this->passwordEncoder->isPasswordValid($user$credentials['password']);
  84.     }
  86.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey)
  87.     {
  88.         if ($targetPath $this->getTargetPath($request->getSession(), $providerKey)) {
  89.             return new RedirectResponse($targetPath);
  90.         }
  92.         return new RedirectResponse('/');
  93.     }
  95.     protected function getLoginUrl()
  96.     {
  97.         return $this->urlGenerator->generate('app_login');
  98.     }
  99. }