vendor/symfony/security/Http/Firewall/SimpleFormAuthenticationListener.php line 32

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Psr\Log\LoggerInterface;
  15. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  18. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  19. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  20. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  21. use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
  22. use Symfony\Component\Security\Core\Security;
  23. use Symfony\Component\Security\Csrf\CsrfToken;
  24. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  25. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  26. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  27. use Symfony\Component\Security\Http\Authentication\SimpleFormAuthenticatorInterface;
  28. use Symfony\Component\Security\Http\HttpUtils;
  29. use Symfony\Component\Security\Http\ParameterBagUtils;
  30. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
  32. @trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.2, use Guard instead.'SimpleFormAuthenticationListener::class), \E_USER_DEPRECATED);
  34. /**
  35.  * @author Jordi Boggiano <j.boggiano@seld.be>
  36.  *
  37.  * @deprecated since Symfony 4.2, use Guard instead.
  38.  */
  39. class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
  40. {
  41.     private $simpleAuthenticator;
  42.     private $csrfTokenManager;
  44.     /**
  45.      * @throws \InvalidArgumentException In case no simple authenticator is provided
  46.      */
  47.     public function __construct(TokenStorageInterface $tokenStorageAuthenticationManagerInterface $authenticationManagerSessionAuthenticationStrategyInterface $sessionStrategyHttpUtils $httpUtilsstring $providerKeyAuthenticationSuccessHandlerInterface $successHandlerAuthenticationFailureHandlerInterface $failureHandler, array $options = [], LoggerInterface $logger nullEventDispatcherInterface $dispatcher nullCsrfTokenManagerInterface $csrfTokenManager nullSimpleFormAuthenticatorInterface $simpleAuthenticator null)
  48.     {
  49.         if (!$simpleAuthenticator) {
  50.             throw new \InvalidArgumentException('Missing simple authenticator.');
  51.         }
  53.         $this->simpleAuthenticator $simpleAuthenticator;
  54.         $this->csrfTokenManager $csrfTokenManager;
  56.         $options array_merge([
  57.             'username_parameter' => '_username',
  58.             'password_parameter' => '_password',
  59.             'csrf_parameter' => '_csrf_token',
  60.             'csrf_token_id' => 'authenticate',
  61.             'post_only' => true,
  62.         ], $options);
  64.         parent::__construct($tokenStorage$authenticationManager$sessionStrategy$httpUtils$providerKey$successHandler$failureHandler$options$logger$dispatcher);
  65.     }
  67.     /**
  68.      * {@inheritdoc}
  69.      */
  70.     protected function requiresAuthentication(Request $request)
  71.     {
  72.         if ($this->options['post_only'] && !$request->isMethod('POST')) {
  73.             return false;
  74.         }
  76.         return parent::requiresAuthentication($request);
  77.     }
  79.     /**
  80.      * {@inheritdoc}
  81.      */
  82.     protected function attemptAuthentication(Request $request)
  83.     {
  84.         if (null !== $this->csrfTokenManager) {
  85.             $csrfToken ParameterBagUtils::getRequestParameterValue($request$this->options['csrf_parameter']);
  87.             if (!\is_string($csrfToken) || false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['csrf_token_id'], $csrfToken))) {
  88.                 throw new InvalidCsrfTokenException('Invalid CSRF token.');
  89.             }
  90.         }
  92.         if ($this->options['post_only']) {
  93.             $username ParameterBagUtils::getParameterBagValue($request->request$this->options['username_parameter']);
  94.             $password ParameterBagUtils::getParameterBagValue($request->request$this->options['password_parameter']);
  95.         } else {
  96.             $username ParameterBagUtils::getRequestParameterValue($request$this->options['username_parameter']);
  97.             $password ParameterBagUtils::getRequestParameterValue($request$this->options['password_parameter']);
  98.         }
  100.         if (!\is_string($username) && (!\is_object($username) || !method_exists($username'__toString'))) {
  101.             throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.'$this->options['username_parameter'], \gettype($username)));
  102.         }
  104.         $username trim($username);
  106.         if (\strlen($username) > Security::MAX_USERNAME_LENGTH) {
  107.             throw new BadCredentialsException('Invalid username.');
  108.         }
  110.         $request->getSession()->set(Security::LAST_USERNAME$username);
  112.         $token $this->simpleAuthenticator->createToken($request$username$password$this->providerKey);
  114.         return $this->authenticationManager->authenticate($token);
  115.     }
  116. }