API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 13th, 2017
598
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 6.07 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  11.  
  12. namespace Symfony\Component\Security\Http\Firewall;
  13.  
  14. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  15. use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter;
  16. use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
  17. use Symfony\Component\HttpFoundation\Request;
  18. use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
  19. use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
  20. use Symfony\Component\Security\Csrf\CsrfToken;
  21. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  22. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  23. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  24. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  25. use Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface;
  26. use Symfony\Component\Security\Core\SecurityContextInterface;
  27. use Symfony\Component\Security\Http\HttpUtils;
  28. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
  29. use Psr\Log\LoggerInterface;
  30.  
  31. /**
  32.  * @author Jordi Boggiano <j.boggiano@seld.be>
  33.  */
  34. class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
  35. {
  36.     private $simpleAuthenticator;
  37.     private $csrfTokenManager;
  38.  
  39.     /**
  40.      * Constructor.
  41.      *
  42.      * @param SecurityContextInterface               $securityContext       A SecurityContext instance
  43.      * @param AuthenticationManagerInterface         $authenticationManager An AuthenticationManagerInterface instance
  44.      * @param SessionAuthenticationStrategyInterface $sessionStrategy
  45.      * @param HttpUtils                              $httpUtils             An HttpUtilsInterface instance
  46.      * @param string                                 $providerKey
  47.      * @param AuthenticationSuccessHandlerInterface  $successHandler
  48.      * @param AuthenticationFailureHandlerInterface  $failureHandler
  49.      * @param array                                  $options               An array of options for the processing of a
  50.      *                                                                      successful, or failed authentication attempt
  51.      * @param LoggerInterface                        $logger                A LoggerInterface instance
  52.      * @param EventDispatcherInterface               $dispatcher            An EventDispatcherInterface instance
  53.      * @param SimpleFormAuthenticatorInterface       $simpleAuthenticator   A SimpleFormAuthenticatorInterface instance
  54.      * @param CsrfTokenManagerInterface              $csrfTokenManager      A CsrfTokenManagerInterface instance
  55.      */
  56.     public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfTokenManagerInterface $csrfTokenManager = null, SimpleFormAuthenticatorInterface $simpleAuthenticator = null)
  57.     {
  58.         if (!$simpleAuthenticator) {
  59.             throw new \InvalidArgumentException('Missing simple authenticator');
  60.         }
  61.  
  62.         if ($csrfTokenManager instanceof CsrfProviderInterface) {
  63.             $csrfTokenManager = new CsrfProviderAdapter($csrfTokenManager);
  64.         } elseif (null !== $csrfTokenManager && !$csrfTokenManager instanceof CsrfTokenManagerInterface) {
  65.             throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.');
  66.         }
  67.  
  68.         $this->simpleAuthenticator = $simpleAuthenticator;
  69.         $this->csrfTokenManager = $csrfTokenManager;
  70.  
  71.         $options = array_merge(array(
  72.             'username_parameter' => '_username',
  73.             'password_parameter' => '_password',
  74.             'csrf_parameter'     => '_csrf_token',
  75.             'intention'          => 'authenticate',
  76.             'post_only'          => true,
  77.         ), $options);
  78.         parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, $options, $logger, $dispatcher);
  79.     }
  80.  
  81.     /**
  82.      * {@inheritdoc}
  83.      */
  84.     protected function requiresAuthentication(Request $request)
  85.     {
  86.         if ($this->options['post_only'] && !$request->isMethod('POST')) {
  87.             return false;
  88.         }
  89.  
  90.         return parent::requiresAuthentication($request);
  91.     }
  92.  
  93.     /**
  94.      * {@inheritdoc}
  95.      */
  96.     protected function attemptAuthentication(Request $request)
  97.     {
  98.         if (null !== $this->csrfTokenManager) {
  99.             $csrfToken = $request->get($this->options['csrf_parameter'], null, true);
  100.  
  101.             if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
  102.                 throw new InvalidCsrfTokenException('Invalid CSRF token.');
  103.             }
  104.         }
  105.  
  106.         if ($this->options['post_only']) {
  107.             $username = trim($request->request->get($this->options['username_parameter'], null, true));
  108.             $password = $request->request->get($this->options['password_parameter'], null, true);
  109.         } else {
  110.             $username = trim($request->get($this->options['username_parameter'], null, true));
  111.             $password = $request->get($this->options['password_parameter'], null, true);
  112.         }
  113.  
  114.         $request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username);
  115.  
  116.         $token = $this->simpleAuthenticator->createToken($request, $username, $password, $this->providerKey);
  117.  
  118.         return $this->authenticationManager->authenticate($token);
  119.     }
  120. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!