src/BackendBundle/Security/Authenticator/OAuth2Authenticator.php line 22

Open in your IDE?
  1. <?php
  3. namespace App\BackendBundle\Security\Authenticator;
  5. use Psr\Log\LoggerInterface;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Component\HttpFoundation\RequestStack;
  8. use Symfony\Component\HttpFoundation\Response;
  9. use Symfony\Component\HttpFoundation\RedirectResponse;
  10. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  11. use Symfony\Component\Routing\RouterInterface;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  14. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  15. use Symfony\Component\Security\Core\Security;
  16. use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
  17. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  18. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  19. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  20. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  21. use App\BackendBundle\Helper\SecurityHelper;
  23. class OAuth2Authenticator extends AbstractLoginFormAuthenticator {
  25.     private LoggerInterface $logger;
  26.     private RequestStack $requestStack;
  27.     private RouterInterface $router;
  28.     private SessionInterface $session;
  29.     private SecurityHelper $securityHelper;
  30.     private $sessionOAuthKey 'oauth2_session_username';
  31.     private $sessionEmail 'oauth2_session_email';
  33.     public function __construct(LoggerInterface $loggerRouterInterface $routerRequestStack $requestStackSecurityHelper $securityHelper) {
  34.         $this->logger $logger;
  35.         $this->requestStack $requestStack;
  36.         $this->securityHelper $securityHelper;
  37.         $this->session $this->requestStack->getSession();
  38.         $this->router $router;
  39.     }
  41.     public function supports(Request $request): bool {
  42.         /*
  43.          * Important !!!
  44.          * The sessionOAuthKey contains the username after login success and 
  45.          * the symfony authenticator is called before the AuthorizationRequestResolverListener
  46.          * which access the TokenStorage
  47.          */
  48.         if ($this->session->has($this->sessionOAuthKey)) {
  49.             return true;
  50.         }
  52.         if (!$request->isMethod('POST')) {
  53.             return false;
  54.         }
  56.         $loginUrl $this->router->generate('oauth2_login'); // need to create url without parameter
  57.         $fullPath $request->getBaseUrl() . $request->getPathInfo();
  58.         if ($loginUrl !== $fullPath) {
  59.             return false;
  60.         }
  62.         return true;
  63.     }
  65.     protected function getLoginUrl(Request $request): string {
  66.         $parameters $request->query->all();
  67.         return $this->router->generate('oauth2_login'$parameters);
  68.     }
  70.     public function authenticate(Request $request): Passport {
  71.         $userIdentifier $this->session->get($this->sessionOAuthKey);
  72.         if (empty($userIdentifier)) {
  73.             return $this->passportLoginForm($request);
  74.         } else {
  75.             return new SelfValidatingPassport(new UserBadge($userIdentifier));
  76.         }
  77.     }
  79.     private function passportLoginForm(Request $request) {
  80.         $email $request->request->get('email''');
  81.         $plaintextPassword $request->request->get('password''');
  83.         if (empty($email) || empty($plaintextPassword)) {
  84.             throw new CustomUserMessageAuthenticationException('Benutzername oder Passwort wurden nicht ausgefüllt.');
  85.         }
  87.         $request->getSession()->set($this->sessionEmail$email);
  88.         return new Passport(new UserBadge($email), new PasswordCredentials($plaintextPassword));
  89.     }
  91.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response {
  92.         $request->getSession()->remove(Security::AUTHENTICATION_ERROR);
  94.         if ($this->session->has($this->sessionOAuthKey)) {
  95.             // on success, let the request continue
  96.             return null;
  97.         }
  99.         /* get username and set in session */
  100.         $userName $token->getUser()->getUsername();
  101.         $this->session->set($this->sessionOAuthKey$userName);
  103.         /* redirect back to oauth2 server */
  104.         $parameters $request->query->all();
  105.         $url $this->router->generate('oauth2_authorize'$parameters);
  106.         return new RedirectResponse($url);
  107.     }
  109.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): Response {
  110.         if ($request->hasSession()) {
  111.             $errorText $this->securityHelper->getLoginErrorText($exception);
  112.             $request->getSession()->set(Security::AUTHENTICATION_ERROR$errorText);
  113.         }
  115.         $this->session->remove($this->sessionOAuthKey);
  117.         $parameters $request->query->all();
  118.         $url $this->router->generate('oauth2_login'$parameters);
  120.         return new RedirectResponse($url);
  121.     }
  122. }