src/BackendBundle/Security/Authenticator/OAuth2Authenticator.php line 45

Open in your IDE?
  1. <?php
  3. namespace App\BackendBundle\Security\Authenticator;
  5. use Psr\Log\LoggerInterface;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Component\HttpFoundation\RequestStack;
  8. use Symfony\Component\HttpFoundation\Response;
  9. use Symfony\Component\HttpFoundation\RedirectResponse;
  10. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  11. use Symfony\Component\Routing\RouterInterface;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  14. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  15. use Symfony\Component\Security\Core\Security;
  16. use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
  17. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  18. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  19. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  20. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  22. class OAuth2Authenticator extends AbstractLoginFormAuthenticator {
  24.     private LoggerInterface $logger;
  25.     private RequestStack $requestStack;
  26.     private RouterInterface $router;
  27.     private SessionInterface $session;
  28.     private $sessionOAuthKey 'oauth2_session_username';
  29.     private $sessionEmail 'oauth2_session_email';
  31.     public function __construct(LoggerInterface $loggerRouterInterface $routerRequestStack $requestStack) {
  32.         $this->logger $logger;
  33.         $this->requestStack $requestStack;
  34.         $this->session $this->requestStack->getSession();
  35.         $this->router $router;
  36.     }
  38.     public function supports(Request $request): bool {
  39.         /*
  40.          * Important !!!
  41.          * The sessionOAuthKey contains the username after login success and 
  42.          * the symfony authenticator is called before the AuthorizationRequestResolverListener
  43.          * which access the TokenStorage
  44.          */
  45.         if ($this->session->has($this->sessionOAuthKey)) {
  46.             return true;
  47.         }
  49.         if (!$request->isMethod('POST')) {
  50.             return false;
  51.         }
  53.         $loginUrl $this->router->generate('oauth2_login'); // need to create url without parameter
  54.         $fullPath $request->getBaseUrl() . $request->getPathInfo();
  55.         if ($loginUrl !== $fullPath) {
  56.             return false;
  57.         }
  59.         return true;
  60.     }
  62.     protected function getLoginUrl(Request $request): string {
  63.         $parameters $request->query->all();
  64.         return $this->router->generate('oauth2_login'$parameters);
  65.     }
  67.     public function authenticate(Request $request): Passport {
  68.         $userIdentifier $this->session->get($this->sessionOAuthKey);
  69.         if (empty($userIdentifier)) {
  70.             return $this->passportLoginForm($request);
  71.         } else {
  72.             return new SelfValidatingPassport(new UserBadge($userIdentifier));
  73.         }
  74.     }
  76.     private function passportLoginForm(Request $request) {
  77.         $email $request->request->get('email''');
  78.         $plaintextPassword $request->request->get('password''');
  80.         if (empty($email) || empty($plaintextPassword)) {
  81.             throw new CustomUserMessageAuthenticationException('Benutzername oder Passwort wurden nicht ausgefüllt.');
  82.         }
  84.         $request->getSession()->set($this->sessionEmail$email);
  85.         return new Passport(new UserBadge($email), new PasswordCredentials($plaintextPassword));
  86.     }
  88.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response {
  89.         $request->getSession()->remove(Security::AUTHENTICATION_ERROR);
  91.         if ($this->session->has($this->sessionOAuthKey)) {
  92.             // on success, let the request continue
  93.             return null;
  94.         }
  96.         /* get username and set in session */
  97.         $userName $token->getUser()->getUsername();
  98.         $this->session->set($this->sessionOAuthKey$userName);
  100.         /* redirect back to oauth2 server */
  101.         $parameters $request->query->all();
  102.         $url $this->router->generate('oauth2_authorize'$parameters);
  103.         return new RedirectResponse($url);
  104.     }
  106.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): Response {
  107.         if ($request->hasSession()) {
  108.             $request->getSession()->set(Security::AUTHENTICATION_ERROR$exception);
  109.         }
  111.         $this->session->remove($this->sessionOAuthKey);
  113.         $parameters $request->query->all();
  114.         $url $this->router->generate('oauth2_login'$parameters);
  116.         return new RedirectResponse($url);
  117.     }
  118. }