src/BackendBundle/Security/Authenticator/OAuth2Authenticator.php line 61

Open in your IDE?
  1. <?php
  3. namespace App\BackendBundle\Security\Authenticator;
  5. use Doctrine\ORM\EntityManagerInterface;
  6. use Psr\Log\LoggerInterface;
  7. use Symfony\Component\HttpFoundation\Request;
  8. use Symfony\Component\HttpFoundation\RequestStack;
  9. use Symfony\Component\HttpFoundation\Response;
  10. use Symfony\Component\HttpFoundation\RedirectResponse;
  11. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  12. use Symfony\Component\Routing\RouterInterface;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  15. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  16. use Symfony\Component\Security\Core\Security;
  17. use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
  18. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  19. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  20. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  21. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  22. use App\BackendBundle\Helper\SecurityHelper;
  23. use App\BackendBundle\Helper\UserHelper;
  25. class OAuth2Authenticator extends AbstractLoginFormAuthenticator
  26. {
  28.     private UserHelper $userHelper;
  29.     private LoggerInterface $logger;
  30.     private RequestStack $requestStack;
  31.     private RouterInterface $router;
  32.     private SessionInterface $session;
  33.     private SecurityHelper $securityHelper;
  34.     private string $sessionOAuthKey 'oauth2_session_username';
  35.     private string $sessionEmail 'oauth2_session_email';
  37.     public function __construct(
  38.         UserHelper      $userHelper,
  39.         LoggerInterface $logger,
  40.         RouterInterface $router,
  41.         RequestStack    $requestStack,
  42.         SecurityHelper  $securityHelper
  43.     )
  44.     {
  45.         $this->userHelper $userHelper;
  46.         $this->logger $logger;
  47.         $this->requestStack $requestStack;
  48.         $this->session $this->requestStack->getSession();
  49.         $this->securityHelper $securityHelper;
  50.         $this->router $router;
  51.     }
  53.     public function supports(Request $request): bool
  54.     {
  55.         /*
  56.          * Important !!!
  57.          * The sessionOAuthKey contains the username after login success and 
  58.          * the symfony authenticator is called before the AuthorizationRequestResolverListener
  59.          * which access the TokenStorage
  60.          */
  61.         if ($this->session->has($this->sessionOAuthKey)) {
  62.             return true;
  63.         }
  65.         if (!$request->isMethod('POST')) {
  66.             return false;
  67.         }
  69.         $loginUrl $this->router->generate('oauth2_login'); // need to create url without parameter
  70.         $fullPath $request->getBaseUrl() . $request->getPathInfo();
  71.         if ($loginUrl !== $fullPath) {
  72.             return false;
  73.         }
  75.         return true;
  76.     }
  78.     protected function getLoginUrl(Request $request): string
  79.     {
  80.         $parameters $request->query->all();
  81.         return $this->router->generate('oauth2_login'$parameters);
  82.     }
  84.     public function authenticate(Request $request): Passport
  85.     {
  86.         $userIdentifier $this->session->get($this->sessionOAuthKey);
  87.         if (empty($userIdentifier)) {
  88.             return $this->passportLoginForm($request);
  89.         } else {
  90.             return new SelfValidatingPassport(new UserBadge($userIdentifier));
  91.         }
  92.     }
  94.     private function passportLoginForm(Request $request): Passport
  95.     {
  96.         $email $request->request->get('email''');
  97.         $plaintextPassword $request->request->get('password''');
  99.         if (empty($email) || empty($plaintextPassword)) {
  100.             throw new CustomUserMessageAuthenticationException('Benutzername oder Passwort wurden nicht ausgefüllt.');
  101.         }
  103.         $request->getSession()->set($this->sessionEmail$email);
  104.         return new Passport(new UserBadge($email), new PasswordCredentials($plaintextPassword));
  105.     }
  107.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  108.     {
  109.         $request->getSession()->remove(Security::AUTHENTICATION_ERROR);
  111.         if ($this->session->has($this->sessionOAuthKey)) {
  112.             // on success, let the request continue
  113.             return null;
  114.         }
  116.         /* get username and set in session */
  117.         $user $token->getUser();
  118.         $userName $user->getUsername();
  119.         $this->session->set($this->sessionOAuthKey$userName);
  121.         /* update last login */
  122.         $this->userHelper->updateLastLogin($user);
  124.         /* redirect back to oauth2 server */
  125.         $parameters $request->query->all();
  126.         $url $this->router->generate('oauth2_authorize'$parameters);
  127.         return new RedirectResponse($url);
  128.     }
  130.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): Response
  131.     {
  132.         if ($request->hasSession()) {
  133.             $errorText $this->securityHelper->getLoginErrorText($exception);
  134.             $request->getSession()->set(Security::AUTHENTICATION_ERROR$errorText);
  135.         }
  137.         $this->session->remove($this->sessionOAuthKey);
  139.         $url $this->getLoginUrl($request);
  141.         return new RedirectResponse($url);
  142.     }
  143. }