vendor/symfony/security-http/Firewall/UsernamePasswordFormAuthenticationListener.php line 89

Open in your IDE?
  1. <?php
  2. /*
  3.  * This file is part of the Symfony package.
  4.  *
  5.  * (c) Fabien Potencier <fabien@symfony.com>
  6.  *
  7.  * For the full copyright and license information, please view the LICENSE
  8.  * file that was distributed with this source code.
  9.  */
  10. namespace Symfony\Component\Security\Http\Firewall;
  11. use Psr\Log\LoggerInterface;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  14. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  15. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  16. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  17. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  18. use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
  19. use Symfony\Component\Security\Core\Security;
  20. use Symfony\Component\Security\Csrf\CsrfToken;
  21. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  22. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  23. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  24. use Symfony\Component\Security\Http\HttpUtils;
  25. use Symfony\Component\Security\Http\ParameterBagUtils;
  26. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
  27. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  28. /**
  29.  * UsernamePasswordFormAuthenticationListener is the default implementation of
  30.  * an authentication via a simple form composed of a username and a password.
  31.  *
  32.  * @author Fabien Potencier <fabien@symfony.com>
  33.  */
  34. class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationListener
  35. {
  36.     private $csrfTokenManager;
  37.     public function __construct(TokenStorageInterface $tokenStorageAuthenticationManagerInterface $authenticationManagerSessionAuthenticationStrategyInterface $sessionStrategyHttpUtils $httpUtilsstring $providerKeyAuthenticationSuccessHandlerInterface $successHandlerAuthenticationFailureHandlerInterface $failureHandler, array $options = [], LoggerInterface $logger nullEventDispatcherInterface $dispatcher nullCsrfTokenManagerInterface $csrfTokenManager null)
  38.     {
  39.         parent::__construct($tokenStorage$authenticationManager$sessionStrategy$httpUtils$providerKey$successHandler$failureHandlerarray_merge([
  40.             'username_parameter' => '_username',
  41.             'password_parameter' => '_password',
  42.             'csrf_parameter' => '_csrf_token',
  43.             'csrf_token_id' => 'authenticate',
  44.             'post_only' => true,
  45.         ], $options), $logger$dispatcher);
  46.         $this->csrfTokenManager $csrfTokenManager;
  47.     }
  48.     /**
  49.      * {@inheritdoc}
  50.      */
  51.     protected function requiresAuthentication(Request $request)
  52.     {
  53.         if ($this->options['post_only'] && !$request->isMethod('POST')) {
  54.             return false;
  55.         }
  56.         return parent::requiresAuthentication($request);
  57.     }
  58.     /**
  59.      * {@inheritdoc}
  60.      */
  61.     protected function attemptAuthentication(Request $request)
  62.     {
  63.         if (null !== $this->csrfTokenManager) {
  64.             $csrfToken ParameterBagUtils::getRequestParameterValue($request$this->options['csrf_parameter']);
  65.             if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['csrf_token_id'], $csrfToken))) {
  66.                 throw new InvalidCsrfTokenException('Invalid CSRF token.');
  67.             }
  68.         }
  69.         if ($this->options['post_only']) {
  70.             $username ParameterBagUtils::getParameterBagValue($request->request$this->options['username_parameter']);
  71.             $password ParameterBagUtils::getParameterBagValue($request->request$this->options['password_parameter']);
  72.         } else {
  73.             $username ParameterBagUtils::getRequestParameterValue($request$this->options['username_parameter']);
  74.             $password ParameterBagUtils::getRequestParameterValue($request$this->options['password_parameter']);
  75.         }
  76.         if (!\is_string($username) && (!\is_object($username) || !method_exists($username'__toString'))) {
  77.             throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.'$this->options['username_parameter'], \gettype($username)));
  78.         }
  79.         $username trim($username);
  80.         if (\strlen($username) > Security::MAX_USERNAME_LENGTH) {
  81.             throw new BadCredentialsException('Invalid username.');
  82.         }
  83.         $request->getSession()->set(Security::LAST_USERNAME$username);
  84.         return $this->authenticationManager->authenticate(new UsernamePasswordToken($username$password$this->providerKey));
  85.     }
  86. }