src/Security/TokenAuthenticator.php line 89

Open in your IDE?
  1. <?php
  3. namespace App\Security;
  5. use App\Repository\UserRepository;
  6. use App\Utils\UserUtils;
  7. use Doctrine\ORM\EntityManagerInterface;
  8. use Evo\Infrastructure\MappingORM\User;
  9. use Symfony\Component\HttpFoundation\JsonResponse;
  10. use Symfony\Component\HttpFoundation\Request;
  11. use Symfony\Component\HttpFoundation\Response;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  14. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  15. use Symfony\Component\Security\Core\Security;
  16. use Symfony\Component\Security\Core\User\UserInterface;
  17. use Symfony\Component\Security\Core\User\UserProviderInterface;
  18. use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
  20. class TokenAuthenticator extends AbstractGuardAuthenticator
  21. {
  22.     private const ROUTE_NAME 'api_auth';
  24.     private EntityManagerInterface $em;
  25.     private UserPasswordEncoderInterface $passwordEncoder;
  26.     private UserUtils $userUtils;
  27.     private Security $security;
  29.     public function __construct(EntityManagerInterface $emUserPasswordEncoderInterface $passwordEncoderUserUtils $userUtilsSecurity $security)
  30.     {
  31.         $this->em $em;
  32.         $this->passwordEncoder $passwordEncoder;
  33.         $this->userUtils $userUtils;
  34.         $this->security $security;
  35.     }
  37.     /**
  38.      * Called on every request to decide if this authenticator should be
  39.      * used for the request. Returning `false` will cause this authenticator
  40.      * to be skipped.
  41.      */
  42.     public function supports(Request $request): bool
  43.     {
  44.         return self::ROUTE_NAME === $request->attributes->get('_route') && 'POST' === $request->getMethod();
  45.     }
  47.     /**
  48.      * Called on every request. Return whatever credentials you want to
  49.      * be passed to getUser() as $credentials.
  50.      */
  51.     public function getCredentials(Request $request)
  52.     {
  53.         $body json_decode($request->getContent(), null512JSON_THROW_ON_ERROR);
  55.         if (null === $body) {
  56.             return [];
  57.         }
  59.         $credentials = [
  60.             'username' => $body->username,
  61.             'password' => $body->password,
  62.         ];
  64.         $request->getSession()->set(
  65.             Security::LAST_USERNAME,
  66.             $credentials['username']
  67.         );
  69.         return $credentials;
  70.     }
  72.     public function getUser($credentialsUserProviderInterface $userProvider): ?UserInterface
  73.     {
  74.         if (empty($credentials)) {
  75.             // The token header was empty, authentication fails with HTTP Status
  76.             // Code 401 "Unauthorized"
  77.             return null;
  78.         }
  80.         // The user identifier in this case is the apiToken, see the key `property`
  81.         // of `your_db_provider` in `security.yaml`.
  82.         // If this returns a user, checkCredentials() is called next:
  83.         /** @var UserRepository $userRepository */
  84.         $userRepository $this->em->getRepository(User::class);
  86.         return $userRepository->loadUserByUsername($credentials['username'], true);
  87.     }
  89.     public function checkCredentials($credentialsUserInterface $user): bool
  90.     {
  91.         return $this->passwordEncoder->isPasswordValid($user$credentials['password']);
  92.     }
  94.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  95.     {
  96.         $data = [
  97.             // you may want to customize or obfuscate the message first
  98.             'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),
  100.             // or to translate this message
  101.             // $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
  102.         ];
  103.         $data['message'] .= ' Or your user is deactivated';
  105.         return new JsonResponse($dataResponse::HTTP_UNAUTHORIZED);
  106.     }
  108.     /**
  109.      * Called when authentication is needed, but it's not sent.
  110.      */
  111.     public function start(Request $requestAuthenticationException $authException null): Response
  112.     {
  113.         $data = [
  114.             // you might translate this message
  115.             'message' => 'Authentication Required',
  116.         ];
  118.         return new JsonResponse($dataResponse::HTTP_UNAUTHORIZED);
  119.     }
  121.     public function supportsRememberMe(): bool
  122.     {
  123.         return false;
  124.     }
  126.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey)
  127.     {
  128.         if ($request->query->get('da')) {
  129.             $code $this->userUtils->generateCodeConfirmation();
  131.             /** @var User $user */
  132.             $user $this->security->getUser();
  133.             $user->setCodeConfirmation($code);
  134.             $this->em->persist($user);
  135.             $this->em->flush();
  136.         }
  138.         return null;
  139.     }
  140. }