vendor/symfony/security-core/Authentication/Provider/DaoAuthenticationProvider.php line 27

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <[email protected]>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Core\Authentication\Provider;
  14. use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
  15. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  16. use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
  17. use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
  18. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  19. use Symfony\Component\Security\Core\Exception\UserNotFoundException;
  20. use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
  21. use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
  22. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  23. use Symfony\Component\Security\Core\User\UserCheckerInterface;
  24. use Symfony\Component\Security\Core\User\UserInterface;
  25. use Symfony\Component\Security\Core\User\UserProviderInterface;
  27. trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', DaoAuthenticationProvider::class);
  29. /**
  30. * DaoAuthenticationProvider uses a UserProviderInterface to retrieve the user
  31. * for a UsernamePasswordToken.
  32. *
  33. * @author Fabien Potencier <[email protected]>
  34. *
  35. * @deprecated since Symfony 5.3, use the new authenticator system instead
  36. */
  37. class DaoAuthenticationProvider extends UserAuthenticationProvider
  38. {
  39. private $hasherFactory;
  40. private $userProvider;
  42. /**
  43. * @param PasswordHasherFactoryInterface $hasherFactory
  44. */
  45. public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, string $providerKey, $hasherFactory, bool $hideUserNotFoundExceptions = true)
  46. {
  47. parent::__construct($userChecker, $providerKey, $hideUserNotFoundExceptions);
  49. if ($hasherFactory instanceof EncoderFactoryInterface) {
  50. trigger_deprecation('symfony/security-core', '5.3', 'Passing a "%s" instance to the "%s" constructor is deprecated, use "%s" instead.', EncoderFactoryInterface::class, __CLASS__, PasswordHasherFactoryInterface::class);
  51. }
  53. $this->hasherFactory = $hasherFactory;
  54. $this->userProvider = $userProvider;
  55. }
  57. /**
  58. * {@inheritdoc}
  59. */
  60. protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
  61. {
  62. $currentUser = $token->getUser();
  63. if ($currentUser instanceof UserInterface) {
  64. if ($currentUser->getPassword() !== $user->getPassword()) {
  65. throw new BadCredentialsException('The credentials were changed from another session.');
  66. }
  67. } else {
  68. if ('' === ($presentedPassword = $token->getCredentials())) {
  69. throw new BadCredentialsException('The presented password cannot be empty.');
  70. }
  72. if (null === $user->getPassword()) {
  73. throw new BadCredentialsException('The presented password is invalid.');
  74. }
  76. if (!$user instanceof PasswordAuthenticatedUserInterface) {
  77. trigger_deprecation('symfony/security-core', '5.3', 'Using password-based authentication listeners while not implementing "%s" interface from class "%s" is deprecated.', PasswordAuthenticatedUserInterface::class, get_debug_type($user));
  78. }
  80. $salt = $user->getSalt();
  81. if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) {
  82. trigger_deprecation('symfony/security-core', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
  83. }
  85. // deprecated since Symfony 5.3
  86. if ($this->hasherFactory instanceof EncoderFactoryInterface) {
  87. $encoder = $this->hasherFactory->getEncoder($user);
  89. if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword, $salt)) {
  90. throw new BadCredentialsException('The presented password is invalid.');
  91. }
  93. if ($this->userProvider instanceof PasswordUpgraderInterface && method_exists($encoder, 'needsRehash') && $encoder->needsRehash($user->getPassword())) {
  94. $this->userProvider->upgradePassword($user, $encoder->encodePassword($presentedPassword, $user->getSalt()));
  95. }
  97. return;
  98. }
  100. $hasher = $this->hasherFactory->getPasswordHasher($user);
  102. if (!$hasher->verify($user->getPassword(), $presentedPassword, $salt)) {
  103. throw new BadCredentialsException('The presented password is invalid.');
  104. }
  106. if ($this->userProvider instanceof PasswordUpgraderInterface && $hasher->needsRehash($user->getPassword())) {
  107. $this->userProvider->upgradePassword($user, $hasher->hash($presentedPassword, $salt));
  108. }
  109. }
  110. }
  112. /**
  113. * {@inheritdoc}
  114. */
  115. protected function retrieveUser(string $userIdentifier, UsernamePasswordToken $token)
  116. {
  117. $user = $token->getUser();
  118. if ($user instanceof UserInterface) {
  119. return $user;
  120. }
  122. try {
  123. // @deprecated since Symfony 5.3, change to $this->userProvider->loadUserByIdentifier() in 6.0
  124. if (method_exists($this->userProvider, 'loadUserByIdentifier')) {
  125. $user = $this->userProvider->loadUserByIdentifier($userIdentifier);
  126. } else {
  127. trigger_deprecation('symfony/security-core', '5.3', 'Not implementing method "loadUserByIdentifier()" in user provider "%s" is deprecated. This method will replace "loadUserByUsername()" in Symfony 6.0.', get_debug_type($this->userProvider));
  129. $user = $this->userProvider->loadUserByUsername($userIdentifier);
  130. }
  132. if (!$user instanceof UserInterface) {
  133. throw new AuthenticationServiceException('The user provider must return a UserInterface object.');
  134. }
  136. return $user;
  137. } catch (UserNotFoundException $e) {
  138. $e->setUserIdentifier($userIdentifier);
  139. throw $e;
  140. } catch (\Exception $e) {
  141. $e = new AuthenticationServiceException($e->getMessage(), 0, $e);
  142. $e->setToken($token);
  143. throw $e;
  144. }
  145. }
  146. }