vendor/symfony/security-core/Authentication/Provider/UserAuthenticationProvider.php line 26

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <[email protected]>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Core\Authentication\Provider;
  14. use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
  15. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  16. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  17. use Symfony\Component\Security\Core\Exception\AccountStatusException;
  18. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  19. use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
  20. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  21. use Symfony\Component\Security\Core\Exception\CustomUserMessageAccountStatusException;
  22. use Symfony\Component\Security\Core\Exception\UserNotFoundException;
  23. use Symfony\Component\Security\Core\User\UserCheckerInterface;
  24. use Symfony\Component\Security\Core\User\UserInterface;
  26. trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', UserAuthenticationProvider::class);
  28. /**
  29. * UserProviderInterface retrieves users for UsernamePasswordToken tokens.
  30. *
  31. * @author Fabien Potencier <[email protected]>
  32. *
  33. * @deprecated since Symfony 5.3, use the new authenticator system instead
  34. */
  35. abstract class UserAuthenticationProvider implements AuthenticationProviderInterface
  36. {
  37. private $hideUserNotFoundExceptions;
  38. private $userChecker;
  39. private $providerKey;
  41. /**
  42. * @throws \InvalidArgumentException
  43. */
  44. public function __construct(UserCheckerInterface $userChecker, string $providerKey, bool $hideUserNotFoundExceptions = true)
  45. {
  46. if (empty($providerKey)) {
  47. throw new \InvalidArgumentException('$providerKey must not be empty.');
  48. }
  50. $this->userChecker = $userChecker;
  51. $this->providerKey = $providerKey;
  52. $this->hideUserNotFoundExceptions = $hideUserNotFoundExceptions;
  53. }
  55. /**
  56. * {@inheritdoc}
  57. */
  58. public function authenticate(TokenInterface $token)
  59. {
  60. if (!$this->supports($token)) {
  61. throw new AuthenticationException('The token is not supported by this authentication provider.');
  62. }
  64. $username = method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername();
  65. if ('' === $username || null === $username) {
  66. $username = AuthenticationProviderInterface::USERNAME_NONE_PROVIDED;
  67. }
  69. try {
  70. $user = $this->retrieveUser($username, $token);
  71. } catch (UserNotFoundException $e) {
  72. if ($this->hideUserNotFoundExceptions) {
  73. throw new BadCredentialsException('Bad credentials.', 0, $e);
  74. }
  75. $e->setUserIdentifier($username);
  77. throw $e;
  78. }
  80. if (!$user instanceof UserInterface) {
  81. throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.');
  82. }
  84. try {
  85. $this->userChecker->checkPreAuth($user);
  86. $this->checkAuthentication($user, $token);
  87. $this->userChecker->checkPostAuth($user);
  88. } catch (AccountStatusException|BadCredentialsException $e) {
  89. if ($this->hideUserNotFoundExceptions && !$e instanceof CustomUserMessageAccountStatusException) {
  90. throw new BadCredentialsException('Bad credentials.', 0, $e);
  91. }
  93. throw $e;
  94. }
  96. if ($token instanceof SwitchUserToken) {
  97. $roles = $user->getRoles();
  98. $roles[] = 'ROLE_PREVIOUS_ADMIN';
  100. $authenticatedToken = new SwitchUserToken($user, $token->getCredentials(), $this->providerKey, $roles, $token->getOriginalToken());
  101. } else {
  102. $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
  103. }
  105. $authenticatedToken->setAttributes($token->getAttributes());
  107. return $authenticatedToken;
  108. }
  110. /**
  111. * {@inheritdoc}
  112. */
  113. public function supports(TokenInterface $token)
  114. {
  115. return $token instanceof UsernamePasswordToken && $this->providerKey === $token->getFirewallName();
  116. }
  118. /**
  119. * Retrieves the user from an implementation-specific location.
  120. *
  121. * @return UserInterface
  122. *
  123. * @throws AuthenticationException if the credentials could not be validated
  124. */
  125. abstract protected function retrieveUser(string $username, UsernamePasswordToken $token);
  127. /**
  128. * Does additional checks on the user and token (like validating the
  129. * credentials).
  130. *
  131. * @throws AuthenticationException if the credentials could not be validated
  132. */
  133. abstract protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token);
  134. }