232 lines
7.7 KiB
PHP
232 lines
7.7 KiB
PHP
<?php
|
|
|
|
/*
|
|
* doughnutwedding.com
|
|
* Copyright (C) 2017 http://doughnutwedding.com eric@doughnutwedding.com
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
namespace Sikofitt\Security;
|
|
|
|
use Doctrine\ORM\EntityManager;
|
|
use Sikofitt\App\Entity\User;
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|
use Symfony\Component\Security\Core\User\UserInterface;
|
|
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
|
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
|
|
|
|
class MysqlAuthenticator extends AbstractGuardAuthenticator
|
|
{
|
|
private $encoderFactory;
|
|
private $entityManager;
|
|
|
|
public function __construct(EncoderFactoryInterface $encoderFactory, EntityManager $entityManager)
|
|
{
|
|
$this->encoderFactory = $encoderFactory;
|
|
$this->entityManager = $entityManager;
|
|
}
|
|
|
|
/**
|
|
* Returns a response that directs the user to authenticate.
|
|
*
|
|
* This is called when an anonymous request accesses a resource that
|
|
* requires authentication. The job of this method is to return some
|
|
* response that "helps" the user start into the authentication process.
|
|
*
|
|
* Examples:
|
|
* A) For a form login, you might redirect to the login page
|
|
* return new RedirectResponse('/login');
|
|
* B) For an API token authentication system, you return a 401 response
|
|
* return new Response('Auth header required', 401);
|
|
*
|
|
* @param Request $request The request that resulted
|
|
* in an
|
|
* AuthenticationException
|
|
* @param AuthenticationException $authException The exception that started
|
|
* the authentication process
|
|
*
|
|
* @return Response
|
|
*/
|
|
public function start(
|
|
Request $request,
|
|
AuthenticationException $authException = null
|
|
) {
|
|
// TODO: Implement start() method.
|
|
}
|
|
|
|
/**
|
|
* Get the authentication credentials from the request and return them
|
|
* as any type (e.g. an associate array). If you return null,
|
|
* authentication
|
|
* will be skipped.
|
|
*
|
|
* Whatever value you return here will be passed to getUser() and
|
|
* checkCredentials()
|
|
*
|
|
* For example, for a form login, you might:
|
|
*
|
|
* if ($request->request->has('_username')) {
|
|
* return array(
|
|
* 'username' => $request->request->get('_username'),
|
|
* 'password' => $request->request->get('_password'),
|
|
* );
|
|
* } else {
|
|
* return;
|
|
* }
|
|
*
|
|
* Or for an API token that's on a header, you might use:
|
|
*
|
|
* return array('api_key' => $request->headers->get('X-API-TOKEN'));
|
|
*
|
|
* @param Request $request
|
|
*
|
|
* @return mixed|null
|
|
*/
|
|
public function getCredentials(Request $request)
|
|
{
|
|
$password = $request->request->get('password');
|
|
$email = $request->request->get('email');
|
|
|
|
if (isset($user[0])) {
|
|
$user = $user[0];
|
|
}
|
|
|
|
return [
|
|
'email' => $email,
|
|
'password' => $password,
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Return a UserInterface object based on the credentials.
|
|
*
|
|
* The *credentials* are the return value from getCredentials()
|
|
*
|
|
* You may throw an AuthenticationException if you wish. If you return
|
|
* null, then a UsernameNotFoundException is thrown for you.
|
|
*
|
|
* @param mixed $credentials
|
|
* @param UserProviderInterface $userProvider
|
|
*
|
|
* @throws AuthenticationException
|
|
*
|
|
* @return UserInterface|null
|
|
*/
|
|
public function getUser($credentials, UserProviderInterface $userProvider)
|
|
{
|
|
if (null === $userProvider->loadUserByUsername($credentials['email'])) {
|
|
return new User();
|
|
} else {
|
|
return $userProvider->loadUserByUsername($credentials['email']);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns true if the credentials are valid.
|
|
*
|
|
* If any value other than true is returned, authentication will
|
|
* fail. You may also throw an AuthenticationException if you wish
|
|
* to cause authentication to fail.
|
|
*
|
|
* The *credentials* are the return value from getCredentials()
|
|
*
|
|
* @param mixed $credentials
|
|
* @param UserInterface $user
|
|
*
|
|
* @throws AuthenticationException
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function checkCredentials($credentials, UserInterface $user)
|
|
{
|
|
$encoder = $this->encoderFactory->getEncoder($user);
|
|
|
|
return $encoder
|
|
->isPasswordValid(
|
|
$user->getPassword(),
|
|
$credentials['password'],
|
|
null
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Called when authentication executed, but failed (e.g. wrong username
|
|
* password).
|
|
*
|
|
* This should return the Response sent back to the user, like a
|
|
* RedirectResponse to the login page or a 403 response.
|
|
*
|
|
* If you return null, the request will continue, but the user will
|
|
* not be authenticated. This is probably not what you want to do.
|
|
*
|
|
* @param Request $request
|
|
* @param AuthenticationException $exception
|
|
*
|
|
* @return Response|null
|
|
*/
|
|
public function onAuthenticationFailure(
|
|
Request $request,
|
|
AuthenticationException $exception
|
|
) {
|
|
return new Response($exception->getMessage(), 403);
|
|
}
|
|
|
|
/**
|
|
* Called when authentication executed and was successful!
|
|
*
|
|
* This should return the Response sent back to the user, like a
|
|
* RedirectResponse to the last page they visited.
|
|
*
|
|
* If you return null, the current request will continue, and the user
|
|
* will be authenticated. This makes sense, for example, with an API.
|
|
*
|
|
* @param Request $request
|
|
* @param TokenInterface $token
|
|
* @param string $providerKey The provider (i.e. firewall) key
|
|
*
|
|
* @return Response|null
|
|
*/
|
|
public function onAuthenticationSuccess(
|
|
Request $request,
|
|
TokenInterface $token,
|
|
$providerKey
|
|
) {
|
|
$request->getSession()->set('user', $token.':'.$providerKey);
|
|
}
|
|
|
|
/**
|
|
* Does this method support remember me cookies?
|
|
*
|
|
* Remember me cookie will be set if *all* of the following are met:
|
|
* A) This method returns true
|
|
* B) The remember_me key under your firewall is configured
|
|
* C) The "remember me" functionality is activated. This is usually
|
|
* done by having a _remember_me checkbox in your form, but
|
|
* can be configured by the "always_remember_me" and
|
|
* "remember_me_parameter" parameters under the "remember_me" firewall
|
|
* key
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function supportsRememberMe()
|
|
{
|
|
return false;
|
|
}
|
|
}
|