vendor/symfony/security-http/Authenticator/JsonLoginAuthenticator.php line 54

  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Authenticator;
  14. use Symfony\Component\HttpFoundation\JsonResponse;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  18. use Symfony\Component\PropertyAccess\Exception\AccessException;
  19. use Symfony\Component\PropertyAccess\PropertyAccess;
  20. use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
  21. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  22. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  23. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  24. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  25. use Symfony\Component\Security\Core\User\UserProviderInterface;
  26. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  27. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  28. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  29. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  30. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  31. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  32. use Symfony\Component\Security\Http\HttpUtils;
  33. use Symfony\Contracts\Translation\TranslatorInterface;
  35. /**
  36.  * Provides a stateless implementation of an authentication via
  37.  * a JSON document composed of a username and a password.
  38.  *
  39.  * @author Kévin Dunglas <dunglas@gmail.com>
  40.  * @author Wouter de Jong <wouter@wouterj.nl>
  41.  *
  42.  * @final
  43.  */
  44. class JsonLoginAuthenticator implements InteractiveAuthenticatorInterface
  45. {
  46.     private array $options;
  47.     private HttpUtils $httpUtils;
  48.     private UserProviderInterface $userProvider;
  49.     private PropertyAccessorInterface $propertyAccessor;
  50.     private ?AuthenticationSuccessHandlerInterface $successHandler;
  51.     private ?AuthenticationFailureHandlerInterface $failureHandler;
  52.     private ?TranslatorInterface $translator null;
  54.     public function __construct(HttpUtils $httpUtilsUserProviderInterface $userProviderAuthenticationSuccessHandlerInterface $successHandler nullAuthenticationFailureHandlerInterface $failureHandler null, array $options = [], PropertyAccessorInterface $propertyAccessor null)
  55.     {
  56.         $this->options array_merge(['username_path' => 'username''password_path' => 'password'], $options);
  57.         $this->httpUtils $httpUtils;
  58.         $this->successHandler $successHandler;
  59.         $this->failureHandler $failureHandler;
  60.         $this->userProvider $userProvider;
  61.         $this->propertyAccessor $propertyAccessor ?: PropertyAccess::createPropertyAccessor();
  62.     }
  64.     public function supports(Request $request): ?bool
  65.     {
  66.         if (
  67.             !str_contains($request->getRequestFormat() ?? '''json')
  68.             && !str_contains((method_exists(Request::class, 'getContentTypeFormat') ? $request->getContentTypeFormat() : $request->getContentType()) ?? '''json')
  69.         ) {
  70.             return false;
  71.         }
  73.         if (isset($this->options['check_path']) && !$this->httpUtils->checkRequestPath($request$this->options['check_path'])) {
  74.             return false;
  75.         }
  77.         return true;
  78.     }
  80.     public function authenticate(Request $request): Passport
  81.     {
  82.         try {
  83.             $credentials $this->getCredentials($request);
  84.         } catch (BadRequestHttpException $e) {
  85.             $request->setRequestFormat('json');
  87.             throw $e;
  88.         }
  90.         $userBadge = new UserBadge($credentials['username'], $this->userProvider->loadUserByIdentifier(...));
  91.         $passport = new Passport($userBadge, new PasswordCredentials($credentials['password']));
  93.         if ($this->userProvider instanceof PasswordUpgraderInterface) {
  94.             $passport->addBadge(new PasswordUpgradeBadge($credentials['password'], $this->userProvider));
  95.         }
  97.         return $passport;
  98.     }
  100.     public function createToken(Passport $passportstring $firewallName): TokenInterface
  101.     {
  102.         return new UsernamePasswordToken($passport->getUser(), $firewallName$passport->getUser()->getRoles());
  103.     }
  105.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  106.     {
  107.         if (null === $this->successHandler) {
  108.             return null// let the original request continue
  109.         }
  111.         return $this->successHandler->onAuthenticationSuccess($request$token);
  112.     }
  114.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  115.     {
  116.         if (null === $this->failureHandler) {
  117.             if (null !== $this->translator) {
  118.                 $errorMessage $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
  119.             } else {
  120.                 $errorMessage strtr($exception->getMessageKey(), $exception->getMessageData());
  121.             }
  123.             return new JsonResponse(['error' => $errorMessage], JsonResponse::HTTP_UNAUTHORIZED);
  124.         }
  126.         return $this->failureHandler->onAuthenticationFailure($request$exception);
  127.     }
  129.     public function isInteractive(): bool
  130.     {
  131.         return true;
  132.     }
  134.     public function setTranslator(TranslatorInterface $translator)
  135.     {
  136.         $this->translator $translator;
  137.     }
  139.     private function getCredentials(Request $request)
  140.     {
  141.         $data json_decode($request->getContent());
  142.         if (!$data instanceof \stdClass) {
  143.             throw new BadRequestHttpException('Invalid JSON.');
  144.         }
  146.         $credentials = [];
  147.         try {
  148.             $credentials['username'] = $this->propertyAccessor->getValue($data$this->options['username_path']);
  150.             if (!\is_string($credentials['username'])) {
  151.                 throw new BadRequestHttpException(sprintf('The key "%s" must be a string.'$this->options['username_path']));
  152.             }
  153.         } catch (AccessException $e) {
  154.             throw new BadRequestHttpException(sprintf('The key "%s" must be provided.'$this->options['username_path']), $e);
  155.         }
  157.         try {
  158.             $credentials['password'] = $this->propertyAccessor->getValue($data$this->options['password_path']);
  160.             if (!\is_string($credentials['password'])) {
  161.                 throw new BadRequestHttpException(sprintf('The key "%s" must be a string.'$this->options['password_path']));
  162.             }
  163.         } catch (AccessException $e) {
  164.             throw new BadRequestHttpException(sprintf('The key "%s" must be provided.'$this->options['password_path']), $e);
  165.         }
  167.         if ('' === $credentials['username'] || '' === $credentials['password']) {
  168.             trigger_deprecation('symfony/security''6.2''Passing an empty string as username or password parameter is deprecated.');
  169.         }
  171.         return $credentials;
  172.     }
  173. }