Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.

117 Zeilen
4.1KB

  1. <?php
  2. namespace Lc\SovBundle\Authenticator;
  3. use Lc\SovBundle\Model\User\UserInterface;
  4. use Lc\SovBundle\Doctrine\EntityManager;
  5. use Symfony\Component\HttpFoundation\RedirectResponse;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Component\Security\Core\User\UserInterface as SfUserInterface;
  8. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  11. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  12. use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
  13. use Symfony\Component\Security\Core\Security;
  14. use Symfony\Component\Security\Core\User\UserProviderInterface;
  15. use Symfony\Component\Security\Csrf\CsrfToken;
  16. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  17. use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
  18. use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
  19. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  20. class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements PasswordAuthenticatedInterface
  21. {
  22. use TargetPathTrait;
  23. public const LOGIN_ROUTE = 'sov_login';
  24. private $entityManager;
  25. private $urlGenerator;
  26. private $csrfTokenManager;
  27. private $passwordEncoder;
  28. public function __construct(
  29. EntityManager $entityManager,
  30. UrlGeneratorInterface $urlGenerator,
  31. CsrfTokenManagerInterface $csrfTokenManager,
  32. UserPasswordEncoderInterface $passwordEncoder
  33. ) {
  34. $this->entityManager = $entityManager;
  35. $this->urlGenerator = $urlGenerator;
  36. $this->csrfTokenManager = $csrfTokenManager;
  37. $this->passwordEncoder = $passwordEncoder;
  38. }
  39. public function supports(Request $request)
  40. {
  41. return self::LOGIN_ROUTE === $request->attributes->get('_route')
  42. && $request->isMethod('POST');
  43. }
  44. public function getCredentials(Request $request)
  45. {
  46. $credentials = [
  47. 'email' => $request->request->get('email'),
  48. 'password' => $request->request->get('password'),
  49. 'csrf_token' => $request->request->get('_csrf_token'),
  50. ];
  51. $request->getSession()->set(
  52. Security::LAST_USERNAME,
  53. $credentials['email']
  54. );
  55. return $credentials;
  56. }
  57. public function getUser($credentials, UserProviderInterface $userProvider)
  58. {
  59. $token = new CsrfToken('authenticate', $credentials['csrf_token']);
  60. if (!$this->csrfTokenManager->isTokenValid($token)) {
  61. throw new InvalidCsrfTokenException();
  62. }
  63. $user = $this->entityManager->getRepository(UserInterface::class)->findOneBy(
  64. ['email' => $credentials['email']]
  65. );
  66. if (!$user) {
  67. // fail authentication with a custom error
  68. throw new CustomUserMessageAuthenticationException('Email could not be found.');
  69. }
  70. return $user;
  71. }
  72. public function checkCredentials($credentials, SfUserInterface $user)
  73. {
  74. return $this->passwordEncoder->isPasswordValid($user, $credentials['password']);
  75. }
  76. /**
  77. * Used to upgrade (rehash) the user's password automatically over time.
  78. */
  79. public function getPassword($credentials): ?string
  80. {
  81. return $credentials['password'];
  82. }
  83. public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
  84. {
  85. $routeName = 'home';
  86. $email = $request->request->get('email');
  87. $user = $this->entityManager->getRepository(UserInterface::class)->findOneBy(['email' => $email]);
  88. if ($user && ($user->hasRole('ROLE_ADMIN') || $user->hasRole('ROLE_SUPER_ADMIN'))) {
  89. $routeName = 'admin_dashboard';
  90. }
  91. return new RedirectResponse($this->urlGenerator->generate($routeName));
  92. }
  93. protected function getLoginUrl()
  94. {
  95. return $this->urlGenerator->generate(self::LOGIN_ROUTE);
  96. }
  97. }