src/Security/LoginFormAuthenticator.php line 207

Open in your IDE?
  1. <?php
  3. namespace App\Security;
  5. use App\Object\Admin\User;
  6. use App\Services\Admin\CustomerService;
  7. use App\Services\Admin\UserService;
  8. use App\Services\Main\ApiService;
  9. use App\Services\Main\SecurityService;
  10. use App\Services\Util\ClockService;
  12. use App\Services\Util\JsonService;
  13. use Symfony\Component\HttpFoundation\RedirectResponse;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpFoundation\RequestStack;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  18. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  20. use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
  21. use Symfony\Component\Security\Core\Security;
  22. use Symfony\Component\Security\Core\User\UserInterface;
  23. use Symfony\Component\Security\Core\User\UserProviderInterface;
  24. use Symfony\Component\Security\Csrf\CsrfToken;
  25. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  26. use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
  27. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  28. use Symfony\Contracts\HttpClient\Exception\DecodingExceptionInterface;
  29. use Symfony\Contracts\Translation\TranslatorInterface;
  31. /**
  32.  * Class LoginFormAuthenticator.
  33.  */
  34. class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
  35. {
  36.     use TargetPathTrait;
  38.     private const ERROR_DISABLED 'disabledUser';
  40.     private const ERROR_DELETED 'deletedUser';
  42.     private const ERROR_EXPIRED 'expiredCustomer';
  44.     private const ERROR_TWO_AUTH_REQUIRED 'twoAuthRequired';
  46.     /**
  47.      * @var UrlGeneratorInterface
  48.      */
  49.     private UrlGeneratorInterface $urlGenerator;
  51.     /**
  52.      * @var CsrfTokenManagerInterface
  53.      */
  54.     private CsrfTokenManagerInterface $csrfTokenManager;
  56.     /**
  57.      * @var SecurityService
  58.      */
  59.     private SecurityService $securityService;
  61.     /**
  62.      * @var CustomerService
  63.      */
  64.     private CustomerService $customerService;
  66.     private UserService $userService;
  68.     /**
  69.      * @var ApiService
  70.      */
  71.     private ApiService $apiService;
  73.     /**
  74.      * @var Request
  75.      */
  76.     private Request $request;
  78.     /**
  79.      * @var TranslatorInterface
  80.      */
  81.     private TranslatorInterface $translator;
  83.     /**
  84.      * @var ClockService
  85.      */
  86.     private ClockService $clockService;
  88.     /**
  89.      * @var JsonService
  90.      */
  91.     private JsonService $jsonService;
  93.     /**
  94.      * @var RequestStack
  95.      */
  96.     private RequestStack $requestStack;
  98.     /**
  99.      * LoginFormAuthenticator constructor.
  100.      *
  101.      * @param UrlGeneratorInterface $urlGenerator
  102.      * @param SessionInterface $session
  103.      * @param CsrfTokenManagerInterface $csrfTokenManager
  104.      * @param SecurityService $securityService
  105.      * @param CustomerService $customerService
  106.      * @param UserService $userService
  107.      * @param ApiService $apiService
  108.      * @param RequestStack $request
  109.      * @param ClockService $clockService
  110.      * @param JsonService $jsonService
  111.      * @param RequestStack $requestStack
  112.      */
  113.     public function __construct(
  114.         UrlGeneratorInterface $urlGenerator,
  115.         CsrfTokenManagerInterface $csrfTokenManager,
  116.         SecurityService $securityService,
  117.         CustomerService $customerService,
  118.         UserService $userService,
  119.         ApiService $apiService,
  120.         RequestStack $request,
  121.         TranslatorInterface $translator,
  122.         ClockService $clockService,
  123.         JsonService $jsonService,
  124.         RequestStack $requestStack
  125.     ) {
  126.         $this->urlGenerator $urlGenerator;
  127.         $this->csrfTokenManager $csrfTokenManager;
  128.         $this->securityService $securityService;
  129.         $this->customerService $customerService;
  130.         $this->userService $userService;
  131.         $this->apiService $apiService;
  132.         $this->request $request->getCurrentRequest();
  133.         $this->translator $translator;
  134.         $this->clockService $clockService;
  135.         $this->jsonService $jsonService;
  136.         $this->requestStack $requestStack;
  137.     }
  139.     /**
  140.      * @param Request $request
  141.      *
  142.      * @return bool
  143.      */
  144.     public function supports(Request $request): bool
  145.     {
  146.         //Root is translations and default landing page route
  147.         return in_array($request->attributes->get('_route'), ['app.login''root'])
  148.             && $request->isMethod('POST');
  149.     }
  151.     /**
  152.      * @param Request $request
  153.      *
  154.      * @return array|mixed
  155.      */
  156.     public function getCredentials(Request $request)
  157.     {
  158.         $credentials = [
  159.             'username' => $request->request->get('login')['login'],
  160.             'password' => $request->request->get('login')['password'],
  161.             'twoAuthToken' => $request->request->get('login')['twoAuthToken'] ?? null,
  162.             'csrf_token' => $request->request->get('_csrf_token'),
  163.         ];
  165.         $request->getSession()->set(
  166.             Security::LAST_USERNAME,
  167.             $credentials['username']
  168.         );
  170.         return $credentials;
  171.     }
  173.     /**
  174.      * @param mixed $credentials
  175.      * @param UserProviderInterface $userProvider
  176.      * @param null|array $tokens
  177.      *
  178.      * @throws DecodingExceptionInterface
  179.      *
  180.      * @return null|RedirectResponse|UserInterface
  181.      */
  182.     public function getUser($credentialsUserProviderInterface $userProvider, ?array $tokens null)
  183.     {
  184.         if (null === $tokens) {
  185.             if (isset($credentials['ssoToken'])) {
  186.                 $response $this->securityService->logUserSSO($credentials['ssoToken']);
  187.             } else {
  188.                 $token = new CsrfToken('authenticate'$credentials['csrf_token']);
  189.                 if (!$this->csrfTokenManager->isTokenValid($token)) {
  190.                     throw new InvalidCsrfTokenException();
  191.                 }
  192.                 $options = [
  193.                     'json' => [
  194.                         'username' => $credentials['username'],
  195.                         'password' => $credentials['password'],
  196.                     ],
  197.                 ];
  198.                 if (null !== $credentials['twoAuthToken']) {
  199.                     $options['headers']['TwoAuthToken'] = $credentials['twoAuthToken'];
  200.                 }
  201.                 $response $this->apiService->post('login'$options);
  202.             }
  204.             $loginResponse $response->getArrayResponse();
  206.             if ($loginResponse['error']) {
  207.                 throw new CustomUserMessageAuthenticationException('security.invalid');
  208.             }
  210.             $loginResult $response->getContent();
  212.             $token $loginResult['token'];
  213.             if (null === $token) {
  214.                 if (in_array($loginResult['errorMessage'], [self::ERROR_DISABLEDself::ERROR_EXPIRED])) {
  215.                     throw new CustomUserMessageAuthenticationException('security.disabled');
  216.                 }
  217.                 if (self::ERROR_TWO_AUTH_REQUIRED === $loginResult['errorMessage']) {
  218.                     $credentials['mailError'] = $loginResult['mailError'];
  220.                     throw new CustomUserMessageAuthenticationException('security.twoAuth.required.' mb_strtolower($loginResult['twoAuthType']), $credentials);
  221.                 }
  223.                 throw new CustomUserMessageAuthenticationException('security.invalid');
  224.             }
  225.             $refreshToken $loginResult['refresh_token'];
  226.         } else {
  227.             $token $tokens['token'];
  228.             $refreshToken $tokens['refresh_token'];
  229.         }
  231.         $this->securityService->setToken($token);
  232.         $this->securityService->setRefreshToken($refreshToken);
  234.         $response $this->apiService->get('user/me', [
  235.             'auth_bearer' => $token,
  236.         ]);
  238.         $userResponse $response->getArrayResponse();
  240.         if ($userResponse['error']) {
  241.             throw new CustomUserMessageAuthenticationException('security.invalid');
  242.         }
  243.         $userArray $response->getContent();
  245.         $user = new User();
  246.         $user->setId($userArray['id']);
  247.         $user->setLogin($userArray['login']);
  248.         $user->setTwoFactorAuth($userArray['two_factor_auth']);
  249.         $user->setCustomer($this->jsonService->denormalize(
  250.             $userArray['customer'],
  251.             'App\Object\Admin\Customer'
  252.         ));
  253.         $user->setCustomerType($userArray['customer']['customer_type']);
  254.         $user->setLastPasswordUpdateDate($userArray['last_password_update_date']);
  255.         $user->setRole($this->jsonService->denormalize(
  256.             $userArray['role'],
  257.             'App\Object\Admin\Role'
  258.         ));
  259.         if (!$user) {
  260.             // fail authentication with a custom error
  261.             throw new CustomUserMessageAuthenticationException('Username could not be found.');
  262.         }
  264.         return $user;
  265.     }
  267.     /**
  268.      * @param mixed $credentials
  269.      * @param UserInterface $user
  270.      *
  271.      * @return bool
  272.      */
  273.     public function checkCredentials($credentialsUserInterface $user): bool
  274.     {
  275.         return true;
  276.     }
  278.     /**
  279.      * Used to upgrade (rehash) the user's password automatically over time.
  280.      *
  281.      * @param $credentials
  282.      *
  283.      * @return null|string
  284.      */
  285.     public function getPassword($credentials): ?string
  286.     {
  287.         return $credentials['password'];
  288.     }
  290.     /**
  291.      * @param Request $request
  292.      * @param TokenInterface $token
  293.      * @param string $providerKey
  294.      *
  295.      * @return null|RedirectResponse|Response
  296.      */
  297.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $providerKey)
  298.     {
  299.         $user $token->getUser();
  300.         $rgpdInformation $this->userService->getRgpdInformation();
  301.         if ($rgpdInformation['isExpired']) {
  302.             return new RedirectResponse(
  303.                 $this->urlGenerator->generate('app.definePassword', [
  304.                     'rgpdOptions' => $rgpdInformation['rgpdOptions'],
  305.                     'login' => $user->getLogin(),
  306.                 ])
  307.             );
  308.         }
  310.         if (null === $user->getTwoFactorAuth() && $rgpdInformation['rgpdOptions']['forceTwoAuth']) {
  311.             $loginInformations $request->request->get('login');
  312.             $session $this->requestStack->getSession();
  313.             //Store in session to get it back after without passing it as request parameters
  314.             $session->set('login-informations'$loginInformations);
  316.             return new RedirectResponse(
  317.                 $this->urlGenerator->generate('app.defineTwoAuth')
  318.             );
  319.         }
  321.         if ($targetPath $this->getTargetPath($request->getSession(), $providerKey)) {
  322.             return new RedirectResponse($targetPath);
  323.         }
  325.         return new RedirectResponse(
  326.             $this->urlGenerator->generate('dashboard.index')
  327.         );
  328.     }
  330.     /**
  331.      * @return string
  332.      */
  333.     protected function getLoginUrl(): string
  334.     {
  335.         return $this->urlGenerator->generate('app.login');
  336.     }
  337. }