/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return;
}
$username = $token->getUsername();
if (empty($username)) {
$username = '******';
}
try {
$user = $this->retrieveUser($username, $token);
} catch (UsernameNotFoundException $notFound) {
if ($this->hideUserNotFoundExceptions) {
throw new BadCredentialsException('Bad credentials', 0, $notFound);
}
$notFound->setUsername($username);
throw $notFound;
}
if (!$user instanceof UserInterface) {
throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.');
}
try {
$this->userChecker->checkPreAuth($user);
$this->checkAuthentication($user, $token);
$this->userChecker->checkPostAuth($user);
} catch (BadCredentialsException $e) {
if ($this->hideUserNotFoundExceptions) {
throw new BadCredentialsException('Bad credentials', 0, $e);
}
throw $e;
}
$authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $this->getRoles($user, $token));
$authenticatedToken->setAttributes($token->getAttributes());
return $authenticatedToken;
}
/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return null;
}
$username = null === $token->getUser() ? 'NONE_PROVIDED' : (string) $token;
try {
$user = $this->retrieveUser($username, $token);
if (!$user instanceof AccountInterface) {
throw new AuthenticationServiceException('retrieveUser() must return an AccountInterface.');
}
$this->accountChecker->checkPreAuth($user);
$this->checkAuthentication($user, $token);
$this->accountChecker->checkPostAuth($user);
$authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
$authenticatedToken->setAttributes($token->getAttributes());
return $authenticatedToken;
} catch (UsernameNotFoundException $notFound) {
if ($this->hideUserNotFoundExceptions) {
throw new BadCredentialsException('Bad credentials', 0, $notFound);
}
throw $notFound;
}
}
/**
* Authentication logic to allow Ldap user
*
* @param \IMAG\LdapBundle\User\LdapUserInterface $user
* @param TokenInterface $token
*
* @return \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken $token
*/
private function ldapAuthenticate(LdapUserInterface $user, TokenInterface $token)
{
// provide credential to LdapUserEvent
$userEvent = new LdapUserEvent($user, $token->getCredentials());
if (null !== $this->dispatcher) {
try {
$this->dispatcher->dispatch(LdapEvents::PRE_BIND, $userEvent);
} catch (AuthenticationException $expt) {
if ($this->hideUserNotFoundExceptions) {
throw new BadCredentialsException('Bad credentials', 0, $expt);
}
throw $expt;
}
}
$this->bind($user, $token);
if (null === $user->getDn()) {
$user = $this->reloadUser($user);
}
if (null !== $this->dispatcher) {
// provide credential to LdapUserEvent
$userEvent = new LdapUserEvent($user, $token->getCredentials());
try {
$this->dispatcher->dispatch(LdapEvents::POST_BIND, $userEvent);
} catch (AuthenticationException $authenticationException) {
if ($this->hideUserNotFoundExceptions) {
throw new BadCredentialsException('Bad credentials', 0, $authenticationException);
}
throw $authenticationException;
}
}
$token = new UsernamePasswordToken($userEvent->getUser(), null, $this->providerKey, $userEvent->getUser()->getRoles());
$token->setAttributes($token->getAttributes());
return $token;
}
/**
* @param TokenInterface $token
* @return null|UsernamePasswordToken
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return null;
}
$adminUsername = $token->getUsername();
if ($token->hasAttribute('desired_user')) {
$username = $token->getAttribute('desired_user');
}
try {
$adminUser = $this->retrieveUser($adminUsername, $token);
$user = empty($username) ? $adminUser : $this->retrieveUser($username, $token);
} catch (UsernameNotFoundException $notFound) {
if ($this->hideUserNotFoundException) {
throw new BadCredentialsException('Bad credentials', 0, $notFound);
}
throw $notFound;
}
if (!$adminUser instanceof UserInterface) {
throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.');
}
try {
$this->userChecker->checkPreAuth($user);
$this->checkAuthentication($adminUser, $token);
$this->userChecker->checkPostAuth($user);
} catch (BadCredentialsException $e) {
if ($this->hideUserNotFoundException) {
throw new BadCredentialsException('Bad credentials', 0, $e);
}
throw $e;
}
$attributes = $token->getAttributes();
$roles = $user->getRoles();
if ($token->hasAttribute('desired_user')) {
$roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', new UsernamePasswordToken($adminUser, $adminUser->getPassword(), $this->providerKey, $adminUser->getRoles()));
unset($attributes['desired_user']);
}
$authenticatedToken = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles);
$authenticatedToken->setAttributes($attributes);
return $authenticatedToken;
}
/**
* @param UserInterface $user
* @param TokenInterface $token
* @return UsernamePasswordToken
*/
protected function doAuthentication(UserInterface $user, TokenInterface $token)
{
$auth = (new AuthenticationOperation())->setUsername($user->getUsername())->setPassword($token->getCredentials());
/** @var AuthenticationResponse $response */
$response = $this->ldap->getConnection()->execute($auth);
if (!$response->isAuthenticated()) {
$this->userChecker->checkLdapErrorCode($user, $response->getErrorCode(), $this->ldap->getConnection()->getConfig()->getLdapType());
throw new BadCredentialsException($response->getErrorMessage(), $response->getErrorCode());
}
$this->dispatcher->dispatch(LdapLoginEvent::SUCCESS, new LdapLoginEvent($user, $token));
$newToken = new UsernamePasswordToken($user, null, $this->providerKey, $user->getRoles());
$newToken->setAttributes($token->getAttributes());
return $newToken;
}
/**
* Authentication logic to allow IMAP user
*
* @param Symfony\Component\Security\Core\User\UserInterface $user
* @param Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
*
* @return \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken $token
*/
private function imapAuthenticate(UserInterface $user, TokenInterface $token)
{
$userEvent = new ImapUserEvent($user);
if (null !== $this->dispatcher) {
try {
$this->dispatcher->dispatch(ImapEvents::PRE_BIND, $userEvent);
} catch (AuthenticationException $exception) {
$this->throwBadCredentialsException($exception);
}
}
$this->bind($user, $token);
if (null === $user->getUsername()) {
$user = $this->reloadUser($user);
}
if (null !== $this->dispatcher) {
$userEvent = new ImapUserEvent($user);
try {
$this->dispatcher->dispatch(ImapEvents::POST_BIND, $userEvent);
} catch (AuthenticationException $exception) {
$this->throwBadCredentialsException($exception);
}
}
$authenticatedToken = new UsernamePasswordToken($userEvent->getUser(), null, $this->providerKey, $userEvent->getUser()->getRoles());
$authenticatedToken->setAttributes($token->getAttributes());
return $authenticatedToken;
}
