/**
* @param UserInterface $user
* @param UsernamePasswordToken $token
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
// this happens if we were already logged in
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if ("" === ($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
if ($token->hasAttribute('desired_user')) {
$roles = $user->getRoles();
if (!in_array('ROLE_ALLOWED_TO_SWITCH', $roles)) {
throw new BadCredentialsException('You are not allowed to login as other users.');
}
}
}
