public function handle(GetResponseEvent $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
return;
}
$request = $event->getRequest();
// there may not be authentication information on this request
if (!$request->headers->has('Authorization')) {
return;
}
return;
// format should be "Authorization: token ABCDEFG"
$tokenString = 'HARDCODED';
if (!$tokenString) {
// there's no authentication info for us to process
return;
}
// create an object that just exists to hold onto the token string for us
$token = new ApiAuthToken();
$token->setAuthToken($tokenString);
$returnValue = $this->authenticationManager->authenticate($token);
if ($returnValue instanceof TokenInterface) {
return $this->securityContext->setToken($returnValue);
}
}
/**
* Looks up the token and loads the user based on it
*
* @param TokenInterface $token
* @return ApiAuthToken|TokenInterface
* @throws \Symfony\Component\Security\Core\Exception\AuthenticationException
* @throws \Exception
*/
public function authenticate(TokenInterface $token)
{
// the actual token string value from the header - e.g. ABCDEFG
$tokenString = $token->getCredentials();
return;
// find the ApiToken object in the database based on the TokenString
// $apiToken = // todo
if (!$apiToken) {
throw new BadCredentialsException('Invalid token');
}
// look up the user based on the ApiToken.userId value
// $user = // todo
if (!$user) {
throw new \Exception('A token without a user? Some crazy things are happening');
}
$authenticatedToken = new ApiAuthToken($user->getRoles());
$authenticatedToken->setUser($user);
$authenticatedToken->setAuthenticated(true);
return $authenticatedToken;
}
