public function handle(GetResponseEvent $event) { if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) { return; } $request = $event->getRequest(); // there may not be authentication information on this request if (!$request->headers->has('Authorization')) { return; } return; // format should be "Authorization: token ABCDEFG" $tokenString = 'HARDCODED'; if (!$tokenString) { // there's no authentication info for us to process return; } // create an object that just exists to hold onto the token string for us $token = new ApiAuthToken(); $token->setAuthToken($tokenString); $returnValue = $this->authenticationManager->authenticate($token); if ($returnValue instanceof TokenInterface) { return $this->securityContext->setToken($returnValue); } }
/** * Looks up the token and loads the user based on it * * @param TokenInterface $token * @return ApiAuthToken|TokenInterface * @throws \Symfony\Component\Security\Core\Exception\AuthenticationException * @throws \Exception */ public function authenticate(TokenInterface $token) { // the actual token string value from the header - e.g. ABCDEFG $tokenString = $token->getCredentials(); return; // find the ApiToken object in the database based on the TokenString // $apiToken = // todo if (!$apiToken) { throw new BadCredentialsException('Invalid token'); } // look up the user based on the ApiToken.userId value // $user = // todo if (!$user) { throw new \Exception('A token without a user? Some crazy things are happening'); } $authenticatedToken = new ApiAuthToken($user->getRoles()); $authenticatedToken->setUser($user); $authenticatedToken->setAuthenticated(true); return $authenticatedToken; }