/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } $username = $token->getUsername(); if (empty($username)) { $username = '******'; } try { $user = $this->retrieveUser($username, $token); } catch (UsernameNotFoundException $notFound) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $notFound); } $notFound->setUsername($username); throw $notFound; } if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.'); } try { $this->userChecker->checkPreAuth($user); $this->checkAuthentication($user, $token); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $e); } throw $e; } $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $this->getRoles($user, $token)); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } $username = null === $token->getUser() ? 'NONE_PROVIDED' : (string) $token; try { $user = $this->retrieveUser($username, $token); if (!$user instanceof AccountInterface) { throw new AuthenticationServiceException('retrieveUser() must return an AccountInterface.'); } $this->accountChecker->checkPreAuth($user); $this->checkAuthentication($user, $token); $this->accountChecker->checkPostAuth($user); $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; } catch (UsernameNotFoundException $notFound) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $notFound); } throw $notFound; } }
/** * Authentication logic to allow Ldap user * * @param \IMAG\LdapBundle\User\LdapUserInterface $user * @param TokenInterface $token * * @return \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken $token */ private function ldapAuthenticate(LdapUserInterface $user, TokenInterface $token) { // provide credential to LdapUserEvent $userEvent = new LdapUserEvent($user, $token->getCredentials()); if (null !== $this->dispatcher) { try { $this->dispatcher->dispatch(LdapEvents::PRE_BIND, $userEvent); } catch (AuthenticationException $expt) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $expt); } throw $expt; } } $this->bind($user, $token); if (null === $user->getDn()) { $user = $this->reloadUser($user); } if (null !== $this->dispatcher) { // provide credential to LdapUserEvent $userEvent = new LdapUserEvent($user, $token->getCredentials()); try { $this->dispatcher->dispatch(LdapEvents::POST_BIND, $userEvent); } catch (AuthenticationException $authenticationException) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $authenticationException); } throw $authenticationException; } } $token = new UsernamePasswordToken($userEvent->getUser(), null, $this->providerKey, $userEvent->getUser()->getRoles()); $token->setAttributes($token->getAttributes()); return $token; }
/** * @param TokenInterface $token * @return null|UsernamePasswordToken */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } $adminUsername = $token->getUsername(); if ($token->hasAttribute('desired_user')) { $username = $token->getAttribute('desired_user'); } try { $adminUser = $this->retrieveUser($adminUsername, $token); $user = empty($username) ? $adminUser : $this->retrieveUser($username, $token); } catch (UsernameNotFoundException $notFound) { if ($this->hideUserNotFoundException) { throw new BadCredentialsException('Bad credentials', 0, $notFound); } throw $notFound; } if (!$adminUser instanceof UserInterface) { throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.'); } try { $this->userChecker->checkPreAuth($user); $this->checkAuthentication($adminUser, $token); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { if ($this->hideUserNotFoundException) { throw new BadCredentialsException('Bad credentials', 0, $e); } throw $e; } $attributes = $token->getAttributes(); $roles = $user->getRoles(); if ($token->hasAttribute('desired_user')) { $roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', new UsernamePasswordToken($adminUser, $adminUser->getPassword(), $this->providerKey, $adminUser->getRoles())); unset($attributes['desired_user']); } $authenticatedToken = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles); $authenticatedToken->setAttributes($attributes); return $authenticatedToken; }
/** * @param UserInterface $user * @param TokenInterface $token * @return UsernamePasswordToken */ protected function doAuthentication(UserInterface $user, TokenInterface $token) { $auth = (new AuthenticationOperation())->setUsername($user->getUsername())->setPassword($token->getCredentials()); /** @var AuthenticationResponse $response */ $response = $this->ldap->getConnection()->execute($auth); if (!$response->isAuthenticated()) { $this->userChecker->checkLdapErrorCode($user, $response->getErrorCode(), $this->ldap->getConnection()->getConfig()->getLdapType()); throw new BadCredentialsException($response->getErrorMessage(), $response->getErrorCode()); } $this->dispatcher->dispatch(LdapLoginEvent::SUCCESS, new LdapLoginEvent($user, $token)); $newToken = new UsernamePasswordToken($user, null, $this->providerKey, $user->getRoles()); $newToken->setAttributes($token->getAttributes()); return $newToken; }
/** * Authentication logic to allow IMAP user * * @param Symfony\Component\Security\Core\User\UserInterface $user * @param Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token * * @return \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken $token */ private function imapAuthenticate(UserInterface $user, TokenInterface $token) { $userEvent = new ImapUserEvent($user); if (null !== $this->dispatcher) { try { $this->dispatcher->dispatch(ImapEvents::PRE_BIND, $userEvent); } catch (AuthenticationException $exception) { $this->throwBadCredentialsException($exception); } } $this->bind($user, $token); if (null === $user->getUsername()) { $user = $this->reloadUser($user); } if (null !== $this->dispatcher) { $userEvent = new ImapUserEvent($user); try { $this->dispatcher->dispatch(ImapEvents::POST_BIND, $userEvent); } catch (AuthenticationException $exception) { $this->throwBadCredentialsException($exception); } } $authenticatedToken = new UsernamePasswordToken($userEvent->getUser(), null, $this->providerKey, $userEvent->getUser()->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; }