/**
* {@inheritdoc}
*/
public function updateCredentials(HttpRequest $request)
{
$this->setStatus(self::AUTHENTICATION_NEEDED);
$path = trim($request->getUri()->getPath(false), '/');
$logoutPath = trim((new Uri($this->auth->getLogoutUri()))->getPath(false), '/');
if ($path === $logoutPath) {
return;
}
$session = $this->securityContext->getSession();
if ($session->isInitialized()) {
$data = (array) $session->get($this->auth->getKey(), NULL);
$identity = NULL;
if (isset($data[FormAuthenticationProvider::SESSION_IDENTITY])) {
$identity = (string) $data[FormAuthenticationProvider::SESSION_IDENTITY];
}
if ($identity !== NULL) {
$principal = $this->auth->getPrincipalProvider()->findPrincipal($identity);
if ($principal !== NULL) {
$this->setPrincipal($principal);
return $this->setStatus(self::AUTHENTICATION_SUCCESSFUL);
}
}
}
if ($request->isPost(false) && $request->getMediaType()->is(Http::FORM_ENCODED)) {
$fields = $request->getEntity()->getFields();
$data = isset($fields['auth']) ? (array) $fields['auth'] : [];
$data = isset($data[$this->auth->getKey()]) ? (array) $data[$this->auth->getKey()] : [];
if (array_key_exists(FormAuthenticationProvider::FIELD_USERNAME, $data)) {
$this->username = (string) $data[FormAuthenticationProvider::FIELD_USERNAME];
}
if (array_key_exists(FormAuthenticationProvider::FIELD_PASSWORD, $data)) {
$this->password = (string) $data[FormAuthenticationProvider::FIELD_PASSWORD];
}
if (array_key_exists(FormAuthenticationProvider::FIELD_GUARD, $data)) {
$guard = (string) $data[FormAuthenticationProvider::FIELD_GUARD];
$data = (array) $session->get($this->auth->getKey(), NULL);
if (array_key_exists(FormAuthenticationProvider::SESSION_GUARD, $data)) {
if ((string) $data[FormAuthenticationProvider::SESSION_GUARD] == $guard) {
$this->guarded = true;
}
}
}
return $this->setStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* {@inheritdoc}
*/
public function authenticate(SecurityContextInterface $context, TokenInterface $token, HttpRequest $request)
{
if (!$token instanceof FormAuthToken) {
throw new SecurityException(sprintf('Token %s not supported by provider %s', get_class($token), get_class($this)));
}
$this->failedLogin = false;
$this->username = $token->getUsername();
$this->guard = bin2hex(random_bytes($this->guardByteCount));
$path = trim($request->getUri()->getPath(false), '/');
$loginPath = trim((new Uri($this->getLoginUri()))->getPath(false), '/');
$logoutPath = trim((new Uri($this->getLogoutUri()))->getPath(false), '/');
$isLogin = $path === $loginPath;
$isLogout = $path === $logoutPath;
$session = $context->getSession();
if ($isLogout) {
$session->remove($this->getKey());
$token->setPrincipal(new AnonymousPrincipal());
$token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
return;
}
if ($isLogin) {
try {
if ($request->isPost(false)) {
$identity = $token->getUsername();
$password = $token->getPassword();
// Fetch user independent of guard in order to prevent leakage of timing information.
$principal = $this->getPrincipalProvider()->findPrincipalUsingPassword($identity, $password);
// Invalidate when guard fails.
if (!$token->isGuarded()) {
$principal = NULL;
}
if ($principal !== NULL) {
$session = $context->getSession();
$data = (array) $session->get($this->getKey(), NULL);
$data[self::SESSION_IDENTITY] = (string) $principal->getIdentity();
$session->set($this->getKey(), $data);
if (array_key_exists(self::SESSION_URI, $data)) {
$uri = $data[self::SESSION_URI];
unset($data[self::SESSION_URI]);
$session->set($this->getKey(), $data);
$response = new HttpResponse(Http::REDIRECT_TEMPORARY);
$response->setHeader('Location', $uri);
return $response;
}
$token->setPrincipal($principal);
$token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
return;
}
$this->failedLogin = true;
}
$token->setPrincipal(new AnonymousPrincipal());
$token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
return;
} finally {
$data = (array) $session->get($this->getKey(), []);
$data[self::SESSION_GUARD] = $this->guard;
$session->set($this->getKey(), $data);
}
}
}
