/** * {@inheritdoc} */ public function updateCredentials(HttpRequest $request) { $this->setStatus(self::AUTHENTICATION_NEEDED); $path = trim($request->getUri()->getPath(false), '/'); $logoutPath = trim((new Uri($this->auth->getLogoutUri()))->getPath(false), '/'); if ($path === $logoutPath) { return; } $session = $this->securityContext->getSession(); if ($session->isInitialized()) { $data = (array) $session->get($this->auth->getKey(), NULL); $identity = NULL; if (isset($data[FormAuthenticationProvider::SESSION_IDENTITY])) { $identity = (string) $data[FormAuthenticationProvider::SESSION_IDENTITY]; } if ($identity !== NULL) { $principal = $this->auth->getPrincipalProvider()->findPrincipal($identity); if ($principal !== NULL) { $this->setPrincipal($principal); return $this->setStatus(self::AUTHENTICATION_SUCCESSFUL); } } } if ($request->isPost(false) && $request->getMediaType()->is(Http::FORM_ENCODED)) { $fields = $request->getEntity()->getFields(); $data = isset($fields['auth']) ? (array) $fields['auth'] : []; $data = isset($data[$this->auth->getKey()]) ? (array) $data[$this->auth->getKey()] : []; if (array_key_exists(FormAuthenticationProvider::FIELD_USERNAME, $data)) { $this->username = (string) $data[FormAuthenticationProvider::FIELD_USERNAME]; } if (array_key_exists(FormAuthenticationProvider::FIELD_PASSWORD, $data)) { $this->password = (string) $data[FormAuthenticationProvider::FIELD_PASSWORD]; } if (array_key_exists(FormAuthenticationProvider::FIELD_GUARD, $data)) { $guard = (string) $data[FormAuthenticationProvider::FIELD_GUARD]; $data = (array) $session->get($this->auth->getKey(), NULL); if (array_key_exists(FormAuthenticationProvider::SESSION_GUARD, $data)) { if ((string) $data[FormAuthenticationProvider::SESSION_GUARD] == $guard) { $this->guarded = true; } } } return $this->setStatus(self::AUTHENTICATION_NEEDED); } }
/** * {@inheritdoc} */ public function authenticate(SecurityContextInterface $context, TokenInterface $token, HttpRequest $request) { if (!$token instanceof FormAuthToken) { throw new SecurityException(sprintf('Token %s not supported by provider %s', get_class($token), get_class($this))); } $this->failedLogin = false; $this->username = $token->getUsername(); $this->guard = bin2hex(random_bytes($this->guardByteCount)); $path = trim($request->getUri()->getPath(false), '/'); $loginPath = trim((new Uri($this->getLoginUri()))->getPath(false), '/'); $logoutPath = trim((new Uri($this->getLogoutUri()))->getPath(false), '/'); $isLogin = $path === $loginPath; $isLogout = $path === $logoutPath; $session = $context->getSession(); if ($isLogout) { $session->remove($this->getKey()); $token->setPrincipal(new AnonymousPrincipal()); $token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); return; } if ($isLogin) { try { if ($request->isPost(false)) { $identity = $token->getUsername(); $password = $token->getPassword(); // Fetch user independent of guard in order to prevent leakage of timing information. $principal = $this->getPrincipalProvider()->findPrincipalUsingPassword($identity, $password); // Invalidate when guard fails. if (!$token->isGuarded()) { $principal = NULL; } if ($principal !== NULL) { $session = $context->getSession(); $data = (array) $session->get($this->getKey(), NULL); $data[self::SESSION_IDENTITY] = (string) $principal->getIdentity(); $session->set($this->getKey(), $data); if (array_key_exists(self::SESSION_URI, $data)) { $uri = $data[self::SESSION_URI]; unset($data[self::SESSION_URI]); $session->set($this->getKey(), $data); $response = new HttpResponse(Http::REDIRECT_TEMPORARY); $response->setHeader('Location', $uri); return $response; } $token->setPrincipal($principal); $token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); return; } $this->failedLogin = true; } $token->setPrincipal(new AnonymousPrincipal()); $token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); return; } finally { $data = (array) $session->get($this->getKey(), []); $data[self::SESSION_GUARD] = $this->guard; $session->set($this->getKey(), $data); } } }