Subclasses likely have to implement the following:
- an TokenInterface to hold authentication related data
- an AuthenticationProvider to perform the actual authentication of the
token, retrieve the UserInterface implementation from a database, and
perform the specific account checks using the UserChecker
By default, this listener only is active for a specific path, e.g.
login_check. If you want to change this behavior, you can overwrite the
requiresAuthentication() method.
/** * {@inheritdoc} */ protected function requiresAuthentication(Request $request) { if (false == parent::requiresAuthentication($request)) { return false; } return $this->getRelyingParty()->supports($request); }
/** * {@inheritdoc} */ protected function requiresAuthentication(Request $request) { if ($this->options['post_only'] && !$request->isMethod('POST')) { return false; } return parent::requiresAuthentication($request); }
protected function attemptAuthentication(Request $request) { $config = array_merge(array('callback_url' => $this->options['check_path'], 'callback_transport' => 'post'), $this->options['opauth']); if (parent::requiresAuthentication($request)) { if (!isset($_POST['opauth'])) { throw new AuthenticationException('opauth post parameter is missing'); } // check_path $opauth = new Opauth($config, false); $response = unserialize(base64_decode($_POST['opauth'])); $failureReason = null; /** * Check if it's an error callback */ if (array_key_exists('error', $response)) { throw new AuthenticationException($response['error']); } else { if (empty($response['auth']) || empty($response['timestamp']) || empty($response['signature']) || empty($response['auth']['provider']) || empty($response['auth']['uid'])) { throw new AuthenticationException('Missing key auth response components'); } elseif (!$opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $failureReason)) { throw new AuthenticationException($failureReason); } else { $token = new OpauthToken(new OpauthResult($response['auth'])); return $this->authenticationManager->authenticate($token); } } } else { // this should redirect or print, it's an opauth thing... new Opauth($config); // we need to exit now unfortunately... exit; } }
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $csrfTokenManager = null) { if (null !== $csrfTokenManager && !$csrfTokenManager instanceof CsrfTokenManagerInterface) { throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.'); } parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, $options, $logger, $dispatcher); }
public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $csrfTokenManager = null) { if ($csrfTokenManager instanceof CsrfProviderInterface) { $csrfTokenManager = new CsrfProviderAdapter($csrfTokenManager); } elseif (null !== $csrfTokenManager && !$csrfTokenManager instanceof CsrfTokenManagerInterface) { throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.'); } parent::__construct($tokenStorage, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array('username_parameter' => '_username', 'password_parameter' => '_password', 'csrf_parameter' => '_csrf_token', 'intention' => 'authenticate', 'post_only' => true), $options), $logger, $dispatcher); $this->csrfTokenManager = $csrfTokenManager; }
/** * {@inheritdoc} */ public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $eventDispatcher = null, CsrfProviderInterface $csrfProvider = null) { parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $providerKey, array_merge(array( 'username_parameter' => '_username', 'password_parameter' => '_password', 'csrf_parameter' => '_csrf_token', 'csrf_page_id' => 'form_login', 'post_only' => true, ), $options), $successHandler, $failureHandler, $logger, $eventDispatcher); $this->csrfProvider = $csrfProvider; }
/** * Constructor. * * @param SecurityContextInterface $securityContext * @param AuthenticationManagerInterface $authenticationManager * @param SessionAuthenticationStrategyInterface $sessionStrategy * @param HttpUtils $httpUtils * @param string $providerKey * @param OAuthServiceRegistry $registry * @param AuthenticationSuccessHandlerInterface $successHandler * @param AuthenticationFailureHandlerInterface $failureHandler * @param array $options * @param LoggerInterface $logger * @param EventDispatcherInterface $dispatcher * @param mixed $csrfTokenManager */ public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, OAuthServiceRegistry $registry, AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $csrfTokenManager = null) { if ($csrfTokenManager instanceof CsrfProviderInterface) { $csrfTokenManager = new CsrfProviderAdapter($csrfTokenManager); } elseif (null !== $csrfTokenManager && !$csrfTokenManager instanceof CsrfTokenManagerInterface) { throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.'); } parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array('login_route' => '_auth_service', 'check_route' => '_auth_service_check', 'csrf_parameter' => '_csrf_token', 'intention' => 'oauth', 'post_only' => false), $options), $logger, $dispatcher); $this->registry = $registry; $this->csrfTokenManager = $csrfTokenManager; $this->dispatcher = $dispatcher; }
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null) { parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, $options, $logger, $dispatcher); $this->csrfProvider = $csrfProvider; }
/** * @param \Symfony\Component\Security\Core\SecurityContextInterface $securityContext * @param \Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface $authenticationManager * @param \SessionAuthenticationStrategyInterface $sessionStrategy * @param \Symfony\Component\Security\Http\HttpUtils $httpUtils * @param string $providerKey * @param \Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface $successHandler * @param \Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface $failureHandler * @param array $options * @param \Psr\Log\LoggerInterface $logger * @param \Symfony\Component\EventDispatcher\EventDispatcherInterface $dispatcher * @throws \InvalidArgumentException */ public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { // this needs to be disabled because Facebook authentication can be started almost anywhere, anytime $options['require_previous_session'] = false; parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, $options, $logger, $dispatcher); }
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $logger, $options = array(), $httpKernel) { $options = array(); parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, "user", new DefaultAuthenticationSuccessHandler($httpUtils, $options), new DefaultAuthenticationFailureHandler($httpKernel, $httpUtils, $options), array_merge(array('username_parameter' => '_username', 'password_parameter' => '_password', 'intention' => 'authenticate', 'post_only' => true), $options)); $this->authenticationManager = $authenticationManager; }
protected function requiresAuthentication(Request $request) { return parent::requiresAuthentication($request); }
/** * {@inheritdoc} */ public function __construct(SecurityContext $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null) { parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $providerKey, array_merge(array('username_parameter' => '_username', 'password_parameter' => '_password', 'post_only' => true), $options), $successHandler, $failureHandler, $logger); }