/**
* {@inheritDoc}
*/
public function getSecurityIdentities(TokenInterface $token)
{
$sids = array();
// add user security identity
$user = $token->getUser();
if ($user instanceof AccountInterface) {
$sids[] = UserSecurityIdentity::fromAccount($user);
}
// add all reachable roles
foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) {
$sids[] = new RoleSecurityIdentity($role);
}
// add built-in special roles
if ($this->authenticationTrustResolver->isFullFledged($token)) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY);
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
} else {
if ($this->authenticationTrustResolver->isRememberMe($token)) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
} else {
if ($this->authenticationTrustResolver->isAnonymous($token)) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
}
}
}
return $sids;
}
/**
* Gets the original Token from a switched one.
*
* @param TokenInterface $token A switched TokenInterface instance
*
* @return TokenInterface|false The original TokenInterface instance, false if the current TokenInterface is not switched
*/
protected function getOriginalToken(TokenInterface $token)
{
foreach ($token->getRoles() as $role) {
if ($role instanceof SwitchUserRole) {
return $role->getSource();
}
}
return false;
}
protected function extractRoles(TokenInterface $token)
{
return $token->getRoles();
}
/**
* Refreshes the user by reloading it from the user provider
*
* @param TokenInterface $token
*
* @return TokenInterface|null
*/
protected function refreshUser(TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof AccountInterface) {
return $token;
}
if (null !== $this->logger) {
$this->logger->debug(sprintf('Reloading user from user provider.'));
}
foreach ($this->userProviders as $provider) {
try {
$cUser = $provider->loadUserByAccount($user);
$token->setRoles($cUser->getRoles());
$token->setUser($cUser);
if (false === $cUser->equals($user)) {
$token->setAuthenticated(false);
}
return $token;
} catch (UnsupportedAccountException $unsupported) {
// let's try the next user provider
} catch (UsernameNotFoundException $notFound) {
return null;
}
}
throw new \RuntimeException(sprintf('There is no user provider for user "%s".', get_class($user)));
}
/**
* {@inheritdoc}
*/
protected function extractRoles(TokenInterface $token)
{
return $this->roleHierarchy->getReachableRoles($token->getRoles());
}
/**
* Refreshes the user by reloading it from the user provider
*
* @param TokenInterface $token
* @return TokenInterface|null
*/
protected function refreshUser(TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof AccountInterface) {
return $token;
} else {
if (0 === strlen($username = (string) $token)) {
return $token;
} else {
if (null === ($providerName = $token->getUserProviderName())) {
return $token;
}
}
}
if (null !== $this->logger) {
$this->logger->debug(sprintf('Reloading user from user provider "%s".', $providerName));
}
foreach ($this->userProviders as $provider) {
if (!$provider->isAggregate() && $provider->supports($providerName)) {
try {
$result = $provider->loadUserByUsername($username);
if (!is_array($result) || 2 !== count($result)) {
throw new \RuntimeException('Provider returned an invalid result.');
}
list($cUser, $cProviderName) = $result;
} catch (\Exception $ex) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('An exception occurred while reloading the user: '******'User was loaded from different provider. Requested "%s", Used: "%s"', $providerName, $cProviderName));
}
$token->setRoles($cUser->getRoles());
$token->setUser($cUser);
if (false === $cUser->equals($user)) {
$token->setAuthenticated(false);
}
return $token;
}
}
throw new \RuntimeException(sprintf('There is no user provider named "%s".', $providerName));
}
