/** * @param TokenInterface $token * @param UserProviderInterface $userProvider * @param $providerKey * * @return UsernamePasswordToken */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { $authenticated = false; $authenticationService = null; $response = null; $failedAuthMessage = null; $user = $token->getUser(); $authenticatingService = $token instanceof PluginToken ? $token->getAuthenticatingService() : null; if (!$user instanceof User) { try { $user = $userProvider->loadUserByUsername($token->getUsername()); } catch (UsernameNotFoundException $e) { } // Will try with the given password unless the plugin explicitly failed authentication $tryWithPassword = true; // Try authenticating with a plugin first if ($this->dispatcher->hasListeners(UserEvents::USER_FORM_AUTHENTICATION)) { $integrations = $this->integrationHelper->getIntegrationObjects($authenticatingService, ['sso_form'], false, null, true); $authEvent = new AuthenticationEvent($user, $token, $userProvider, $this->request, false, $authenticatingService, $integrations); $this->dispatcher->dispatch(UserEvents::USER_FORM_AUTHENTICATION, $authEvent); if ($authenticated = $authEvent->isAuthenticated()) { $user = $authEvent->getUser(); $authenticatingService = $authEvent->getAuthenticatingService(); } elseif ($authEvent->isFailed()) { $tryWithPassword = false; } $response = $authEvent->getResponse(); $failedAuthMessage = $authEvent->getFailedAuthenticationMessage(); } if (!$authenticated && $tryWithPassword && $user instanceof User) { // Try authenticating with local password $authenticated = $this->encoder->isPasswordValid($user, $token->getCredentials()); } } else { // Assume the user is authenticated although the token will tell for sure $authenticated = true; } if ($authenticated) { return new PluginToken($providerKey, $authenticatingService, $user, $user->getPassword(), $user->getRoles(), $response); } elseif ($response) { return new PluginToken($providerKey, $authenticatingService, $user, '', [], $response); } if ($failedAuthMessage) { throw new AuthenticationException($failedAuthMessage); } throw new BadCredentialsException(); }