src/AdminBundle/Security/EventListener/CheckCredentialsListener.php line 41

Open in your IDE?
  1. <?php
  3. namespace App\AdminBundle\Security\EventListener;
  5. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  6. use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
  7. use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
  8. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  9. use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
  10. use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
  11. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  12. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials;
  13. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  14. use Symfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface;
  15. use Symfony\Component\Security\Http\Event\CheckPassportEvent;
  17. /**
  18.  * This listeners uses the interfaces of authenticators to
  19.  * determine how to check credentials.
  20.  */
  21. class CheckCredentialsListener implements EventSubscriberInterface
  22. {
  24.     private $hasherFactory;
  26.     /**
  27.      * @param PasswordHasherFactoryInterface $hasherFactory
  28.      */
  29.     public function __construct($hasherFactory)
  30.     {
  31.         if ($hasherFactory instanceof EncoderFactoryInterface) {
  32.             trigger_deprecation('symfony/security-core''5.3',
  33.                 'Passing a "%s" instance to the "%s" constructor is deprecated, use "%s" instead.',
  34.                 EncoderFactoryInterface::class, __CLASS__,
  35.                 PasswordHasherFactoryInterface::class);
  36.         }
  38.         $this->hasherFactory $hasherFactory;
  39.     }
  41.     public function checkPassport(CheckPassportEvent $event): void
  42.     {
  43.         $passport $event->getPassport();
  44.         if ($passport instanceof UserPassportInterface && $passport->hasBadge(PasswordCredentials::class)) {
  46.             // Use the password hasher to validate the credentials
  47.             $user $passport->getUser();
  49.             if (!$user instanceof PasswordAuthenticatedUserInterface) {
  50.                 trigger_deprecation('symfony/security-http''5.3',
  51.                     'Not implementing the "%s" interface in class "%s" while using password-based authentication is deprecated.',
  52.                     PasswordAuthenticatedUserInterface::class, get_debug_type($user));
  53.             }
  55.             /** @var PasswordCredentials $badge */
  56.             $badge $passport->getBadge(PasswordCredentials::class);
  58.             if ($badge->isResolved()) {
  59.                 return;
  60.             }
  62.             $presentedPassword $badge->getPassword();
  63.             if ('' === $presentedPassword) {
  64.                 throw new BadCredentialsException('CCL____404 - User ' $user->getId() . ': the presented password cannot be empty.');
  65.             }
  67.             if (null === $user->getPassword()) {
  68.                 throw new BadCredentialsException('CCL____405 - User ' $user->getId() . ': the presented password is invalid.');
  69.             }
  71.             $salt method_exists($user'getSalt') ? $user->getSalt() : '';
  72.             if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) {
  73.                 trigger_deprecation('symfony/security-http''5.3',
  74.                     'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.',
  75.                     LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
  76.             }
  78.             // @deprecated since Symfony 5.3
  79.             if ($this->hasherFactory instanceof EncoderFactoryInterface) {
  80.                 if (!$this->hasherFactory->getEncoder($user)->isPasswordValid($user->getPassword(),
  81.                         $presentedPassword$salt)) {
  82.                     throw new BadCredentialsException('CCL____405 - User ' $user->getId() . ': the presented password is invalid.');
  83.                 }
  84.             } else {
  85.                 if (!$this->hasherFactory->getPasswordHasher($user)->verify($user->getPassword(),
  86.                         $presentedPassword$salt)) {
  87.                     throw new BadCredentialsException('CCL____405 - User ' $user->getId() . ': the presented password is invalid.');
  88.                 }
  89.             }
  91.             $badge->markResolved();
  93.             if (!$passport->hasBadge(PasswordUpgradeBadge::class)) {
  94.                 $passport->addBadge(new PasswordUpgradeBadge($presentedPassword));
  95.             }
  96.         }
  98.         if ($passport->hasBadge(CustomCredentials::class)) {
  99.             
  100.             $badge $passport->getBadge(CustomCredentials::class);
  101.             if ($badge->isResolved()) {
  102.                 return;
  103.             }
  105.             $badge->executeCustomChecker($passport->getUser());
  106.         }
  107.     }
  109.     public static function getSubscribedEvents(): array
  110.     {
  111.         return [CheckPassportEvent::class => 'checkPassport'];
  112.     }
  114. }