vendor/symfony/security-core/Authentication/AuthenticationProviderManager.php line 27

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Core\Authentication;
  14. use Symfony\Component\PasswordHasher\Exception\InvalidPasswordException;
  15. use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
  16. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  17. use Symfony\Component\Security\Core\AuthenticationEvents;
  18. use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
  19. use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent;
  20. use Symfony\Component\Security\Core\Exception\AccountStatusException;
  21. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  22. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  23. use Symfony\Component\Security\Core\Exception\ProviderNotFoundException;
  24. use Symfony\Component\Security\Core\User\UserInterface;
  25. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  27. trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', AuthenticationProviderManager::class);
  29. // Help opcache.preload discover always-needed symbols
  30. class_exists(AuthenticationEvents::class);
  31. class_exists(AuthenticationFailureEvent::class);
  32. class_exists(AuthenticationSuccessEvent::class);
  34. /**
  35. * AuthenticationProviderManager uses a list of AuthenticationProviderInterface
  36. * instances to authenticate a Token.
  37. *
  38. * @author Fabien Potencier <fabien@symfony.com>
  39. * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  40. *
  41. * @deprecated since Symfony 5.3, use the new authenticator system instead
  42. */
  43. class AuthenticationProviderManager implements AuthenticationManagerInterface
  44. {
  45. private $providers;
  46. private $eraseCredentials;
  47. private $eventDispatcher;
  49. /**
  50. * @param iterable<mixed, AuthenticationProviderInterface> $providers An iterable with AuthenticationProviderInterface instances as values
  51. * @param bool $eraseCredentials Whether to erase credentials after authentication or not
  52. *
  53. * @throws \InvalidArgumentException
  54. */
  55. public function __construct(iterable $providers, bool $eraseCredentials = true)
  56. {
  57. if (!$providers) {
  58. throw new \InvalidArgumentException('You must at least add one authentication provider.');
  59. }
  61. $this->providers = $providers;
  62. $this->eraseCredentials = $eraseCredentials;
  63. }
  65. public function setEventDispatcher(EventDispatcherInterface $dispatcher)
  66. {
  67. $this->eventDispatcher = $dispatcher;
  68. }
  70. /**
  71. * {@inheritdoc}
  72. */
  73. public function authenticate(TokenInterface $token)
  74. {
  75. $lastException = null;
  76. $result = null;
  78. foreach ($this->providers as $provider) {
  79. if (!$provider instanceof AuthenticationProviderInterface) {
  80. throw new \InvalidArgumentException(sprintf('Provider "%s" must implement the AuthenticationProviderInterface.', get_debug_type($provider)));
  81. }
  83. if (!$provider->supports($token)) {
  84. continue;
  85. }
  87. try {
  88. $result = $provider->authenticate($token);
  90. if (null !== $result) {
  91. break;
  92. }
  93. } catch (AccountStatusException $e) {
  94. $lastException = $e;
  96. break;
  97. } catch (AuthenticationException $e) {
  98. $lastException = $e;
  99. } catch (InvalidPasswordException $e) {
  100. $lastException = new BadCredentialsException('Bad credentials.', 0, $e);
  101. }
  102. }
  104. if (null !== $result) {
  105. if (true === $this->eraseCredentials) {
  106. $result->eraseCredentials();
  107. }
  109. if (null !== $this->eventDispatcher) {
  110. $this->eventDispatcher->dispatch(new AuthenticationSuccessEvent($result), AuthenticationEvents::AUTHENTICATION_SUCCESS);
  111. }
  113. // @deprecated since Symfony 5.3
  114. if ($result->getUser() instanceof UserInterface && !method_exists($result->getUser(), 'getUserIdentifier')) {
  115. trigger_deprecation('symfony/security-core', '5.3', 'Not implementing method "getUserIdentifier(): string" in user class "%s" is deprecated. This method will replace "getUsername()" in Symfony 6.0.', get_debug_type($result->getUser()));
  116. }
  118. return $result;
  119. }
  121. if (null === $lastException) {
  122. $lastException = new ProviderNotFoundException(sprintf('No Authentication Provider found for token of class "%s".', \get_class($token)));
  123. }
  125. if (null !== $this->eventDispatcher) {
  126. $this->eventDispatcher->dispatch(new AuthenticationFailureEvent($token, $lastException), AuthenticationEvents::AUTHENTICATION_FAILURE);
  127. }
  129. $lastException->setToken($token);
  131. throw $lastException;
  132. }
  133. }