vendor/symfony/security-http/Firewall/BasicAuthenticationListener.php line 25

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Psr\Log\LoggerInterface;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpKernel\Event\RequestEvent;
  17. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  18. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  19. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  20. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  21. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  22. use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
  23. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
  25. trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', AnonymousAuthenticationListener::class);
  27. /**
  28. * BasicAuthenticationListener implements Basic HTTP authentication.
  29. *
  30. * @author Fabien Potencier <fabien@symfony.com>
  31. *
  32. * @final
  33. *
  34. * @deprecated since Symfony 5.3, use the new authenticator system instead
  35. */
  36. class BasicAuthenticationListener extends AbstractListener
  37. {
  38. private $tokenStorage;
  39. private $authenticationManager;
  40. private $providerKey;
  41. private $authenticationEntryPoint;
  42. private $logger;
  43. private $ignoreFailure;
  44. private $sessionStrategy;
  46. public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, string $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint, ?LoggerInterface $logger = null)
  47. {
  48. if (empty($providerKey)) {
  49. throw new \InvalidArgumentException('$providerKey must not be empty.');
  50. }
  52. $this->tokenStorage = $tokenStorage;
  53. $this->authenticationManager = $authenticationManager;
  54. $this->providerKey = $providerKey;
  55. $this->authenticationEntryPoint = $authenticationEntryPoint;
  56. $this->logger = $logger;
  57. $this->ignoreFailure = false;
  58. }
  60. /**
  61. * {@inheritdoc}
  62. */
  63. public function supports(Request $request): ?bool
  64. {
  65. return null !== $request->headers->get('PHP_AUTH_USER');
  66. }
  68. /**
  69. * Handles basic authentication.
  70. */
  71. public function authenticate(RequestEvent $event)
  72. {
  73. $request = $event->getRequest();
  75. if (null === $username = $request->headers->get('PHP_AUTH_USER')) {
  76. return;
  77. }
  79. if (null !== $token = $this->tokenStorage->getToken()) {
  80. // @deprecated since Symfony 5.3, change to $token->getUserIdentifier() in 6.0
  81. if ($token instanceof UsernamePasswordToken && $token->isAuthenticated(false) && (method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername()) === $username) {
  82. return;
  83. }
  84. }
  86. if (null !== $this->logger) {
  87. $this->logger->info('Basic authentication Authorization header found for user.', ['username' => $username]);
  88. }
  90. try {
  91. $previousToken = $token;
  92. $token = $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $request->headers->get('PHP_AUTH_PW'), $this->providerKey));
  94. $this->migrateSession($request, $token, $previousToken);
  96. $this->tokenStorage->setToken($token);
  97. } catch (AuthenticationException $e) {
  98. $token = $this->tokenStorage->getToken();
  99. if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getFirewallName()) {
  100. $this->tokenStorage->setToken(null);
  101. }
  103. if (null !== $this->logger) {
  104. $this->logger->info('Basic authentication failed for user.', ['username' => $username, 'exception' => $e]);
  105. }
  107. if ($this->ignoreFailure) {
  108. return;
  109. }
  111. $event->setResponse($this->authenticationEntryPoint->start($request, $e));
  112. }
  113. }
  115. /**
  116. * Call this method if your authentication token is stored to a session.
  117. *
  118. * @final
  119. */
  120. public function setSessionAuthenticationStrategy(SessionAuthenticationStrategyInterface $sessionStrategy)
  121. {
  122. $this->sessionStrategy = $sessionStrategy;
  123. }
  125. private function migrateSession(Request $request, TokenInterface $token, ?TokenInterface $previousToken)
  126. {
  127. if (!$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession()) {
  128. return;
  129. }
  131. if ($previousToken) {
  132. $user = method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername();
  133. $previousUser = method_exists($previousToken, 'getUserIdentifier') ? $previousToken->getUserIdentifier() : $previousToken->getUsername();
  135. if ('' !== ($user ?? '') && $user === $previousUser) {
  136. return;
  137. }
  138. }
  140. $this->sessionStrategy->onAuthentication($request, $token);
  141. }
  142. }