userRepository = $userRepository; } /** * Called on every request to decide if this authenticator should be * used for the request. Returning false will cause this authenticator * to be skipped. */ public function supports(Request $request) { return $request->headers->has('X-AUTH-TOKEN'); } /** * Called on every request. Return whatever credentials you want to * be passed to getUser() as $credentials. */ public function getCredentials(Request $request) { return array( 'token' => $request->headers->get('X-AUTH-TOKEN'), ); } public function getUser($credentials, UserProviderInterface $userProvider) { $apiToken = $credentials['token']; if (null === $apiToken) { return; } // if a User object, checkCredentials() is called return $this->userRepository->findOneBy(['apiToken' => $apiToken]); } public function checkCredentials($credentials, UserInterface $user) { // check credentials - e.g. make sure the password is valid // no credential check is needed in this case // return true to cause authentication success return true; } public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { // on success, let the request continue return null; } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { $message = strtr($exception->getMessageKey(), $exception->getMessageData()); // or to translate this message // $this->translator->trans($exception->getMessageKey(), $exception->getMessageData()) // This should translated by FOSRestBundle! throw new AccessDeniedHttpException($message); } /** * Called when authentication is needed, but it's not sent */ public function start(Request $request, AuthenticationException $authException = null) { throw new UnauthorizedHttpException('', 'Authentication Required'); } public function supportsRememberMe() { return false; } }