You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
97 lines
3.0 KiB
97 lines
3.0 KiB
<?php
|
|
|
|
namespace App\Security;
|
|
|
|
use App\Repository\UserRepository;
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
use Symfony\Component\Security\Core\User\UserInterface;
|
|
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
|
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
|
|
|
class TokenAuthenticator extends AbstractGuardAuthenticator
|
|
{
|
|
/**
|
|
* @var UserRepository
|
|
*/
|
|
private $userRepository;
|
|
|
|
public function __construct(UserRepository $userRepository)
|
|
{
|
|
$this->userRepository = $userRepository;
|
|
}
|
|
|
|
/**
|
|
* Called on every request to decide if this authenticator should be
|
|
* used for the request. Returning false will cause this authenticator
|
|
* to be skipped.
|
|
*/
|
|
public function supports(Request $request)
|
|
{
|
|
return $request->headers->has('X-AUTH-TOKEN');
|
|
}
|
|
|
|
/**
|
|
* Called on every request. Return whatever credentials you want to
|
|
* be passed to getUser() as $credentials.
|
|
*/
|
|
public function getCredentials(Request $request)
|
|
{
|
|
return array(
|
|
'token' => $request->headers->get('X-AUTH-TOKEN'),
|
|
);
|
|
}
|
|
|
|
public function getUser($credentials, UserProviderInterface $userProvider)
|
|
{
|
|
$apiToken = $credentials['token'];
|
|
|
|
if (null === $apiToken) {
|
|
return;
|
|
}
|
|
|
|
// if a User object, checkCredentials() is called
|
|
return $this->userRepository->findOneBy(['apiToken' => $apiToken]);
|
|
}
|
|
|
|
public function checkCredentials($credentials, UserInterface $user)
|
|
{
|
|
// check credentials - e.g. make sure the password is valid
|
|
// no credential check is needed in this case
|
|
|
|
// return true to cause authentication success
|
|
return true;
|
|
}
|
|
|
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
|
|
{
|
|
// on success, let the request continue
|
|
return null;
|
|
}
|
|
|
|
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
|
|
{
|
|
$message = strtr($exception->getMessageKey(), $exception->getMessageData());
|
|
// or to translate this message
|
|
// $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
|
|
|
|
// This should translated by FOSRestBundle!
|
|
throw new AccessDeniedHttpException($message);
|
|
}
|
|
|
|
/**
|
|
* Called when authentication is needed, but it's not sent
|
|
*/
|
|
public function start(Request $request, AuthenticationException $authException = null)
|
|
{
|
|
throw new UnauthorizedHttpException('', 'Authentication Required');
|
|
}
|
|
|
|
public function supportsRememberMe()
|
|
{
|
|
return false;
|
|
}
|
|
} |