vendor/symfony/security-http/EventListener/CheckCredentialsListener.php line 50

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Http\EventListener;
  14. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15. use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
  16. use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
  17. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  18. use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
  19. use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
  20. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  21. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials;
  22. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  23. use Symfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface;
  24. use Symfony\Component\Security\Http\Event\CheckPassportEvent;
  26. /**
  27. * This listeners uses the interfaces of authenticators to
  28. * determine how to check credentials.
  29. *
  30. * @author Wouter de Jong <wouter@driveamber.com>
  31. *
  32. * @final
  33. */
  34. class CheckCredentialsListener implements EventSubscriberInterface
  35. {
  36. private $hasherFactory;
  38. /**
  39. * @param PasswordHasherFactoryInterface $hasherFactory
  40. */
  41. public function __construct($hasherFactory)
  42. {
  43. if ($hasherFactory instanceof EncoderFactoryInterface) {
  44. trigger_deprecation('symfony/security-core', '5.3', 'Passing a "%s" instance to the "%s" constructor is deprecated, use "%s" instead.', EncoderFactoryInterface::class, __CLASS__, PasswordHasherFactoryInterface::class);
  45. }
  47. $this->hasherFactory = $hasherFactory;
  48. }
  50. public function checkPassport(CheckPassportEvent $event): void
  51. {
  52. $passport = $event->getPassport();
  53. if ($passport instanceof UserPassportInterface && $passport->hasBadge(PasswordCredentials::class)) {
  54. // Use the password hasher to validate the credentials
  55. $user = $passport->getUser();
  57. if (!$user instanceof PasswordAuthenticatedUserInterface) {
  58. trigger_deprecation('symfony/security-http', '5.3', 'Not implementing the "%s" interface in class "%s" while using password-based authentication is deprecated.', PasswordAuthenticatedUserInterface::class, get_debug_type($user));
  59. }
  61. /** @var PasswordCredentials $badge */
  62. $badge = $passport->getBadge(PasswordCredentials::class);
  64. if ($badge->isResolved()) {
  65. return;
  66. }
  68. $presentedPassword = $badge->getPassword();
  69. if ('' === $presentedPassword) {
  70. throw new BadCredentialsException('The presented password cannot be empty.');
  71. }
  73. if (null === $user->getPassword()) {
  74. throw new BadCredentialsException('The presented password is invalid.');
  75. }
  77. $salt = method_exists($user, 'getSalt') ? $user->getSalt() : '';
  78. if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) {
  79. trigger_deprecation('symfony/security-http', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
  80. }
  82. // @deprecated since Symfony 5.3
  83. if ($this->hasherFactory instanceof EncoderFactoryInterface) {
  84. if (!$this->hasherFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $salt)) {
  85. throw new BadCredentialsException('The presented password is invalid.');
  86. }
  87. } else {
  88. if (!$this->hasherFactory->getPasswordHasher($user)->verify($user->getPassword(), $presentedPassword, $salt)) {
  89. throw new BadCredentialsException('The presented password is invalid.');
  90. }
  91. }
  93. $badge->markResolved();
  95. if (!$passport->hasBadge(PasswordUpgradeBadge::class)) {
  96. $passport->addBadge(new PasswordUpgradeBadge($presentedPassword));
  97. }
  99. return;
  100. }
  102. if ($passport->hasBadge(CustomCredentials::class)) {
  103. /** @var CustomCredentials $badge */
  104. $badge = $passport->getBadge(CustomCredentials::class);
  105. if ($badge->isResolved()) {
  106. return;
  107. }
  109. $badge->executeCustomChecker($passport->getUser());
  111. return;
  112. }
  113. }
  115. public static function getSubscribedEvents(): array
  116. {
  117. return [CheckPassportEvent::class => 'checkPassport'];
  118. }
  119. }