vendor/symfony/security-http/EventListener/CheckCredentialsListener.php line 50

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\EventListener;
  14. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15. use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
  16. use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
  17. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  18. use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
  19. use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
  20. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  21. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials;
  22. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  23. use Symfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface;
  24. use Symfony\Component\Security\Http\Event\CheckPassportEvent;
  26. /**
  27.  * This listeners uses the interfaces of authenticators to
  28.  * determine how to check credentials.
  29.  *
  30.  * @author Wouter de Jong <wouter@driveamber.com>
  31.  *
  32.  * @final
  33.  */
  34. class CheckCredentialsListener implements EventSubscriberInterface
  35. {
  36.     private $hasherFactory;
  38.     /**
  39.      * @param PasswordHasherFactoryInterface $hasherFactory
  40.      */
  41.     public function __construct($hasherFactory)
  42.     {
  43.         if ($hasherFactory instanceof EncoderFactoryInterface) {
  44.             trigger_deprecation('symfony/security-core''5.3''Passing a "%s" instance to the "%s" constructor is deprecated, use "%s" instead.'EncoderFactoryInterface::class, __CLASS__PasswordHasherFactoryInterface::class);
  45.         }
  47.         $this->hasherFactory $hasherFactory;
  48.     }
  50.     public function checkPassport(CheckPassportEvent $event): void
  51.     {
  52.         $passport $event->getPassport();
  53.         if ($passport instanceof UserPassportInterface && $passport->hasBadge(PasswordCredentials::class)) {
  54.             // Use the password hasher to validate the credentials
  55.             $user $passport->getUser();
  57.             if (!$user instanceof PasswordAuthenticatedUserInterface) {
  58.                 trigger_deprecation('symfony/security-http''5.3''Not implementing the "%s" interface in class "%s" while using password-based authentication is deprecated.'PasswordAuthenticatedUserInterface::class, get_debug_type($user));
  59.             }
  61.             /** @var PasswordCredentials $badge */
  62.             $badge $passport->getBadge(PasswordCredentials::class);
  64.             if ($badge->isResolved()) {
  65.                 return;
  66.             }
  68.             $presentedPassword $badge->getPassword();
  69.             if ('' === $presentedPassword) {
  70.                 throw new BadCredentialsException('The presented password cannot be empty.');
  71.             }
  73.             if (null === $user->getPassword()) {
  74.                 throw new BadCredentialsException('The presented password is invalid.');
  75.             }
  77.             $salt method_exists($user'getSalt') ? $user->getSalt() : '';
  78.             if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) {
  79.                 trigger_deprecation('symfony/security-http''5.3''Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.'LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
  80.             }
  82.             // @deprecated since Symfony 5.3
  83.             if ($this->hasherFactory instanceof EncoderFactoryInterface) {
  84.                 if (!$this->hasherFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword$salt)) {
  85.                     throw new BadCredentialsException('The presented password is invalid.');
  86.                 }
  87.             } else {
  88.                 if (!$this->hasherFactory->getPasswordHasher($user)->verify($user->getPassword(), $presentedPassword$salt)) {
  89.                     throw new BadCredentialsException('The presented password is invalid.');
  90.                 }
  91.             }
  93.             $badge->markResolved();
  95.             if (!$passport->hasBadge(PasswordUpgradeBadge::class)) {
  96.                 $passport->addBadge(new PasswordUpgradeBadge($presentedPassword));
  97.             }
  99.             return;
  100.         }
  102.         if ($passport->hasBadge(CustomCredentials::class)) {
  103.             /** @var CustomCredentials $badge */
  104.             $badge $passport->getBadge(CustomCredentials::class);
  105.             if ($badge->isResolved()) {
  106.                 return;
  107.             }
  109.             $badge->executeCustomChecker($passport->getUser());
  111.             return;
  112.         }
  113.     }
  115.     public static function getSubscribedEvents(): array
  116.     {
  117.         return [CheckPassportEvent::class => 'checkPassport'];
  118.     }
  119. }