-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAbstractAuthenticator.php
More file actions
169 lines (150 loc) · 5.32 KB
/
AbstractAuthenticator.php
File metadata and controls
169 lines (150 loc) · 5.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
<?php
namespace Vayes\Auth;
use Vayes\Auth\Exception\AuthenticationException;
use Vayes\Auth\Exception\AuthenticationUserNotFoundException;
abstract class AbstractAuthenticator implements AuthenticatorInterface
{
/** @var string */
protected $authProviderKey;
/** @var string */
protected $logNS = '[AUTHENTICATOR]';
/**
* Does the authenticator support the given Request?
*
* If this returns false, the authenticator will be skipped.
*
* @return bool
*/
abstract public function supports(): bool;
/** Load translations that may be required for error or success messages */
abstract protected function loadTranslations(): void;
/**
* Get the authentication credentials from the request and return them
* as any type (e.g. an associate array).
*
* Whatever value you return here will be passed to getUser() and checkCredentials()
*
* For example, for a form login, you might:
*
* return [
* 'username' => $request->request->get('_username'),
* 'password' => $request->request->get('_password'),
* ];
*
* Or for an API token that's on a header, you might use:
*
* return ['api_key' => $request->headers->get('X-API-TOKEN')];
*
* @return mixed Any non-null value
*
* @throws \UnexpectedValueException If null is returned
*/
abstract protected function getCredentials(): array;
/**
* Return a UserInterface object based on the credentials.
*
* The *credentials* are the return value from getCredentials()
*
* You may throw an AuthenticationException if you wish. If you return
* null, then a UsernameNotFoundException is thrown for you.
*
* @param mixed $credentials
*
* @return UserInterface|null
* @throws AuthenticationUserNotFoundException
*
*/
abstract protected function getUser(array $credentials): ?UserInterface;
/**
* Returns true if the credentials are valid.
*
* If any value other than true is returned, authentication will
* fail. You may also throw an AuthenticationException if you wish
* to cause authentication to fail.
*
* The *credentials* are the return value from getCredentials()
*
* @param mixed $credentials
* @param UserInterface $user
*
* @return bool
*
* @throws AuthenticationException
*/
abstract protected function checkCredentials($credentials, UserInterface $user): bool;
/**
* Called when authentication executed, but failed (e.g. wrong username password).
*
* This should return the Response sent back to the user, like a
* RedirectResponse to the login page or a 403 response.
*
* If you return null, the request will continue, but the user will
* not be authenticated. This is probably not what you want to do.
*
* @param AuthenticationException $exception
* @return mixed
*/
abstract protected function onAuthenticationFailure(AuthenticationException $exception);
/**
* Called when authentication executed and was successful!
*
* This should return the Response sent back to the user, like a
* RedirectResponse to the last page they visited.
*
* If you return null, the current request will continue, and the user
* will be authenticated. This makes sense, for example, with an API.
*
* @param UserInterface $user
* @param string|null $providerKey
* @return mixed
*/
abstract protected function onAuthenticationSuccess(UserInterface $user, ?string $providerKey = null);
/**
* @return string
* @throws AuthenticationException
*/
protected function getAuthProvideKey(): string
{
if (null === $this->authProviderKey) {
throw new AuthenticationException('You must set a provider key for ' . get_class($this));
}
return $this->authProviderKey;
}
public function start()
{
if ($this->supports()) {
try {
$this->getAuthProvideKey();
} catch (AuthenticationException $e) {
return $this->onAuthenticationFailure($e);
}
$this->loadTranslations();
try {
$credentials = $this->getCredentials();
} catch (\InvalidArgumentException $e) {
return $this->onAuthenticationFailure(
new AuthenticationException($e->getMessage())
);
}
try {
$user = $this->getUser($credentials);
} catch (AuthenticationUserNotFoundException $e) {
return $this->onAuthenticationFailure($e);
}
try {
$isAuthenticated = $this->checkCredentials($credentials, $user);
} catch (AuthenticationException $e) {
return $this->onAuthenticationFailure($e);
}
if ($isAuthenticated) {
return $this->onAuthenticationSuccess($user, $this->authProviderKey);
} else {
return $this->onAuthenticationFailure(
new AuthenticationException('Authenticated but an error occurred.')
);
}
} else {
return false;
}
}
}