|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Kuleuven\AuthenticationBundle\Security; |
|
4
|
|
|
|
|
5
|
|
|
use Kuleuven\AuthenticationBundle\Traits\LoggerTrait; |
|
6
|
|
|
use Psr\Log\LoggerAwareInterface; |
|
7
|
|
|
use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; |
|
8
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
|
9
|
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException; |
|
10
|
|
|
use Symfony\Component\Security\Core\Exception\BadCredentialsException; |
|
11
|
|
|
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; |
|
12
|
|
|
use Symfony\Component\Security\Core\Role\SwitchUserRole; |
|
13
|
|
|
use Symfony\Component\Security\Core\User\UserCheckerInterface; |
|
14
|
|
|
use Symfony\Component\Security\Core\User\UserProviderInterface; |
|
15
|
|
|
use Symfony\Component\Security\Core\User\UserInterface; |
|
16
|
|
|
|
|
17
|
|
|
class ShibbolethAuthenticationProvider implements AuthenticationProviderInterface, LoggerAwareInterface |
|
18
|
|
|
{ |
|
19
|
|
|
use LoggerTrait; |
|
20
|
|
|
|
|
21
|
|
|
/** |
|
22
|
|
|
* @var UserProviderInterface |
|
23
|
|
|
*/ |
|
24
|
|
|
protected $userProvider; |
|
25
|
|
|
|
|
26
|
|
|
/** |
|
27
|
|
|
* @var UserCheckerInterface |
|
28
|
|
|
*/ |
|
29
|
|
|
protected $userChecker; |
|
30
|
|
|
|
|
31
|
|
|
/** |
|
32
|
|
|
* @var string |
|
33
|
|
|
*/ |
|
34
|
|
|
protected $providerKey; |
|
35
|
|
|
|
|
36
|
|
|
/** |
|
37
|
|
|
* @param UserProviderInterface $userProvider |
|
38
|
|
|
* @param UserCheckerInterface $userChecker |
|
39
|
|
|
* @param string $providerKey |
|
40
|
|
|
*/ |
|
41
|
|
|
public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey) |
|
42
|
|
|
{ |
|
43
|
|
|
$this->userProvider = $userProvider; |
|
44
|
|
|
$this->userChecker = $userChecker; |
|
45
|
|
|
$this->providerKey = $providerKey; |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
/** |
|
49
|
|
|
* @inheritdoc |
|
50
|
|
|
*/ |
|
51
|
|
|
public function authenticate(TokenInterface $token) |
|
52
|
|
|
{ |
|
53
|
|
|
if (!$this->supports($token)) { |
|
54
|
|
|
$this->log(sprintf('Token not supported: %s', $token)); |
|
55
|
|
|
return null; |
|
56
|
|
|
} |
|
57
|
|
|
|
|
58
|
|
|
if (!$user = $token->getUser()) { |
|
59
|
|
|
$this->log(sprintf('User not found in token: %s', $token)); |
|
60
|
|
|
throw new BadCredentialsException('User not found in request.'); |
|
61
|
|
|
} |
|
62
|
|
|
|
|
63
|
|
|
// Reattach the objects to Doctrine |
|
64
|
|
|
$username = $token->getUsername(); |
|
65
|
|
|
|
|
66
|
|
|
try { |
|
67
|
|
View Code Duplication |
if ($user instanceof UserInterface) { |
|
|
|
|
|
|
68
|
|
|
$token->setUser($this->userProvider->refreshUser($user)); |
|
69
|
|
|
$user = $token->getUser(); |
|
70
|
|
|
} else { |
|
71
|
|
|
$user = $this->userProvider->loadUserByUsername($username); |
|
72
|
|
|
} |
|
73
|
|
|
if (empty($user) || !$user instanceof UserInterface) { |
|
74
|
|
|
$this->log(sprintf('User not found for username "%s"', $username)); |
|
75
|
|
|
throw new AuthenticationException('Shibboleth authentication failed.'); |
|
76
|
|
|
} |
|
77
|
|
|
$this->log(sprintf('User found for username "%s": %s', $username, $user)); |
|
78
|
|
|
|
|
79
|
|
|
foreach ($token->getRoles() as $role) { |
|
80
|
|
View Code Duplication |
if ($role instanceof SwitchUserRole) { |
|
|
|
|
|
|
81
|
|
|
$source = $role->getSource(); |
|
82
|
|
|
$sourceUser = $source->getUser(); |
|
83
|
|
|
if ($sourceUser instanceof UserInterface) { |
|
84
|
|
|
$source->setUser($this->userProvider->refreshUser($sourceUser)); |
|
85
|
|
|
} |
|
86
|
|
|
} |
|
87
|
|
|
} |
|
88
|
|
|
} catch (UsernameNotFoundException $notFound) { |
|
89
|
|
|
$this->log(sprintf('User not found for username "%s": %s', $username, $notFound->getMessage())); |
|
90
|
|
|
throw new AuthenticationException('Shibboleth authentication failed.', 0, $notFound); |
|
91
|
|
|
} |
|
92
|
|
|
|
|
93
|
|
|
if ($user instanceof UserInterface) { |
|
94
|
|
|
$this->userChecker->checkPostAuth($user); |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
|
|
$authenticatedToken = new KuleuvenUserToken($user, $user->getAttributes(), $this->providerKey, $token->getRoles()); |
|
98
|
|
|
$authenticatedToken->setAuthenticated(true); |
|
99
|
|
|
$this->log(sprintf('Token authenticated for username "%s": %s', $authenticatedToken->getUsername(), $authenticatedToken)); |
|
100
|
|
|
|
|
101
|
|
|
return $authenticatedToken; |
|
102
|
|
|
} |
|
103
|
|
|
|
|
104
|
|
|
/** |
|
105
|
|
|
* @inheritdoc |
|
106
|
|
|
*/ |
|
107
|
|
|
public function supports(TokenInterface $token) |
|
108
|
|
|
{ |
|
109
|
|
|
return $token instanceof KuleuvenUserToken; |
|
110
|
|
|
} |
|
111
|
|
|
} |
|
112
|
|
|
|
MetalArend /
authentication-bundle
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.