1 | <?php |
||
35 | class TokenAuthenticator extends AbstractGuardAuthenticator |
||
36 | { |
||
37 | const INTENTION_LIVESITE_EDITOR = 'livesite_editor'; |
||
38 | |||
39 | /** |
||
40 | * @var ApiKeyRepository |
||
41 | */ |
||
42 | protected $apiKeyRepository; |
||
43 | |||
44 | /** |
||
45 | * @var TenantContextInterface |
||
46 | */ |
||
47 | protected $tenantContext; |
||
48 | |||
49 | /** |
||
50 | * @var TenantRepositoryInterface |
||
51 | */ |
||
52 | protected $tenantRepository; |
||
53 | 101 | ||
54 | /** |
||
55 | * @var EventDispatcherInterface |
||
56 | */ |
||
57 | protected $eventDispatcher; |
||
58 | 101 | ||
59 | 101 | /** |
|
60 | 101 | * TokenAuthenticator constructor. |
|
61 | 101 | * |
|
62 | * @param ApiKeyRepository $apiKeyRepository |
||
63 | * @param TenantContextInterface $tenantContext |
||
64 | * @param TenantRepositoryInterface $tenantRepository |
||
65 | * @param EventDispatcherInterface $eventDispatcher |
||
66 | */ |
||
67 | 78 | public function __construct( |
|
78 | |||
79 | /** |
||
80 | 78 | * Called on every request. Return whatever credentials you want, |
|
81 | * or null to stop authentication. |
||
82 | 78 | */ |
|
83 | 78 | public function getCredentials(Request $request) |
|
84 | 78 | { |
|
85 | 78 | if (!$token = $this->getToken($request)) { |
|
86 | // no token? Return null and no other methods will be called |
||
87 | 78 | return; |
|
88 | } |
||
89 | |||
90 | $data = [ |
||
91 | 'token' => $token, |
||
92 | 78 | ]; |
|
93 | 78 | ||
94 | if (self::INTENTION_LIVESITE_EDITOR === $this->getIntention($request)) { |
||
95 | $data['intention'] = self::INTENTION_LIVESITE_EDITOR; |
||
96 | 78 | } |
|
97 | 78 | ||
98 | // What you return here will be passed to getUser() as $credentials |
||
99 | 78 | return $data; |
|
100 | } |
||
101 | |||
102 | 78 | public function getUser($credentials, UserProviderInterface $userProvider) |
|
103 | { |
||
104 | 78 | $this->eventDispatcher->dispatch(MultiTenancyEvents::TENANTABLE_DISABLE); |
|
105 | 78 | ||
106 | 78 | /** @var ApiKeyInterface $apiKey */ |
|
107 | $apiKey = $this->apiKeyRepository |
||
108 | 78 | ->getValidToken(str_replace('Basic ', '', $credentials['token'])) |
|
109 | 78 | ->getQuery() |
|
110 | ->getOneOrNullResult(); |
||
111 | |||
112 | $this->eventDispatcher->dispatch(MultiTenancyEvents::TENANTABLE_ENABLE); |
||
113 | |||
114 | if (null === $apiKey) { |
||
115 | return; |
||
116 | 78 | } |
|
117 | |||
118 | // extend valid time after login |
||
119 | 78 | $apiKey->extendValidTo(); |
|
120 | |||
121 | /** @var CoreUserInterface $user */ |
||
122 | $user = $apiKey->getUser(); |
||
123 | $user->addRole('ROLE_INTERNAL_API'); |
||
124 | $this->apiKeyRepository->flush(); |
||
125 | |||
126 | if (array_key_exists('intention', $credentials) && self::INTENTION_LIVESITE_EDITOR === $credentials['intention']) { |
||
127 | $user->addRole('ROLE_LIVESITE_EDITOR'); |
||
128 | } |
||
129 | |||
130 | return $user; |
||
131 | } |
||
132 | |||
133 | public function checkCredentials($credentials, UserInterface $user) |
||
146 | |||
147 | public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) |
||
148 | { |
||
149 | if (self::INTENTION_LIVESITE_EDITOR === $this->getIntention($request)) { |
||
150 | $request->attributes->set(ActivateLivesiteEditorListener::ACTIVATION_KEY, $this->getToken($request)); |
||
151 | } |
||
152 | |||
153 | // on success, let the request continue |
||
154 | return; |
||
155 | } |
||
156 | |||
157 | public function onAuthenticationFailure(Request $request, AuthenticationException $exception) |
||
166 | |||
167 | /** |
||
168 | * Called when authentication is needed, but it's not sent. |
||
169 | */ |
||
170 | public function start(Request $request, AuthenticationException $authException = null) |
||
179 | |||
180 | public function supportsRememberMe() |
||
184 | |||
185 | private function getIntention(Request $request) |
||
186 | { |
||
187 | return $request->headers->get('Intention', $request->query->get('intention')); |
||
189 | |||
190 | /** |
||
191 | * @param Request $request |
||
192 | * |
||
193 | * @return string |
||
194 | */ |
||
195 | private function getToken(Request $request) |
||
199 | } |
||
200 |