App\Security\ComposerAuthenticator

Complexity

Total Complexity

11

Size/Duplication

Total Lines	63
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

9 Methods

Rating	Name	Duplication	Size	Complexity
A	start()	0	7	1
A	checkCredentials()	0	3	1
A	getCredentials()	0	5	1
A	onAuthenticationFailure()	0	3	1
A	getUser()	0	10	2
A	onAuthenticationSuccess()	0	2	1
A	supportsRememberMe()	0	3	1
A	supports()	0	3	2
A	__construct()	0	4	1

<?php

namespace App\Security;

use Doctrine\ODM\MongoDB\DocumentManager;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;

class ComposerAuthenticator extends AbstractGuardAuthenticator
{
    private $passwordEncoder;

    private $manager;

    public function __construct(UserPasswordEncoderInterface $passwordEncoder, DocumentManager $manager)
    {
        $this->passwordEncoder = $passwordEncoder;
        $this->manager = $manager;
    }

    public function start(Request $request, AuthenticationException $authException = null)
    {
        $response = new Response();
        $response->headers->set('WWW-Authenticate', 'Basic realm="Twity auth"');
        $response->setStatusCode(401);

        return $response;
    }

    public function supports(Request $request)
    {
        return $request->headers->has('PHP_AUTH_USER') && $request->headers->has('PHP_AUTH_PW');
    }

    public function getCredentials(Request $request)
    {
        return [
            'username' => $request->headers->get('PHP_AUTH_USER'),
            'token' => $request->headers->get('PHP_AUTH_PW'),
        ];
    }

    public function getUser($credentials, UserProviderInterface $userProvider)
    {
        $user = $userProvider->loadUserByUsername($credentials['username']);

        if (!$user) {

$user is of type Symfony\Component\Security\Core\User\UserInterface, thus it always evaluated to true.

            // fail authentication with a custom error
            throw new CustomUserMessageAuthenticationException('Username could not be found.');
        }

        return $user;
    }

    public function checkCredentials($credentials, UserInterface $user)
    {
        return $user->getToken() === $credentials['token'];

The method getToken() does not exist on Symfony\Component\Security\Core\User\UserInterface. It seems like you code against a sub-type of Symfony\Component\Security\Core\User\UserInterface such as App\Document\AbstractUser.

    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        return new JsonResponse(['message' => 'invalid login or token'], Response::HTTP_UNAUTHORIZED);
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
    {
    }

    public function supportsRememberMe()
    {
        return false;
    }
}