1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace Kaliop\IdentityManagementBundle\Security\Authentication\Provider; |
4
|
|
|
|
5
|
|
|
use eZ\Publish\Core\Base\Exceptions\NotFoundException; |
6
|
|
|
use eZ\Publish\API\Repository\Repository; |
7
|
|
|
use eZ\Publish\Core\MVC\Symfony\Security\User as EzUser; |
8
|
|
|
use Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider; |
9
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; |
10
|
|
|
use Symfony\Component\Security\Core\Exception\BadCredentialsException; |
11
|
|
|
use Symfony\Component\Security\Core\User\UserInterface; |
12
|
|
|
|
13
|
|
|
/** |
14
|
|
|
* We "should" subclass eZ\Publish\Core\MVC\Symfony\Security\Authentication\RepositoryAuthenticationProvider here, |
15
|
|
|
* but that class has the $repository member as private, so there is little point in doing that, and we subclass |
16
|
|
|
* directly its parent |
17
|
|
|
*/ |
18
|
|
|
class RepositoryAuthenticationProvider extends DaoAuthenticationProvider |
19
|
|
|
{ |
20
|
|
|
/** |
21
|
|
|
* @var \eZ\Publish\API\Repository\Repository |
22
|
|
|
*/ |
23
|
|
|
protected $repository; |
24
|
|
|
|
25
|
|
|
public function setRepository(Repository $repository) |
26
|
|
|
{ |
27
|
|
|
$this->repository = $repository; |
28
|
|
|
} |
29
|
|
|
|
30
|
|
|
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) |
31
|
|
|
{ |
32
|
|
|
if (!$user instanceof EzUser) { |
33
|
|
|
return parent::checkAuthentication($user, $token); |
34
|
|
|
} |
35
|
|
|
|
36
|
|
|
// $currentUser can either be an instance of UserInterface or just the username (e.g. during form login). |
37
|
|
|
/** @var EzUser|string $currentUser */ |
38
|
|
|
$currentUser = $token->getUser(); |
39
|
|
|
if ($currentUser instanceof UserInterface) { |
|
|
|
|
40
|
|
|
if ($currentUser->getPassword() !== $user->getPassword()) { |
41
|
|
|
throw new BadCredentialsException('The credentials were changed from another session.'); |
42
|
|
|
} |
43
|
|
|
|
44
|
|
|
$apiUser = $currentUser->getAPIUser(); |
45
|
|
|
} else { |
46
|
|
|
try { |
47
|
|
|
/// @bug this will fail if any user has as @ character in their login field and wants to log in using that... |
48
|
|
|
/*if (preg_match('#(.)*@(.)*#',$token->getUsername())) { |
|
|
|
|
49
|
|
|
$user = $this->repository->getUserService()->loadUsersByEmail($token->getUsername()); |
50
|
|
|
/** @var \eZ\Publish\Core\Repository\Values\User\User $user * / |
51
|
|
|
$user = $user[0]; |
52
|
|
|
$token = new UsernamePasswordToken( |
53
|
|
|
$user->login, $token->getCredentials(), $token->getProviderKey(), $token->getRoles() |
54
|
|
|
); |
55
|
|
|
|
56
|
|
|
}*/ |
57
|
|
|
|
58
|
|
|
$apiUser = $this->repository->getUserService()->loadUserByCredentials($token->getUsername(), $token->getCredentials()); |
59
|
|
|
} catch (NotFoundException $e) { |
60
|
|
|
try { |
61
|
|
|
$users = $this->repository->getUserService()->loadUsersByEmail($token->getUsername()); |
62
|
|
|
if (!count($users)) { |
63
|
|
|
throw new NotFoundException('User', $token->getUsername()); |
64
|
|
|
} |
65
|
|
|
/// @todo log a warning if many users do match the email |
66
|
|
|
$userLogin = $users[0]->login; |
67
|
|
|
$apiUser = $this->repository->getUserService() |
68
|
|
|
->loadUserByCredentials($userLogin, $token->getCredentials()); |
69
|
|
|
} catch (NotFoundException $e) { |
70
|
|
|
throw new BadCredentialsException('Invalid credentials', 0, $e); |
71
|
|
|
} |
72
|
|
|
} |
73
|
|
|
} |
74
|
|
|
|
75
|
|
|
// Finally inject current user in the Repository |
76
|
|
|
$this->repository->setCurrentUser($apiUser); |
77
|
|
|
} |
78
|
|
|
} |
79
|
|
|
|
This error could be the result of:
1. Missing dependencies
PHP Analyzer uses your
composer.json
file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects thecomposer.json
to be in the root folder of your repository.Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the
require
orrequire-dev
section?2. Missing use statement
PHP does not complain about undefined classes in
ìnstanceof
checks. For example, the following PHP code will work perfectly fine:If you have not tested against this specific condition, such errors might go unnoticed.