|
1
|
|
|
<?php |
|
2
|
|
|
namespace AppBundle\Security; |
|
3
|
|
|
|
|
4
|
|
|
use Symfony\Component\HttpFoundation\Request; |
|
5
|
|
|
use Symfony\Component\HttpFoundation\JsonResponse; |
|
6
|
|
|
use Symfony\Component\Security\Core\User\UserInterface; |
|
7
|
|
|
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator; |
|
8
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
|
9
|
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException; |
|
10
|
|
|
use Symfony\Component\Security\Core\User\UserProviderInterface; |
|
11
|
|
|
use Doctrine\ORM\EntityManager; |
|
12
|
|
|
|
|
13
|
|
|
class TokenAuthenticator extends AbstractGuardAuthenticator |
|
14
|
|
|
{ |
|
15
|
|
|
private $em; |
|
16
|
|
|
|
|
17
|
|
|
public function __construct(EntityManager $em) |
|
|
|
|
|
|
18
|
|
|
{ |
|
19
|
|
|
$this->em = $em; |
|
20
|
|
|
} |
|
21
|
|
|
|
|
22
|
|
|
/** |
|
23
|
|
|
* Called on every request. Return whatever credentials you want, |
|
24
|
|
|
* or null to stop authentication. |
|
25
|
|
|
*/ |
|
26
|
|
|
public function getCredentials(Request $request) |
|
27
|
|
|
{ |
|
28
|
|
|
if (!$token = $request->headers->get('X-AUTH-TOKEN')) { |
|
29
|
|
|
// no token? Return null and no other methods will be called |
|
30
|
|
|
return; |
|
31
|
|
|
} |
|
32
|
|
|
|
|
33
|
|
|
// What you return here will be passed to getUser() as $credentials |
|
34
|
|
|
return array( |
|
35
|
|
|
'token' => $token, |
|
36
|
|
|
); |
|
37
|
|
|
} |
|
38
|
|
|
|
|
39
|
|
|
public function getUser($credentials, UserProviderInterface $userProvider) |
|
40
|
|
|
{ |
|
41
|
|
|
$accessToken = $credentials['token']; |
|
42
|
|
|
|
|
43
|
|
|
// if null, authentication will fail |
|
44
|
|
|
// if a User object, checkCredentials() is called |
|
45
|
|
|
return $this->em->getRepository('AppBundle:User') |
|
46
|
|
|
->findOneBy(array('accessToken' => $accessToken)); |
|
47
|
|
|
} |
|
48
|
|
|
|
|
49
|
|
|
public function checkCredentials($credentials, UserInterface $user) |
|
50
|
|
|
{ |
|
51
|
|
|
// check credentials - e.g. make sure the password is valid |
|
52
|
|
|
// no credential check is needed in this case |
|
53
|
|
|
|
|
54
|
|
|
// return true to cause authentication success |
|
55
|
|
|
return true; |
|
56
|
|
|
} |
|
57
|
|
|
|
|
58
|
|
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) |
|
59
|
|
|
{ |
|
60
|
|
|
// on success, let the request continue |
|
61
|
|
|
return null; |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
public function onAuthenticationFailure(Request $request, AuthenticationException $exception) |
|
65
|
|
|
{ |
|
66
|
|
|
$data = array( |
|
67
|
|
|
'message' => strtr($exception->getMessageKey(), $exception->getMessageData()) |
|
68
|
|
|
|
|
69
|
|
|
// or to translate this message |
|
70
|
|
|
// $this->translator->trans($exception->getMessageKey(), $exception->getMessageData()) |
|
|
|
|
|
|
71
|
|
|
); |
|
72
|
|
|
|
|
73
|
|
|
return new JsonResponse($data, 403); |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
|
|
/** |
|
77
|
|
|
* Called when authentication is needed, but it's not sent |
|
78
|
|
|
*/ |
|
79
|
|
|
public function start(Request $request, AuthenticationException $authException = null) |
|
80
|
|
|
{ |
|
81
|
|
|
$data = array( |
|
82
|
|
|
// you might translate this message |
|
83
|
|
|
'message' => 'Authentication Required' |
|
84
|
|
|
); |
|
85
|
|
|
|
|
86
|
|
|
return new JsonResponse($data, 401); |
|
87
|
|
|
} |
|
88
|
|
|
|
|
89
|
|
|
public function supportsRememberMe() |
|
90
|
|
|
{ |
|
91
|
|
|
return false; |
|
92
|
|
|
} |
|
93
|
|
|
} |
kuusas /
learn-symfony
Loading history...
The
EntityManagermight become unusable for example if a transaction is rolled back and it gets closed. Let’s assume that somewhere in your application, or in a third-party library, there is code such as the following:If that code throws an exception and the
EntityManageris closed. Any other code which depends on the same instance of theEntityManagerduring this request will fail.On the other hand, if you instead inject the
ManagerRegistry, thegetManager()method guarantees that you will always get a usable manager instance.