vendor/contao/core-bundle/src/Security/Authentication/ContaoLoginAuthenticationListener.php line 32

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. /*
  6.  * This file is part of Contao.
  7.  *
  8.  * (c) Leo Feyer
  9.  *
  10.  * @license LGPL-3.0-or-later
  11.  */
  13. namespace Contao\CoreBundle\Security\Authentication;
  15. use Psr\Log\LoggerInterface;
  16. use Scheb\TwoFactorBundle\Security\Authentication\Token\TwoFactorTokenInterface;
  17. use Symfony\Component\HttpFoundation\Request;
  18. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  19. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  20. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  21. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  22. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  23. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  24. use Symfony\Component\Security\Core\Security;
  25. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  26. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  27. use Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener;
  28. use Symfony\Component\Security\Http\HttpUtils;
  29. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
  30. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  32. class ContaoLoginAuthenticationListener extends AbstractAuthenticationListener
  33. {
  34.     /**
  35.      * @var TokenStorageInterface
  36.      */
  37.     private $tokenStorage;
  39.     public function __construct(TokenStorageInterface $tokenStorageAuthenticationManagerInterface $authenticationManagerSessionAuthenticationStrategyInterface $sessionStrategyHttpUtils $httpUtilsstring $providerKeyAuthenticationSuccessHandlerInterface $successHandlerAuthenticationFailureHandlerInterface $failureHandler, array $optionsLoggerInterface $logger nullEventDispatcherInterface $dispatcher null)
  40.     {
  41.         parent::__construct($tokenStorage$authenticationManager$sessionStrategy$httpUtils$providerKey$successHandler$failureHandler$options$logger$dispatcher);
  43.         $this->tokenStorage $tokenStorage;
  44.     }
  46.     protected function requiresAuthentication(Request $request): bool
  47.     {
  48.         return $request->isMethod('POST')
  49.             && $request->request->has('FORM_SUBMIT')
  50.             && === strncmp($request->request->get('FORM_SUBMIT'), 'tl_login'8);
  51.     }
  53.     protected function attemptAuthentication(Request $request): ?TokenInterface
  54.     {
  55.         $currentToken $this->tokenStorage->getToken();
  57.         if ($currentToken instanceof TwoFactorTokenInterface) {
  58.             $authCode $request->request->get('verify');
  60.             return $this->authenticationManager->authenticate($currentToken->createWithCredentials($authCode));
  61.         }
  63.         $username $request->request->get('username');
  64.         $password $request->request->get('password');
  66.         if (!\is_string($username)) {
  67.             throw new BadRequestHttpException(sprintf('The key "username" must be a string, "%s" given.', \gettype($username)));
  68.         }
  70.         $username trim($username);
  72.         if (\strlen($username) > Security::MAX_USERNAME_LENGTH) {
  73.             throw new BadCredentialsException('Invalid username.');
  74.         }
  76.         $request->getSession()->set(Security::LAST_USERNAME$username);
  78.         return $this->authenticationManager->authenticate(new UsernamePasswordToken($username$password$this->providerKey));
  79.     }
  80. }