vendor/symfony/security-http/Authenticator/AccessTokenAuthenticator.php line 35

  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Authenticator;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpFoundation\Response;
  16. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  17. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  18. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  19. use Symfony\Component\Security\Core\User\UserProviderInterface;
  20. use Symfony\Component\Security\Http\AccessToken\AccessTokenExtractorInterface;
  21. use Symfony\Component\Security\Http\AccessToken\AccessTokenHandlerInterface;
  22. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  23. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  24. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  25. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  26. use Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken;
  27. use Symfony\Contracts\Translation\TranslatorInterface;
  29. /**
  30.  * Provides an implementation of the RFC6750 of an authentication via
  31.  * an access token.
  32.  *
  33.  * @author Florent Morselli <florent.morselli@spomky-labs.com>
  34.  */
  35. class AccessTokenAuthenticator implements AuthenticatorInterface
  36. {
  37.     private ?TranslatorInterface $translator null;
  39.     public function __construct(
  40.         private readonly AccessTokenHandlerInterface $accessTokenHandler,
  41.         private readonly AccessTokenExtractorInterface $accessTokenExtractor,
  42.         private readonly ?UserProviderInterface $userProvider null,
  43.         private readonly ?AuthenticationSuccessHandlerInterface $successHandler null,
  44.         private readonly ?AuthenticationFailureHandlerInterface $failureHandler null,
  45.         private readonly ?string $realm null,
  46.     ) {
  47.     }
  49.     public function supports(Request $request): ?bool
  50.     {
  51.         return null === $this->accessTokenExtractor->extractAccessToken($request) ? false null;
  52.     }
  54.     public function authenticate(Request $request): Passport
  55.     {
  56.         $accessToken $this->accessTokenExtractor->extractAccessToken($request);
  57.         if (!$accessToken) {
  58.             throw new BadCredentialsException('Invalid credentials.');
  59.         }
  61.         $userBadge $this->accessTokenHandler->getUserBadgeFrom($accessToken);
  62.         if (null === $userBadge->getUserLoader() && $this->userProvider) {
  63.             $userBadge->setUserLoader($this->userProvider->loadUserByIdentifier(...));
  64.         }
  66.         return new SelfValidatingPassport($userBadge);
  67.     }
  69.     public function createToken(Passport $passportstring $firewallName): TokenInterface
  70.     {
  71.         return new PostAuthenticationToken($passport->getUser(), $firewallName$passport->getUser()->getRoles());
  72.     }
  74.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  75.     {
  76.         return $this->successHandler?->onAuthenticationSuccess($request$token);
  77.     }
  79.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): Response
  80.     {
  81.         if (null !== $this->failureHandler) {
  82.             return $this->failureHandler->onAuthenticationFailure($request$exception);
  83.         }
  85.         if (null !== $this->translator) {
  86.             $errorMessage $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
  87.         } else {
  88.             $errorMessage strtr($exception->getMessageKey(), $exception->getMessageData());
  89.         }
  91.         return new Response(
  92.             null,
  93.             Response::HTTP_UNAUTHORIZED,
  94.             ['WWW-Authenticate' => $this->getAuthenticateHeader($errorMessage)]
  95.         );
  96.     }
  98.     public function setTranslator(?TranslatorInterface $translator)
  99.     {
  100.         $this->translator $translator;
  101.     }
  103.     /**
  104.      * @see https://datatracker.ietf.org/doc/html/rfc6750#section-3
  105.      */
  106.     private function getAuthenticateHeader(string $errorDescription null): string
  107.     {
  108.         $data = [
  109.             'realm' => $this->realm,
  110.             'error' => 'invalid_token',
  111.             'error_description' => $errorDescription,
  112.         ];
  113.         $values = [];
  114.         foreach ($data as $k => $v) {
  115.             if (null === $v || '' === $v) {
  116.                 continue;
  117.             }
  118.             $values[] = sprintf('%s="%s"'$k$v);
  119.         }
  121.         return sprintf('Bearer %s'implode(','$values));
  122.     }
  123. }