vendor/symfony/security-http/EventListener/CheckCredentialsListener.php line 41

  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\EventListener;
  14. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15. use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
  16. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  17. use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
  18. use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
  19. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  20. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials;
  21. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  22. use Symfony\Component\Security\Http\Event\CheckPassportEvent;
  24. /**
  25.  * This listeners uses the interfaces of authenticators to
  26.  * determine how to check credentials.
  27.  *
  28.  * @author Wouter de Jong <wouter@driveamber.com>
  29.  *
  30.  * @final
  31.  */
  32. class CheckCredentialsListener implements EventSubscriberInterface
  33. {
  34.     private PasswordHasherFactoryInterface $hasherFactory;
  36.     public function __construct(PasswordHasherFactoryInterface $hasherFactory)
  37.     {
  38.         $this->hasherFactory $hasherFactory;
  39.     }
  41.     public function checkPassport(CheckPassportEvent $event): void
  42.     {
  43.         $passport $event->getPassport();
  44.         if ($passport->hasBadge(PasswordCredentials::class)) {
  45.             // Use the password hasher to validate the credentials
  46.             $user $passport->getUser();
  48.             if (!$user instanceof PasswordAuthenticatedUserInterface) {
  49.                 throw new \LogicException(sprintf('Class "%s" must implement "%s" for using password-based authentication.'get_debug_type($user), PasswordAuthenticatedUserInterface::class));
  50.             }
  52.             /** @var PasswordCredentials $badge */
  53.             $badge $passport->getBadge(PasswordCredentials::class);
  55.             if ($badge->isResolved()) {
  56.                 return;
  57.             }
  59.             $presentedPassword $badge->getPassword();
  60.             if ('' === $presentedPassword) {
  61.                 throw new BadCredentialsException('The presented password cannot be empty.');
  62.             }
  64.             if (null === $user->getPassword()) {
  65.                 throw new BadCredentialsException('The presented password is invalid.');
  66.             }
  68.             if (!$this->hasherFactory->getPasswordHasher($user)->verify($user->getPassword(), $presentedPassword$user instanceof LegacyPasswordAuthenticatedUserInterface $user->getSalt() : null)) {
  69.                 throw new BadCredentialsException('The presented password is invalid.');
  70.             }
  72.             $badge->markResolved();
  74.             if (!$passport->hasBadge(PasswordUpgradeBadge::class)) {
  75.                 $passport->addBadge(new PasswordUpgradeBadge($presentedPassword));
  76.             }
  78.             return;
  79.         }
  81.         if ($passport->hasBadge(CustomCredentials::class)) {
  82.             /** @var CustomCredentials $badge */
  83.             $badge $passport->getBadge(CustomCredentials::class);
  84.             if ($badge->isResolved()) {
  85.                 return;
  86.             }
  88.             $badge->executeCustomChecker($passport->getUser());
  90.             return;
  91.         }
  92.     }
  94.     public static function getSubscribedEvents(): array
  95.     {
  96.         return [CheckPassportEvent::class => 'checkPassport'];
  97.     }
  98. }