src/Bundle/AdminShibbolethBundle/Security/AdminShibbolethGuardAuthenticator.php line 24

Open in your IDE?
  1. <?php
  3. namespace App\Bundle\AdminShibbolethBundle\Security;
  5. use Symfony\Bundle\FrameworkBundle\Routing\Router;
  6. use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
  7. use Symfony\Component\HttpFoundation\JsonResponse;
  8. use Symfony\Component\HttpFoundation\RedirectResponse;
  9. use Symfony\Component\HttpFoundation\Request;
  10. use Symfony\Component\HttpFoundation\Response;
  11. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  14. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
  15. use Symfony\Component\Security\Core\User\UserInterface;
  16. use Symfony\Component\Security\Core\User\UserProviderInterface;
  17. use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
  18. use App\Bundle\AdminShibbolethBundle\Security\User\AdminShibbolethUserProviderInterface;
  20. /**
  21.  * Class AdminShibbolethGuardAuthenticator
  22.  * @package App\Bundle\AdminShibbolethBundle\Security
  23.  */
  24. class AdminShibbolethGuardAuthenticator extends AbstractGuardAuthenticator
  25. {
  27.     /**
  28.      * @var array
  29.      */
  30.     private $config;
  32.     /**
  33.      * @var Router
  34.      */
  35.     private $router;
  37.     /**
  38.      * @var TokenStorageInterface
  39.      */
  40.     private $tokenStorage;
  42.     /**
  43.      * @var string
  44.      */
  45.     private $login_path;
  47.     /**
  48.      * @var string
  49.      */
  50.     private $logout_path;
  52.     /**
  53.      * @var string
  54.      */
  55.     private $login_target;
  57.     /**
  58.      * @var string
  59.      */
  60.     private $session_id;
  62.     /**
  63.      * @var string
  64.      */
  65.     private $username;
  67.     /**
  68.      * @var array
  69.      */
  70.     private $attributes;
  72.     /**
  73.      * ShibbolethGuardAuthenticator constructor.
  74.      * @param array $config
  75.      * @param Router $router
  76.      * @param TokenStorageInterface $tokenStorage
  77.      */
  78.     public function __construct(array $configRouter $routerTokenStorageInterface $tokenStorage)
  79.     {
  80.         $this->config $config;
  81.         $this->router $router;
  82.         $this->tokenStorage $tokenStorage;
  83.         $this->login_path $config['login_path'];
  84.         $this->logout_path $config['logout_path'];
  85.         $this->login_target $config['login_target'];
  86.         $this->session_id $config['session_id'];
  87.         $this->username $config['username'];
  88.         $this->attributes $config['attributes'];
  89.         if(!in_array($this->username$this->attributes))
  90.             throw new InvalidConfigurationException("Shibboleth configuration error : the value of username parameter must be in attributes list parameter");
  91.     }
  93.     /**
  94.      * @param Request $request
  95.      * @return bool
  96.      */
  97.     public function supports(Request $request){
  98.         if (!empty($this->getAttribute($request$this->session_id))) {
  99.             return true;
  100.         }
  101.         return false;
  102.     }
  104.     /**
  105.      * @param Request $request
  106.      * @param AuthenticationException|null $authException
  107.      * @return RedirectResponse
  108.      */
  109.     public function start(Request $requestAuthenticationException $authException null)
  110.     {
  111.         return new RedirectResponse("{$request->getSchemeAndHttpHost()}/".trim($this->login_path'/')."?target=".(empty($this->login_target)? $request->getUri() : "{$request->getSchemeAndHttpHost()}{$this->router->generate($this->login_target)}"));
  112.     }
  114.     /**
  115.      * @param Request $request
  116.      * @return array|null
  117.      */
  118.     public function getCredentials(Request $request)
  119.     {
  120.         $credentials = array();
  121.         $credentials['username'] = $this->getAttribute($request$this->username);
  122.         foreach($this->attributes as $attribute){
  123.             $credentials[$attribute] = $this->getAttribute($request$attribute);
  124.         }
  125.         return $credentials;
  126.     }
  128.     /**
  129.      * @param mixed $credentials
  130.      * @param UserProviderInterface $userProvider
  131.      * @return UserInterface
  132.      */
  133.     public function getUser($credentialsUserProviderInterface $userProvider)
  134.     {
  135.         if(empty($credentials['username']))
  136.             throw new UsernameNotFoundException("The username attribute is empty");
  137.         if($userProvider instanceof ShibbolethUserProviderInterface)
  138.             return $userProvider->loadUser($credentials);
  139.         else if($userProvider instanceof  UserProviderInterface)
  140.             return $userProvider->loadUserByUsername($credentials['username']);
  141.         return null;
  143.     }
  145.     /**
  146.      * @param mixed $credentials
  147.      * @param UserInterface $user
  148.      * @return bool
  149.      */
  150.     public function checkCredentials($credentialsUserInterface $user)
  151.     {
  152.         return true;
  153.     }
  155.     /**
  156.      * @param Request $request
  157.      * @param AuthenticationException $exception
  158.      * @return JsonResponse
  159.      */
  160.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception)
  161.     {
  162. //        return new JsonResponse(array('message' => $exception->getMessageKey()), Response::HTTP_FORBIDDEN);
  163.         return new JsonResponse(array('message' => "Vous n'avez pas les droits pour accéder à cette application"), Response::HTTP_FORBIDDEN);
  164.     }
  166.     /**
  167.      * @param Request $request
  168.      * @param TokenInterface $token
  169.      * @param string $providerKey
  170.      * @return null
  171.      */
  172.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey)
  173.     {
  174.         return null;
  175.     }
  177.     /**
  178.      * @return bool
  179.      */
  180.     public function supportsRememberMe()
  181.     {
  182.         return false;
  183.     }
  185.     /**
  186.      * @param Request $request
  187.      * @param $name
  188.      * @return mixed
  189.      */
  190.     private function getAttribute(Request $request$name){
  191.         $attributes = array($namestrtoupper($name), "HTTP_".strtoupper($name), "REDIRECT_{$name}");
  192.         foreach($attributes as $attribute)
  193.             if(!empty($request->server->has($attribute))) return $request->server->get($attribute);
  194.     }
  195. }