vendor/league/oauth2-server-bundle/src/Security/Authenticator/OAuth2Authenticator.php line 31

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace League\Bundle\OAuth2ServerBundle\Security\Authenticator;
  7. use League\Bundle\OAuth2ServerBundle\Security\Authentication\Token\OAuth2Token;
  8. use League\Bundle\OAuth2ServerBundle\Security\Exception\OAuth2AuthenticationException;
  9. use League\Bundle\OAuth2ServerBundle\Security\Exception\OAuth2AuthenticationFailedException;
  10. use League\Bundle\OAuth2ServerBundle\Security\Passport\Badge\ScopeBadge;
  11. use League\Bundle\OAuth2ServerBundle\Security\User\NullUser;
  12. use League\OAuth2\Server\Exception\OAuthServerException;
  13. use League\OAuth2\Server\ResourceServer;
  14. use Symfony\Bridge\PsrHttpMessage\HttpMessageFactoryInterface;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  18. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  19. use Symfony\Component\Security\Core\User\UserInterface;
  20. use Symfony\Component\Security\Core\User\UserProviderInterface;
  21. use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
  22. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  23. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  24. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  25. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  26. use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
  28. /**
  29.  * @author Mathias Arlaud <mathias.arlaud@gmail.com>
  30.  */
  31. final class OAuth2Authenticator implements AuthenticatorInterfaceAuthenticationEntryPointInterface
  32. {
  33.     /**
  34.      * @psalm-suppress UndefinedTrait
  35.      * @psalm-suppress MethodSignatureMismatch
  36.      */
  37.     use ForwardCompatAuthenticatorTrait;
  39.     /**
  40.      * @var HttpMessageFactoryInterface
  41.      */
  42.     private $httpMessageFactory;
  44.     /**
  45.      * @var ResourceServer
  46.      */
  47.     private $resourceServer;
  49.     /**
  50.      * @var UserProviderInterface
  51.      */
  52.     private $userProvider;
  54.     /**
  55.      * @var string
  56.      */
  57.     private $rolePrefix;
  59.     public function __construct(
  60.         HttpMessageFactoryInterface $httpMessageFactory,
  61.         ResourceServer $resourceServer,
  62.         UserProviderInterface $userProvider,
  63.         string $rolePrefix
  64.     ) {
  65.         $this->httpMessageFactory $httpMessageFactory;
  66.         $this->resourceServer $resourceServer;
  67.         $this->userProvider $userProvider;
  68.         $this->rolePrefix $rolePrefix;
  69.     }
  71.     public function supports(Request $request): ?bool
  72.     {
  73.         return === strpos($request->headers->get('Authorization'''), 'Bearer ');
  74.     }
  76.     public function start(Request $requestAuthenticationException $authException null): Response
  77.     {
  78.         return new Response(''401, ['WWW-Authenticate' => 'Bearer']);
  79.     }
  81.     /**
  82.      * {@inheritdoc}
  83.      *
  84.      * @return Passport
  85.      */
  86.     public function doAuthenticate(Request $request/* : Passport */
  87.     {
  88.         try {
  89.             $psr7Request $this->resourceServer->validateAuthenticatedRequest($this->httpMessageFactory->createRequest($request));
  90.         } catch (OAuthServerException $e) {
  91.             throw OAuth2AuthenticationFailedException::create('The resource server rejected the request.'$e);
  92.         }
  94.         /** @var string $userIdentifier */
  95.         $userIdentifier $psr7Request->getAttribute('oauth_user_id''');
  97.         /** @var string $accessTokenId */
  98.         $accessTokenId $psr7Request->getAttribute('oauth_access_token_id');
  100.         /** @var list<string> $scopes */
  101.         $scopes $psr7Request->getAttribute('oauth_scopes', []);
  103.         /** @var string $oauthClientId */
  104.         $oauthClientId $psr7Request->getAttribute('oauth_client_id''');
  106.         $userLoader = function (string $userIdentifier): UserInterface {
  107.             if ('' === $userIdentifier) {
  108.                 return new NullUser();
  109.             }
  110.             if (!method_exists($this->userProvider'loadUserByIdentifier')) {
  111.                 /** @psalm-suppress DeprecatedMethod */
  112.                 return $this->userProvider->loadUserByUsername($userIdentifier);
  113.             }
  115.             return $this->userProvider->loadUserByIdentifier($userIdentifier);
  116.         };
  118.         $passport = new SelfValidatingPassport(new UserBadge($userIdentifier$userLoader), [
  119.             new ScopeBadge($scopes),
  120.         ]);
  122.         $passport->setAttribute('accessTokenId'$accessTokenId);
  123.         $passport->setAttribute('oauthClientId'$oauthClientId);
  125.         return $passport;
  126.     }
  128.     /**
  129.      * @return OAuth2Token
  130.      *
  131.      * @psalm-suppress DeprecatedClass
  132.      */
  133.     public function createAuthenticatedToken(PassportInterface $passportstring $firewallName): TokenInterface
  134.     {
  135.         if (!$passport instanceof Passport) {
  136.             throw new \RuntimeException(sprintf('Cannot create a OAuth2 authenticated token. $passport should be a %s'Passport::class));
  137.         }
  139.         $token $this->createToken($passport$firewallName);
  140.         $token->setAuthenticated(true);
  142.         return $token;
  143.     }
  145.     /**
  146.      * @return OAuth2Token
  147.      */
  148.     public function createToken(Passport $passportstring $firewallName): TokenInterface
  149.     {
  150.         /** @var string $accessTokenId */
  151.         $accessTokenId $passport->getAttribute('accessTokenId');
  153.         /** @var ScopeBadge $scopeBadge */
  154.         $scopeBadge $passport->getBadge(ScopeBadge::class);
  156.         /** @var string $oauthClientId */
  157.         $oauthClientId $passport->getAttribute('oauthClientId''');
  159.         $token = new OAuth2Token($passport->getUser(), $accessTokenId$oauthClientId$scopeBadge->getScopes(), $this->rolePrefix);
  160.         if (method_exists(AuthenticatorInterface::class, 'createAuthenticatedToken') && !method_exists(AuthenticatorInterface::class, 'createToken')) {
  161.             // symfony 5.4 only
  162.             /** @psalm-suppress TooManyArguments */
  163.             $token->setAuthenticated(truefalse);
  164.         }
  166.         return $token;
  167.     }
  169.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  170.     {
  171.         return null;
  172.     }
  174.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  175.     {
  176.         if ($exception instanceof OAuth2AuthenticationException) {
  177.             return new Response($exception->getMessage(), $exception->getStatusCode(), $exception->getHeaders());
  178.         }
  180.         throw $exception;
  181.     }
  182. }