src/Misc/AppAuthenticator.php line 21

Open in your IDE?
  1. <?php
  3. namespace App\Misc;
  5. use Symfony\Component\HttpFoundation\JsonResponse;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Component\HttpFoundation\Response;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  10. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  11. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  12. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  13. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  14. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  15. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  16. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials;
  18. use App\Exception\AccessDeniedException;
  19. use App\Entity\User;
  21. class AppAuthenticator extends AbstractAuthenticator
  22. {
  23.     /**
  24.      * Called on every request to decide if this authenticator should be
  25.      * used for the request. Returning `false` will cause this authenticator
  26.      * to be skipped.
  27.      */
  28.     public function supports(Request $request): ?bool
  29.     {
  30.         return $request->headers->has('X-W-Auth');
  31.     }
  33.     public function authenticate(Request $request): PassportInterface
  34.     {
  35.         $authRegex '/UsernameToken Email="(?P<email>[^"]+)", PasswordDigest="(?P<digest>[^"]+)", Nonce="(?P<nonce>[a-zA-Z0-9+\/]+={0,2})", Created="(?P<created>[^"]+)"/';
  36.         if (
  37.             !== preg_match($authRegex$request->headers->get('X-W-Auth'), $matches)
  38.             || $matches['email'] == 'undefined'
  39.         ) {
  40.             throw new AccessDeniedException(AccessDeniedException::INVALID_TOKEN'token check');
  41.         }
  43.         return new Passport(new UserBadge($matches['email']), new CustomCredentials(
  44.             function ($credentialsUser $user) use ($request) {
  46.                 if (!$user->getAuthPermitted()) {
  47.                     throw new AccessDeniedException(AccessDeniedException::NOT_PERMITTED'authenticate');
  48.                 }
  50.                 $rawString $credentials['nonce'] . $credentials['created'] . hash('sha256'$user->getPassword());
  51.                 $expected hash('sha256'$rawString);
  52.                 return hash_equals($expected$credentials['digest']);
  53.             },
  54.             [
  55.                 'digest'  => $matches['digest'],
  56.                 'nonce'   => $matches['nonce'],
  57.                 'created' => $matches['created'],
  58.                 'host'    => $request->getHost(),
  59.             ]
  60.         ));
  61.     }
  63.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  64.     {
  65.         // on success, let the request continue
  66.         return null;
  67.     }
  69.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  70.     {
  71.         throw new AccessDeniedException(AccessDeniedException::WRONG_TOKEN'token check');
  72.     }
  73. }