* * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Security\Core\Authentication\Provider; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Exception\AuthenticationServiceException; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; /** * UserProviderInterface retrieves users for UsernamePasswordToken tokens. * * @author Fabien Potencier */ abstract class UserAuthenticationProvider implements AuthenticationProviderInterface { private $hideUserNotFoundExceptions; private $userChecker; private $providerKey; /** * Constructor. * * @param UserCheckerInterface $userChecker An UserCheckerInterface interface * @param string $providerKey A provider key * @param Boolean $hideUserNotFoundExceptions Whether to hide user not found exception or not */ public function __construct(UserCheckerInterface $userChecker, $providerKey, $hideUserNotFoundExceptions = true) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } $this->userChecker = $userChecker; $this->providerKey = $providerKey; $this->hideUserNotFoundExceptions = $hideUserNotFoundExceptions; } /** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } $username = $token->getUsername(); if (empty($username)) { $username = 'NONE_PROVIDED'; } try { $user = $this->retrieveUser($username, $token); if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('retrieveUser() must return an UserInterface.'); } $this->userChecker->checkPreAuth($user); $this->checkAuthentication($user, $token); $this->userChecker->checkPostAuth($user); $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; } catch (UsernameNotFoundException $notFound) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $notFound); } throw $notFound; } } /** * {@inheritdoc} */ public function supports(TokenInterface $token) { return $token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey(); } /** * Retrieves the user from an implementation-specific location. * * @param string $username The username to retrieve * @param UsernamePasswordToken $token The Token * * @return array The user * * @throws AuthenticationException if the credentials could not be validated */ abstract protected function retrieveUser($username, UsernamePasswordToken $token); /** * Does additional checks on the user and token (like validating the * credentials). * * @param UserInterface $user The retrieved UserInterface instance * @param UsernamePasswordToken $token The UsernamePasswordToken token to be authenticated * * @throws AuthenticationException if the credentials could not be validated */ abstract protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token); }