vendor/scheb/2fa-bundle/Security/Authentication/Provider/AuthenticationProviderDecorator.php line 68

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Scheb\TwoFactorBundle\Security\Authentication\Provider;
  7. use Scheb\TwoFactorBundle\DependencyInjection\Factory\Security\TwoFactorFactory;
  8. use Scheb\TwoFactorBundle\Security\Authentication\Token\TwoFactorTokenInterface;
  9. use Scheb\TwoFactorBundle\Security\TwoFactor\AuthenticationContextFactoryInterface;
  10. use Scheb\TwoFactorBundle\Security\TwoFactor\Handler\AuthenticationHandlerInterface;
  11. use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
  12. use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpFoundation\RequestStack;
  15. use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
  16. use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
  17. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. /**
  20. * @final
  21. */
  22. class AuthenticationProviderDecorator implements AuthenticationProviderInterface
  23. {
  24. /**
  25. * @var AuthenticationProviderInterface
  26. */
  27. private $decoratedAuthenticationProvider;
  29. /**
  30. * @var AuthenticationHandlerInterface
  31. */
  32. private $twoFactorAuthenticationHandler;
  34. /**
  35. * @var AuthenticationContextFactoryInterface
  36. */
  37. private $authenticationContextFactory;
  39. /**
  40. * @var FirewallMap
  41. */
  42. private $firewallMap;
  44. /**
  45. * @var RequestStack
  46. */
  47. private $requestStack;
  49. public function __construct(
  50. AuthenticationProviderInterface $decoratedAuthenticationProvider,
  51. AuthenticationHandlerInterface $twoFactorAuthenticationHandler,
  52. AuthenticationContextFactoryInterface $authenticationContextFactory,
  53. FirewallMap $firewallMap,
  54. RequestStack $requestStack
  55. ) {
  56. $this->decoratedAuthenticationProvider = $decoratedAuthenticationProvider;
  57. $this->twoFactorAuthenticationHandler = $twoFactorAuthenticationHandler;
  58. $this->authenticationContextFactory = $authenticationContextFactory;
  59. $this->firewallMap = $firewallMap;
  60. $this->requestStack = $requestStack;
  61. }
  63. public function supports(TokenInterface $token): bool
  64. {
  65. return $this->decoratedAuthenticationProvider->supports($token);
  66. }
  68. public function authenticate(TokenInterface $token): TokenInterface
  69. {
  70. $wasAlreadyAuthenticated = $token->isAuthenticated();
  71. /** @psalm-suppress InternalMethod */
  72. $token = $this->decoratedAuthenticationProvider->authenticate($token);
  74. // Only trigger two-factor authentication when the provider was called with an unauthenticated token. When we
  75. // get an authenticated token passed, we're not doing a login, but the system refreshes the token. Then we don't
  76. // want to start two-factor authentication or we're ending in an endless loop.
  77. if ($wasAlreadyAuthenticated) {
  78. return $token;
  79. }
  81. // AnonymousToken and TwoFactorTokenInterface can be ignored
  82. if ($token instanceof AnonymousToken || $token instanceof TwoFactorTokenInterface) {
  83. return $token;
  84. }
  86. $request = $this->getRequest();
  87. $firewallConfig = $this->getFirewallConfig($request);
  89. if (!\in_array(TwoFactorFactory::AUTHENTICATION_PROVIDER_KEY, $firewallConfig->getListeners(), true)) {
  90. return $token; // This firewall doesn't support two-factor authentication
  91. }
  93. $context = $this->authenticationContextFactory->create($request, $token, $firewallConfig->getName());
  95. return $this->twoFactorAuthenticationHandler->beginTwoFactorAuthentication($context);
  96. }
  98. /**
  99. * @return mixed
  100. */
  101. public function __call(string $method, array $arguments)
  102. {
  103. return ($this->decoratedAuthenticationProvider)->{$method}(...$arguments);
  104. }
  106. private function getRequest(): Request
  107. {
  108. // Compatibility for Symfony >= 5.3
  109. if (method_exists(RequestStack::class, 'getMainRequest')) {
  110. $request = $this->requestStack->getMainRequest();
  111. } else {
  112. $request = $this->requestStack->getMasterRequest();
  113. }
  114. if (null === $request) {
  115. throw new \RuntimeException('No request available');
  116. }
  118. return $request;
  119. }
  121. private function getFirewallConfig(Request $request): FirewallConfig
  122. {
  123. $firewallConfig = $this->firewallMap->getFirewallConfig($request);
  124. if (null === $firewallConfig) {
  125. throw new \RuntimeException('No firewall configuration available');
  126. }
  128. return $firewallConfig;
  129. }
  130. }