vendor/pimcore/portal-engine/src/Service/Security/Authenticator/LoginAuthenticator.php line 86

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under following license:
  7.  * - Pimcore Commercial License (PCL)
  8.  *
  9.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  10.  *  @license    http://www.pimcore.org/license     PCL
  11.  */
  13. namespace Pimcore\Bundle\PortalEngineBundle\Service\Security\Authenticator;
  15. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  16. use Pimcore\Bundle\PortalEngineBundle\Event\Auth\LoginCheckPasswordEvent;
  17. use Pimcore\Bundle\PortalEngineBundle\Event\Auth\LoginGetUserEvent;
  18. use Pimcore\Bundle\PortalEngineBundle\Form\LoginForm;
  19. use Pimcore\Bundle\PortalEngineBundle\Model\DataObject\PortalUserInterface;
  20. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  21. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Authentication\UserProvider;
  22. use Pimcore\Bundle\PortalEngineBundle\Service\Security\PermissionService;
  23. use Pimcore\Bundle\PortalEngineBundle\Service\StatisticsTracker\Elasticsearch\PortalUserLoginTracker;
  24. use Pimcore\Model\DataObject\ClassDefinition\Data\Password;
  25. use Pimcore\Model\DataObject\Concrete;
  26. use Pimcore\Model\Site;
  27. use Pimcore\Model\User;
  28. use Pimcore\Tool\Authentication;
  29. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  30. use Symfony\Component\Form\FormFactoryInterface;
  31. use Symfony\Component\HttpFoundation\RedirectResponse;
  32. use Symfony\Component\HttpFoundation\Request;
  33. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  34. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  35. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  36. use Symfony\Component\Security\Http\Authenticator\InteractiveAuthenticatorInterface;
  37. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\RememberMeBadge;
  38. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  39. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials;
  40. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  41. use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
  42. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  44. class LoginAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterfaceInteractiveAuthenticatorInterface
  45. {
  46.     use TargetPathTrait;
  48.     /** @var FormFactoryInterface */
  49.     protected FormFactoryInterface $formFactory;
  51.     /** @var PortalUserLoginTracker */
  52.     protected PortalUserLoginTracker $portalUserLoginTracker;
  54.     /** @var EventDispatcherInterface */
  55.     protected EventDispatcherInterface $eventDispatcher;
  57.     /** @var UserProvider */
  58.     protected UserProvider $userProvider;
  60.     public function __construct(
  61.         FormFactoryInterface $formFactory,
  62.         PortalUserLoginTracker $portalUserLoginTracker,
  63.         EventDispatcherInterface $eventDispatcher,
  64.         UserProvider $userProvider,
  65.         UrlGeneratorInterface $urlGenerator,
  66.         PortalConfigService $portalConfigService,
  67.         PermissionService $permissionService
  68.     ) {
  69.         parent::__construct($urlGenerator$portalConfigService$permissionService);
  71.         $this->formFactory $formFactory;
  72.         $this->portalUserLoginTracker $portalUserLoginTracker;
  73.         $this->eventDispatcher $eventDispatcher;
  74.         $this->userProvider $userProvider;
  75.     }
  77.     /**
  78.      * Does the authenticator support the given Request?
  79.      *
  80.      * If this returns false, the authenticator will be skipped.
  81.      *
  82.      * @param Request $request
  83.      *
  84.      * @return bool|null
  85.      */
  86.     public function supports(Request $request): ?bool
  87.     {
  88.         if (!$this->portalConfigService->isPortalEngineSite()) {
  89.             return false;
  90.         }
  92.         if ('pimcore_portalengine_auth_login' !== $request->attributes->get('_route')) {
  93.             return false;
  94.         }
  96.         $loginForm $this->formFactory->create(LoginForm::class);
  97.         $loginForm->handleRequest($request);
  99.         return $loginForm->isSubmitted() && $loginForm->isValid();
  100.     }
  102.     /**
  103.      * Get the authentication credentials from the request as any an associate array.
  104.      * Check credentials in the passport through CustomCredentials
  105.      *
  106.      * @param Request $request
  107.      *
  108.      * @return Passport
  109.      */
  110.     public function authenticate(Request $request): Passport
  111.     {
  112.         $loginForm $this->formFactory->create(LoginForm::class);
  113.         $loginForm->handleRequest($request);
  114.         $credentials $loginForm->getData();
  116.         $event = new LoginGetUserEvent($credentials['username'], $credentials['password']);
  117.         $this->eventDispatcher->dispatch($event);
  119.         $passport = new Passport(
  120.             new UserBadge($credentials['username']),
  121.             new CustomCredentials(function ($credentials) {
  122.                 /** @var LoginGetUserEvent $event */
  123.                 $event $credentials['event'];
  124.                 if ($event->getPortalUserResolved()) {
  125.                     $user $event->getPortalUser();
  126.                 } else {
  127.                     $user null;
  128.                     try {
  129.                         $user $this->userProvider->loadUserByIdentifier($credentials['username']);
  130.                     } catch (\Exception $e) {
  131.                         // nothing to do
  132.                     }
  133.                 }
  135.                 if (empty($user) || !$user instanceof PortalUserInterface) {
  136.                     throw new AuthenticationException(sprintf('User with email %s not found.'$credentials['username']));
  137.                 }
  139.                 $event = new LoginCheckPasswordEvent($user$credentials['password']);
  140.                 $this->eventDispatcher->dispatch($event);
  142.                 if (is_bool($event->getLoginValid())) {
  143.                     $success $event->getLoginValid();
  144.                 } elseif ($user->getUsePimcoreUserPassword() && $user->getPimcoreUser()) {
  145.                     $pimcoreUser User::getById(intval($user->getPimcoreUser()));
  147.                     $success Authentication::isValidUser($pimcoreUser) && Authentication::verifyPassword($pimcoreUser$credentials['password']);
  148.                 } else {
  149.                     $fieldDefinition $user->getClass()->getFieldDefinition('portalPassword');
  150.                     $success $fieldDefinition instanceof Password && $user instanceof Concrete
  151.                         && $fieldDefinition->verifyPassword($credentials['password'], $user);
  152.                 }
  154.                 if ($success) {
  155.                     $portalId Site::getCurrentSite()->getRootId();
  156.                     $success $this->permissionService->isAllowed($userPermission::PORTAL_ACCESS Permission::PERMISSION_DELIMITER $portalId);
  157.                 }
  159.                 if (!$success) {
  160.                     throw new AuthenticationException('Password wrong');
  161.                 }
  163.                 return true;
  164.             }, ['username' => $credentials['username'], 'password' => $credentials['password'], 'event' => $event]),
  165.         );
  167.         if ($credentials['_remember_me'] ?? false) {
  168.             $passport->addBadge(new RememberMeBadge());
  169.         }
  171.         return $passport;
  172.     }
  174.     /**
  175.      * Called when authentication executed and was successful!
  176.      *
  177.      * This should return the Response sent back to the user, like a
  178.      * RedirectResponse to the last page they visited.
  179.      *
  180.      * If you return null, the current request will continue, and the user
  181.      * will be authenticated. This makes sense, for example, with an API.
  182.      *
  183.      * @param Request $request
  184.      * @param TokenInterface $token
  185.      * @param string $firewallName
  186.      *
  187.      * @return RedirectResponse|null
  188.      *
  189.      * @throws \Exception
  190.      */
  191.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?RedirectResponse
  192.     {
  193.         $this->portalUserLoginTracker->trackEvent(['user' => $token->getUser()]);
  195.         if ($targetPath $this->getTargetPath($request->getSession(), $firewallName)) {
  196.             if (!$this->isRestApiPath($targetPath)) {
  197.                 return new RedirectResponse($targetPath);
  198.             }
  199.         }
  201.         return new RedirectResponse('/');
  202.     }
  204.     public function isInteractive(): bool
  205.     {
  206.         return true;
  207.     }
  208. }