vendor/nen/kennisbank-platform/src/Nen/Security/NenAuthenticator.php line 32

Open in your IDE?
  1. <?php
  3. namespace Nen\Bundle\KennisbankPlatformBundle\Security;
  5. use App\Entity\User;
  6. use Carbon\Carbon;
  7. use DateTime;
  8. use Doctrine\ORM\EntityManagerInterface;
  9. use Lexik\Bundle\JWTAuthenticationBundle\Encoder\JWTEncoderInterface;
  10. use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTDecodeFailureException;
  11. use Lexik\Bundle\JWTAuthenticationBundle\TokenExtractor\QueryParameterTokenExtractor;
  12. use Nen\Bundle\KennisbankPlatformBundle\Entity\PartnerLoginUser;
  13. use Nen\Bundle\KennisbankPlatformBundle\Repository\UserRepository;
  14. use Symfony\Component\HttpFoundation\Cookie;
  15. use Symfony\Component\HttpFoundation\JsonResponse;
  16. use Symfony\Component\HttpFoundation\RedirectResponse;
  17. use Symfony\Component\HttpFoundation\Request;
  18. use Symfony\Component\HttpFoundation\Response;
  19. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  20. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  21. use Symfony\Component\Security\Core\Security;
  22. use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
  23. use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
  24. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  25. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
  26. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  27. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  28. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  29. use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
  30. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  32. class NenAuthenticator extends AbstractLoginFormAuthenticator
  33. {
  34.     use TargetPathTrait;
  36.     public const LOGIN_ROUTE 'login';
  38.     private UrlGeneratorInterface $urlGenerator;
  40.     private EntityManagerInterface $em;
  42.     private JWTEncoderInterface $jwtEncoder;
  44.     private UserRepository $repository;
  46.     public function __construct(
  47.         UrlGeneratorInterface $urlGenerator,
  48.         EntityManagerInterface $entityManager,
  49.         JWTEncoderInterface $jwtEncoder,
  50.         UserRepository $repository
  51.     ) {
  52.         $this->urlGenerator $urlGenerator;
  53.         $this->em $entityManager;
  54.         $this->jwtEncoder $jwtEncoder;
  55.         $this->repository $repository;
  56.     }
  58.     public function supports(Request $request): bool
  59.     {
  60.         if (self::LOGIN_ROUTE !== $request->attributes->get('_route')) {
  61.             return false;
  62.         }
  64.         if (!$request->isMethod('POST')) {
  65.             return false;
  66.         }
  68.         return true;
  69.     }
  71.     public function authenticate(Request $request): PassportInterface
  72.     {
  73.         $credentials = [
  74.             'username' => $request->request->get('username'''),
  75.             'password' => $request->request->get('password''')
  76.         ];
  78.         $request->getSession()->set(Security::LAST_USERNAME$credentials['username']);
  80.         return new Passport(
  81.             new UserBadge($credentials['username']),
  82.             new PasswordCredentials($credentials['password']),
  83.             [
  84.                 new CsrfTokenBadge('authenticate'$request->get('_csrf_token')),
  85.                 new PasswordUpgradeBadge($credentials['password'], $this->repository),
  86.             ]
  87.         );
  88.     }
  90.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  91.     {
  92.         $this->updateLoginInformation($token);
  93.         $this->handleJwtToken($request$token);
  95.         if ($targetPath $this->getTargetPath($request->getSession(), $firewallName)) {
  96.             $continue $targetPath;
  97.         } else {
  98.             $continue $this->urlGenerator->generate('mijnomgeving_index');
  99.         }
  101.         if ($request->isXmlHttpRequest()) {
  102.             $response = new JsonResponse(['url' => $continue]);
  103.         } else {
  104.             $response = new RedirectResponse($continue);
  105.         }
  107.         $this->handleRememberUsername($request$response);
  109.         return $response;
  110.     }
  112.     private function updateLoginInformation(TokenInterface $token): void
  113.     {
  114.         /** @var User $user */
  115.         $user $token->getUser();
  117.         $user->setLoginAt(new DateTime());
  119.         $this->em->flush();
  120.     }
  122.     private function handleJwtToken(Request $requestTokenInterface $token): void
  123.     {
  124.         $extractor = new QueryParameterTokenExtractor('jwt');
  126.         $jwtToken $extractor->extract($request);
  128.         if ($jwtToken === false) {
  129.             return;
  130.         }
  132.         try {
  133.             $data $this->jwtEncoder->decode($jwtToken);
  134.         } catch (JWTDecodeFailureException $e) {
  135.             return;
  136.         }
  138.         $repository $this->em->getRepository(PartnerLoginUser::class);
  140.         $partnerLogin $repository->findOneBy(
  141.             [
  142.                 'partnerName' => $data['clientName'],
  143.                 'partnerUserId' => $data['userId'],
  144.             ]
  145.         );
  147.         if ($partnerLogin !== null) {
  148.             return;
  149.         }
  151.         /** @var User $user */
  152.         $user $token->getUser();
  154.         $partnerLoginUser = new PartnerLoginUser();
  156.         $partnerLoginUser->setPartnerName($data['clientName']);
  157.         $partnerLoginUser->setPartnerUserId($data['userId']);
  158.         $partnerLoginUser->setUser($user);
  160.         $this->em->persist($partnerLoginUser);
  161.         $this->em->flush();
  162.     }
  164.     private function handleRememberUsername(Request $requestResponse $response): void
  165.     {
  166.         if (!$request->request->getBoolean('remember_username')) {
  167.             $response->headers->removeCookie('wmn_username');
  169.             return;
  170.         }
  172.         $cookie = new Cookie('wmn_username'$request->request->get('username'), Carbon::now()->addYear());
  174.         $response->headers->setCookie($cookie);
  175.     }
  177.     protected function getLoginUrl(Request $request): string
  178.     {
  179.         return $this->urlGenerator->generate(self::LOGIN_ROUTE);
  180.     }
  182.     public function getPassword($credentials): ?string
  183.     {
  184.         return $credentials['password'];
  185.     }
  186. }