vendor/symfony/security-core/Authentication/Provider/DaoAuthenticationProvider.php line 27

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Core\Authentication\Provider;
  14. use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
  15. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  16. use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
  17. use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
  18. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  19. use Symfony\Component\Security\Core\Exception\UserNotFoundException;
  20. use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
  21. use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
  22. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  23. use Symfony\Component\Security\Core\User\UserCheckerInterface;
  24. use Symfony\Component\Security\Core\User\UserInterface;
  25. use Symfony\Component\Security\Core\User\UserProviderInterface;
  27. trigger_deprecation('symfony/security-core''5.3''The "%s" class is deprecated, use the new authenticator system instead.'DaoAuthenticationProvider::class);
  29. /**
  30.  * DaoAuthenticationProvider uses a UserProviderInterface to retrieve the user
  31.  * for a UsernamePasswordToken.
  32.  *
  33.  * @author Fabien Potencier <fabien@symfony.com>
  34.  *
  35.  * @deprecated since Symfony 5.3, use the new authenticator system instead
  36.  */
  37. class DaoAuthenticationProvider extends UserAuthenticationProvider
  38. {
  39.     private $hasherFactory;
  40.     private $userProvider;
  42.     /**
  43.      * @param PasswordHasherFactoryInterface $hasherFactory
  44.      */
  45.     public function __construct(UserProviderInterface $userProviderUserCheckerInterface $userCheckerstring $providerKey$hasherFactorybool $hideUserNotFoundExceptions true)
  46.     {
  47.         parent::__construct($userChecker$providerKey$hideUserNotFoundExceptions);
  49.         if ($hasherFactory instanceof EncoderFactoryInterface) {
  50.             trigger_deprecation('symfony/security-core''5.3''Passing a "%s" instance to the "%s" constructor is deprecated, use "%s" instead.'EncoderFactoryInterface::class, __CLASS__PasswordHasherFactoryInterface::class);
  51.         }
  53.         $this->hasherFactory $hasherFactory;
  54.         $this->userProvider $userProvider;
  55.     }
  57.     /**
  58.      * {@inheritdoc}
  59.      */
  60.     protected function checkAuthentication(UserInterface $userUsernamePasswordToken $token)
  61.     {
  62.         $currentUser $token->getUser();
  63.         if ($currentUser instanceof UserInterface) {
  64.             if ($currentUser->getPassword() !== $user->getPassword()) {
  65.                 throw new BadCredentialsException('The credentials were changed from another session.');
  66.             }
  67.         } else {
  68.             if ('' === ($presentedPassword $token->getCredentials())) {
  69.                 throw new BadCredentialsException('The presented password cannot be empty.');
  70.             }
  72.             if (null === $user->getPassword()) {
  73.                 throw new BadCredentialsException('The presented password is invalid.');
  74.             }
  76.             if (!$user instanceof PasswordAuthenticatedUserInterface) {
  77.                 trigger_deprecation('symfony/security-core''5.3''Using password-based authentication listeners while not implementing "%s" interface from class "%s" is deprecated.'PasswordAuthenticatedUserInterface::class, get_debug_type($user));
  78.             }
  80.             $salt $user->getSalt();
  81.             if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) {
  82.                 trigger_deprecation('symfony/security-core''5.3''Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.'LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
  83.             }
  85.             // deprecated since Symfony 5.3
  86.             if ($this->hasherFactory instanceof EncoderFactoryInterface) {
  87.                 $encoder $this->hasherFactory->getEncoder($user);
  89.                 if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword$salt)) {
  90.                     throw new BadCredentialsException('The presented password is invalid.');
  91.                 }
  93.                 if ($this->userProvider instanceof PasswordUpgraderInterface && method_exists($encoder'needsRehash') && $encoder->needsRehash($user->getPassword())) {
  94.                     $this->userProvider->upgradePassword($user$encoder->encodePassword($presentedPassword$user->getSalt()));
  95.                 }
  97.                 return;
  98.             }
  100.             $hasher $this->hasherFactory->getPasswordHasher($user);
  102.             if (!$hasher->verify($user->getPassword(), $presentedPassword$salt)) {
  103.                 throw new BadCredentialsException('The presented password is invalid.');
  104.             }
  106.             if ($this->userProvider instanceof PasswordUpgraderInterface && $hasher->needsRehash($user->getPassword())) {
  107.                 $this->userProvider->upgradePassword($user$hasher->hash($presentedPassword$salt));
  108.             }
  109.         }
  110.     }
  112.     /**
  113.      * {@inheritdoc}
  114.      */
  115.     protected function retrieveUser(string $userIdentifierUsernamePasswordToken $token)
  116.     {
  117.         $user $token->getUser();
  118.         if ($user instanceof UserInterface) {
  119.             return $user;
  120.         }
  122.         try {
  123.             // @deprecated since Symfony 5.3, change to $this->userProvider->loadUserByIdentifier() in 6.0
  124.             if (method_exists($this->userProvider'loadUserByIdentifier')) {
  125.                 $user $this->userProvider->loadUserByIdentifier($userIdentifier);
  126.             } else {
  127.                 trigger_deprecation('symfony/security-core''5.3''Not implementing method "loadUserByIdentifier()" in user provider "%s" is deprecated. This method will replace "loadUserByUsername()" in Symfony 6.0.'get_debug_type($this->userProvider));
  129.                 $user $this->userProvider->loadUserByUsername($userIdentifier);
  130.             }
  132.             if (!$user instanceof UserInterface) {
  133.                 throw new AuthenticationServiceException('The user provider must return a UserInterface object.');
  134.             }
  136.             return $user;
  137.         } catch (UserNotFoundException $e) {
  138.             $e->setUserIdentifier($userIdentifier);
  139.             throw $e;
  140.         } catch (\Exception $e) {
  141.             $e = new AuthenticationServiceException($e->getMessage(), 0$e);
  142.             $e->setToken($token);
  143.             throw $e;
  144.         }
  145.     }
  146. }