vendor/symfony/security-http/Firewall/RememberMeListener.php line 27

Open in your IDE?
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\Security\Http\Firewall;
  11. use Psr\Log\LoggerInterface;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpKernel\Event\RequestEvent;
  14. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  15. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  16. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  17. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  18. use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
  19. use Symfony\Component\Security\Http\SecurityEvents;
  20. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy;
  21. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
  22. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  23. trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', RememberMeListener::class);
  24. /**
  25. * RememberMeListener implements authentication capabilities via a cookie.
  26. *
  27. * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  28. *
  29. * @final
  30. *
  31. * @deprecated since Symfony 5.3, use the new authenticator system instead
  32. */
  33. class RememberMeListener extends AbstractListener
  34. {
  35. private $tokenStorage;
  36. private $rememberMeServices;
  37. private $authenticationManager;
  38. private $logger;
  39. private $dispatcher;
  40. private $catchExceptions = true;
  41. private $sessionStrategy;
  42. public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, ?LoggerInterface $logger = null, ?EventDispatcherInterface $dispatcher = null, bool $catchExceptions = true, ?SessionAuthenticationStrategyInterface $sessionStrategy = null)
  43. {
  44. $this->tokenStorage = $tokenStorage;
  45. $this->rememberMeServices = $rememberMeServices;
  46. $this->authenticationManager = $authenticationManager;
  47. $this->logger = $logger;
  48. $this->dispatcher = $dispatcher;
  49. $this->catchExceptions = $catchExceptions;
  50. $this->sessionStrategy = $sessionStrategy ?? new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);
  51. }
  52. /**
  53. * {@inheritdoc}
  54. */
  55. public function supports(Request $request): ?bool
  56. {
  57. return null; // always run authenticate() lazily with lazy firewalls
  58. }
  59. /**
  60. * Handles remember-me cookie based authentication.
  61. */
  62. public function authenticate(RequestEvent $event)
  63. {
  64. if (null !== $this->tokenStorage->getToken()) {
  65. return;
  66. }
  67. $request = $event->getRequest();
  68. try {
  69. if (null === $token = $this->rememberMeServices->autoLogin($request)) {
  70. return;
  71. }
  72. } catch (AuthenticationException $e) {
  73. if (null !== $this->logger) {
  74. $this->logger->warning(
  75. 'The token storage was not populated with remember-me token as the'
  76. .' RememberMeServices was not able to create a token from the remember'
  77. .' me information.', ['exception' => $e]
  78. );
  79. }
  80. $this->rememberMeServices->loginFail($request);
  81. if (!$this->catchExceptions) {
  82. throw $e;
  83. }
  84. return;
  85. }
  86. try {
  87. $token = $this->authenticationManager->authenticate($token);
  88. if ($request->hasSession() && $request->getSession()->isStarted()) {
  89. $this->sessionStrategy->onAuthentication($request, $token);
  90. }
  91. $this->tokenStorage->setToken($token);
  92. if (null !== $this->dispatcher) {
  93. $loginEvent = new InteractiveLoginEvent($request, $token);
  94. $this->dispatcher->dispatch($loginEvent, SecurityEvents::INTERACTIVE_LOGIN);
  95. }
  96. if (null !== $this->logger) {
  97. $this->logger->debug('Populated the token storage with a remember-me token.');
  98. }
  99. } catch (AuthenticationException $e) {
  100. if (null !== $this->logger) {
  101. $this->logger->warning(
  102. 'The token storage was not populated with remember-me token as the'
  103. .' AuthenticationManager rejected the AuthenticationToken returned'
  104. .' by the RememberMeServices.', ['exception' => $e]
  105. );
  106. }
  107. $this->rememberMeServices->loginFail($request, $e);
  108. if (!$this->catchExceptions) {
  109. throw $e;
  110. }
  111. }
  112. }
  113. }