vendor/symfony/security-http/Firewall/RememberMeListener.php line 38

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Psr\Log\LoggerInterface;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpKernel\Event\RequestEvent;
  17. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  18. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  19. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  20. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  21. use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
  22. use Symfony\Component\Security\Http\SecurityEvents;
  23. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy;
  24. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
  25. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  27. trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', RememberMeListener::class);
  29. /**
  30. * RememberMeListener implements authentication capabilities via a cookie.
  31. *
  32. * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  33. *
  34. * @final
  35. *
  36. * @deprecated since Symfony 5.3, use the new authenticator system instead
  37. */
  38. class RememberMeListener extends AbstractListener
  39. {
  40. private $tokenStorage;
  41. private $rememberMeServices;
  42. private $authenticationManager;
  43. private $logger;
  44. private $dispatcher;
  45. private $catchExceptions = true;
  46. private $sessionStrategy;
  48. public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, ?LoggerInterface $logger = null, ?EventDispatcherInterface $dispatcher = null, bool $catchExceptions = true, ?SessionAuthenticationStrategyInterface $sessionStrategy = null)
  49. {
  50. $this->tokenStorage = $tokenStorage;
  51. $this->rememberMeServices = $rememberMeServices;
  52. $this->authenticationManager = $authenticationManager;
  53. $this->logger = $logger;
  54. $this->dispatcher = $dispatcher;
  55. $this->catchExceptions = $catchExceptions;
  56. $this->sessionStrategy = $sessionStrategy ?? new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);
  57. }
  59. /**
  60. * {@inheritdoc}
  61. */
  62. public function supports(Request $request): ?bool
  63. {
  64. return null; // always run authenticate() lazily with lazy firewalls
  65. }
  67. /**
  68. * Handles remember-me cookie based authentication.
  69. */
  70. public function authenticate(RequestEvent $event)
  71. {
  72. if (null !== $this->tokenStorage->getToken()) {
  73. return;
  74. }
  76. $request = $event->getRequest();
  77. try {
  78. if (null === $token = $this->rememberMeServices->autoLogin($request)) {
  79. return;
  80. }
  81. } catch (AuthenticationException $e) {
  82. if (null !== $this->logger) {
  83. $this->logger->warning(
  84. 'The token storage was not populated with remember-me token as the'
  85. .' RememberMeServices was not able to create a token from the remember'
  86. .' me information.', ['exception' => $e]
  87. );
  88. }
  90. $this->rememberMeServices->loginFail($request);
  92. if (!$this->catchExceptions) {
  93. throw $e;
  94. }
  96. return;
  97. }
  99. try {
  100. $token = $this->authenticationManager->authenticate($token);
  101. if ($request->hasSession() && $request->getSession()->isStarted()) {
  102. $this->sessionStrategy->onAuthentication($request, $token);
  103. }
  104. $this->tokenStorage->setToken($token);
  106. if (null !== $this->dispatcher) {
  107. $loginEvent = new InteractiveLoginEvent($request, $token);
  108. $this->dispatcher->dispatch($loginEvent, SecurityEvents::INTERACTIVE_LOGIN);
  109. }
  111. if (null !== $this->logger) {
  112. $this->logger->debug('Populated the token storage with a remember-me token.');
  113. }
  114. } catch (AuthenticationException $e) {
  115. if (null !== $this->logger) {
  116. $this->logger->warning(
  117. 'The token storage was not populated with remember-me token as the'
  118. .' AuthenticationManager rejected the AuthenticationToken returned'
  119. .' by the RememberMeServices.', ['exception' => $e]
  120. );
  121. }
  123. $this->rememberMeServices->loginFail($request, $e);
  125. if (!$this->catchExceptions) {
  126. throw $e;
  127. }
  128. }
  129. }
  130. }