vendor/scheb/2fa-bundle/Security/Authentication/Provider/AuthenticationProviderDecorator.php line 68

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Scheb\TwoFactorBundle\Security\Authentication\Provider;
  7. use Scheb\TwoFactorBundle\DependencyInjection\Factory\Security\TwoFactorFactory;
  8. use Scheb\TwoFactorBundle\Security\Authentication\Token\TwoFactorTokenInterface;
  9. use Scheb\TwoFactorBundle\Security\TwoFactor\AuthenticationContextFactoryInterface;
  10. use Scheb\TwoFactorBundle\Security\TwoFactor\Handler\AuthenticationHandlerInterface;
  11. use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
  12. use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpFoundation\RequestStack;
  15. use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
  16. use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
  17. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. /**
  20.  * @final
  21.  */
  22. class AuthenticationProviderDecorator implements AuthenticationProviderInterface
  23. {
  24.     /**
  25.      * @var AuthenticationProviderInterface
  26.      */
  27.     private $decoratedAuthenticationProvider;
  29.     /**
  30.      * @var AuthenticationHandlerInterface
  31.      */
  32.     private $twoFactorAuthenticationHandler;
  34.     /**
  35.      * @var AuthenticationContextFactoryInterface
  36.      */
  37.     private $authenticationContextFactory;
  39.     /**
  40.      * @var FirewallMap
  41.      */
  42.     private $firewallMap;
  44.     /**
  45.      * @var RequestStack
  46.      */
  47.     private $requestStack;
  49.     public function __construct(
  50.         AuthenticationProviderInterface $decoratedAuthenticationProvider,
  51.         AuthenticationHandlerInterface $twoFactorAuthenticationHandler,
  52.         AuthenticationContextFactoryInterface $authenticationContextFactory,
  53.         FirewallMap $firewallMap,
  54.         RequestStack $requestStack
  55.     ) {
  56.         $this->decoratedAuthenticationProvider $decoratedAuthenticationProvider;
  57.         $this->twoFactorAuthenticationHandler $twoFactorAuthenticationHandler;
  58.         $this->authenticationContextFactory $authenticationContextFactory;
  59.         $this->firewallMap $firewallMap;
  60.         $this->requestStack $requestStack;
  61.     }
  63.     public function supports(TokenInterface $token): bool
  64.     {
  65.         return $this->decoratedAuthenticationProvider->supports($token);
  66.     }
  68.     public function authenticate(TokenInterface $token): TokenInterface
  69.     {
  70.         $wasAlreadyAuthenticated $token->isAuthenticated();
  71.         /** @psalm-suppress InternalMethod */
  72.         $token $this->decoratedAuthenticationProvider->authenticate($token);
  74.         // Only trigger two-factor authentication when the provider was called with an unauthenticated token. When we
  75.         // get an authenticated token passed, we're not doing a login, but the system refreshes the token. Then we don't
  76.         // want to start two-factor authentication or we're ending in an endless loop.
  77.         if ($wasAlreadyAuthenticated) {
  78.             return $token;
  79.         }
  81.         // AnonymousToken and TwoFactorTokenInterface can be ignored
  82.         if ($token instanceof AnonymousToken || $token instanceof TwoFactorTokenInterface) {
  83.             return $token;
  84.         }
  86.         $request $this->getRequest();
  87.         $firewallConfig $this->getFirewallConfig($request);
  89.         if (!\in_array(TwoFactorFactory::AUTHENTICATION_PROVIDER_KEY$firewallConfig->getListeners(), true)) {
  90.             return $token// This firewall doesn't support two-factor authentication
  91.         }
  93.         $context $this->authenticationContextFactory->create($request$token$firewallConfig->getName());
  95.         return $this->twoFactorAuthenticationHandler->beginTwoFactorAuthentication($context);
  96.     }
  98.     /**
  99.      * @return mixed
  100.      */
  101.     public function __call(string $method, array $arguments)
  102.     {
  103.         return ($this->decoratedAuthenticationProvider)->{$method}(...$arguments);
  104.     }
  106.     private function getRequest(): Request
  107.     {
  108.         // Compatibility for Symfony >= 5.3
  109.         if (method_exists(RequestStack::class, 'getMainRequest')) {
  110.             $request $this->requestStack->getMainRequest();
  111.         } else {
  112.             $request $this->requestStack->getMasterRequest();
  113.         }
  114.         if (null === $request) {
  115.             throw new \RuntimeException('No request available');
  116.         }
  118.         return $request;
  119.     }
  121.     private function getFirewallConfig(Request $request): FirewallConfig
  122.     {
  123.         $firewallConfig $this->firewallMap->getFirewallConfig($request);
  124.         if (null === $firewallConfig) {
  125.             throw new \RuntimeException('No firewall configuration available');
  126.         }
  128.         return $firewallConfig;
  129.     }
  130. }