Skip to content

Commit

Permalink
Updated LoginFormAuthenticator.
Browse files Browse the repository at this point in the history
  • Loading branch information
@laurentmuller
laurentmuller committed Dec 9, 2024
1 parent 17d54ac commit 377edc2
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 20 deletions.
37 changes: 17 additions & 20 deletions src/Security/LoginFormAuthenticator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,15 +45,15 @@ public function __construct(
public function authenticate(Request $request): Passport
{
$this->validateCaptcha($request);
$credentials = $this->getCredentials($request);
[$user, $password, $token] = $this->getCredentials($request);

return new Passport(
new UserBadge($credentials[SecurityAttributes::USER_FIELD], $this->repository->loadUserByIdentifier(...)),
new PasswordCredentials($credentials[SecurityAttributes::PASSWORD_FIELD]),
new UserBadge($user, $this->repository->loadUserByIdentifier(...)),
new PasswordCredentials($password),
[
new RememberMeBadge(),
new PasswordUpgradeBadge($credentials[SecurityAttributes::PASSWORD_FIELD], $this->repository),
new CsrfTokenBadge(SecurityAttributes::AUTHENTICATE_TOKEN, $credentials[SecurityAttributes::LOGIN_TOKEN]),
new PasswordUpgradeBadge($password, $this->repository),
new CsrfTokenBadge(SecurityAttributes::AUTHENTICATE_TOKEN, $token),
]
);
}
Expand All @@ -66,7 +66,7 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token,
public function supports(Request $request): bool
{
return $request->isMethod(Request::METHOD_POST)
&& 'form' === $request->getContentTypeFormat()
&& SecurityAttributes::CONTENT_TYPE_FORMAT === $request->getContentTypeFormat()
&& $this->httpUtils->checkRequestPath($request, SecurityAttributes::LOGIN_ROUTE);
}

Expand All @@ -76,30 +76,27 @@ protected function getLoginUrl(Request $request): string
}

/**
* @return array{username: non-empty-string, password: non-empty-string, login_token: non-empty-string}
* @psalm-return list{non-empty-string, non-empty-string, non-empty-string}
*/
private function getCredentials(Request $request): array
{
$credentials = [];
$credentials[SecurityAttributes::USER_FIELD] = $request->request->getString(SecurityAttributes::USER_FIELD);
$credentials[SecurityAttributes::PASSWORD_FIELD] = $request->request->getString(SecurityAttributes::PASSWORD_FIELD);
$credentials[SecurityAttributes::LOGIN_TOKEN] = $request->request->getString(SecurityAttributes::LOGIN_TOKEN);

if ($request->hasSession()) {
$request->getSession()->set(SecurityRequestAttributes::LAST_USERNAME, $credentials[SecurityAttributes::USER_FIELD]);
}

if ('' === $credentials[SecurityAttributes::USER_FIELD]) {
$user = \trim($request->request->getString(SecurityAttributes::USER_FIELD));
if ('' === $user) {
throw new BadCredentialsException('The username must be a non-empty string.');
}
if ('' === $credentials[SecurityAttributes::PASSWORD_FIELD]) {
$password = $request->request->getString(SecurityAttributes::PASSWORD_FIELD);
if ('' === $password) {
throw new BadCredentialsException('The password must be a non-empty string.');
}
if ('' === $credentials[SecurityAttributes::LOGIN_TOKEN]) {
$token = $request->request->getString(SecurityAttributes::LOGIN_TOKEN);
if ('' === $token) {
throw new BadRequestHttpException('The token must be a non-empty string.');
}
if ($request->hasSession()) {
$request->getSession()->set(SecurityRequestAttributes::LAST_USERNAME, $user);
}

return $credentials;
return [$user, $password, $token];
}

private function validateCaptcha(Request $request): void
Expand Down
5 changes: 5 additions & 0 deletions src/Security/SecurityAttributes.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ final class SecurityAttributes
*/
public const CAPTCHA_FIELD = 'captcha';

/**
* The allowed content type format.
*/
public const CONTENT_TYPE_FORMAT = 'form';

/**
* The login route name.
*/
Expand Down

0 comments on commit 377edc2

Please sign in to comment.