forked from pimcore/pimcore
/
PreAuthenticatedAdminSessionListener.php
91 lines (79 loc) · 2.86 KB
/
PreAuthenticatedAdminSessionListener.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
<?php
declare(strict_types=1);
/**
* Pimcore
*
* This source file is available under two different licenses:
* - GNU General Public License version 3 (GPLv3)
* - Pimcore Enterprise License (PEL)
* Full copyright and license information is available in
* LICENSE.md which is distributed with this source code.
*
* @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
* @license http://www.pimcore.org/license GPLv3 and PEL
*/
namespace Pimcore\Bundle\AdminBundle\Security\Firewall;
use Pimcore\Bundle\AdminBundle\Security\Authentication\Token\PreAuthenticatedAdminToken;
use Pimcore\Bundle\AdminBundle\Security\User\User;
use Pimcore\Tool\Authentication;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
/**
* Checks if there's an existing admin session and stores its token on the security token storage.
*
* @package Pimcore\Bundle\AdminBundle\Security\Firewall
*/
class PreAuthenticatedAdminSessionListener
{
/**
* @var TokenStorageInterface
*/
private $tokenStorage;
/**
* @var AuthenticationManagerInterface
*/
private $authenticationManager;
/**
* @var string
*/
private $providerKey;
/**
* @param TokenStorageInterface $tokenStorage
* @param AuthenticationManagerInterface $authenticationManager
* @param string $providerKey
*/
public function __construct(
TokenStorageInterface $tokenStorage,
AuthenticationManagerInterface $authenticationManager,
string $providerKey
) {
$this->tokenStorage = $tokenStorage;
$this->authenticationManager = $authenticationManager;
$this->providerKey = $providerKey;
}
/**
* @inheritDoc
*/
public function __invoke(RequestEvent $event)
{
$request = $event->getRequest();
$pimcoreUser = Authentication::authenticateSession($request);
if (null !== $pimcoreUser) {
$user = new User($pimcoreUser);
$token = new PreAuthenticatedAdminToken($user, '', $this->providerKey);
$token->setUser($user->getUsername());
try {
$authenticatedToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($authenticatedToken);
} catch (AuthenticationException $e) {
// clear token on auth failure
$storedToken = $this->tokenStorage->getToken();
if ($storedToken instanceof PreAuthenticatedAdminToken && $storedToken->getProviderKey() === $this->providerKey) {
$this->tokenStorage->setToken(null);
}
}
}
}
}