vendor/scheb/2fa-bundle/Security/TwoFactor/Provider/TwoFactorProviderPreparationListener.php line 106

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Scheb\TwoFactorBundle\Security\TwoFactor\Provider;
  7. use Psr\Log\LoggerInterface;
  8. use Psr\Log\NullLogger;
  9. use Scheb\TwoFactorBundle\Security\Authentication\Token\TwoFactorTokenInterface;
  10. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvent;
  11. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvents;
  12. use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Exception\UnexpectedTokenException;
  13. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  14. use Symfony\Component\HttpKernel\Event\KernelEvent;
  15. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  16. use Symfony\Component\HttpKernel\KernelEvents;
  17. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  18. use Symfony\Component\Security\Core\AuthenticationEvents;
  19. use Symfony\Component\Security\Core\Event\AuthenticationEvent;
  21. /**
  22.  * @final
  23.  */
  24. class TwoFactorProviderPreparationListener implements EventSubscriberInterface
  25. {
  26.     // This must trigger very first, followed by AuthenticationSuccessEventSuppressor
  27.     public const AUTHENTICATION_SUCCESS_LISTENER_PRIORITY PHP_INT_MAX;
  29.     // Execute right before ContextListener, which is serializing the security token into the session
  30.     public const RESPONSE_LISTENER_PRIORITY 1;
  32.     /** @deprecated */
  33.     public const LISTENER_PRIORITY self::AUTHENTICATION_SUCCESS_LISTENER_PRIORITY;
  35.     /**
  36.      * @var TwoFactorProviderRegistry
  37.      */
  38.     private $providerRegistry;
  40.     /**
  41.      * @var PreparationRecorderInterface
  42.      */
  43.     private $preparationRecorder;
  45.     /**
  46.      * @var TwoFactorTokenInterface|null
  47.      */
  48.     private $twoFactorToken;
  50.     /**
  51.      * @var LoggerInterface
  52.      */
  53.     private $logger;
  55.     /**
  56.      * @var string
  57.      */
  58.     private $firewallName;
  60.     /**
  61.      * @var bool
  62.      */
  63.     private $prepareOnLogin;
  65.     /**
  66.      * @var bool
  67.      */
  68.     private $prepareOnAccessDenied;
  70.     public function __construct(
  71.         TwoFactorProviderRegistry $providerRegistry,
  72.         PreparationRecorderInterface $preparationRecorder,
  73.         ?LoggerInterface $logger,
  74.         string $firewallName,
  75.         bool $prepareOnLogin,
  76.         bool $prepareOnAccessDenied
  77.     ) {
  78.         $this->providerRegistry $providerRegistry;
  79.         $this->preparationRecorder $preparationRecorder;
  80.         $this->logger $logger ?? new NullLogger();
  81.         $this->firewallName $firewallName;
  82.         $this->prepareOnLogin $prepareOnLogin;
  83.         $this->prepareOnAccessDenied $prepareOnAccessDenied;
  84.     }
  86.     public function onLogin(AuthenticationEvent $event): void
  87.     {
  88.         $token $event->getAuthenticationToken();
  89.         if ($this->prepareOnLogin && $this->supports($token)) {
  90.             /** @var TwoFactorTokenInterface $token */
  91.             // After login, when the token is a TwoFactorTokenInterface, execute preparation
  92.             $this->twoFactorToken $token;
  93.         }
  94.     }
  96.     public function onAccessDenied(TwoFactorAuthenticationEvent $event): void
  97.     {
  98.         $token $event->getToken();
  99.         if ($this->prepareOnAccessDenied && $this->supports($token)) {
  100.             /** @var TwoFactorTokenInterface $token */
  101.             // Whenever two-factor authentication is required, execute preparation
  102.             $this->twoFactorToken $token;
  103.         }
  104.     }
  106.     public function onTwoFactorForm(TwoFactorAuthenticationEvent $event): void
  107.     {
  108.         $token $event->getToken();
  109.         if ($this->supports($token)) {
  110.             /** @var TwoFactorTokenInterface $token */
  111.             // Whenever two-factor authentication form is shown, execute preparation
  112.             $this->twoFactorToken $token;
  113.         }
  114.     }
  116.     public function onKernelResponse(ResponseEvent $event): void
  117.     {
  118.         // Compatibility for Symfony >= 5.3
  119.         if (method_exists(KernelEvent::class, 'isMainRequest')) {
  120.             if (!$event->isMainRequest()) {
  121.                 return;
  122.             }
  123.         } else {
  124.             if (!$event->isMasterRequest()) {
  125.                 return;
  126.             }
  127.         }
  129.         // Unset the token from context. This is important for environments where this instance of the class is reused
  130.         // for multiple requests, such as PHP PM.
  131.         $twoFactorToken $this->twoFactorToken;
  132.         $this->twoFactorToken null;
  134.         if (!($twoFactorToken instanceof TwoFactorTokenInterface)) {
  135.             return;
  136.         }
  138.         $providerName $twoFactorToken->getCurrentTwoFactorProvider();
  139.         if (null === $providerName) {
  140.             return;
  141.         }
  143.         $firewallName $twoFactorToken->getProviderKey(true);
  145.         try {
  146.             if ($this->preparationRecorder->isTwoFactorProviderPrepared($firewallName$providerName)) {
  147.                 $this->logger->info(sprintf('Two-factor provider "%s" was already prepared.'$providerName));
  149.                 return;
  150.             }
  152.             $user $twoFactorToken->getUser();
  153.             $this->providerRegistry->getProvider($providerName)->prepareAuthentication($user);
  154.             $this->preparationRecorder->setTwoFactorProviderPrepared($firewallName$providerName);
  155.             $this->logger->info(sprintf('Two-factor provider "%s" prepared.'$providerName));
  156.         } catch (UnexpectedTokenException $e) {
  157.             $this->logger->info(sprintf('Two-factor provider "%s" was not prepared, security token was change within the request.'$providerName));
  158.         }
  159.     }
  161.     private function supports(TokenInterface $token): bool
  162.     {
  163.         return $token instanceof TwoFactorTokenInterface && $token->getProviderKey(true) === $this->firewallName;
  164.     }
  166.     public static function getSubscribedEvents()
  167.     {
  168.         return [
  169.             AuthenticationEvents::AUTHENTICATION_SUCCESS => ['onLogin'self::AUTHENTICATION_SUCCESS_LISTENER_PRIORITY],
  170.             TwoFactorAuthenticationEvents::REQUIRE => 'onAccessDenied',
  171.             TwoFactorAuthenticationEvents::FORM => 'onTwoFactorForm',
  172.             KernelEvents::RESPONSE => ['onKernelResponse'self::RESPONSE_LISTENER_PRIORITY],
  173.         ];
  174.     }
  175. }