vendor/uvdesk/api-bundle/Security/Guards/APIGuard.php line 39

Open in your IDE?
  1. <?php
  3. namespace Webkul\UVDesk\ApiBundle\Security\Guards;
  5. use Doctrine\ORM\Tools\Setup;
  6. use Doctrine\ORM\EntityManagerInterface;
  7. use Symfony\Component\HttpFoundation\Request;
  8. use Symfony\Component\HttpFoundation\Response;
  9. use Symfony\Component\HttpFoundation\RequestStack;
  10. use Symfony\Component\HttpFoundation\JsonResponse;
  11. use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
  12. use Symfony\Component\Security\Core\User\UserInterface;
  13. use Webkul\UVDesk\ApiBundle\Entity\ApiAccessCredential;
  14. use Symfony\Component\DependencyInjection\ContainerInterface;
  15. use Symfony\Component\Security\Core\User\UserProviderInterface;
  16. use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
  17. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  18. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  21. class APIGuard extends AbstractGuardAuthenticator
  22. {
  23. /**
  24. * [API-*] API Exception Codes
  25. */
  26. const API_UNAUTHORIZED = 'API-001';
  27. const API_NOT_AUTHENTICATED = 'API-002';
  28. const API_INSUFFICIENT_PARAMS = 'API-003';
  30. /**
  31. * [CC-*] Campus Connect Exception Codes
  32. */
  33. const USER_NOT_FOUND = 'CC-001';
  34. const INVALID_CREDNETIALS = 'CC-002';
  35. const UNEXPECTED_ERROR = 'CC-005';
  37. public function __construct(FirewallMap $firewall, ContainerInterface $container, EntityManagerInterface $entityManager, UserPasswordEncoderInterface $encoder)
  38. {
  39. $this->firewall = $firewall;
  40. $this->container = $container;
  41. $this->entityManager = $entityManager;
  42. $this->encoder = $encoder;
  43. }
  45. /**
  46. * Check whether this guard is applicable for the current request.
  47. */
  48. public function supports(Request $request)
  49. {
  50. return 'OPTIONS' != $request->getRealMethod() && 'uvdesk_api' === $this->firewall->getFirewallConfig($request)->getName();
  51. }
  53. /**
  54. * Retrieve and prepare credentials from the request.
  55. */
  56. public function getCredentials(Request $request)
  57. {
  58. $accessToken = null;
  59. $authorization = $request->headers->get('Authorization');
  61. if (!empty($authorization) && strpos(strtolower($authorization), 'basic') === 0) {
  62. $accessToken = substr($authorization, 6);
  63. } else if (!empty($authorization) && strpos(strtolower($authorization), 'bearer') === 0) {
  64. $accessToken = substr($authorization, 7);
  65. }
  67. if (!empty($accessToken)) {
  68. try {
  69. if (in_array($request->attributes->get('_route'), ['uvdesk_api_bundle_sessions_api_v1.0_login_session'])) {
  70. list($email, $password) = explode(':', base64_decode($accessToken));
  72. return [
  73. 'email' => $email,
  74. 'password' => $password,
  75. ];
  76. } else {
  77. $user = $this->entityManager->getRepository(ApiAccessCredential::class)->getUserEmailByAccessToken($accessToken);
  79. return [
  80. 'email' => $user['email'],
  81. 'accessToken' => $accessToken,
  82. ];
  83. }
  84. } catch (\Exception $e) {
  85. throw new AuthenticationException("An unexpected error occurred while authenticating credentials: {$e->getMessage()}");
  86. }
  87. }
  89. return [];
  90. }
  92. /**
  93. * Retrieve the current user on behalf of which the request is being performed.
  94. */
  95. public function getUser($credentials, UserProviderInterface $provider)
  96. {
  97. return !empty($credentials['email']) ? $provider->loadUserByUsername($credentials['email']) : null;
  98. }
  100. /**
  101. * Process the provided credentials and check whether the current request is properly authenticated.
  102. */
  103. public function checkCredentials($credentials, UserInterface $user)
  104. {
  105. if (!empty($credentials['password'])) {
  106. return $this->encoder->isPasswordValid($user, $credentials['password']);
  107. }
  109. if (!empty($credentials['accessToken'])) {
  110. $accessCredentials = $this->entityManager->getRepository(ApiAccessCredential::class)->findOneBy([
  111. 'user' => $user,
  112. 'token' => $credentials['accessToken'],
  113. ]);
  115. if (!empty($accessCredentials) && true == $accessCredentials->getIsEnabled() && false == $accessCredentials->getIsExpired()) {
  116. return true;
  117. }
  118. }
  120. return false;
  121. }
  123. /**
  124. * Disable support for the "remember me" functionality.
  125. */
  126. public function supportsRememberMe()
  127. {
  128. return false;
  129. }
  131. public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
  132. {
  133. return null;
  134. }
  136. public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
  137. {
  138. switch ($exception->getMessageKey()) {
  139. case 'Username could not be found.':
  140. $data = [
  141. 'status' => false,
  142. 'message' => 'No such user found',
  143. 'error_code' => self::USER_NOT_FOUND,
  144. ];
  146. break;
  147. case 'Invalid Credentials.':
  148. $data = [
  149. 'status' => false,
  150. 'message' => 'Invalid credentials provided.',
  151. 'error_code' => self::INVALID_CREDNETIALS,
  152. ];
  154. break;
  155. default:
  156. $data = [
  157. 'status' => false,
  158. 'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),
  159. 'error_code' => self::UNEXPECTED_ERROR,
  160. ];
  162. break;
  163. }
  165. return new JsonResponse($data, Response::HTTP_FORBIDDEN);
  166. }
  168. public function start(Request $request, AuthenticationException $authException = null)
  169. {
  170. $data = [
  171. 'status' => false,
  172. 'message' => 'Authentication Required',
  173. 'error_code' => self::API_NOT_AUTHENTICATED,
  174. ];
  176. return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
  177. }
  178. }