vendor/scheb/2fa-bundle/Security/TwoFactor/Provider/TwoFactorProviderPreparationListener.php line 107

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Scheb\TwoFactorBundle\Security\TwoFactor\Provider;
  7. use Psr\Log\LoggerInterface;
  8. use Psr\Log\NullLogger;
  9. use Scheb\TwoFactorBundle\Security\Authentication\Token\TwoFactorTokenInterface;
  10. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvent;
  11. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvents;
  12. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  13. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  14. use Symfony\Component\HttpKernel\KernelEvents;
  15. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  16. use Symfony\Component\Security\Core\AuthenticationEvents;
  17. use Symfony\Component\Security\Core\Event\AuthenticationEvent;
  19. /**
  20.  * @final
  21.  */
  22. class TwoFactorProviderPreparationListener implements EventSubscriberInterface
  23. {
  24.     public const LISTENER_PRIORITY PHP_INT_MAX;
  26.     /**
  27.      * @var TwoFactorProviderRegistry
  28.      */
  29.     private $providerRegistry;
  31.     /**
  32.      * @var PreparationRecorderInterface
  33.      */
  34.     private $preparationRecorder;
  36.     /**
  37.      * @var TwoFactorTokenInterface|null
  38.      */
  39.     private $twoFactorToken;
  41.     /**
  42.      * @var LoggerInterface
  43.      */
  44.     private $logger;
  46.     /**
  47.      * @var string
  48.      */
  49.     private $firewallName;
  51.     /**
  52.      * @var bool
  53.      */
  54.     private $prepareOnLogin;
  56.     /**
  57.      * @var bool
  58.      */
  59.     private $prepareOnAccessDenied;
  61.     public function __construct(
  62.         TwoFactorProviderRegistry $providerRegistry,
  63.         PreparationRecorderInterface $preparationRecorder,
  64.         ?LoggerInterface $logger,
  65.         string $firewallName,
  66.         bool $prepareOnLogin,
  67.         bool $prepareOnAccessDenied
  68.     ) {
  69.         $this->providerRegistry $providerRegistry;
  70.         $this->preparationRecorder $preparationRecorder;
  71.         $this->logger $logger ?? new NullLogger();
  72.         $this->firewallName $firewallName;
  73.         $this->prepareOnLogin $prepareOnLogin;
  74.         $this->prepareOnAccessDenied $prepareOnAccessDenied;
  75.     }
  77.     public function onLogin(AuthenticationEvent $event): void
  78.     {
  79.         $token $event->getAuthenticationToken();
  80.         if ($this->prepareOnLogin && $this->supports($token)) {
  81.             /** @var TwoFactorTokenInterface $token */
  82.             // After login, when the token is a TwoFactorTokenInterface, execute preparation
  83.             $this->twoFactorToken $token;
  84.         }
  85.     }
  87.     public function onAccessDenied(TwoFactorAuthenticationEvent $event): void
  88.     {
  89.         $token $event->getToken();
  90.         if ($this->prepareOnAccessDenied && $this->supports($token)) {
  91.             /** @var TwoFactorTokenInterface $token */
  92.             // Whenever two-factor authentication is required, execute preparation
  93.             $this->twoFactorToken $token;
  94.         }
  95.     }
  97.     public function onTwoFactorForm(TwoFactorAuthenticationEvent $event): void
  98.     {
  99.         $token $event->getToken();
  100.         if ($this->supports($token)) {
  101.             /** @var TwoFactorTokenInterface $token */
  102.             // Whenever two-factor authentication form is shown, execute preparation
  103.             $this->twoFactorToken $token;
  104.         }
  105.     }
  107.     public function onKernelResponse(ResponseEvent $event): void
  108.     {
  109.         if (!$event->isMasterRequest()) {
  110.             return;
  111.         }
  113.         // Unset the token from context. This is important for environments where this instance of the class is reused
  114.         // for multiple requests, such as PHP PM.
  115.         $twoFactorToken $this->twoFactorToken;
  116.         $this->twoFactorToken null;
  118.         if (!($twoFactorToken instanceof TwoFactorTokenInterface)) {
  119.             return;
  120.         }
  122.         $providerName $twoFactorToken->getCurrentTwoFactorProvider();
  123.         if (null === $providerName) {
  124.             return;
  125.         }
  127.         $firewallName $twoFactorToken->getProviderKey();
  129.         if ($this->preparationRecorder->isTwoFactorProviderPrepared($firewallName$providerName)) {
  130.             $this->logger->info(sprintf('Two-factor provider "%s" was already prepared.'$providerName));
  132.             return;
  133.         }
  135.         $user $twoFactorToken->getUser();
  136.         $this->providerRegistry->getProvider($providerName)->prepareAuthentication($user);
  137.         $this->preparationRecorder->setTwoFactorProviderPrepared($firewallName$providerName);
  138.         $this->logger->info(sprintf('Two-factor provider "%s" prepared.'$providerName));
  139.     }
  141.     private function supports(TokenInterface $token): bool
  142.     {
  143.         return $token instanceof TwoFactorTokenInterface && $token->getProviderKey() === $this->firewallName;
  144.     }
  146.     public static function getSubscribedEvents()
  147.     {
  148.         return [
  149.             // This must trigger very first, followed by AuthenticationSuccessEventSuppressor
  150.             AuthenticationEvents::AUTHENTICATION_SUCCESS => ['onLogin'self::LISTENER_PRIORITY],
  151.             TwoFactorAuthenticationEvents::REQUIRE => 'onAccessDenied',
  152.             TwoFactorAuthenticationEvents::FORM => 'onTwoFactorForm',
  153.             KernelEvents::RESPONSE => 'onKernelResponse',
  154.         ];
  155.     }
  156. }