vendor/symfony/security-http/Firewall/ContextListener.php line 148

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Psr\Log\LoggerInterface;
  15. use Symfony\Component\EventDispatcher\LegacyEventDispatcherProxy;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpFoundation\Session\Session;
  18. use Symfony\Component\HttpKernel\Event\RequestEvent;
  19. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  20. use Symfony\Component\HttpKernel\KernelEvents;
  21. use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
  22. use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
  23. use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
  24. use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
  25. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  26. use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
  27. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  28. use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
  29. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
  30. use Symfony\Component\Security\Core\User\UserInterface;
  31. use Symfony\Component\Security\Core\User\UserProviderInterface;
  32. use Symfony\Component\Security\Http\Event\DeauthenticatedEvent;
  33. use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
  34. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  36. /**
  37.  * ContextListener manages the SecurityContext persistence through a session.
  38.  *
  39.  * @author Fabien Potencier <fabien@symfony.com>
  40.  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  41.  *
  42.  * @final
  43.  */
  44. class ContextListener extends AbstractListener
  45. {
  46.     private $tokenStorage;
  47.     private $sessionKey;
  48.     private $logger;
  49.     private $userProviders;
  50.     private $dispatcher;
  51.     private $registered;
  52.     private $trustResolver;
  53.     private $rememberMeServices;
  54.     private $sessionTrackerEnabler;
  56.     /**
  57.      * @param iterable|UserProviderInterface[] $userProviders
  58.      */
  59.     public function __construct(TokenStorageInterface $tokenStorageiterable $userProvidersstring $contextKeyLoggerInterface $logger nullEventDispatcherInterface $dispatcher nullAuthenticationTrustResolverInterface $trustResolver null, callable $sessionTrackerEnabler null)
  60.     {
  61.         if (empty($contextKey)) {
  62.             throw new \InvalidArgumentException('$contextKey must not be empty.');
  63.         }
  65.         $this->tokenStorage $tokenStorage;
  66.         $this->userProviders $userProviders;
  67.         $this->sessionKey '_security_'.$contextKey;
  68.         $this->logger $logger;
  69.         $this->dispatcher LegacyEventDispatcherProxy::decorate($dispatcher);
  70.         $this->trustResolver $trustResolver ?: new AuthenticationTrustResolver(AnonymousToken::class, RememberMeToken::class);
  71.         $this->sessionTrackerEnabler $sessionTrackerEnabler;
  72.     }
  74.     /**
  75.      * {@inheritdoc}
  76.      */
  77.     public function supports(Request $request): ?bool
  78.     {
  79.         return null// always run authenticate() lazily with lazy firewalls
  80.     }
  82.     /**
  83.      * Reads the Security Token from the session.
  84.      */
  85.     public function authenticate(RequestEvent $event)
  86.     {
  87.         if (!$this->registered && null !== $this->dispatcher && $event->isMasterRequest()) {
  88.             $this->dispatcher->addListener(KernelEvents::RESPONSE, [$this'onKernelResponse']);
  89.             $this->registered true;
  90.         }
  92.         $request $event->getRequest();
  93.         $session $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;
  95.         if (null !== $session) {
  96.             $usageIndexValue $session instanceof Session $usageIndexReference = &$session->getUsageIndex() : 0;
  97.             $sessionId $session->getId();
  98.             $token $session->get($this->sessionKey);
  100.             if ($this->sessionTrackerEnabler && $session->getId() === $sessionId) {
  101.                 $usageIndexReference $usageIndexValue;
  102.             }
  103.         }
  105.         if (null === $session || null === $token) {
  106.             if ($this->sessionTrackerEnabler) {
  107.                 ($this->sessionTrackerEnabler)();
  108.             }
  110.             $this->tokenStorage->setToken(null);
  112.             return;
  113.         }
  115.         $token $this->safelyUnserialize($token);
  117.         if (null !== $this->logger) {
  118.             $this->logger->debug('Read existing security token from the session.', [
  119.                 'key' => $this->sessionKey,
  120.                 'token_class' => \is_object($token) ? \get_class($token) : null,
  121.             ]);
  122.         }
  124.         if ($token instanceof TokenInterface) {
  125.             $token $this->refreshUser($token);
  127.             if (!$token && $this->rememberMeServices) {
  128.                 $this->rememberMeServices->loginFail($request);
  129.             }
  130.         } elseif (null !== $token) {
  131.             if (null !== $this->logger) {
  132.                 $this->logger->warning('Expected a security token from the session, got something else.', ['key' => $this->sessionKey'received' => $token]);
  133.             }
  135.             $token null;
  136.         }
  138.         if ($this->sessionTrackerEnabler) {
  139.             ($this->sessionTrackerEnabler)();
  140.         }
  142.         $this->tokenStorage->setToken($token);
  143.     }
  145.     /**
  146.      * Writes the security token into the session.
  147.      */
  148.     public function onKernelResponse(ResponseEvent $event)
  149.     {
  150.         if (!$event->isMasterRequest()) {
  151.             return;
  152.         }
  154.         $request $event->getRequest();
  156.         if (!$request->hasSession()) {
  157.             return;
  158.         }
  160.         $this->dispatcher->removeListener(KernelEvents::RESPONSE, [$this'onKernelResponse']);
  161.         $this->registered false;
  162.         $session $request->getSession();
  163.         $sessionId $session->getId();
  164.         $usageIndexValue $session instanceof Session $usageIndexReference = &$session->getUsageIndex() : null;
  165.         $token $this->tokenStorage->getToken();
  167.         if (null === $token || $this->trustResolver->isAnonymous($token)) {
  168.             if ($request->hasPreviousSession()) {
  169.                 $session->remove($this->sessionKey);
  170.             }
  171.         } else {
  172.             $session->set($this->sessionKeyserialize($token));
  174.             if (null !== $this->logger) {
  175.                 $this->logger->debug('Stored the security token in the session.', ['key' => $this->sessionKey]);
  176.             }
  177.         }
  179.         if ($this->sessionTrackerEnabler && $session->getId() === $sessionId) {
  180.             $usageIndexReference $usageIndexValue;
  181.         }
  182.     }
  184.     /**
  185.      * Refreshes the user by reloading it from the user provider.
  186.      *
  187.      * @throws \RuntimeException
  188.      */
  189.     protected function refreshUser(TokenInterface $token): ?TokenInterface
  190.     {
  191.         $user $token->getUser();
  192.         if (!$user instanceof UserInterface) {
  193.             return $token;
  194.         }
  196.         $userNotFoundByProvider false;
  197.         $userDeauthenticated false;
  199.         foreach ($this->userProviders as $provider) {
  200.             if (!$provider instanceof UserProviderInterface) {
  201.                 throw new \InvalidArgumentException(sprintf('User provider "%s" must implement "%s".', \get_class($provider), UserProviderInterface::class));
  202.             }
  204.             try {
  205.                 $refreshedUser $provider->refreshUser($user);
  206.                 $newToken = clone $token;
  207.                 $newToken->setUser($refreshedUser);
  209.                 // tokens can be deauthenticated if the user has been changed.
  210.                 if (!$newToken->isAuthenticated()) {
  211.                     $userDeauthenticated true;
  213.                     if (null !== $this->logger) {
  214.                         $this->logger->debug('Cannot refresh token because user has changed.', ['username' => $refreshedUser->getUsername(), 'provider' => \get_class($provider)]);
  215.                     }
  217.                     continue;
  218.                 }
  220.                 $token->setUser($refreshedUser);
  222.                 if (null !== $this->logger) {
  223.                     $context = ['provider' => \get_class($provider), 'username' => $refreshedUser->getUsername()];
  225.                     if ($token instanceof SwitchUserToken) {
  226.                         $context['impersonator_username'] = $token->getOriginalToken()->getUsername();
  227.                     }
  229.                     $this->logger->debug('User was reloaded from a user provider.'$context);
  230.                 }
  232.                 return $token;
  233.             } catch (UnsupportedUserException $e) {
  234.                 // let's try the next user provider
  235.             } catch (UsernameNotFoundException $e) {
  236.                 if (null !== $this->logger) {
  237.                     $this->logger->warning('Username could not be found in the selected user provider.', ['username' => $e->getUsername(), 'provider' => \get_class($provider)]);
  238.                 }
  240.                 $userNotFoundByProvider true;
  241.             }
  242.         }
  244.         if ($userDeauthenticated) {
  245.             if (null !== $this->logger) {
  246.                 $this->logger->debug('Token was deauthenticated after trying to refresh it.');
  247.             }
  249.             if (null !== $this->dispatcher) {
  250.                 $this->dispatcher->dispatch(new DeauthenticatedEvent($token$newToken), DeauthenticatedEvent::class);
  251.             }
  253.             return null;
  254.         }
  256.         if ($userNotFoundByProvider) {
  257.             return null;
  258.         }
  260.         throw new \RuntimeException(sprintf('There is no user provider for user "%s".', \get_class($user)));
  261.     }
  263.     private function safelyUnserialize(string $serializedToken)
  264.     {
  265.         $e $token null;
  266.         $prevUnserializeHandler ini_set('unserialize_callback_func'__CLASS__.'::handleUnserializeCallback');
  267.         $prevErrorHandler set_error_handler(function ($type$msg$file$line$context = []) use (&$prevErrorHandler) {
  268.             if (__FILE__ === $file) {
  269.                 throw new \ErrorException($msg0x37313bc$type$file$line);
  270.             }
  272.             return $prevErrorHandler $prevErrorHandler($type$msg$file$line$context) : false;
  273.         });
  275.         try {
  276.             $token unserialize($serializedToken);
  277.         } catch (\Throwable $e) {
  278.         }
  279.         restore_error_handler();
  280.         ini_set('unserialize_callback_func'$prevUnserializeHandler);
  281.         if ($e) {
  282.             if (!$e instanceof \ErrorException || 0x37313bc !== $e->getCode()) {
  283.                 throw $e;
  284.             }
  285.             if ($this->logger) {
  286.                 $this->logger->warning('Failed to unserialize the security token from the session.', ['key' => $this->sessionKey'received' => $serializedToken'exception' => $e]);
  287.             }
  288.         }
  290.         return $token;
  291.     }
  293.     /**
  294.      * @internal
  295.      */
  296.     public static function handleUnserializeCallback($class)
  297.     {
  298.         throw new \ErrorException('Class not found: '.$class0x37313bc);
  299.     }
  301.     public function setRememberMeServices(RememberMeServicesInterface $rememberMeServices)
  302.     {
  303.         $this->rememberMeServices $rememberMeServices;
  304.     }
  305. }