vendor/uvdesk/api-bundle/Security/Guards/APIGuard.php line 42

Open in your IDE?
  1. <?php
  3. namespace Webkul\UVDesk\ApiBundle\Security\Guards;
  5. use Doctrine\ORM\Tools\Setup;
  6. use Doctrine\ORM\EntityManagerInterface;
  7. use Symfony\Component\HttpFoundation\Request;
  8. use Symfony\Component\HttpFoundation\Response;
  9. use Symfony\Component\HttpFoundation\RequestStack;
  10. use Symfony\Component\HttpFoundation\JsonResponse;
  11. use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
  12. use Symfony\Component\Security\Core\User\UserInterface;
  13. use Webkul\UVDesk\ApiBundle\Entity\ApiAccessCredential;
  14. use Symfony\Component\DependencyInjection\ContainerInterface;
  15. use Symfony\Component\Security\Core\User\UserProviderInterface;
  16. use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
  17. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  18. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  21. class APIGuard extends AbstractGuardAuthenticator
  22. {
  23.     /**
  24.      * [API-*] API Exception Codes
  25.      */
  26.     const API_UNAUTHORIZED 'API-001';
  27.     const API_NOT_AUTHENTICATED 'API-002';
  28.     const API_INSUFFICIENT_PARAMS 'API-003';
  30.     /**
  31.      * [CC-*] Campus Connect Exception Codes
  32.      */
  33.     const USER_NOT_FOUND 'CC-001';
  34.     const INVALID_CREDNETIALS 'CC-002';
  35.     const UNEXPECTED_ERROR 'CC-005';
  37.     public function __construct(FirewallMap $firewallContainerInterface $containerEntityManagerInterface $entityManagerUserPasswordEncoderInterface $encoder)
  38.     {
  39.         $this->firewall $firewall;
  40.         $this->container $container;
  41.         $this->entityManager $entityManager;
  42.         $this->encoder $encoder;
  43.     }
  45.     /**
  46.      * Check whether this guard is applicable for the current request.
  47.      */
  48.     public function supports(Request $request)
  49.     {
  50.         return 'OPTIONS' != $request->getRealMethod() && 'uvdesk_api' === $this->firewall->getFirewallConfig($request)->getName();
  51.     }
  53.     /**
  54.      * Retrieve and prepare credentials from the request.
  55.      */
  56.     public function getCredentials(Request $request)
  57.     {
  58.         $accessToken null;
  59.         $authorization $request->headers->get('Authorization');
  61.         if (!empty($authorization) && strpos(strtolower($authorization), 'basic') === 0) {
  62.             $accessToken substr($authorization6);
  63.         } else if (!empty($authorization) && strpos(strtolower($authorization), 'bearer') === 0) {
  64.             $accessToken substr($authorization7);
  65.         }
  67.         if (!empty($accessToken)) {
  68.             try {
  69.                 if (in_array($request->attributes->get('_route'), ['uvdesk_api_bundle_sessions_api_v1.0_login_session'])) {
  70.                     list($email$password) = explode(':'base64_decode($accessToken));
  72.                     return [
  73.                         'email' => $email
  74.                         'password' => $password
  75.                     ];
  76.                 } else {
  77.                     $user $this->entityManager->getRepository(ApiAccessCredential::class)->getUserEmailByAccessToken($accessToken);
  78.                     
  79.                     return [
  80.                         'email' => $user['email'], 
  81.                         'accessToken' => $accessToken
  82.                     ];
  83.                 }
  84.             } catch (\Exception $e) {
  85.                 throw new AuthenticationException("An unexpected error occurred while authenticating credentials: {$e->getMessage()}");
  86.             }
  87.         }
  88.         
  89.         return [];
  90.     }
  92.     /**
  93.      * Retrieve the current user on behalf of which the request is being performed.
  94.      */
  95.     public function getUser($credentialsUserProviderInterface $provider)
  96.     {
  97.         return !empty($credentials['email']) ? $provider->loadUserByUsername($credentials['email']) : null;
  98.     }
  100.     /**
  101.      * Process the provided credentials and check whether the current request is properly authenticated.
  102.      */
  103.     public function checkCredentials($credentialsUserInterface $user)
  104.     {
  105.         if (!empty($credentials['password'])) {
  106.             return $this->encoder->isPasswordValid($user$credentials['password']);
  107.         }
  109.         if (!empty($credentials['accessToken'])) {
  110.             $accessCredentials $this->entityManager->getRepository(ApiAccessCredential::class)->findOneBy([
  111.                 'user' => $user,
  112.                 'token' => $credentials['accessToken'],
  113.             ]);
  115.             if (!empty($accessCredentials) && true == $accessCredentials->getIsEnabled() && false == $accessCredentials->getIsExpired()) {
  116.                 return true;
  117.             }
  118.         }
  120.         return false;
  121.     }
  123.     /**
  124.      * Disable support for the "remember me" functionality.
  125.      */
  126.     public function supportsRememberMe()
  127.     {
  128.         return false;
  129.     }
  131.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey)
  132.     {
  133.         return null;
  134.     }
  136.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception)
  137.     {
  138.         switch ($exception->getMessageKey()) {
  139.             case 'Username could not be found.':
  140.                 $data = [
  141.                     'status' => false,
  142.                     'message' => 'No such user found',
  143.                     'error_code' => self::USER_NOT_FOUND,
  144.                 ];
  145.                 
  146.                 break;
  147.             case 'Invalid Credentials.':
  148.                 $data = [
  149.                     'status' => false,
  150.                     'message' => 'Invalid credentials provided.',
  151.                     'error_code' => self::INVALID_CREDNETIALS,
  152.                 ];
  153.                 
  154.                 break;
  155.             default:
  156.                 $data = [
  157.                     'status' => false,
  158.                     'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),
  159.                     'error_code' => self::UNEXPECTED_ERROR,
  160.                 ];
  162.                 break;
  163.         }
  165.         return new JsonResponse($dataResponse::HTTP_FORBIDDEN);
  166.     }
  168.     public function start(Request $requestAuthenticationException $authException null)
  169.     {
  170.         $data = [
  171.             'status' => false,
  172.             'message' => 'Authentication Required',
  173.             'error_code' => self::API_NOT_AUTHENTICATED,
  174.         ];
  176.         return new JsonResponse($dataResponse::HTTP_UNAUTHORIZED);
  177.     }
  178. }