74 lines
2.9 KiB
PHP
74 lines
2.9 KiB
PHP
<?php
|
|
|
|
namespace App\User\Framework\Security;
|
|
|
|
use Symfony\Component\HttpFoundation\JsonResponse;
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
|
|
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
|
|
|
|
/**
|
|
* @see https://symfony.com/doc/current/security/custom_authenticator.html
|
|
*/
|
|
class LdapAuthenticator extends AbstractAuthenticator
|
|
{
|
|
/**
|
|
* Called on every request to decide if this authenticator should be
|
|
* used for the request. Returning `false` will cause this authenticator
|
|
* to be skipped.
|
|
*/
|
|
public function supports(Request $request): ?bool
|
|
{
|
|
// return $request->headers->has('X-AUTH-TOKEN');
|
|
}
|
|
|
|
public function authenticate(Request $request): Passport
|
|
{
|
|
// $apiToken = $request->headers->get('X-AUTH-TOKEN');
|
|
// if (null === $apiToken) {
|
|
// The token header was empty, authentication fails with HTTP Status
|
|
// Code 401 "Unauthorized"
|
|
// throw new CustomUserMessageAuthenticationException('No API token provided');
|
|
// }
|
|
|
|
// implement your own logic to get the user identifier from `$apiToken`
|
|
// e.g. by looking up a user in the database using its API key
|
|
// $userIdentifier = /** ... */;
|
|
|
|
// return new SelfValidatingPassport(new UserBadge($userIdentifier));
|
|
}
|
|
|
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
|
|
{
|
|
// on success, let the request continue
|
|
return null;
|
|
}
|
|
|
|
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
|
|
{
|
|
$data = [
|
|
// you may want to customize or obfuscate the message first
|
|
'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),
|
|
|
|
// or to translate this message
|
|
// $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
|
|
];
|
|
|
|
return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
|
|
}
|
|
|
|
// public function start(Request $request, ?AuthenticationException $authException = null): Response
|
|
// {
|
|
// /*
|
|
// * If you would like this class to control what happens when an anonymous user accesses a
|
|
// * protected page (e.g. redirect to /login), uncomment this method and make this class
|
|
// * implement Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface.
|
|
// *
|
|
// * For more details, see https://symfony.com/doc/current/security/experimental_authenticators.html#configuring-the-authentication-entry-point
|
|
// */
|
|
// }
|
|
}
|