vendor/scheb/2fa-bundle/Security/TwoFactor/Provider/TwoFactorProviderPreparationListener.php line 48

  1. <?php
  3. declare(strict_types=1);
  5. namespace Scheb\TwoFactorBundle\Security\TwoFactor\Provider;
  7. use Psr\Log\LoggerInterface;
  8. use Psr\Log\NullLogger;
  9. use Scheb\TwoFactorBundle\Security\Authentication\Token\TwoFactorTokenInterface;
  10. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvent;
  11. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvents;
  12. use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Exception\UnexpectedTokenException;
  13. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  14. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  15. use Symfony\Component\HttpKernel\KernelEvents;
  16. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  17. use Symfony\Component\Security\Core\AuthenticationEvents;
  18. use Symfony\Component\Security\Core\Event\AuthenticationEvent;
  19. use function assert;
  20. use function sprintf;
  21. use const PHP_INT_MAX;
  23. /**
  24.  * @final
  25.  */
  26. class TwoFactorProviderPreparationListener implements EventSubscriberInterface
  27. {
  28.     // This must trigger very first, followed by AuthenticationSuccessEventSuppressor
  29.     public const AUTHENTICATION_SUCCESS_LISTENER_PRIORITY PHP_INT_MAX;
  31.     // Execute right before ContextListener, which is serializing the security token into the session
  32.     public const RESPONSE_LISTENER_PRIORITY 1;
  34.     private ?TwoFactorTokenInterface $twoFactorToken null;
  35.     private LoggerInterface $logger;
  37.     public function __construct(
  38.         private TwoFactorProviderRegistry $providerRegistry,
  39.         private PreparationRecorderInterface $preparationRecorder,
  40.         ?LoggerInterface $logger,
  41.         private string $firewallName,
  42.         private bool $prepareOnLogin,
  43.         private bool $prepareOnAccessDenied
  44.     ) {
  45.         $this->logger $logger ?? new NullLogger();
  46.     }
  48.     public function onLogin(AuthenticationEvent $event): void
  49.     {
  50.         $token $event->getAuthenticationToken();
  51.         if (!$this->prepareOnLogin || !$this->supports($token)) {
  52.             return;
  53.         }
  55.         // After login, when the token is a TwoFactorTokenInterface, execute preparation
  56.         assert($token instanceof TwoFactorTokenInterface);
  57.         $this->twoFactorToken $token;
  58.     }
  60.     public function onAccessDenied(TwoFactorAuthenticationEvent $event): void
  61.     {
  62.         $token $event->getToken();
  63.         if (!$this->prepareOnAccessDenied || !$this->supports($token)) {
  64.             return;
  65.         }
  67.         // Whenever two-factor authentication is required, execute preparation
  68.         assert($token instanceof TwoFactorTokenInterface);
  69.         $this->twoFactorToken $token;
  70.     }
  72.     public function onTwoFactorForm(TwoFactorAuthenticationEvent $event): void
  73.     {
  74.         $token $event->getToken();
  75.         if (!$this->supports($token)) {
  76.             return;
  77.         }
  79.         // Whenever two-factor authentication form is shown, execute preparation
  80.         assert($token instanceof TwoFactorTokenInterface);
  81.         $this->twoFactorToken $token;
  82.     }
  84.     public function onKernelResponse(ResponseEvent $event): void
  85.     {
  86.         if (!$event->isMainRequest()) {
  87.             return;
  88.         }
  90.         // Unset the token from context. This is important for environments where this instance of the class is reused
  91.         // for multiple requests, such as PHP PM.
  92.         $twoFactorToken $this->twoFactorToken;
  93.         $this->twoFactorToken null;
  95.         if (!($twoFactorToken instanceof TwoFactorTokenInterface)) {
  96.             return;
  97.         }
  99.         $providerName $twoFactorToken->getCurrentTwoFactorProvider();
  100.         if (null === $providerName) {
  101.             return;
  102.         }
  104.         $firewallName $twoFactorToken->getFirewallName();
  106.         try {
  107.             if ($this->preparationRecorder->isTwoFactorProviderPrepared($firewallName$providerName)) {
  108.                 $this->logger->info(sprintf('Two-factor provider "%s" was already prepared.'$providerName));
  110.                 return;
  111.             }
  113.             $user $twoFactorToken->getUser();
  114.             $this->providerRegistry->getProvider($providerName)->prepareAuthentication($user);
  115.             $this->preparationRecorder->setTwoFactorProviderPrepared($firewallName$providerName);
  116.             $this->logger->info(sprintf('Two-factor provider "%s" prepared.'$providerName));
  117.         } catch (UnexpectedTokenException) {
  118.             $this->logger->info(sprintf('Two-factor provider "%s" was not prepared, security token was change within the request.'$providerName));
  119.         }
  120.     }
  122.     private function supports(TokenInterface $token): bool
  123.     {
  124.         return $token instanceof TwoFactorTokenInterface && $token->getFirewallName() === $this->firewallName;
  125.     }
  127.     /**
  128.      * {@inheritdoc}
  129.      */
  130.     public static function getSubscribedEvents(): array
  131.     {
  132.         return [
  133.             AuthenticationEvents::AUTHENTICATION_SUCCESS => ['onLogin'self::AUTHENTICATION_SUCCESS_LISTENER_PRIORITY],
  134.             TwoFactorAuthenticationEvents::REQUIRE => 'onAccessDenied',
  135.             TwoFactorAuthenticationEvents::FORM => 'onTwoFactorForm',
  136.             KernelEvents::RESPONSE => ['onKernelResponse'self::RESPONSE_LISTENER_PRIORITY],
  137.         ];
  138.     }
  139. }