vendor/uvdesk/api-bundle/Security/Guards/APIGuard.php line 39

Open in your IDE?
  1. <?php
  3. namespace Webkul\UVDesk\ApiBundle\Security\Guards;
  5. use Doctrine\ORM\EntityManagerInterface;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Component\HttpFoundation\Response;
  8. use Symfony\Component\HttpFoundation\JsonResponse;
  9. use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
  10. use Symfony\Component\Security\Core\User\UserInterface;
  11. use Symfony\Component\DependencyInjection\ContainerInterface;
  12. use Symfony\Component\Security\Core\User\UserProviderInterface;
  13. use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
  14. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  15. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  16. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  17. use Webkul\UVDesk\ApiBundle\Entity\ApiAccessCredential;
  19. class APIGuard extends AbstractGuardAuthenticator
  20. {
  21.     /**
  22.      * [API-*] API Exception Codes
  23.      */
  24.     const API_UNAUTHORIZED 'API-001';
  25.     const API_NOT_AUTHENTICATED 'API-002';
  26.     const API_INSUFFICIENT_PARAMS 'API-003';
  28.     /**
  29.      * [CC-*] Campus Connect Exception Codes
  30.      */
  31.     const USER_NOT_FOUND 'CC-001';
  32.     const INVALID_CREDNETIALS 'CC-002';
  33.     const UNEXPECTED_ERROR 'CC-005';
  35.     public function __construct(FirewallMap $firewallContainerInterface $containerEntityManagerInterface $entityManagerUserPasswordEncoderInterface $encoder)
  36.     {
  37.         $this->firewall $firewall;
  38.         $this->container $container;
  39.         $this->entityManager $entityManager;
  40.         $this->encoder $encoder;
  41.     }
  43.     /**
  44.      * Check whether this guard is applicable for the current request.
  45.      */
  46.     public function supports(Request $request)
  47.     {
  48.         return 'OPTIONS' != $request->getRealMethod() && 'uvdesk_api' === $this->firewall->getFirewallConfig($request)->getName();
  49.     }
  51.     /**
  52.      * Retrieve and prepare credentials from the request.
  53.      */
  54.     public function getCredentials(Request $request)
  55.     {
  56.         $accessToken null;
  57.         $authorization $request->headers->get('Authorization');
  59.         if (!empty($authorization) && strpos(strtolower($authorization), 'basic') === 0) {
  60.             $accessToken substr($authorization6);
  61.         } else if (!empty($authorization) && strpos(strtolower($authorization), 'bearer') === 0) {
  62.             $accessToken substr($authorization7);
  63.         }
  65.         if (!empty($accessToken)) {
  66.             try {
  67.                 if (in_array($request->attributes->get('_route'), ['uvdesk_api_bundle_sessions_api_v1.0_login_session'])) {
  68.                     list($email$password) = explode(':'base64_decode($accessToken));
  70.                     return [
  71.                         'email'    => $email
  72.                         'password' => $password
  73.                     ];
  74.                 } else {
  75.                     $user $this->entityManager->getRepository(ApiAccessCredential::class)->getUserEmailByAccessToken($accessToken);
  76.                     
  77.                     return [
  78.                         'email'       => $user['email'], 
  79.                         'accessToken' => $accessToken
  80.                     ];
  81.                 }
  82.             } catch (\Exception $e) {
  83.                 throw new AuthenticationException("An unexpected error occurred while authenticating credentials: {$e->getMessage()}");
  84.             }
  85.         }
  86.         
  87.         return [];
  88.     }
  90.     /**
  91.      * Retrieve the current user on behalf of which the request is being performed.
  92.      */
  93.     public function getUser($credentialsUserProviderInterface $provider)
  94.     {
  95.         return !empty($credentials['email']) ? $provider->loadUserByUsername($credentials['email']) : null;
  96.     }
  98.     /**
  99.      * Process the provided credentials and check whether the current request is properly authenticated.
  100.      */
  101.     public function checkCredentials($credentialsUserInterface $user)
  102.     {
  103.         if (!empty($credentials['password'])) {
  104.             return $this->encoder->isPasswordValid($user$credentials['password']);
  105.         }
  107.         if (!empty($credentials['accessToken'])) {
  108.             $accessCredentials $this->entityManager->getRepository(ApiAccessCredential::class)->findOneBy([
  109.                 'user'  => $user,
  110.                 'token' => $credentials['accessToken'],
  111.             ]);
  113.             if (
  114.                 ! empty($accessCredentials)
  115.                 && true == $accessCredentials->getIsEnabled()
  116.                 && false == $accessCredentials->getIsExpired()
  117.             ) {
  118.                 return true;
  119.             }
  120.         }
  122.         return false;
  123.     }
  125.     /**
  126.      * Disable support for the "remember me" functionality.
  127.      */
  128.     public function supportsRememberMe()
  129.     {
  130.         return false;
  131.     }
  133.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey)
  134.     {
  135.         return null;
  136.     }
  138.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception)
  139.     {
  140.         switch ($exception->getMessageKey()) {
  141.             case 'Username could not be found.':
  142.                 $data = [
  143.                     'status'     => false,
  144.                     'message'    => 'No such user found',
  145.                     'error_code' => self::USER_NOT_FOUND,
  146.                 ];
  147.                 
  148.                 break;
  149.             case 'Invalid Credentials.':
  150.                 $data = [
  151.                     'status'     => false,
  152.                     'message'    => 'Invalid credentials provided.',
  153.                     'error_code' => self::INVALID_CREDNETIALS,
  154.                 ];
  156.                 break;
  157.             case 'An authentication exception occurred.':
  158.                 if ($request->attributes->get('_route') == 'uvdesk_api_bundle_sessions_api_v1.0_logout_session'){
  159.                     $data = [
  160.                         'status'     => false,
  161.                         'message'    => 'This Session token has been already expired successfully.',
  162.                         'error_code' => self::INVALID_CREDNETIALS,
  163.                     ];
  165.                     return new JsonResponse($dataResponse::HTTP_FORBIDDEN);
  166.                 }
  168.                 $data = [
  169.                     'status'     => false,
  170.                     'message'    => 'This api is disabled from admin end, please check once again.',
  171.                     'error_code' => self::INVALID_CREDNETIALS,
  172.                 ];
  173.                 
  174.                 break;
  175.             default:
  176.                 $data = [
  177.                     'status'     => false,
  178.                     'message'    => strtr($exception->getMessageKey(), $exception->getMessageData()),
  179.                     'error_code' => self::UNEXPECTED_ERROR,
  180.                 ];
  182.                 break;
  183.         }
  185.         return new JsonResponse($dataResponse::HTTP_FORBIDDEN);
  186.     }
  188.     public function start(Request $requestAuthenticationException $authException null)
  189.     {
  190.         $data = [
  191.             'status'     => false,
  192.             'message'    => 'Authentication Required',
  193.             'error_code' => self::API_NOT_AUTHENTICATED,
  194.         ];
  196.         return new JsonResponse($dataResponse::HTTP_UNAUTHORIZED);
  197.     }
  198. }