vendor/uvdesk/api-bundle/Security/Guards/APIGuard.php line 188

Open in your IDE?
  1. <?php
  3. namespace Webkul\UVDesk\ApiBundle\Security\Guards;
  5. use Doctrine\ORM\EntityManagerInterface;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Component\HttpFoundation\Response;
  8. use Symfony\Component\HttpFoundation\JsonResponse;
  9. use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
  10. use Symfony\Component\Security\Core\User\UserInterface;
  11. use Symfony\Component\DependencyInjection\ContainerInterface;
  12. use Symfony\Component\Security\Core\User\UserProviderInterface;
  13. use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
  14. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  15. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  16. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  17. use Webkul\UVDesk\ApiBundle\Entity\ApiAccessCredential;
  19. class APIGuard extends AbstractGuardAuthenticator
  20. {
  21. /**
  22. * [API-*] API Exception Codes
  23. */
  24. const API_UNAUTHORIZED = 'API-001';
  25. const API_NOT_AUTHENTICATED = 'API-002';
  26. const API_INSUFFICIENT_PARAMS = 'API-003';
  28. /**
  29. * [CC-*] Campus Connect Exception Codes
  30. */
  31. const USER_NOT_FOUND = 'CC-001';
  32. const INVALID_CREDNETIALS = 'CC-002';
  33. const UNEXPECTED_ERROR = 'CC-005';
  35. public function __construct(FirewallMap $firewall, ContainerInterface $container, EntityManagerInterface $entityManager, UserPasswordEncoderInterface $encoder)
  36. {
  37. $this->firewall = $firewall;
  38. $this->container = $container;
  39. $this->entityManager = $entityManager;
  40. $this->encoder = $encoder;
  41. }
  43. /**
  44. * Check whether this guard is applicable for the current request.
  45. */
  46. public function supports(Request $request)
  47. {
  48. return 'OPTIONS' != $request->getRealMethod() && 'uvdesk_api' === $this->firewall->getFirewallConfig($request)->getName();
  49. }
  51. /**
  52. * Retrieve and prepare credentials from the request.
  53. */
  54. public function getCredentials(Request $request)
  55. {
  56. $accessToken = null;
  57. $authorization = $request->headers->get('Authorization');
  59. if (!empty($authorization) && strpos(strtolower($authorization), 'basic') === 0) {
  60. $accessToken = substr($authorization, 6);
  61. } else if (!empty($authorization) && strpos(strtolower($authorization), 'bearer') === 0) {
  62. $accessToken = substr($authorization, 7);
  63. }
  65. if (!empty($accessToken)) {
  66. try {
  67. if (in_array($request->attributes->get('_route'), ['uvdesk_api_bundle_sessions_api_v1.0_login_session'])) {
  68. list($email, $password) = explode(':', base64_decode($accessToken));
  70. return [
  71. 'email' => $email,
  72. 'password' => $password,
  73. ];
  74. } else {
  75. $user = $this->entityManager->getRepository(ApiAccessCredential::class)->getUserEmailByAccessToken($accessToken);
  77. return [
  78. 'email' => $user['email'],
  79. 'accessToken' => $accessToken,
  80. ];
  81. }
  82. } catch (\Exception $e) {
  83. throw new AuthenticationException("An unexpected error occurred while authenticating credentials: {$e->getMessage()}");
  84. }
  85. }
  87. return [];
  88. }
  90. /**
  91. * Retrieve the current user on behalf of which the request is being performed.
  92. */
  93. public function getUser($credentials, UserProviderInterface $provider)
  94. {
  95. return !empty($credentials['email']) ? $provider->loadUserByUsername($credentials['email']) : null;
  96. }
  98. /**
  99. * Process the provided credentials and check whether the current request is properly authenticated.
  100. */
  101. public function checkCredentials($credentials, UserInterface $user)
  102. {
  103. if (!empty($credentials['password'])) {
  104. return $this->encoder->isPasswordValid($user, $credentials['password']);
  105. }
  107. if (!empty($credentials['accessToken'])) {
  108. $accessCredentials = $this->entityManager->getRepository(ApiAccessCredential::class)->findOneBy([
  109. 'user' => $user,
  110. 'token' => $credentials['accessToken'],
  111. ]);
  113. if (
  114. ! empty($accessCredentials)
  115. && true == $accessCredentials->getIsEnabled()
  116. && false == $accessCredentials->getIsExpired()
  117. ) {
  118. return true;
  119. }
  120. }
  122. return false;
  123. }
  125. /**
  126. * Disable support for the "remember me" functionality.
  127. */
  128. public function supportsRememberMe()
  129. {
  130. return false;
  131. }
  133. public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
  134. {
  135. return null;
  136. }
  138. public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
  139. {
  140. switch ($exception->getMessageKey()) {
  141. case 'Username could not be found.':
  142. $data = [
  143. 'status' => false,
  144. 'message' => 'No such user found',
  145. 'error_code' => self::USER_NOT_FOUND,
  146. ];
  148. break;
  149. case 'Invalid Credentials.':
  150. $data = [
  151. 'status' => false,
  152. 'message' => 'Invalid credentials provided.',
  153. 'error_code' => self::INVALID_CREDNETIALS,
  154. ];
  156. break;
  157. case 'An authentication exception occurred.':
  158. if ($request->attributes->get('_route') == 'uvdesk_api_bundle_sessions_api_v1.0_logout_session'){
  159. $data = [
  160. 'status' => false,
  161. 'message' => 'This Session token has been already expired successfully.',
  162. 'error_code' => self::INVALID_CREDNETIALS,
  163. ];
  165. return new JsonResponse($data, Response::HTTP_FORBIDDEN);
  166. }
  168. $data = [
  169. 'status' => false,
  170. 'message' => 'This api is disabled from admin end, please check once again.',
  171. 'error_code' => self::INVALID_CREDNETIALS,
  172. ];
  174. break;
  175. default:
  176. $data = [
  177. 'status' => false,
  178. 'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),
  179. 'error_code' => self::UNEXPECTED_ERROR,
  180. ];
  182. break;
  183. }
  185. return new JsonResponse($data, Response::HTTP_FORBIDDEN);
  186. }
  188. public function start(Request $request, AuthenticationException $authException = null)
  189. {
  190. $data = [
  191. 'status' => false,
  192. 'message' => 'Authentication Required',
  193. 'error_code' => self::API_NOT_AUTHENTICATED,
  194. ];
  196. return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
  197. }
  198. }