vendor/uvdesk/api-bundle/Security/Guards/APIGuard.php line 39

Open in your IDE?
  1. <?php
  3. namespace Webkul\UVDesk\ApiBundle\Security\Guards;
  5. use Doctrine\ORM\Tools\Setup;
  6. use Doctrine\ORM\EntityManagerInterface;
  7. use Symfony\Component\HttpFoundation\Request;
  8. use Symfony\Component\HttpFoundation\Response;
  9. use Symfony\Component\HttpFoundation\RequestStack;
  10. use Symfony\Component\HttpFoundation\JsonResponse;
  11. use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
  12. use Symfony\Component\Security\Core\User\UserInterface;
  13. use Webkul\UVDesk\ApiBundle\Entity\ApiAccessCredential;
  14. use Symfony\Component\DependencyInjection\ContainerInterface;
  15. use Symfony\Component\Security\Core\User\UserProviderInterface;
  16. use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
  17. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  18. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  21. class APIGuard extends AbstractGuardAuthenticator
  22. {
  23. /**
  24. * [API-*] API Exception Codes
  25. */
  26. const API_UNAUTHORIZED = 'API-001';
  27. const API_NOT_AUTHENTICATED = 'API-002';
  28. const API_INSUFFICIENT_PARAMS = 'API-003';
  30. /**
  31. * [CC-*] Campus Connect Exception Codes
  32. */
  33. const USER_NOT_FOUND = 'CC-001';
  34. const INVALID_CREDNETIALS = 'CC-002';
  35. const UNEXPECTED_ERROR = 'CC-005';
  37. public function __construct(FirewallMap $firewall, ContainerInterface $container, EntityManagerInterface $entityManager, UserPasswordEncoderInterface $encoder)
  38. {
  39. $this->firewall = $firewall;
  40. $this->container = $container;
  41. $this->entityManager = $entityManager;
  42. $this->encoder = $encoder;
  43. }
  45. /**
  46. * Check whether this guard is applicable for the current request.
  47. */
  48. public function supports(Request $request)
  49. {
  50. return 'OPTIONS' != $request->getRealMethod() && 'uvdesk_api' === $this->firewall->getFirewallConfig($request)->getName();
  51. }
  53. /**
  54. * Retrieve and prepare credentials from the request.
  55. */
  56. public function getCredentials(Request $request)
  57. {
  58. $accessToken = null;
  59. $authorization = $request->headers->get('Authorization');
  61. if (!empty($authorization) && strpos(strtolower($authorization), 'basic') === 0) {
  62. $accessToken = substr($authorization, 6);
  63. } else if (!empty($authorization) && strpos(strtolower($authorization), 'bearer') === 0) {
  64. $accessToken = substr($authorization, 7);
  65. }
  67. if (!empty($accessToken)) {
  68. try {
  69. if (in_array($request->attributes->get('_route'), ['uvdesk_api_bundle_sessions_api_v1.0_login_session'])) {
  70. list($email, $password) = explode(':', base64_decode($accessToken));
  72. return [
  73. 'email' => $email,
  74. 'password' => $password,
  75. ];
  76. } else {
  77. $user = $this->entityManager->getRepository(ApiAccessCredential::class)->getUserEmailByAccessToken($accessToken);
  79. return [
  80. 'email' => $user['email'],
  81. 'accessToken' => $accessToken,
  82. ];
  83. }
  84. } catch (\Exception $e) {
  85. throw new AuthenticationException("An unexpected error occurred while authenticating credentials: {$e->getMessage()}");
  86. }
  87. }
  89. return [];
  90. }
  92. /**
  93. * Retrieve the current user on behalf of which the request is being performed.
  94. */
  95. public function getUser($credentials, UserProviderInterface $provider)
  96. {
  97. return !empty($credentials['email']) ? $provider->loadUserByUsername($credentials['email']) : null;
  98. }
  100. /**
  101. * Process the provided credentials and check whether the current request is properly authenticated.
  102. */
  103. public function checkCredentials($credentials, UserInterface $user)
  104. {
  105. if (!empty($credentials['password'])) {
  106. return $this->encoder->isPasswordValid($user, $credentials['password']);
  107. }
  109. if (!empty($credentials['accessToken'])) {
  110. $accessCredentials = $this->entityManager->getRepository(ApiAccessCredential::class)->findOneBy([
  111. 'user' => $user,
  112. 'token' => $credentials['accessToken'],
  113. ]);
  115. if (
  116. ! empty($accessCredentials)
  117. && true == $accessCredentials->getIsEnabled()
  118. && false == $accessCredentials->getIsExpired()
  119. ) {
  120. return true;
  121. }
  122. }
  124. return false;
  125. }
  127. /**
  128. * Disable support for the "remember me" functionality.
  129. */
  130. public function supportsRememberMe()
  131. {
  132. return false;
  133. }
  135. public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
  136. {
  137. return null;
  138. }
  140. public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
  141. {
  142. switch ($exception->getMessageKey()) {
  143. case 'Username could not be found.':
  144. $data = [
  145. 'status' => false,
  146. 'message' => 'No such user found',
  147. 'error_code' => self::USER_NOT_FOUND,
  148. ];
  150. break;
  151. case 'Invalid Credentials.':
  152. $data = [
  153. 'status' => false,
  154. 'message' => 'Invalid credentials provided.',
  155. 'error_code' => self::INVALID_CREDNETIALS,
  156. ];
  158. break;
  159. case 'An authentication exception occurred.':
  160. if ($request->attributes->get('_route') == 'uvdesk_api_bundle_sessions_api_v1.0_logout_session'){
  161. $data = [
  162. 'status' => false,
  163. 'message' => 'This Session token has been already expired successfully.',
  164. 'error_code' => self::INVALID_CREDNETIALS,
  165. ];
  167. return new JsonResponse($data, Response::HTTP_FORBIDDEN);
  168. }
  170. $data = [
  171. 'status' => false,
  172. 'message' => 'This api is disabled from admin end, please check once again.',
  173. 'error_code' => self::INVALID_CREDNETIALS,
  174. ];
  176. break;
  177. default:
  178. $data = [
  179. 'status' => false,
  180. 'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),
  181. 'error_code' => self::UNEXPECTED_ERROR,
  182. ];
  184. break;
  185. }
  187. return new JsonResponse($data, Response::HTTP_FORBIDDEN);
  188. }
  190. public function start(Request $request, AuthenticationException $authException = null)
  191. {
  192. $data = [
  193. 'status' => false,
  194. 'message' => 'Authentication Required',
  195. 'error_code' => self::API_NOT_AUTHENTICATED,
  196. ];
  198. return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
  199. }
  200. }