vendor/symfony/security-http/Firewall/AbstractAuthenticationListener.php line 259

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Psr\Log\LoggerInterface;
  15. use Symfony\Component\EventDispatcher\LegacyEventDispatcherProxy;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpFoundation\Response;
  18. use Symfony\Component\HttpKernel\Event\RequestEvent;
  19. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  20. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  21. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  22. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  23. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  24. use Symfony\Component\Security\Core\Exception\SessionUnavailableException;
  25. use Symfony\Component\Security\Core\Security;
  26. use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
  27. use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
  28. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  29. use Symfony\Component\Security\Http\HttpUtils;
  30. use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
  31. use Symfony\Component\Security\Http\SecurityEvents;
  32. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
  33. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  34. use Webkul\UVDesk\CoreFrameworkBundle\Entity\User;
  35. use Webkul\UVDesk\CoreFrameworkBundle\Entity\UserInstance;
  36. use Webkul\UVDesk\CoreFrameworkBundle\Entity\SupportGroup;
  37. use Mysqli;
  39. /**
  40.  * The AbstractAuthenticationListener is the preferred base class for all
  41.  * browser-/HTTP-based authentication requests.
  42.  *
  43.  * Subclasses likely have to implement the following:
  44.  * - an TokenInterface to hold authentication related data
  45.  * - an AuthenticationProvider to perform the actual authentication of the
  46.  *   token, retrieve the UserInterface implementation from a database, and
  47.  *   perform the specific account checks using the UserChecker
  48.  *
  49.  * By default, this listener only is active for a specific path, e.g.
  50.  * /login_check. If you want to change this behavior, you can overwrite the
  51.  * requiresAuthentication() method.
  52.  *
  53.  * @author Fabien Potencier <fabien@symfony.com>
  54.  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  55.  */
  56. abstract class AbstractAuthenticationListener implements ListenerInterface
  57. {
  58.     use LegacyListenerTrait;
  60.     protected $options;
  61.     protected $logger;
  62.     protected $authenticationManager;
  63.     protected $providerKey;
  64.     protected $httpUtils;
  66.     private $tokenStorage;
  67.     private $sessionStrategy;
  68.     private $dispatcher;
  69.     private $successHandler;
  70.     private $failureHandler;
  71.     private $rememberMeServices;
  73.     /**
  74.      * @throws \InvalidArgumentException
  75.      */
  76.     public function __construct(TokenStorageInterface $tokenStorageAuthenticationManagerInterface $authenticationManagerSessionAuthenticationStrategyInterface $sessionStrategyHttpUtils $httpUtilsstring $providerKeyAuthenticationSuccessHandlerInterface $successHandlerAuthenticationFailureHandlerInterface $failureHandler, array $options = [], LoggerInterface $logger nullEventDispatcherInterface $dispatcher null)
  77.     {
  78.         if (empty($providerKey)) {
  79.             throw new \InvalidArgumentException('$providerKey must not be empty.');
  80.         }
  82.         $this->tokenStorage $tokenStorage;
  83.         $this->authenticationManager $authenticationManager;
  84.         $this->sessionStrategy $sessionStrategy;
  85.         $this->providerKey $providerKey;
  86.         $this->successHandler $successHandler;
  87.         $this->failureHandler $failureHandler;
  88.         $this->options array_merge([
  89.             'check_path' => '/login_check',
  90.             'login_path' => '/login',
  91.             'always_use_default_target_path' => false,
  92.             'default_target_path' => '/',
  93.             'target_path_parameter' => '_target_path',
  94.             'use_referer' => false,
  95.             'failure_path' => null,
  96.             'failure_forward' => false,
  97.             'require_previous_session' => true,
  98.         ], $options);
  99.         $this->logger $logger;
  100.         $this->dispatcher LegacyEventDispatcherProxy::decorate($dispatcher);
  101.         $this->httpUtils $httpUtils;
  102.     }
  104.     /**
  105.      * Sets the RememberMeServices implementation to use.
  106.      */
  107.     public function setRememberMeServices(RememberMeServicesInterface $rememberMeServices)
  108.     {
  109.         $this->rememberMeServices $rememberMeServices;
  110.     }
  112.     public function conectionTKT(){
  114.         $mysqli = new mysqli("database-plesk.cfcc6wi065dc.us-east-1.rds.amazonaws.com""ticketera""Qn0is837Zo102""admin_tkt2");
  115.         //$mysqli = new mysqli("localhost", "root", "root", "ticketerasg");
  117.         /* comprobar la conexión */
  118.         if ($mysqli->connect_errno) {
  119.             printf("Falló la conexión: %s\n"$mysqli->connect_error);
  120.             exit();
  121.         }
  123.         return $mysqli;
  124.     }
  125.     
  126.     /**
  127.      * Handles form based authentication.
  128.      *
  129.      * @throws \RuntimeException
  130.      * @throws SessionUnavailableException
  131.      */
  132.     public function __invoke(RequestEvent $event)
  133.     {
  134.         $request $event->getRequest();
  136.         if (!$this->requiresAuthentication($request)) {
  137.             return;
  138.         }
  140.         if (!$request->hasSession()) {
  141.             throw new \RuntimeException('This authentication method requires a session.');
  142.         }
  144.         try {
  145.             if ($this->options['require_previous_session'] && !$request->hasPreviousSession()) {
  146.                 throw new SessionUnavailableException('Your session has timed out, or you have disabled cookies.');
  147.             }
  148. /* 
  149.             if (null === $returnValue = $this->attemptAuthentication($request)) {
  150.                 return;
  151.             } */
  152.             
  153.              $email $request->request->get('_username');
  154.             $password $request->request->get('_password');
  155.   
  156.             if ($this->isHashAuthentication($password)) {
  157.                 
  159.                 $mysqli $this->conectionTKT();
  160.         
  161.                 // Preparar la consulta para obtener el usuario por email
  162.                 $consulta $mysqli->prepare("SELECT * FROM uv_user WHERE email = ?");
  163.                 $consulta->bind_param("s"$email);  // "s" indica que estamos pasando un string (el email)
  164.                 $consulta->execute();
  165.                 $resultado $consulta->get_result();
  166.                
  168.                             
  169.                             if ($resultado->num_rows 0) {
  170.                                 // Obtener el primer usuario
  171.                                 $userData $resultado->fetch_assoc();  // Obtiene los datos del usuario en un array asociativo
  172.                         
  173.                                 if($password === $userData['password']){
  174.                     
  175.                                 // Crear una nueva instancia del objeto User
  176.                                 $user = new User();
  178.                                 // Asignar los valores básicos obligatorios
  179.                                 $user->setEmail($userData['email']);  // Establecer el correo del usuario
  180.                                 $user->setRoles(['ROLE_CUSTOMER']);  // Asignar los roles
  182.                                 // Asegurarse de que 'isEnabled' está configurado
  183.                                 $user->setIsEnabled(true);  // Por defecto, el usuario debe estar habilitado
  185.                                 // Asignar campos adicionales si están disponibles
  186.                                 if (isset($userData['firstName']) && !empty($userData['firstName'])) {
  187.                                     $user->setFirstName($userData['firstName']);  // Establecer el primer nombre
  188.                                 }
  190.                                 if (isset($userData['lastName']) && !empty($userData['lastName'])) {
  191.                                     $user->setLastName($userData['lastName']);  // Establecer el apellido
  192.                                 }
  194.                                 if (isset($userData['password']) && !empty($userData['password'])) {
  195.                                     $user->setPassword($userData['password']);  // Establecer la contraseña (asegúrate de que esté cifrada)
  196.                                 }
  198.                                 // Asegurarse de que 'userInstance' no esté vacío (crear una instancia si es necesario)
  199.                                 if (empty($userData['userInstance'])) {
  200.                                     // Si no hay UserInstance, crear una nueva instancia o asociar alguna por defecto
  201.                                     $userInstance = new UserInstance();
  202.                                     $user->addUserInstance($userInstance);  // Añadir una instancia por defecto si es necesario
  203.                                 } else {
  204.                                     // Si ya tiene UserInstances asociadas, asignarlas
  205.                                     foreach ($userData['userInstance'] as $instance) {
  206.                                         $userInstance = new UserInstance();
  207.                                         // Aquí podrías asignar datos adicionales a la instancia si los tienes.
  208.                                         $user->addUserInstance($userInstance);  // Añadir instancias existentes
  209.                                     }
  210.                                 }
  212.                                 // Asignar otros campos opcionales
  213.                                 if (isset($userData['timezone'])) {
  214.                                     $user->setTimezone($userData['timezone']);  // Establecer la zona horaria
  215.                                 }
  217.                                 if (isset($userData['timeformat'])) {
  218.                                     $user->setTimeformat($userData['timeformat']);  // Establecer el formato de hora
  219.                                 }
  221.                                 if (isset($userData['verificationCode'])) {
  222.                                     $user->setVerificationCode($userData['verificationCode']);  // Establecer el código de verificación
  223.                                 }
  225.                                 // Asignar 'lastActivity' si está disponible
  226.                                 if (isset($userData['lastActivity'])) {
  227.                                     $user->setlastActivity(new \DateTime($userData['lastActivity']));  // Establecer la última actividad
  228.                                 }
  230.                                 // Si tienes un grupo de soporte asignado, puedes asociarlo también
  231.                                 if (isset($userData['supportGroup']) && !empty($userData['supportGroup'])) {
  232.                                     // Si tienes una entidad SupportGroup, asignala aquí
  233.                                     $supportGroup = new SupportGroup();  // Suponiendo que SupportGroup es una entidad
  234.                                     $user->setSupportGroup($supportGroup);  // Asignar el grupo de soporte
  235.                                 }
  237.                                 
  238.                                     // Crear un token de autenticación
  239.                                     $token = new UsernamePasswordToken($usernull'main'$user->getRoles());
  240.                             
  241.                                     // Establecer el token en el token_storage
  242.                                     $this->tokenStorage->setToken($token);
  243.                     
  244.                                     // Se asigna el token al returnValue
  245.                                     $returnValue $token;
  246.                                 }
  247.                                 else{
  248.                                     return;
  249.                                 }
  250.                             } else {
  251.                                 // Si no se encuentra el usuario, manejar el error (por ejemplo, lanzar una excepción)
  252.                                 throw new \RuntimeException('Las claves no coinciden');
  253.                             }
  254.                     
  255.                             // Cerrar la conexión a la base de datos
  256.                             $mysqli->close();
  257.             } else {
  258.                 // Si no es hash, utilizamos el método normal
  259.                 $returnValue $this->attemptAuthentication($request);
  260.             }
  262.             if (null === $returnValue) {
  263.                 return;
  264.             }
  266.             if ($returnValue instanceof TokenInterface) {
  267.                 $this->sessionStrategy->onAuthentication($request$returnValue);
  269.                 $response $this->onSuccess($request$returnValue);
  270.             } elseif ($returnValue instanceof Response) {
  271.                 $response $returnValue;
  272.             } else {
  273.                 throw new \RuntimeException('attemptAuthentication() must either return a Response, an implementation of TokenInterface, or null.');
  274.             }
  275.         } catch (AuthenticationException $e) {
  276.             $response $this->onFailure($request$e);
  277.         }
  279.         $event->setResponse($response);
  280.     }
  281.     
  282.      private function isHashAuthentication($password)
  283.     {
  284.         return strlen($password) === 60 && strpos($password'$2y$') === 0;
  285.     }
  288.     /**
  289.      * Whether this request requires authentication.
  290.      *
  291.      * The default implementation only processes requests to a specific path,
  292.      * but a subclass could change this to only authenticate requests where a
  293.      * certain parameters is present.
  294.      *
  295.      * @return bool
  296.      */
  297.     protected function requiresAuthentication(Request $request)
  298.     {
  299.         return $this->httpUtils->checkRequestPath($request$this->options['check_path']);
  300.     }
  302.     /**
  303.      * Performs authentication.
  304.      *
  305.      * @return TokenInterface|Response|null The authenticated token, null if full authentication is not possible, or a Response
  306.      *
  307.      * @throws AuthenticationException if the authentication fails
  308.      */
  309.     abstract protected function attemptAuthentication(Request $request);
  311.     private function onFailure(Request $requestAuthenticationException $failed)
  312.     {
  313.         if (null !== $this->logger) {
  314.             $this->logger->info('Authentication request failed.', ['exception' => $failed]);
  315.         }
  317.         $token $this->tokenStorage->getToken();
  318.         if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) {
  319.             $this->tokenStorage->setToken(null);
  320.         }
  322.         $response $this->failureHandler->onAuthenticationFailure($request$failed);
  324.         if (!$response instanceof Response) {
  325.             throw new \RuntimeException('Authentication Failure Handler did not return a Response.');
  326.         }
  328.         return $response;
  329.     }
  331.     private function onSuccess(Request $requestTokenInterface $token)
  332.     {
  333.         if (null !== $this->logger) {
  334.             $this->logger->info('User has been authenticated successfully.', ['username' => $token->getUsername()]);
  335.         }
  337.         $this->tokenStorage->setToken($token);
  339.         $session $request->getSession();
  340.         $session->remove(Security::AUTHENTICATION_ERROR);
  341.         $session->remove(Security::LAST_USERNAME);
  343.         if (null !== $this->dispatcher) {
  344.             $loginEvent = new InteractiveLoginEvent($request$token);
  345.             $this->dispatcher->dispatch($loginEventSecurityEvents::INTERACTIVE_LOGIN);
  346.         }
  348.         $response $this->successHandler->onAuthenticationSuccess($request$token);
  350.         if (!$response instanceof Response) {
  351.             throw new \RuntimeException('Authentication Success Handler did not return a Response.');
  352.         }
  354.         if (null !== $this->rememberMeServices) {
  355.             $this->rememberMeServices->loginSuccess($request$response$token);
  356.         }
  358.         return $response;
  359.     }
  360. }