123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186 |
- <?php
- namespace Drupal\Core\Authentication;
- use Drupal\Core\Routing\RouteMatch;
- use Symfony\Component\HttpFoundation\Request;
- /**
- * Manager for authentication.
- *
- * On each request, let all authentication providers try to authenticate the
- * user. The providers are iterated according to their priority and the first
- * provider detecting credentials for its method wins. No further provider will
- * get triggered.
- *
- * If no provider set an active user then the user is set to anonymous.
- */
- class AuthenticationManager implements AuthenticationProviderInterface, AuthenticationProviderFilterInterface, AuthenticationProviderChallengeInterface {
- /**
- * The authentication provider collector.
- *
- * @var \Drupal\Core\Authentication\AuthenticationCollectorInterface
- */
- protected $authCollector;
- /**
- * Creates a new authentication manager instance.
- *
- * @param \Drupal\Core\Authentication\AuthenticationCollectorInterface $auth_collector
- * The authentication provider collector.
- */
- public function __construct(AuthenticationCollectorInterface $auth_collector) {
- $this->authCollector = $auth_collector;
- }
- /**
- * {@inheritdoc}
- */
- public function applies(Request $request) {
- return (bool) $this->getProvider($request);
- }
- /**
- * {@inheritdoc}
- */
- public function authenticate(Request $request) {
- $provider_id = $this->getProvider($request);
- $provider = $this->authCollector->getProvider($provider_id);
- if ($provider) {
- return $provider->authenticate($request);
- }
- return NULL;
- }
- /**
- * {@inheritdoc}
- */
- public function appliesToRoutedRequest(Request $request, $authenticated) {
- $result = FALSE;
- if ($authenticated) {
- $result = $this->applyFilter($request, $authenticated, $this->getProvider($request));
- }
- else {
- foreach ($this->authCollector->getSortedProviders() as $provider_id => $provider) {
- if ($this->applyFilter($request, $authenticated, $provider_id)) {
- $result = TRUE;
- break;
- }
- }
- }
- return $result;
- }
- /**
- * {@inheritdoc}
- */
- public function challengeException(Request $request, \Exception $previous) {
- $provider_id = $this->getChallenger($request);
- if ($provider_id) {
- $provider = $this->authCollector->getProvider($provider_id);
- return $provider->challengeException($request, $previous);
- }
- }
- /**
- * Returns the id of the authentication provider for a request.
- *
- * @param \Symfony\Component\HttpFoundation\Request $request
- * The incoming request.
- *
- * @return string|null
- * The id of the first authentication provider which applies to the request.
- * If no application detects appropriate credentials, then NULL is returned.
- */
- protected function getProvider(Request $request) {
- foreach ($this->authCollector->getSortedProviders() as $provider_id => $provider) {
- if ($provider->applies($request)) {
- return $provider_id;
- }
- }
- }
- /**
- * Returns the ID of the challenge provider for a request.
- *
- * @param \Symfony\Component\HttpFoundation\Request $request
- * The incoming request.
- *
- * @return string|null
- * The ID of the first authentication provider which applies to the request.
- * If no application detects appropriate credentials, then NULL is returned.
- */
- protected function getChallenger(Request $request) {
- foreach ($this->authCollector->getSortedProviders() as $provider_id => $provider) {
- if (($provider instanceof AuthenticationProviderChallengeInterface) && !$provider->applies($request) && $this->applyFilter($request, FALSE, $provider_id)) {
- return $provider_id;
- }
- }
- }
- /**
- * Checks whether a provider is allowed on the given request.
- *
- * If no filter is registered for the given provider id, the default filter
- * is applied.
- *
- * @param \Symfony\Component\HttpFoundation\Request $request
- * The incoming request.
- * @param bool $authenticated
- * Whether or not the request is authenticated.
- * @param string $provider_id
- * The id of the authentication provider to check access for.
- *
- * @return bool
- * TRUE if provider is allowed, FALSE otherwise.
- */
- protected function applyFilter(Request $request, $authenticated, $provider_id) {
- $provider = $this->authCollector->getProvider($provider_id);
- if ($provider && ($provider instanceof AuthenticationProviderFilterInterface)) {
- $result = $provider->appliesToRoutedRequest($request, $authenticated);
- }
- else {
- $result = $this->defaultFilter($request, $provider_id);
- }
- return $result;
- }
- /**
- * Default implementation of the provider filter.
- *
- * Checks whether a provider is allowed as per the _auth option on a route. If
- * the option is not set or if the request did not match any route, only
- * providers from the global provider set are allowed.
- *
- * If no filter is registered for the given provider id, the default filter
- * is applied.
- *
- * @param \Symfony\Component\HttpFoundation\Request $request
- * The incoming request.
- * @param string $provider_id
- * The id of the authentication provider to check access for.
- *
- * @return bool
- * TRUE if provider is allowed, FALSE otherwise.
- */
- protected function defaultFilter(Request $request, $provider_id) {
- $route = RouteMatch::createFromRequest($request)->getRouteObject();
- $has_auth_option = isset($route) && $route->hasOption('_auth');
- if ($has_auth_option) {
- return in_array($provider_id, $route->getOption('_auth'));
- }
- else {
- return $this->authCollector->isGlobal($provider_id);
- }
- }
- }
|