src/LiteDesk/CoreBundle/Security/AppServiceAADAuthenticator.php line 66

Open in your IDE?
  1. <?php
  2. namespace LiteDesk\CoreBundle\Security;
  4. use LiteDesk\CoreBundle\Util\AADAuthUtils;
  5. use Symfony\Component\DependencyInjection\ContainerInterface;
  6. use Symfony\Component\HttpFoundation\RedirectResponse;
  7. use Symfony\Component\HttpFoundation\Request;
  8. use Symfony\Component\HttpFoundation\Response;
  9. use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  12. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  13. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  14. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
  15. use Symfony\Component\Security\Core\User\AdvancedUserInterface;
  16. use Symfony\Component\Security\Core\User\UserInterface;
  17. use Symfony\Component\Security\Core\User\UserProviderInterface;
  18. use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
  19. use Symfony\Component\Security\Guard\GuardAuthenticatorInterface;
  20. use Symfony\Component\Security\Http\Authentication\SimpleFormAuthenticatorInterface;
  21. use JMS\DiExtraBundle\Annotation\Service;
  22. use JMS\DiExtraBundle\Annotation\InjectParams;
  23. use JMS\DiExtraBundle\Annotation\Inject;
  24. use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
  26. /**
  27.  * @Service("security.app_service_aad_authenticator")
  28.  */
  29. class AppServiceAADAuthenticator extends AbstractGuardAuthenticator
  30. {
  31.     private $encoder;
  32.     private $container;
  34.     /**
  35.      * @InjectParams({
  36.      *     "encoder" = @Inject("security.password_encoder"),
  37.      *     "container" = @Inject("service_container"),
  38.      * })
  39.      */
  40.     public function __construct(UserPasswordEncoderInterface $encoderContainerInterface $container)
  41.     {
  42.         $this->encoder $encoder;
  43.         $this->container $container;
  44.     }
  46.     /**
  47.      * @return ContainerInterface
  48.      */
  49.     protected function getContainer()
  50.     {
  51.         return $this->container;
  52.     }
  56.     public function start(Request $requestAuthenticationException $authException null)
  57.     {
  58.         if (AADAuthUtils::mustRedirectToAuthentication($request)) {
  59.             throw new AuthenticationException('NO_AUTHENTICATION_FOUND');
  60.         }
  61.     }
  63.     public function getCredentials(Request $request)
  64.     {
  65.         if (AADAuthUtils::mustRedirectToAuthentication($request)) {
  66.             throw new AuthenticationException('NO_AUTHENTICATION_FOUND');
  67.         }
  69.         $idToken $request->server->get('HTTP_X_MS_TOKEN_AAD_ID_TOKEN'null);
  71.         if (!$idToken) {
  72.             return null;
  73.         }
  75.         $tokenParts explode('.'$idToken);
  76.         $token json_decode(base64_decode($tokenParts[1]), true);
  78.         $U_NUMBER_TOKEN_FIELD 'governorTKID';
  79.         $EMAIL_TOKEN_FIELD 'email';
  81.         if (isset($token[$U_NUMBER_TOKEN_FIELD]) && $token[$U_NUMBER_TOKEN_FIELD]) {
  82.             return $token[$U_NUMBER_TOKEN_FIELD];
  83.         }
  85.         if (isset($token[$EMAIL_TOKEN_FIELD]) && $token[$EMAIL_TOKEN_FIELD]) {
  86.             return $token[$EMAIL_TOKEN_FIELD];
  87.         }
  89.         return null;
  90.     }
  92.     protected function isTestUserPossible()
  93.     {
  94.         return $_ENV['SYMFONY_ENV'] === 'dev';
  95.     }
  97.     protected function getTestUser($credentialsUserProviderInterface $userProvider)
  98.     {
  99.         if (!$this->isTestUserPossible()) {
  100.             return null;
  101.         }
  103.         $testUserMap = [
  104.             'marc-severin-manfred.burgstaller.sp@dlh.de' => 999999,
  105.             'manuela.remus-woelffling@dlh.de' => 212884,
  106.             'cihan.simsek@dlh.de' => 733143,
  107.             'robert.barbieri@dlh.de' => 201230,
  108.         ];
  110.         $email strtolower($credentials);
  112.         if (isset($testUserMap[$email]) && $testPersonnalNumber $testUserMap[$email]) {
  113.             return $userProvider->loadUserByUsername($testPersonnalNumber);
  114.         }
  116.         return null;
  117.     }
  119.     public function getUser($credentialsUserProviderInterface $userProvider)
  120.     {
  121.         $testUser $this->getTestUser($credentials$userProvider);
  123.         if ($testUser) {
  124.             return $testUser;
  125.         }
  127.         if (!preg_match('/([0-9]{6,6})/'$credentials$matches)) {
  128.             throw new AuthenticationException('Wrong username');
  129.         }
  131.         $personalNumber $matches[1];
  132.         //We map HR Colleagues to Max Mustermann in dev Environment.
  133.         if (($personalNumber == 266845 || $personalNumber == 541546 || $personalNumber == 760449 )
  134.             && $_ENV['SYMFONY_ENV'] === 'dev') {
  135.             $personalNumber 999999;
  136.         }
  138.         return $userProvider->loadUserByUsername($personalNumber);
  139.     }
  141.     public function checkCredentials($credentialsUserInterface $user)
  142.     {
  143.         return true;
  144.     }
  146.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception)
  147.     {
  148.         return AADAuthUtils::getLoginRedirectResponse($request);
  149.     }
  151.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey)
  152.     {
  153.         return null;
  154.     }
  156.     public function supportsRememberMe()
  157.     {
  158.         return false;
  159.     }
  160. }