vendor/scheb/2fa-bundle/Security/Http/EventListener/AbstractCheckCodeListener.php line 29

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Scheb\TwoFactorBundle\Security\Http\EventListener;
  7. use Scheb\TwoFactorBundle\Security\Http\Authenticator\Passport\Credentials\TwoFactorCodeCredentials;
  8. use Scheb\TwoFactorBundle\Security\Http\Authenticator\Passport\TwoFactorPassport;
  9. use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\PreparationRecorderInterface;
  10. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  11. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  12. use Symfony\Component\Security\Http\Event\CheckPassportEvent;
  14. /**
  15. * @internal
  16. */
  17. abstract class AbstractCheckCodeListener implements EventSubscriberInterface
  18. {
  19. /**
  20. * @var PreparationRecorderInterface
  21. */
  22. private $preparationRecorder;
  24. public function __construct(PreparationRecorderInterface $preparationRecorder)
  25. {
  26. $this->preparationRecorder = $preparationRecorder;
  27. }
  29. public function checkPassport(CheckPassportEvent $event): void
  30. {
  31. $passport = $event->getPassport();
  32. if (!($passport instanceof TwoFactorPassport && $passport->hasBadge(TwoFactorCodeCredentials::class))) {
  33. return;
  34. }
  36. /** @var TwoFactorCodeCredentials $credentialsBadge */
  37. $credentialsBadge = $passport->getBadge(TwoFactorCodeCredentials::class);
  38. if ($credentialsBadge->isResolved()) {
  39. return;
  40. }
  42. $token = $passport->getTwoFactorToken();
  43. $providerName = $token->getCurrentTwoFactorProvider();
  44. if (!$providerName) {
  45. throw new AuthenticationException('There is no active two-factor provider.');
  46. }
  48. if (!$this->preparationRecorder->isTwoFactorProviderPrepared($token->getProviderKey(true), $providerName)) {
  49. throw new AuthenticationException(sprintf('The two-factor provider "%s" has not been prepared.', $providerName));
  50. }
  52. $user = $token->getUser();
  53. if (null === $user) {
  54. throw new \RuntimeException('Security token must provide a user.');
  55. }
  57. if ($this->isValidCode($providerName, $user, $credentialsBadge->getCode())) {
  58. $token->setTwoFactorProviderComplete($providerName);
  59. $credentialsBadge->markResolved();
  60. }
  61. }
  63. /**
  64. * @param object|string $user
  65. */
  66. abstract protected function isValidCode(string $providerName, $user, string $code): bool;
  67. }