Chris@0: authenticationProvider = $authentication_provider; Chris@0: $this->filter = ($authentication_provider instanceof AuthenticationProviderFilterInterface) ? $authentication_provider : NULL; Chris@0: $this->challengeProvider = ($authentication_provider instanceof AuthenticationProviderChallengeInterface) ? $authentication_provider : NULL; Chris@0: $this->accountProxy = $account_proxy; Chris@0: } Chris@0: Chris@0: /** Chris@0: * Authenticates user on request. Chris@0: * Chris@0: * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event Chris@0: * The request event. Chris@0: * Chris@0: * @see \Drupal\Core\Authentication\AuthenticationProviderInterface::authenticate() Chris@0: */ Chris@0: public function onKernelRequestAuthenticate(GetResponseEvent $event) { Chris@18: if ($event->isMasterRequest()) { Chris@0: $request = $event->getRequest(); Chris@0: if ($this->authenticationProvider->applies($request)) { Chris@0: $account = $this->authenticationProvider->authenticate($request); Chris@0: if ($account) { Chris@0: $this->accountProxy->setAccount($account); Chris@0: return; Chris@0: } Chris@0: } Chris@0: // No account has been set explicitly, initialize the timezone here. Chris@0: date_default_timezone_set(drupal_get_user_timezone()); Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Denies access if authentication provider is not allowed on this route. Chris@0: * Chris@0: * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event Chris@0: * The request event. Chris@0: */ Chris@0: public function onKernelRequestFilterProvider(GetResponseEvent $event) { Chris@18: if (isset($this->filter) && $event->isMasterRequest()) { Chris@0: $request = $event->getRequest(); Chris@0: if ($this->authenticationProvider->applies($request) && !$this->filter->appliesToRoutedRequest($request, TRUE)) { Chris@0: throw new AccessDeniedHttpException('The used authentication method is not allowed on this route.'); Chris@0: } Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Respond with a challenge on access denied exceptions if appropriate. Chris@0: * Chris@0: * On a 403 (access denied), if there are no credentials on the request, some Chris@0: * authentication methods (e.g. basic auth) require that a challenge is sent Chris@0: * to the client. Chris@0: * Chris@0: * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event Chris@0: * The exception event. Chris@0: */ Chris@0: public function onExceptionSendChallenge(GetResponseForExceptionEvent $event) { Chris@18: if (isset($this->challengeProvider) && $event->isMasterRequest()) { Chris@0: $request = $event->getRequest(); Chris@0: $exception = $event->getException(); Chris@0: if ($exception instanceof AccessDeniedHttpException && !$this->authenticationProvider->applies($request) && (!isset($this->filter) || $this->filter->appliesToRoutedRequest($request, FALSE))) { Chris@0: $challenge_exception = $this->challengeProvider->challengeException($request, $exception); Chris@0: if ($challenge_exception) { Chris@0: $event->setException($challenge_exception); Chris@0: } Chris@0: } Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@17: * Detect disallowed authentication methods on access denied exceptions. Chris@17: * Chris@17: * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event Chris@17: */ Chris@18: public function onExceptionAccessDenied(GetResponseForExceptionEvent $event) { Chris@17: if (isset($this->filter) && $event->isMasterRequest()) { Chris@17: $request = $event->getRequest(); Chris@17: $exception = $event->getException(); Chris@17: if ($exception instanceof AccessDeniedHttpException && $this->authenticationProvider->applies($request) && !$this->filter->appliesToRoutedRequest($request, TRUE)) { Chris@17: $event->setException(new AccessDeniedHttpException('The used authentication method is not allowed on this route.', $exception)); Chris@17: } Chris@17: } Chris@17: } Chris@17: Chris@17: /** Chris@0: * {@inheritdoc} Chris@0: */ Chris@0: public static function getSubscribedEvents() { Chris@0: // The priority for authentication must be higher than the highest event Chris@0: // subscriber accessing the current user. Especially it must be higher than Chris@0: // LanguageRequestSubscriber as LanguageManager accesses the current user if Chris@0: // the language module is enabled. Chris@0: $events[KernelEvents::REQUEST][] = ['onKernelRequestAuthenticate', 300]; Chris@0: Chris@0: // Access check must be performed after routing. Chris@0: $events[KernelEvents::REQUEST][] = ['onKernelRequestFilterProvider', 31]; Chris@0: $events[KernelEvents::EXCEPTION][] = ['onExceptionSendChallenge', 75]; Chris@18: $events[KernelEvents::EXCEPTION][] = ['onExceptionAccessDenied', 80]; Chris@0: return $events; Chris@0: } Chris@0: Chris@0: }