vendor/symfony/security-http/Authentication/DefaultAuthenticationFailureHandler.php line 46

  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Authentication;
  14. use Psr\Log\LoggerInterface;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\HttpFoundation\Response;
  17. use Symfony\Component\HttpKernel\HttpKernelInterface;
  18. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  19. use Symfony\Component\Security\Http\HttpUtils;
  20. use Symfony\Component\Security\Http\ParameterBagUtils;
  21. use Symfony\Component\Security\Http\SecurityRequestAttributes;
  23. /**
  24.  * Class with the default authentication failure handling logic.
  25.  *
  26.  * Can be optionally be extended from by the developer to alter the behavior
  27.  * while keeping the default behavior.
  28.  *
  29.  * @author Fabien Potencier <fabien@symfony.com>
  30.  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  31.  * @author Alexander <iam.asm89@gmail.com>
  32.  */
  33. class DefaultAuthenticationFailureHandler implements AuthenticationFailureHandlerInterface
  34. {
  35.     protected $httpKernel;
  36.     protected $httpUtils;
  37.     protected $logger;
  38.     protected $options;
  39.     protected $defaultOptions = [
  40.         'failure_path' => null,
  41.         'failure_forward' => false,
  42.         'login_path' => '/login',
  43.         'failure_path_parameter' => '_failure_path',
  44.     ];
  46.     public function __construct(HttpKernelInterface $httpKernelHttpUtils $httpUtils, array $options = [], LoggerInterface $logger null)
  47.     {
  48.         $this->httpKernel $httpKernel;
  49.         $this->httpUtils $httpUtils;
  50.         $this->logger $logger;
  51.         $this->setOptions($options);
  52.     }
  54.     /**
  55.      * Gets the options.
  56.      */
  57.     public function getOptions(): array
  58.     {
  59.         return $this->options;
  60.     }
  62.     public function setOptions(array $options)
  63.     {
  64.         $this->options array_merge($this->defaultOptions$options);
  65.     }
  67.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): Response
  68.     {
  69.         $options $this->options;
  70.         $failureUrl ParameterBagUtils::getRequestParameterValue($request$options['failure_path_parameter']);
  72.         if (\is_string($failureUrl) && (str_starts_with($failureUrl'/') || str_starts_with($failureUrl'http'))) {
  73.             $options['failure_path'] = $failureUrl;
  74.         } elseif ($this->logger && $failureUrl) {
  75.             $this->logger->debug(sprintf('Ignoring query parameter "%s": not a valid URL.'$options['failure_path_parameter']));
  76.         }
  78.         $options['failure_path'] ??= $options['login_path'];
  80.         if ($options['failure_forward']) {
  81.             $this->logger?->debug('Authentication failure, forward triggered.', ['failure_path' => $options['failure_path']]);
  83.             $subRequest $this->httpUtils->createRequest($request$options['failure_path']);
  84.             $subRequest->attributes->set(SecurityRequestAttributes::AUTHENTICATION_ERROR$exception);
  86.             return $this->httpKernel->handle($subRequestHttpKernelInterface::SUB_REQUEST);
  87.         }
  89.         $this->logger?->debug('Authentication failure, redirect triggered.', ['failure_path' => $options['failure_path']]);
  91.         $request->getSession()->set(SecurityRequestAttributes::AUTHENTICATION_ERROR$exception);
  93.         return $this->httpUtils->createRedirectResponse($request$options['failure_path']);
  94.     }
  95. }