You are here

class AuthenticationManager in Drupal 8

Same name and namespace in other branches
  1. 9 core/lib/Drupal/Core/Authentication/AuthenticationManager.php \Drupal\Core\Authentication\AuthenticationManager

Manager for authentication.

On each request, let all authentication providers try to authenticate the user. The providers are iterated according to their priority and the first provider detecting credentials for its method wins. No further provider will get triggered.

If no provider sets an active user then the user remains anonymous.

Hierarchy

Expanded class hierarchy of AuthenticationManager

1 file declares its use of AuthenticationManager
AuthenticationManagerTest.php in core/tests/Drupal/Tests/Core/Authentication/AuthenticationManagerTest.php
Contains \Drupal\Tests\Core\Authentication\AuthenticationManagerTest.
1 string reference to 'AuthenticationManager'
core.services.yml in core/core.services.yml
core/core.services.yml
1 service uses AuthenticationManager
authentication in core/core.services.yml
Drupal\Core\Authentication\AuthenticationManager

File

core/lib/Drupal/Core/Authentication/AuthenticationManager.php, line 18

Namespace

Drupal\Core\Authentication
View source
class AuthenticationManager implements AuthenticationProviderInterface, AuthenticationProviderFilterInterface, AuthenticationProviderChallengeInterface {

  /**
   * The authentication provider collector.
   *
   * @var \Drupal\Core\Authentication\AuthenticationCollectorInterface
   */
  protected $authCollector;

  /**
   * Creates a new authentication manager instance.
   *
   * @param \Drupal\Core\Authentication\AuthenticationCollectorInterface $auth_collector
   *   The authentication provider collector.
   */
  public function __construct(AuthenticationCollectorInterface $auth_collector) {
    $this->authCollector = $auth_collector;
  }

  /**
   * {@inheritdoc}
   */
  public function applies(Request $request) {
    return (bool) $this
      ->getProvider($request);
  }

  /**
   * {@inheritdoc}
   */
  public function authenticate(Request $request) {
    $provider_id = $this
      ->getProvider($request);
    $provider = $this->authCollector
      ->getProvider($provider_id);
    if ($provider) {
      return $provider
        ->authenticate($request);
    }
    return NULL;
  }

  /**
   * {@inheritdoc}
   */
  public function appliesToRoutedRequest(Request $request, $authenticated) {
    $result = FALSE;
    if ($authenticated) {
      $result = $this
        ->applyFilter($request, $authenticated, $this
        ->getProvider($request));
    }
    else {
      foreach ($this->authCollector
        ->getSortedProviders() as $provider_id => $provider) {
        if ($this
          ->applyFilter($request, $authenticated, $provider_id)) {
          $result = TRUE;
          break;
        }
      }
    }
    return $result;
  }

  /**
   * {@inheritdoc}
   */
  public function challengeException(Request $request, \Exception $previous) {
    $provider_id = $this
      ->getChallenger($request);
    if ($provider_id) {
      $provider = $this->authCollector
        ->getProvider($provider_id);
      return $provider
        ->challengeException($request, $previous);
    }
  }

  /**
   * Returns the id of the authentication provider for a request.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The incoming request.
   *
   * @return string|null
   *   The id of the first authentication provider which applies to the request.
   *   If no application detects appropriate credentials, then NULL is returned.
   */
  protected function getProvider(Request $request) {
    foreach ($this->authCollector
      ->getSortedProviders() as $provider_id => $provider) {
      if ($provider
        ->applies($request)) {
        return $provider_id;
      }
    }
  }

  /**
   * Returns the ID of the challenge provider for a request.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The incoming request.
   *
   * @return string|null
   *   The ID of the first authentication provider which applies to the request.
   *   If no application detects appropriate credentials, then NULL is returned.
   */
  protected function getChallenger(Request $request) {
    foreach ($this->authCollector
      ->getSortedProviders() as $provider_id => $provider) {
      if ($provider instanceof AuthenticationProviderChallengeInterface && !$provider
        ->applies($request) && $this
        ->applyFilter($request, FALSE, $provider_id)) {
        return $provider_id;
      }
    }
  }

  /**
   * Checks whether a provider is allowed on the given request.
   *
   * If no filter is registered for the given provider id, the default filter
   * is applied.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The incoming request.
   * @param bool $authenticated
   *   Whether or not the request is authenticated.
   * @param string $provider_id
   *   The id of the authentication provider to check access for.
   *
   * @return bool
   *   TRUE if provider is allowed, FALSE otherwise.
   */
  protected function applyFilter(Request $request, $authenticated, $provider_id) {
    $provider = $this->authCollector
      ->getProvider($provider_id);
    if ($provider && $provider instanceof AuthenticationProviderFilterInterface) {
      $result = $provider
        ->appliesToRoutedRequest($request, $authenticated);
    }
    else {
      $result = $this
        ->defaultFilter($request, $provider_id);
    }
    return $result;
  }

  /**
   * Default implementation of the provider filter.
   *
   * Checks whether a provider is allowed as per the _auth option on a route. If
   * the option is not set or if the request did not match any route, only
   * providers from the global provider set are allowed.
   *
   * If no filter is registered for the given provider id, the default filter
   * is applied.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The incoming request.
   * @param string $provider_id
   *   The id of the authentication provider to check access for.
   *
   * @return bool
   *   TRUE if provider is allowed, FALSE otherwise.
   */
  protected function defaultFilter(Request $request, $provider_id) {
    $route = RouteMatch::createFromRequest($request)
      ->getRouteObject();
    $has_auth_option = isset($route) && $route
      ->hasOption('_auth');
    if ($has_auth_option) {
      return in_array($provider_id, $route
        ->getOption('_auth'));
    }
    else {
      return $this->authCollector
        ->isGlobal($provider_id);
    }
  }

}

Members

Namesort descending Modifiers Type Description Overrides
AuthenticationManager::$authCollector protected property The authentication provider collector.
AuthenticationManager::applies public function Checks whether suitable authentication credentials are on the request. Overrides AuthenticationProviderInterface::applies
AuthenticationManager::appliesToRoutedRequest public function Checks whether the authentication method is allowed on a given route. Overrides AuthenticationProviderFilterInterface::appliesToRoutedRequest
AuthenticationManager::applyFilter protected function Checks whether a provider is allowed on the given request.
AuthenticationManager::authenticate public function Authenticates the user. Overrides AuthenticationProviderInterface::authenticate
AuthenticationManager::challengeException public function Constructs an exception which is used to generate the challenge. Overrides AuthenticationProviderChallengeInterface::challengeException
AuthenticationManager::defaultFilter protected function Default implementation of the provider filter.
AuthenticationManager::getChallenger protected function Returns the ID of the challenge provider for a request.
AuthenticationManager::getProvider protected function Returns the id of the authentication provider for a request.
AuthenticationManager::__construct public function Creates a new authentication manager instance.