AuthenticationSubscriber.php in Drupal 8
File
core/lib/Drupal/Core/EventSubscriber/AuthenticationSubscriber.php
View source
<?php
namespace Drupal\Core\EventSubscriber;
use Drupal\Core\Authentication\AuthenticationProviderChallengeInterface;
use Drupal\Core\Authentication\AuthenticationProviderFilterInterface;
use Drupal\Core\Authentication\AuthenticationProviderInterface;
use Drupal\Core\Session\AccountProxyInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\KernelEvents;
class AuthenticationSubscriber implements EventSubscriberInterface {
protected $authenticationProvider;
protected $filter;
protected $challengeProvider;
protected $accountProxy;
public function __construct(AuthenticationProviderInterface $authentication_provider, AccountProxyInterface $account_proxy) {
$this->authenticationProvider = $authentication_provider;
$this->filter = $authentication_provider instanceof AuthenticationProviderFilterInterface ? $authentication_provider : NULL;
$this->challengeProvider = $authentication_provider instanceof AuthenticationProviderChallengeInterface ? $authentication_provider : NULL;
$this->accountProxy = $account_proxy;
}
public function onKernelRequestAuthenticate(GetResponseEvent $event) {
if ($event
->isMasterRequest()) {
$request = $event
->getRequest();
if ($this->authenticationProvider
->applies($request)) {
$account = $this->authenticationProvider
->authenticate($request);
if ($account) {
$this->accountProxy
->setAccount($account);
return;
}
}
}
}
public function onKernelRequestFilterProvider(GetResponseEvent $event) {
if (isset($this->filter) && $event
->isMasterRequest()) {
$request = $event
->getRequest();
if ($this->authenticationProvider
->applies($request) && !$this->filter
->appliesToRoutedRequest($request, TRUE)) {
throw new AccessDeniedHttpException('The used authentication method is not allowed on this route.');
}
}
}
public function onExceptionSendChallenge(GetResponseForExceptionEvent $event) {
if (isset($this->challengeProvider) && $event
->isMasterRequest()) {
$request = $event
->getRequest();
$exception = $event
->getException();
if ($exception instanceof AccessDeniedHttpException && !$this->authenticationProvider
->applies($request) && (!isset($this->filter) || $this->filter
->appliesToRoutedRequest($request, FALSE))) {
$challenge_exception = $this->challengeProvider
->challengeException($request, $exception);
if ($challenge_exception) {
$event
->setException($challenge_exception);
}
}
}
}
public function onExceptionAccessDenied(GetResponseForExceptionEvent $event) {
if (isset($this->filter) && $event
->isMasterRequest()) {
$request = $event
->getRequest();
$exception = $event
->getException();
if ($exception instanceof AccessDeniedHttpException && $this->authenticationProvider
->applies($request) && !$this->filter
->appliesToRoutedRequest($request, TRUE)) {
$event
->setException(new AccessDeniedHttpException('The used authentication method is not allowed on this route.', $exception));
}
}
}
public static function getSubscribedEvents() {
$events[KernelEvents::REQUEST][] = [
'onKernelRequestAuthenticate',
300,
];
$events[KernelEvents::REQUEST][] = [
'onKernelRequestFilterProvider',
31,
];
$events[KernelEvents::EXCEPTION][] = [
'onExceptionSendChallenge',
75,
];
$events[KernelEvents::EXCEPTION][] = [
'onExceptionAccessDenied',
80,
];
return $events;
}
}