src/Security/AzureSsoAdminAuthenticator.php line 33

  1. <?php
  3. namespace App\Security;
  5. use App\Enum\LoginErrorEnum;
  6. use App\Repository\UserRepository;
  7. use Symfony\Component\HttpFoundation\RedirectResponse;
  8. use Symfony\Component\HttpFoundation\Request;
  9. use Symfony\Component\HttpFoundation\Response;
  10. use Symfony\Component\Routing\RouterInterface;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  13. use Symfony\Component\Security\Core\Exception\UserNotFoundException;
  14. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  15. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  16. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials;
  17. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  18. use TheNetworg\OAuth2\Client\Provider\AzureResourceOwner;
  20. class AzureSsoAdminAuthenticator extends AbstractAuthenticator
  21. {
  22.     public function __construct(
  23.         private readonly UserRepository $userRepository,
  24.         private readonly RouterInterface $router,
  25.     ) {
  26.     }
  28.     public function supports(Request $request): ?bool
  29.     {
  30.         return str_starts_with($request->getPathInfo(), '/admin');
  31.     }
  33.     public function authenticate(Request $request): Passport
  34.     {
  35.         /** @var AzureResourceOwner $azure */
  36.         $azure $request->getSession()->get('azure');
  38.         if (!$azure instanceof AzureResourceOwner) {
  39.             throw new UserNotFoundException();
  40.         }
  42.         $user $this->userRepository->findOneBy(['email' => $azure->claim('email')]);
  43.         if (!$user) {
  44.             throw new UserNotFoundException('User not mapped locally');
  45.         }
  47.         return new Passport(
  48.             new UserBadge(
  49.                 $azure->claim('email'),
  50.                 function ($userIdentifier) use ($user) {
  51.                     return $user;
  52.                 }
  53.             ),
  54.             new CustomCredentials(
  55.                 static function ($credentials$user) {
  56.                     return true;
  57.                 },
  58.                 $azure
  59.             )
  60.         );
  62.     }
  64.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  65.     {
  66.         // TODO: Implement onAuthenticationSuccess() method.
  67.         return null;
  68.     }
  70.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  71.     {
  72.         if ($exception->getPrevious()?->getMessage() === 'User not mapped locally') {
  73.             return new RedirectResponse(
  74.                 $this->router->generate('app_login_error', ['id' => LoginErrorEnum::NotLocal->value])
  75.             );
  76.         }
  78.         return new RedirectResponse(
  79.             $this->router->generate('app_login_error', ['id' => -1])
  80.         );
  81.     }
  82. }