eZ\Publish\Core\MVC\Symfony\Security\Authentication\RepositoryAuthenticationProvider::checkAuthentication PHP Method

RepositoryAuthenticationProvider Class Documentation Datei anzeigen Open project: ezsystems/ezpublish-kernel

checkAuthentication() protected method

protected checkAuthentication ( Symfony\Component\Security\Core\User\UserInterface $user, UsernamePasswordToken $token )
$user	Symfony\Component\Security\Core\User\UserInterface
$token	Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken

    protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
    {
        if (!$user instanceof EzUserInterface) {
            return parent::checkAuthentication($user, $token);
        }
        // $currentUser can either be an instance of UserInterface or just the username (e.g. during form login).
        /** @var EzUserInterface|string $currentUser */
        $currentUser = $token->getUser();
        if ($currentUser instanceof UserInterface) {
            if ($currentUser->getAPIUser()->passwordHash !== $user->getAPIUser()->passwordHash) {
                throw new BadCredentialsException('The credentials were changed from another session.');
            }
            $apiUser = $currentUser->getAPIUser();
        } else {
            try {
                $apiUser = $this->repository->getUserService()->loadUserByCredentials($token->getUsername(), $token->getCredentials());
            } catch (NotFoundException $e) {
                throw new BadCredentialsException('Invalid credentials', 0, $e);
            }
        }
        // Finally inject current user in the Repository
        $this->repository->setCurrentUser($apiUser);
    }

RepositoryAuthenticationProvider

checkAuthentication

setRepository