/**
* Creates a new session based on the credentials provided as POST parameters.
*
* @throws \eZ\Publish\Core\Base\Exceptions\UnauthorizedException If the login or password are incorrect or invalid CSRF
*
* @return Values\UserSession|Values\Conflict
*/
public function createSessionAction(Request $request)
{
/** @var $sessionInput \eZ\Publish\Core\REST\Server\Values\SessionInput */
$sessionInput = $this->inputDispatcher->parse(new Message(array('Content-Type' => $request->headers->get('Content-Type')), $request->getContent()));
$request->attributes->set('username', $sessionInput->login);
$request->attributes->set('password', $sessionInput->password);
try {
$session = $request->getSession();
if ($session->isStarted() && $this->hasStoredCsrfToken()) {
$this->checkCsrfToken($request);
}
$token = $this->authenticator->authenticate($request);
$csrfToken = $this->getCsrfToken();
return new Values\UserSession($token->getUser()->getAPIUser(), $session->getName(), $session->getId(), $csrfToken, !$token->hasAttribute('isFromSession'));
} catch (Exceptions\UserConflictException $e) {
// Already logged in with another user, this will be converted to HTTP status 409
return new Values\Conflict();
} catch (AuthenticationException $e) {
throw new UnauthorizedException('Invalid login or password', $request->getPathInfo());
} catch (AccessDeniedException $e) {
throw new UnauthorizedException($e->getMessage(), $request->getPathInfo());
}
}