/**
* Tries to authenticate the tokens in the security context (in the given order)
* with the available authentication providers, if needed.
* If the authentication strategy is set to "allTokens", all tokens have to be authenticated.
* If the strategy is set to "oneToken", only one token needs to be authenticated, but the
* authentication will stop after the first authenticated token. The strategy
* "atLeastOne" will try to authenticate at least one and as many tokens as possible.
*
* @return void
* @throws Exception
* @throws AuthenticationRequiredException
*/
public function authenticate()
{
$this->isAuthenticated = false;
$anyTokenAuthenticated = false;
if ($this->securityContext === null) {
throw new Exception('Cannot authenticate because no security context has been set.', 1232978667);
}
$tokens = $this->securityContext->getAuthenticationTokens();
if (count($tokens) === 0) {
throw new NoTokensAuthenticatedException('The security context contained no tokens which could be authenticated.', 1258721059);
}
/** @var $token TokenInterface */
foreach ($tokens as $token) {
/** @var $provider AuthenticationProviderInterface */
foreach ($this->providers as $provider) {
if ($provider->canAuthenticate($token) && $token->getAuthenticationStatus() === TokenInterface::AUTHENTICATION_NEEDED) {
$provider->authenticate($token);
if ($token->isAuthenticated()) {
$this->emitAuthenticatedToken($token);
}
break;
}
}
if ($token->isAuthenticated()) {
if (!$token instanceof SessionlessTokenInterface) {
if (!$this->session->isStarted()) {
$this->session->start();
}
$account = $token->getAccount();
if ($account !== null) {
$this->securityContext->withoutAuthorizationChecks(function () use($account) {
$this->session->addTag('TYPO3-Flow-Security-Account-' . md5($account->getAccountIdentifier()));
});
}
}
if ($this->securityContext->getAuthenticationStrategy() === Context::AUTHENTICATE_ONE_TOKEN) {
$this->isAuthenticated = true;
$this->securityContext->refreshRoles();
return;
}
$anyTokenAuthenticated = true;
} else {
if ($this->securityContext->getAuthenticationStrategy() === Context::AUTHENTICATE_ALL_TOKENS) {
throw new AuthenticationRequiredException('Could not authenticate all tokens, but authenticationStrategy was set to "all".', 1222203912);
}
}
}
if (!$anyTokenAuthenticated && $this->securityContext->getAuthenticationStrategy() !== Context::AUTHENTICATE_ANY_TOKEN) {
throw new NoTokensAuthenticatedException('Could not authenticate any token. Might be missing or wrong credentials or no authentication provider matched.', 1222204027);
}
$this->isAuthenticated = $anyTokenAuthenticated;
$this->securityContext->refreshRoles();
}