vendor/symfony/security-core/Authentication/Token/AbstractToken.php line 106

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Core\Authentication\Token;
  14. use Symfony\Component\Security\Core\User\EquatableInterface;
  15. use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
  16. use Symfony\Component\Security\Core\User\UserInterface;
  18. /**
  19. * Base class for Token instances.
  20. *
  21. * @author Fabien Potencier <fabien@symfony.com>
  22. * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  23. */
  24. abstract class AbstractToken implements TokenInterface
  25. {
  26. private $user;
  27. private $roleNames = [];
  28. private $authenticated = false;
  29. private $attributes = [];
  31. /**
  32. * @param string[] $roles An array of roles
  33. *
  34. * @throws \InvalidArgumentException
  35. */
  36. public function __construct(array $roles = [])
  37. {
  38. foreach ($roles as $role) {
  39. $this->roleNames[] = $role;
  40. }
  41. }
  43. /**
  44. * {@inheritdoc}
  45. */
  46. public function getRoleNames(): array
  47. {
  48. return $this->roleNames;
  49. }
  51. /**
  52. * {@inheritdoc}
  53. */
  54. public function getUsername(/* $legacy = true */)
  55. {
  56. if (1 === \func_num_args() && false === func_get_arg(0)) {
  57. return null;
  58. }
  60. trigger_deprecation('symfony/security-core', '5.3', 'Method "%s()" is deprecated, use getUserIdentifier() instead.', __METHOD__);
  62. if ($this->user instanceof UserInterface) {
  63. return method_exists($this->user, 'getUserIdentifier') ? $this->user->getUserIdentifier() : $this->user->getUsername();
  64. }
  66. return (string) $this->user;
  67. }
  69. /**
  70. * {@inheritdoc}
  71. */
  72. public function getUserIdentifier(): string
  73. {
  74. // method returns "null" in non-legacy mode if not overridden
  75. $username = $this->getUsername(false);
  76. if (null !== $username) {
  77. trigger_deprecation('symfony/security-core', '5.3', 'Method "%s::getUsername()" is deprecated, override "getUserIdentifier()" instead.', get_debug_type($this));
  78. }
  80. if ($this->user instanceof UserInterface) {
  81. // @deprecated since Symfony 5.3, change to $user->getUserIdentifier() in 6.0
  82. return method_exists($this->user, 'getUserIdentifier') ? $this->user->getUserIdentifier() : $this->user->getUsername();
  83. }
  85. return (string) $this->user;
  86. }
  88. /**
  89. * {@inheritdoc}
  90. */
  91. public function getUser()
  92. {
  93. return $this->user;
  94. }
  96. /**
  97. * {@inheritdoc}
  98. */
  99. public function setUser($user)
  100. {
  101. if (!($user instanceof UserInterface || (\is_object($user) && method_exists($user, '__toString')) || \is_string($user))) {
  102. throw new \InvalidArgumentException('$user must be an instanceof UserInterface, an object implementing a __toString method, or a primitive string.');
  103. }
  105. if (!$user instanceof UserInterface) {
  106. trigger_deprecation('symfony/security-core', '5.4', 'Using an object that is not an instance of "%s" as $user in "%s" is deprecated.', UserInterface::class, static::class);
  107. }
  109. // @deprecated since Symfony 5.4, remove the whole block if/elseif/else block in 6.0
  110. if (1 < \func_num_args() && !func_get_arg(1)) {
  111. // ContextListener checks if the user has changed on its own and calls `setAuthenticated()` subsequently,
  112. // avoid doing the same checks twice
  113. $changed = false;
  114. } elseif (null === $this->user) {
  115. $changed = false;
  116. } elseif ($this->user instanceof UserInterface) {
  117. if (!$user instanceof UserInterface) {
  118. $changed = true;
  119. } else {
  120. $changed = $this->hasUserChanged($user);
  121. }
  122. } elseif ($user instanceof UserInterface) {
  123. $changed = true;
  124. } else {
  125. $changed = (string) $this->user !== (string) $user;
  126. }
  128. // @deprecated since Symfony 5.4
  129. if ($changed) {
  130. $this->setAuthenticated(false, false);
  131. }
  133. $this->user = $user;
  134. }
  136. /**
  137. * {@inheritdoc}
  138. *
  139. * @deprecated since Symfony 5.4
  140. */
  141. public function isAuthenticated()
  142. {
  143. if (1 > \func_num_args() || func_get_arg(0)) {
  144. trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated, return null from "getUser()" instead when a token is not authenticated.', __METHOD__);
  145. }
  147. return $this->authenticated;
  148. }
  150. /**
  151. * {@inheritdoc}
  152. */
  153. public function setAuthenticated(bool $authenticated)
  154. {
  155. if (2 > \func_num_args() || func_get_arg(1)) {
  156. trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated', __METHOD__);
  157. }
  159. $this->authenticated = $authenticated;
  160. }
  162. /**
  163. * {@inheritdoc}
  164. */
  165. public function eraseCredentials()
  166. {
  167. if ($this->getUser() instanceof UserInterface) {
  168. $this->getUser()->eraseCredentials();
  169. }
  170. }
  172. /**
  173. * Returns all the necessary state of the object for serialization purposes.
  174. *
  175. * There is no need to serialize any entry, they should be returned as-is.
  176. * If you extend this method, keep in mind you MUST guarantee parent data is present in the state.
  177. * Here is an example of how to extend this method:
  178. * <code>
  179. * public function __serialize(): array
  180. * {
  181. * return [$this->childAttribute, parent::__serialize()];
  182. * }
  183. * </code>
  184. *
  185. * @see __unserialize()
  186. */
  187. public function __serialize(): array
  188. {
  189. return [$this->user, $this->authenticated, null, $this->attributes, $this->roleNames];
  190. }
  192. /**
  193. * Restores the object state from an array given by __serialize().
  194. *
  195. * There is no need to unserialize any entry in $data, they are already ready-to-use.
  196. * If you extend this method, keep in mind you MUST pass the parent data to its respective class.
  197. * Here is an example of how to extend this method:
  198. * <code>
  199. * public function __unserialize(array $data): void
  200. * {
  201. * [$this->childAttribute, $parentData] = $data;
  202. * parent::__unserialize($parentData);
  203. * }
  204. * </code>
  205. *
  206. * @see __serialize()
  207. */
  208. public function __unserialize(array $data): void
  209. {
  210. [$this->user, $this->authenticated, , $this->attributes, $this->roleNames] = $data;
  211. }
  213. /**
  214. * {@inheritdoc}
  215. */
  216. public function getAttributes()
  217. {
  218. return $this->attributes;
  219. }
  221. /**
  222. * {@inheritdoc}
  223. */
  224. public function setAttributes(array $attributes)
  225. {
  226. $this->attributes = $attributes;
  227. }
  229. /**
  230. * {@inheritdoc}
  231. */
  232. public function hasAttribute(string $name)
  233. {
  234. return \array_key_exists($name, $this->attributes);
  235. }
  237. /**
  238. * {@inheritdoc}
  239. */
  240. public function getAttribute(string $name)
  241. {
  242. if (!\array_key_exists($name, $this->attributes)) {
  243. throw new \InvalidArgumentException(sprintf('This token has no "%s" attribute.', $name));
  244. }
  246. return $this->attributes[$name];
  247. }
  249. /**
  250. * {@inheritdoc}
  251. */
  252. public function setAttribute(string $name, $value)
  253. {
  254. $this->attributes[$name] = $value;
  255. }
  257. /**
  258. * {@inheritdoc}
  259. */
  260. public function __toString()
  261. {
  262. $class = static::class;
  263. $class = substr($class, strrpos($class, '\\') + 1);
  265. $roles = [];
  266. foreach ($this->roleNames as $role) {
  267. $roles[] = $role;
  268. }
  270. return sprintf('%s(user="%s", authenticated=%s, roles="%s")', $class, $this->getUserIdentifier(), json_encode($this->authenticated), implode(', ', $roles));
  271. }
  273. /**
  274. * @internal
  275. */
  276. final public function serialize(): string
  277. {
  278. return serialize($this->__serialize());
  279. }
  281. /**
  282. * @internal
  283. */
  284. final public function unserialize($serialized)
  285. {
  286. $this->__unserialize(\is_array($serialized) ? $serialized : unserialize($serialized));
  287. }
  289. /**
  290. * @deprecated since Symfony 5.4
  291. */
  292. private function hasUserChanged(UserInterface $user): bool
  293. {
  294. if (!($this->user instanceof UserInterface)) {
  295. throw new \BadMethodCallException('Method "hasUserChanged" should be called when current user class is instance of "UserInterface".');
  296. }
  298. if ($this->user instanceof EquatableInterface) {
  299. return !(bool) $this->user->isEqualTo($user);
  300. }
  302. // @deprecated since Symfony 5.3, check for PasswordAuthenticatedUserInterface on both user objects before comparing passwords
  303. if ($this->user->getPassword() !== $user->getPassword()) {
  304. return true;
  305. }
  307. // @deprecated since Symfony 5.3, check for LegacyPasswordAuthenticatedUserInterface on both user objects before comparing salts
  308. if ($this->user->getSalt() !== $user->getSalt()) {
  309. return true;
  310. }
  312. $userRoles = array_map('strval', (array) $user->getRoles());
  314. if ($this instanceof SwitchUserToken) {
  315. $userRoles[] = 'ROLE_PREVIOUS_ADMIN';
  316. }
  318. if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
  319. return true;
  320. }
  322. // @deprecated since Symfony 5.3, drop getUsername() in 6.0
  323. $userIdentifier = function ($user) {
  324. return method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
  325. };
  326. if ($userIdentifier($this->user) !== $userIdentifier($user)) {
  327. return true;
  328. }
  330. return false;
  331. }
  332. }