vendor/symfony/security-http/RememberMe/SignatureRememberMeHandler.php line 37

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\RememberMe;
  14. use Psr\Log\LoggerInterface;
  15. use Symfony\Component\HttpFoundation\RequestStack;
  16. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  17. use Symfony\Component\Security\Core\Signature\Exception\ExpiredSignatureException;
  18. use Symfony\Component\Security\Core\Signature\Exception\InvalidSignatureException;
  19. use Symfony\Component\Security\Core\Signature\SignatureHasher;
  20. use Symfony\Component\Security\Core\User\UserInterface;
  21. use Symfony\Component\Security\Core\User\UserProviderInterface;
  23. /**
  24.  * Implements safe remember-me cookies using the {@see SignatureHasher}.
  25.  *
  26.  * This handler doesn't require a database for the remember-me tokens.
  27.  * However, it cannot invalidate a specific user session, all sessions for
  28.  * that user will be invalidated instead. Use {@see PersistentRememberMeHandler}
  29.  * if you need this.
  30.  *
  31.  * @author Wouter de Jong <wouter@wouterj.nl>
  32.  */
  33. final class SignatureRememberMeHandler extends AbstractRememberMeHandler
  34. {
  35.     private SignatureHasher $signatureHasher;
  37.     public function __construct(SignatureHasher $signatureHasherUserProviderInterface $userProviderRequestStack $requestStack, array $optionsLoggerInterface $logger null)
  38.     {
  39.         parent::__construct($userProvider$requestStack$options$logger);
  41.         $this->signatureHasher $signatureHasher;
  42.     }
  44.     /**
  45.      * {@inheritdoc}
  46.      */
  47.     public function createRememberMeCookie(UserInterface $user): void
  48.     {
  49.         $expires time() + $this->options['lifetime'];
  50.         $value $this->signatureHasher->computeSignatureHash($user$expires);
  52.         $details = new RememberMeDetails(\get_class($user), $user->getUserIdentifier(), $expires$value);
  53.         $this->createCookie($details);
  54.     }
  56.     public function consumeRememberMeCookie(RememberMeDetails $rememberMeDetails): UserInterface
  57.     {
  58.         try {
  59.             $this->signatureHasher->acceptSignatureHash($rememberMeDetails->getUserIdentifier(), $rememberMeDetails->getExpires(), $rememberMeDetails->getValue());
  60.         } catch (InvalidSignatureException $e) {
  61.             throw new AuthenticationException('The cookie\'s hash is invalid.'0$e);
  62.         } catch (ExpiredSignatureException $e) {
  63.             throw new AuthenticationException('The cookie has expired.'0$e);
  64.         }
  66.         return parent::consumeRememberMeCookie($rememberMeDetails);
  67.     }
  69.     public function processRememberMe(RememberMeDetails $rememberMeDetailsUserInterface $user): void
  70.     {
  71.         try {
  72.             $this->signatureHasher->verifySignatureHash($user$rememberMeDetails->getExpires(), $rememberMeDetails->getValue());
  73.         } catch (InvalidSignatureException $e) {
  74.             throw new AuthenticationException('The cookie\'s hash is invalid.'0$e);
  75.         } catch (ExpiredSignatureException $e) {
  76.             throw new AuthenticationException('The cookie has expired.'0$e);
  77.         }
  79.         $this->createRememberMeCookie($user);
  80.     }
  81. }