src/Security/ApiKeyAuthenticator.php line 16

Open in your IDE?
  1. <?php
  3. namespace App\Security;
  5. use Symfony\Component\HttpFoundation\JsonResponse;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Component\HttpFoundation\Response;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  10. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  11. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  12. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  13. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  14. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  16. class ApiKeyAuthenticator extends AbstractAuthenticator
  17. {
  19.     public function start(): Response
  20.     {
  21.         $data = [
  22.             // you might translate this message
  23.             'code'    => Response::HTTP_UNAUTHORIZED,
  24.             'message' => Response::$statusTexts[Response::HTTP_UNAUTHORIZED],
  25.             'result'  => [
  26.                 'error' => 'Authentication Required'
  27.             ]
  28.         ];
  30.         return new JsonResponse($dataResponse::HTTP_UNAUTHORIZED);
  31.     }
  33.     public function supports(Request $request): ?bool
  34.     {
  35.         return $request->headers->has('X-API-KEY');
  36.     }
  38.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  39.     {
  40.         $data = [
  41.             // you may want to customize or obfuscate the message first
  42.             'code'    => Response::HTTP_UNAUTHORIZED,
  43.             'message' => Response::$statusTexts[Response::HTTP_UNAUTHORIZED],
  44.             'result'  => [
  45.                 'error' => $exception->getMessage()
  46.             ]
  47.             // or to translate this message
  48.             // $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
  49.         ];
  51.         return new JsonResponse($dataResponse::HTTP_UNAUTHORIZED);
  52.     }
  54.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  55.     {
  56.         // on success, let the request continue
  57.         return null;
  58.     }
  60.     public function supportsRememberMe(): void
  61.     {
  62.         // TODO: Implement supportsRememberMe() method.
  63.     }
  65.     public function authenticate(Request $request): Passport
  66.     {
  67.         $apiToken $request->headers->get('X-API-KEY');
  68.         if (null === $apiToken) {
  69.             throw new CustomUserMessageAuthenticationException('No X-API-KEY provided');
  70.         }
  72.         return new SelfValidatingPassport(new UserBadge($apiToken));
  73.     }
  74. }