src/Security/UserProvider.php line 39

Open in your IDE?
  1. <?php
  3. namespace App\Security;
  5. use App\DTOs\UserMe;
  6. use App\Entity\Monolith\User;
  7. use App\Helper\LoginHelper;
  8. use Doctrine\ORM\EntityManagerInterface;
  9. use Exception;
  10. use Psr\Log\LoggerInterface;
  11. use Symfony\Component\HttpFoundation\RequestStack;
  12. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  13. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  14. use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
  15. use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
  16. use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  17. use Symfony\Component\Security\Core\User\UserInterface;
  18. use Symfony\Component\Security\Core\User\UserProviderInterface;
  20. class UserProvider implements UserProviderInterfacePasswordUpgraderInterface
  21. {
  22.     public function __construct(
  23.         private RequestStack $requestStack,
  24.         private EntityManagerInterface $entityManager,
  25.         private LoggerInterface $logger)
  26.     {
  27.     }
  29.     public function loadUserByUsername(string $username): UserInterface
  30.     {
  31.         throw new Exception('Never load by username');
  32.     }
  34.     public function loadUserByIdentifier(string $identifier): UserInterface
  35.     {
  36.         $headers $this->requestStack->getCurrentRequest()->headers;
  37.         $kindergarten $headers->get('X-KINDERGARTEN-ID');
  38.         $userMe LoginHelper::fetchUser(
  39.             $this->entityManager,
  40.             'email',
  41.             $identifier,
  42.             $headers->get('user-type'),
  43.             $kindergarten
  44.         );
  45.         if (null === $userMe) {
  46.             throw new UnauthorizedHttpException('''Invalid credentials.');
  47.         }
  48.         if (!empty($kindergarten)) {
  49.             if (!in_array($kindergarten$userMe->getKindergartenIds())) {
  50.                 $this->logger->critical('No access: ' $identifier ' -> ' $kindergarten);
  51.                 throw new AccessDeniedHttpException('No access to specified kindergarten');
  52.             }
  53.             $userMe->setKindergartenIdHeader($kindergarten);
  54.         }
  55.         $userType $headers->get('USER-TYPE');
  56.         if ($userType) {
  57.             if (!in_array($userTypeUser::APP_TYPES)) {
  58.                 throw new AccessDeniedHttpException('Wrong USER-TYPE header');
  59.             }
  60.             $userMe->setUserTypeHeader($userType);
  61.         }
  62.         $childId $headers->get('X-CHILD-ID');
  63.         if (User::APP_TYPE_PARENT == $userType && empty($childId)) {
  64. //            probably we need it, but we have to solve this exception when parent requests /me after login
  65. //            throw new AccessDeniedHttpException('X-CHILD-ID header missed');
  66.         }
  67.         if ($childId && !in_array($childId$userMe->getChildrenIds())) {
  68.             throw new AccessDeniedHttpException('No access to specified child');
  69.         }
  71.         return $userMe
  72.             ->setChildIdHeader($childId)
  73.         ;
  74.     }
  76.     public function refreshUser(UserInterface $user): UserInterface
  77.     {
  78.         if (!$user instanceof UserMe) {
  79.             throw new UnsupportedUserException(sprintf('Invalid user class "%s".'get_class($user)));
  80.         }
  82.         return $user;
  83.     }
  85.     public function supportsClass(string $class): bool
  86.     {
  87.         return UserMe::class === $class || is_subclass_of($classUserMe::class);
  88.     }
  90.     public function upgradePassword(PasswordAuthenticatedUserInterface $userstring $newHashedPassword): void
  91.     {
  92.         // TODO: Implement upgradePassword() method.
  93.     }
  94. }