vendor/pimcore/pimcore/bundles/AdminBundle/EventListener/TwoFactorListener.php line 51

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under two different licenses:
  7.  * - GNU General Public License version 3 (GPLv3)
  8.  * - Pimcore Commercial License (PCL)
  9.  * Full copyright and license information is available in
  10.  * LICENSE.md which is distributed with this source code.
  11.  *
  12.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  13.  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  14.  */
  16. namespace Pimcore\Bundle\AdminBundle\EventListener;
  18. use Pimcore\Bundle\AdminBundle\Security\Authentication\Token\LegacyTwoFactorRequiredToken;
  19. use Pimcore\Bundle\AdminBundle\Security\Authentication\Token\TwoFactorRequiredToken;
  20. use Pimcore\Tool\Session;
  21. use Psr\Log\LoggerAwareTrait;
  22. use Scheb\TwoFactorBundle\Security\Authentication\Token\TwoFactorTokenInterface;
  23. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvent;
  24. use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\PreparationRecorderInterface;
  25. use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\TwoFactorProviderRegistry;
  26. use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBagInterface;
  28. /**
  29.  * @internal
  30.  */
  31. class TwoFactorListener
  32. {
  33.     use LoggerAwareTrait;
  35.     /**
  36.      * @var TwoFactorProviderRegistry
  37.      */
  38.     private $providerRegistry;
  40.     /**
  41.      * @var PreparationRecorderInterface
  42.      */
  43.     private $preparationRecorder;
  45.     public function __construct(TwoFactorProviderRegistry $providerRegistryPreparationRecorderInterface $preparationRecorder)
  46.     {
  47.         $this->providerRegistry $providerRegistry;
  48.         $this->preparationRecorder $preparationRecorder;
  49.     }
  51.     public function onAuthenticationComplete(TwoFactorAuthenticationEvent $event)
  52.     {
  53.         // this session flag is set in \Pimcore\Bundle\AdminBundle\Security\AdminAuthenticator
  54.         // or \Pimcore\Bundle\AdminBundle\Security\AdminAuthenticator (Authenticator Based Security)
  55.         // @TODO: check if there's a nicer way of doing this, actually it feels a bit like a hack :)
  56.         Session::useSession(function (AttributeBagInterface $adminSession) {
  57.             $adminSession->set('2fa_required'false);
  58.         });
  59.     }
  61.     public function onAuthenticationAttempt(TwoFactorAuthenticationEvent $event)
  62.     {
  63.         $twoFactorToken $event->getToken();
  64.         if (!$twoFactorToken instanceof TwoFactorTokenInterface) {
  65.             return;
  66.         }
  68.         $providerName $twoFactorToken->getCurrentTwoFactorProvider();
  69.         if (null === $providerName) {
  70.             return;
  71.         }
  73.         $twoFactorToken->setTwoFactorProviderPrepared($providerName);
  74.         /** @var LegacyTwoFactorRequiredToken|TwoFactorRequiredToken $twoFactorAuthenticatedToken */
  75.         $twoFactorAuthenticatedToken $twoFactorToken->getAuthenticatedToken();
  76.         $firewallName $twoFactorAuthenticatedToken->getFirewallName();
  78.         if ($this->preparationRecorder->isTwoFactorProviderPrepared($firewallName$providerName)) {
  79.             $this->logger->info(sprintf('Two-factor provider "%s" was already prepared.'$providerName));
  81.             return;
  82.         }
  84.         $user $twoFactorToken->getUser();
  85.         $this->providerRegistry->getProvider($providerName)->prepareAuthentication($user);
  87.         $this->preparationRecorder->setTwoFactorProviderPrepared($firewallName$providerName);
  88.         $this->logger->info(sprintf('Two-factor provider "%s" prepared.'$providerName));
  89.     }
  90. }