-
Notifications
You must be signed in to change notification settings - Fork 177
/
Copy pathLoginListener.php
153 lines (124 loc) · 4.44 KB
/
LoginListener.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<?php
declare(strict_types=1);
namespace Sentry\SentryBundle\EventListener;
use Sentry\State\HubInterface;
use Sentry\State\Scope;
use Sentry\UserDataBag;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Http\Event\LoginSuccessEvent;
final class LoginListener
{
use KernelEventForwardCompatibilityTrait;
/**
* @var HubInterface The current hub
*/
private $hub;
/**
* @var TokenStorageInterface|null The token storage
*/
private $tokenStorage;
/**
* Constructor.
*
* @param HubInterface $hub The current hub
* @param TokenStorageInterface|null $tokenStorage The token storage
*/
public function __construct(HubInterface $hub, ?TokenStorageInterface $tokenStorage)
{
$this->hub = $hub;
$this->tokenStorage = $tokenStorage;
}
/**
* This method is called for each request handled by the framework and
* fills the Sentry scope with information about the current user.
*/
public function handleKernelRequestEvent(RequestEvent $event): void
{
if (null === $this->tokenStorage || !$this->isMainRequest($event)) {
return;
}
$token = $this->tokenStorage->getToken();
if (null !== $token) {
$this->updateUserContext($token);
}
}
/**
* This method is called after authentication was fully successful. It allows
* to set information like the username of the currently authenticated user
* and of the impersonator, if any, on the Sentry's context.
*/
public function handleLoginSuccessEvent(LoginSuccessEvent $event): void
{
$this->updateUserContext($event->getAuthenticatedToken());
}
/**
* This method is called when an authentication provider authenticates the
* user. It is the event closest to {@see LoginSuccessEvent} in versions of
* the framework where it doesn't exist.
*/
public function handleAuthenticationSuccessEvent(AuthenticationSuccessEvent $event): void
{
$this->updateUserContext($event->getAuthenticationToken());
}
private function updateUserContext(TokenInterface $token): void
{
if (!$this->isTokenAuthenticated($token)) {
return;
}
$client = $this->hub->getClient();
if (null === $client || !$client->getOptions()->shouldSendDefaultPii()) {
return;
}
$this->hub->configureScope(function (Scope $scope) use ($token): void {
$user = $scope->getUser() ?? new UserDataBag();
if (null === $user->getId()) {
$user->setId($this->getUserIdentifier($token->getUser()));
}
$impersonatorUser = $this->getImpersonatorUser($token);
if (null !== $impersonatorUser) {
$user->setMetadata('impersonator_username', $impersonatorUser);
}
$scope->setUser($user);
});
}
private function isTokenAuthenticated(TokenInterface $token): bool
{
if (method_exists($token, 'isAuthenticated') && !$token->isAuthenticated(false)) {
return false;
}
return null !== $token->getUser();
}
/**
* @param UserInterface|\Stringable|string|null $user
*/
private function getUserIdentifier($user): ?string
{
if ($user instanceof UserInterface) {
if (method_exists($user, 'getUserIdentifier')) {
return $user->getUserIdentifier();
}
if (method_exists($user, 'getUsername')) {
return $user->getUsername();
}
}
if (\is_string($user)) {
return $user;
}
if (\is_object($user) && method_exists($user, '__toString')) {
return (string) $user;
}
return null;
}
private function getImpersonatorUser(TokenInterface $token): ?string
{
if ($token instanceof SwitchUserToken) {
return $this->getUserIdentifier($token->getOriginalToken()->getUser());
}
return null;
}
}