<?php namespace App\Security; use Doctrine\ORM\EntityManagerInterface; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Guard\AbstractGuardAuthenticator; class EmailTokenAuthenticator extends AbstractGuardAuthenticator { private $em; public function __construct(EntityManagerInterface $em) { $this->em = $em; } /** * Called on every request to decide if this authenticator should be * used for the request. Returning false will cause this authenticator * to be skipped. */ public function supports(Request $request) { return $request->query->has('emailToken'); } /** * Called on every request. Return whatever credentials you want to * be passed to getUser() as $credentials. */ public function getCredentials(Request $request) { return [ 'token' => $request->query->get('emailToken'), ]; } public function getUser($credentials, UserProviderInterface $userProvider) { $token = $credentials['token']; $emailToken = $this->em->getRepository('App\Entity\EmailToken') ->findOneByToken($token); return $emailToken->getUser(); } public function checkCredentials($credentials, UserInterface $user) { $token = $credentials['token']; $emailToken = $this->em->getRepository('App\Entity\EmailToken') ->findOneByToken($token); $now = new \DateTime(); return $now < $emailToken->getExpiredAt(); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { //Redirect with no emailToken return null; } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { $data = [ // you may want to customize or obfuscate the message first 'message' => strtr($exception->getMessageKey(), $exception->getMessageData()), // or to translate this message // $this->translator->trans($exception->getMessageKey(), $exception->getMessageData()) ]; return new JsonResponse($data, Response::HTTP_UNAUTHORIZED); } /** * Called when authentication is needed, but it's not sent. */ public function start(Request $request, AuthenticationException $authException = null) { return null; } public function supportsRememberMe() { return false; } }