<?php namespace App\Security; use App\Entity\User; use Doctrine\ORM\EntityManagerInterface; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Guard\AbstractGuardAuthenticator; class ApiKeyAuthenticator extends AbstractGuardAuthenticator { private $em; public function __construct(EntityManagerInterface $em) { $this->em = $em; } /** * Called on every request to decide if this authenticator should be * used for the request. Returning false will cause this authenticator * to be skipped. */ public function supports(Request $request) { return $request->headers->has('API-AUTH-TOKEN'); } /** * Called on every request. Return whatever credentials you want to * be passed to getUser() as $credentials. */ public function getCredentials(Request $request) { return $request->headers->get('API-AUTH-TOKEN'); } public function getUser($credentials, UserProviderInterface $userProvider) { $user = $this->em->getRepository(User::class) ->findOneByApiKey($credentials); return $user; } public function checkCredentials($credentials, UserInterface $user) { $user = $this->em->getRepository(User::class) ->findOneByApiKey($credentials); return null != $user; } public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { return null; } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { $data = [ // you may want to customize or obfuscate the message first 'message' => strtr($exception->getMessageKey(), $exception->getMessageData()), // or to translate this message // $this->translator->trans($exception->getMessageKey(), $exception->getMessageData()) ]; return new JsonResponse($data, Response::HTTP_UNAUTHORIZED); } /** * Called when authentication is needed, but it's not sent. */ public function start(Request $request, AuthenticationException $authException = null) { $data = [ // you might translate this message 'message' => 'Authentication Required', ]; return new JsonResponse($data, Response::HTTP_UNAUTHORIZED); } public function supportsRememberMe() { return false; } }