src/Security/LoginFormAuthenticator.php line 18

Open in your IDE?
  1. <?php
  3. namespace App\Security;
  5. use Symfony\Component\HttpFoundation\Request;
  6. use Symfony\Component\HttpFoundation\RedirectResponse;
  7. use Symfony\Component\HttpFoundation\Response;
  8. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  9. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
  12. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  13. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  14. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
  15. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
  16. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  18. class LoginFormAuthenticator extends AbstractLoginFormAuthenticator
  19. {
  20.     use TargetPathTrait;
  22.     public const LOGIN_ROUTE 'new_login';
  24.     /** @var UrlGeneratorInterface */
  25.     private $urlGenerator;
  27.     public function __construct(UrlGeneratorInterface $urlGenerator)
  28.     {
  29.         $this->urlGenerator $urlGenerator;
  30.     }
  32.     public function authenticate(Request $request): Passport
  33.     {
  34.         $username       = (string) $request->request->get('_username''');
  35.         $password       = (string) $request->request->get('_password''');
  36.         $csrfToken      = (string) $request->request->get('_csrf_token''');
  37.         $inputCaptcha   = (string) $request->request->get('captcha''');
  39.         $session        $request->getSession();
  40.         $sessionCaptcha = (string) $session->get('captcha''');
  42.         // === Validasi captcha ===
  43.         if (!$sessionCaptcha || strcasecmp($inputCaptcha$sessionCaptcha) !== 0) {
  44.             $session->remove('captcha');
  45.             throw new CustomUserMessageAuthenticationException('Captcha salah. Silakan coba lagi.');
  46.         }
  47.         $session->remove('captcha');
  49.         return new Passport(
  50.             new UserBadge($username),
  51.             new PasswordCredentials($password),
  52.             [
  53.                 new CsrfTokenBadge('my_csrf_token'$csrfToken),
  54.             ]
  55.         );
  56.     }
  58.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  59.     {
  60.         // Jika user awalnya akses halaman proteksi, balikan ke sana
  61.         if ($targetPath $this->getTargetPath($request->getSession(), $firewallName)) {
  62.             return new RedirectResponse($targetPath);
  63.         }
  65.         // Atau redirect default sesudah login
  66.         return new RedirectResponse($this->urlGenerator->generate('dashboard'));
  67.     }
  69.     protected function getLoginUrl(Request $request): string
  70.     {
  71.         return $this->urlGenerator->generate(self::LOGIN_ROUTE);
  72.     }
  73. }