vendor/symfony/security-http/Firewall/ChannelListener.php line 29

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Psr\Log\LoggerInterface;
  15. use Symfony\Component\HttpFoundation\RedirectResponse;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpKernel\Event\RequestEvent;
  18. use Symfony\Component\Security\Http\AccessMapInterface;
  19. use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
  21. /**
  22.  * ChannelListener switches the HTTP protocol based on the access control
  23.  * configuration.
  24.  *
  25.  * @author Fabien Potencier <fabien@symfony.com>
  26.  *
  27.  * @final
  28.  */
  29. class ChannelListener extends AbstractListener
  30. {
  31.     private $map;
  32.     private $authenticationEntryPoint null;
  33.     private $logger;
  34.     private $httpPort;
  35.     private $httpsPort;
  37.     public function __construct(AccessMapInterface $map/*LoggerInterface*/ $logger null/*int*/ $httpPort 80/*int*/ $httpsPort 443)
  38.     {
  39.         if ($logger instanceof AuthenticationEntryPointInterface) {
  40.             trigger_deprecation('symfony/security-http''5.4''The "$authenticationEntryPoint" argument of "%s()" is deprecated.'__METHOD__);
  42.             $this->authenticationEntryPoint $logger;
  43.             $nrOfArgs \func_num_args();
  44.             $logger $nrOfArgs func_get_arg(2) : null;
  45.             $httpPort $nrOfArgs func_get_arg(3) : 80;
  46.             $httpsPort $nrOfArgs func_get_arg(4) : 443;
  47.         }
  49.         if (null !== $logger && !$logger instanceof LoggerInterface) {
  50.             throw new \TypeError(sprintf('Argument "$logger" of "%s()" must be instance of "%s", "%s" given.'__METHOD__LoggerInterface::class, get_debug_type($logger)));
  51.         }
  53.         $this->map $map;
  54.         $this->logger $logger;
  55.         $this->httpPort $httpPort;
  56.         $this->httpsPort $httpsPort;
  57.     }
  59.     /**
  60.      * Handles channel management.
  61.      */
  62.     public function supports(Request $request): ?bool
  63.     {
  64.         [, $channel] = $this->map->getPatterns($request);
  66.         if ('https' === $channel && !$request->isSecure()) {
  67.             if (null !== $this->logger) {
  68.                 if ('https' === $request->headers->get('X-Forwarded-Proto')) {
  69.                     $this->logger->info('Redirecting to HTTPS. ("X-Forwarded-Proto" header is set to "https" - did you set "trusted_proxies" correctly?)');
  70.                 } elseif (str_contains($request->headers->get('Forwarded'''), 'proto=https')) {
  71.                     $this->logger->info('Redirecting to HTTPS. ("Forwarded" header is set to "proto=https" - did you set "trusted_proxies" correctly?)');
  72.                 } else {
  73.                     $this->logger->info('Redirecting to HTTPS.');
  74.                 }
  75.             }
  77.             return true;
  78.         }
  80.         if ('http' === $channel && $request->isSecure()) {
  81.             if (null !== $this->logger) {
  82.                 $this->logger->info('Redirecting to HTTP.');
  83.             }
  85.             return true;
  86.         }
  88.         return false;
  89.     }
  91.     public function authenticate(RequestEvent $event)
  92.     {
  93.         $request $event->getRequest();
  95.         $event->setResponse($this->createRedirectResponse($request));
  96.     }
  98.     private function createRedirectResponse(Request $request): RedirectResponse
  99.     {
  100.         if (null !== $this->authenticationEntryPoint) {
  101.             return $this->authenticationEntryPoint->start($request);
  102.         }
  104.         $scheme $request->isSecure() ? 'http' 'https';
  105.         if ('http' === $scheme && 80 != $this->httpPort) {
  106.             $port ':'.$this->httpPort;
  107.         } elseif ('https' === $scheme && 443 != $this->httpsPort) {
  108.             $port ':'.$this->httpsPort;
  109.         } else {
  110.             $port '';
  111.         }
  113.         $qs $request->getQueryString();
  114.         if (null !== $qs) {
  115.             $qs '?'.$qs;
  116.         }
  118.         $url $scheme.'://'.$request->getHost().$port.$request->getBaseUrl().$request->getPathInfo().$qs;
  120.         return new RedirectResponse($url301);
  121.     }
  122. }