vendor/shopware/core/Checkout/Customer/SalesChannel/LoginRoute.php line 77

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Checkout\Customer\SalesChannel;
  5. use Shopware\Core\Checkout\Customer\CustomerEntity;
  6. use Shopware\Core\Checkout\Customer\Event\CustomerBeforeLoginEvent;
  7. use Shopware\Core\Checkout\Customer\Event\CustomerLoginEvent;
  8. use Shopware\Core\Checkout\Customer\Exception\BadCredentialsException;
  9. use Shopware\Core\Checkout\Customer\Exception\CustomerAuthThrottledException;
  10. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundException;
  11. use Shopware\Core\Checkout\Customer\Exception\InactiveCustomerException;
  12. use Shopware\Core\Checkout\Customer\Password\LegacyPasswordVerifier;
  13. use Shopware\Core\Framework\Context;
  14. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
  15. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  16. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  17. use Shopware\Core\Framework\Plugin\Exception\DecorationPatternException;
  18. use Shopware\Core\Framework\RateLimiter\Exception\RateLimitExceededException;
  19. use Shopware\Core\Framework\RateLimiter\RateLimiter;
  20. use Shopware\Core\Framework\Routing\Annotation\ContextTokenRequired;
  21. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  22. use Shopware\Core\Framework\Routing\Annotation\Since;
  23. use Shopware\Core\Framework\Validation\DataBag\RequestDataBag;
  24. use Shopware\Core\System\SalesChannel\Context\CartRestorer;
  25. use Shopware\Core\System\SalesChannel\ContextTokenResponse;
  26. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  27. use Symfony\Component\HttpFoundation\RequestStack;
  28. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  29. use Symfony\Component\Routing\Annotation\Route;
  30. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  32. /**
  33.  * @Route(defaults={"_routeScope"={"store-api"}, "_contextTokenRequired"=true})
  34.  */
  35. class LoginRoute extends AbstractLoginRoute
  36. {
  37.     private EventDispatcherInterface $eventDispatcher;
  39.     private EntityRepositoryInterface $customerRepository;
  41.     private LegacyPasswordVerifier $legacyPasswordVerifier;
  43.     private CartRestorer $restorer;
  45.     private RequestStack $requestStack;
  47.     private RateLimiter $rateLimiter;
  49.     /**
  50.      * @internal
  51.      */
  52.     public function __construct(
  53.         EventDispatcherInterface $eventDispatcher,
  54.         EntityRepositoryInterface $customerRepository,
  55.         LegacyPasswordVerifier $legacyPasswordVerifier,
  56.         CartRestorer $restorer,
  57.         RequestStack $requestStack,
  58.         RateLimiter $rateLimiter
  59.     ) {
  60.         $this->eventDispatcher $eventDispatcher;
  61.         $this->customerRepository $customerRepository;
  62.         $this->legacyPasswordVerifier $legacyPasswordVerifier;
  63.         $this->restorer $restorer;
  64.         $this->requestStack $requestStack;
  65.         $this->rateLimiter $rateLimiter;
  66.     }
  68.     public function getDecorated(): AbstractLoginRoute
  69.     {
  70.         throw new DecorationPatternException(self::class);
  71.     }
  73.     /**
  74.      * @Since("6.2.0.0")
  75.      * @Route(path="/store-api/account/login", name="store-api.account.login", methods={"POST"})
  76.      */
  77.     public function login(RequestDataBag $dataSalesChannelContext $context): ContextTokenResponse
  78.     {
  79.         $email $data->get('email'$data->get('username'));
  81.         if (empty($email) || empty($data->get('password'))) {
  82.             throw new BadCredentialsException();
  83.         }
  85.         $event = new CustomerBeforeLoginEvent($context$email);
  86.         $this->eventDispatcher->dispatch($event);
  88.         if ($this->requestStack->getMainRequest() !== null) {
  89.             $cacheKey strtolower($email) . '-' $this->requestStack->getMainRequest()->getClientIp();
  91.             try {
  92.                 $this->rateLimiter->ensureAccepted(RateLimiter::LOGIN_ROUTE$cacheKey);
  93.             } catch (RateLimitExceededException $exception) {
  94.                 throw new CustomerAuthThrottledException($exception->getWaitTime(), $exception);
  95.             }
  96.         }
  98.         try {
  99.             $customer $this->getCustomerByLogin(
  100.                 $email,
  101.                 $data->get('password'),
  102.                 $context
  103.             );
  104.         } catch (CustomerNotFoundException BadCredentialsException $exception) {
  105.             throw new UnauthorizedHttpException('json'$exception->getMessage());
  106.         }
  108.         if (isset($cacheKey)) {
  109.             $this->rateLimiter->reset(RateLimiter::LOGIN_ROUTE$cacheKey);
  110.         }
  112.         if (!$customer->getActive()) {
  113.             throw new InactiveCustomerException($customer->getId());
  114.         }
  116.         $context $this->restorer->restore($customer->getId(), $context);
  117.         $newToken $context->getToken();
  119.         $this->customerRepository->update([
  120.             [
  121.                 'id' => $customer->getId(),
  122.                 'lastLogin' => new \DateTimeImmutable(),
  123.                 'languageId' => $context->getLanguageId(),
  124.             ],
  125.         ], $context->getContext());
  127.         $event = new CustomerLoginEvent($context$customer$newToken);
  128.         $this->eventDispatcher->dispatch($event);
  130.         return new ContextTokenResponse($newToken);
  131.     }
  133.     private function getCustomerByLogin(string $emailstring $passwordSalesChannelContext $context): CustomerEntity
  134.     {
  135.         $customer $this->getCustomerByEmail($email$context);
  137.         if ($customer->hasLegacyPassword()) {
  138.             if (!$this->legacyPasswordVerifier->verify($password$customer)) {
  139.                 throw new BadCredentialsException();
  140.             }
  142.             $this->updatePasswordHash($password$customer$context->getContext());
  144.             return $customer;
  145.         }
  147.         if (!password_verify($password$customer->getPassword() ?? '')) {
  148.             throw new BadCredentialsException();
  149.         }
  151.         return $customer;
  152.     }
  154.     private function getCustomerByEmail(string $emailSalesChannelContext $context): CustomerEntity
  155.     {
  156.         $criteria = new Criteria();
  157.         $criteria->setTitle('login-route');
  158.         $criteria->addFilter(new EqualsFilter('customer.email'$email));
  160.         $result $this->customerRepository->search($criteria$context->getContext());
  162.         $result $result->filter(static function (CustomerEntity $customer) use ($context) {
  163.             $isConfirmed = !$customer->getDoubleOptInRegistration() || $customer->getDoubleOptInConfirmDate();
  165.             // Skip guest and not active users
  166.             if ($customer->getGuest() || (!$customer->getActive() && $isConfirmed)) {
  167.                 return null;
  168.             }
  170.             // If not bound, we still need to consider it
  171.             if ($customer->getBoundSalesChannelId() === null) {
  172.                 return true;
  173.             }
  175.             // It is bound, but not to the current one. Skip it
  176.             if ($customer->getBoundSalesChannelId() !== $context->getSalesChannel()->getId()) {
  177.                 return null;
  178.             }
  180.             return true;
  181.         });
  183.         if ($result->count() !== 1) {
  184.             throw new BadCredentialsException();
  185.         }
  187.         return $result->first();
  188.     }
  190.     private function updatePasswordHash(string $passwordCustomerEntity $customerContext $context): void
  191.     {
  192.         $this->customerRepository->update([
  193.             [
  194.                 'id' => $customer->getId(),
  195.                 'password' => $password,
  196.                 'legacyPassword' => null,
  197.                 'legacyEncoder' => null,
  198.             ],
  199.         ], $context);
  200.     }
  201. }