vendor/shopware/core/Checkout/Customer/SalesChannel/LoginRoute.php line 88

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Checkout\Customer\SalesChannel;
  5. use Shopware\Core\Checkout\Customer\CustomerEntity;
  6. use Shopware\Core\Checkout\Customer\Event\CustomerBeforeLoginEvent;
  7. use Shopware\Core\Checkout\Customer\Event\CustomerLoginEvent;
  8. use Shopware\Core\Checkout\Customer\Exception\BadCredentialsException;
  9. use Shopware\Core\Checkout\Customer\Exception\CustomerAuthThrottledException;
  10. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundException;
  11. use Shopware\Core\Checkout\Customer\Exception\InactiveCustomerException;
  12. use Shopware\Core\Checkout\Customer\Password\LegacyPasswordVerifier;
  13. use Shopware\Core\Framework\Context;
  14. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
  15. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  16. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  17. use Shopware\Core\Framework\Log\Package;
  18. use Shopware\Core\Framework\Plugin\Exception\DecorationPatternException;
  19. use Shopware\Core\Framework\RateLimiter\Exception\RateLimitExceededException;
  20. use Shopware\Core\Framework\RateLimiter\RateLimiter;
  21. use Shopware\Core\Framework\Routing\Annotation\ContextTokenRequired;
  22. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  23. use Shopware\Core\Framework\Routing\Annotation\Since;
  24. use Shopware\Core\Framework\Validation\DataBag\RequestDataBag;
  25. use Shopware\Core\System\SalesChannel\Context\CartRestorer;
  26. use Shopware\Core\System\SalesChannel\ContextTokenResponse;
  27. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  28. use Symfony\Component\HttpFoundation\RequestStack;
  29. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  30. use Symfony\Component\Routing\Annotation\Route;
  31. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  33. /**
  34.  * @Route(defaults={"_routeScope"={"store-api"}, "_contextTokenRequired"=true})
  35.  */
  36. #[Package('customer-order')]
  37. class LoginRoute extends AbstractLoginRoute
  38. {
  39.     private EventDispatcherInterface $eventDispatcher;
  41.     private EntityRepositoryInterface $customerRepository;
  43.     private LegacyPasswordVerifier $legacyPasswordVerifier;
  45.     private CartRestorer $restorer;
  47.     private RequestStack $requestStack;
  49.     private RateLimiter $rateLimiter;
  51.     /**
  52.      * @internal
  53.      */
  54.     public function __construct(
  55.         EventDispatcherInterface $eventDispatcher,
  56.         EntityRepositoryInterface $customerRepository,
  57.         LegacyPasswordVerifier $legacyPasswordVerifier,
  58.         CartRestorer $restorer,
  59.         RequestStack $requestStack,
  60.         RateLimiter $rateLimiter
  61.     ) {
  62.         $this->eventDispatcher $eventDispatcher;
  63.         $this->customerRepository $customerRepository;
  64.         $this->legacyPasswordVerifier $legacyPasswordVerifier;
  65.         $this->restorer $restorer;
  66.         $this->requestStack $requestStack;
  67.         $this->rateLimiter $rateLimiter;
  68.     }
  70.     public function getDecorated(): AbstractLoginRoute
  71.     {
  72.         throw new DecorationPatternException(self::class);
  73.     }
  75.     /**
  76.      * @Since("6.2.0.0")
  77.      * @Route(path="/store-api/account/login", name="store-api.account.login", methods={"POST"})
  78.      */
  79.     public function login(RequestDataBag $dataSalesChannelContext $context): ContextTokenResponse
  80.     {
  81.         $email $data->get('email'$data->get('username'));
  83.         if (empty($email) || empty($data->get('password'))) {
  84.             throw new BadCredentialsException();
  85.         }
  87.         $event = new CustomerBeforeLoginEvent($context$email);
  88.         $this->eventDispatcher->dispatch($event);
  90.         if ($this->requestStack->getMainRequest() !== null) {
  91.             $cacheKey strtolower($email) . '-' $this->requestStack->getMainRequest()->getClientIp();
  93.             try {
  94.                 $this->rateLimiter->ensureAccepted(RateLimiter::LOGIN_ROUTE$cacheKey);
  95.             } catch (RateLimitExceededException $exception) {
  96.                 throw new CustomerAuthThrottledException($exception->getWaitTime(), $exception);
  97.             }
  98.         }
  100.         try {
  101.             $customer $this->getCustomerByLogin(
  102.                 $email,
  103.                 $data->get('password'),
  104.                 $context
  105.             );
  106.         } catch (CustomerNotFoundException BadCredentialsException $exception) {
  107.             throw new UnauthorizedHttpException('json'$exception->getMessage());
  108.         }
  110.         if (isset($cacheKey)) {
  111.             $this->rateLimiter->reset(RateLimiter::LOGIN_ROUTE$cacheKey);
  112.         }
  114.         if (!$customer->getActive()) {
  115.             throw new InactiveCustomerException($customer->getId());
  116.         }
  118.         $context $this->restorer->restore($customer->getId(), $context);
  119.         $newToken $context->getToken();
  121.         $this->customerRepository->update([
  122.             [
  123.                 'id' => $customer->getId(),
  124.                 'lastLogin' => new \DateTimeImmutable(),
  125.                 'languageId' => $context->getLanguageId(),
  126.             ],
  127.         ], $context->getContext());
  129.         $event = new CustomerLoginEvent($context$customer$newToken);
  130.         $this->eventDispatcher->dispatch($event);
  132.         return new ContextTokenResponse($newToken);
  133.     }
  135.     private function getCustomerByLogin(string $emailstring $passwordSalesChannelContext $context): CustomerEntity
  136.     {
  137.         $customer $this->getCustomerByEmail($email$context);
  139.         if ($customer->hasLegacyPassword()) {
  140.             if (!$this->legacyPasswordVerifier->verify($password$customer)) {
  141.                 throw new BadCredentialsException();
  142.             }
  144.             $this->updatePasswordHash($password$customer$context->getContext());
  146.             return $customer;
  147.         }
  149.         if (!password_verify($password$customer->getPassword() ?? '')) {
  150.             throw new BadCredentialsException();
  151.         }
  153.         return $customer;
  154.     }
  156.     private function getCustomerByEmail(string $emailSalesChannelContext $context): CustomerEntity
  157.     {
  158.         $criteria = new Criteria();
  159.         $criteria->setTitle('login-route');
  160.         $criteria->addFilter(new EqualsFilter('customer.email'$email));
  162.         $result $this->customerRepository->search($criteria$context->getContext());
  164.         $result $result->filter(static function (CustomerEntity $customer) use ($context) {
  165.             $isConfirmed = !$customer->getDoubleOptInRegistration() || $customer->getDoubleOptInConfirmDate();
  167.             // Skip guest and not active users
  168.             if ($customer->getGuest() || (!$customer->getActive() && $isConfirmed)) {
  169.                 return null;
  170.             }
  172.             // If not bound, we still need to consider it
  173.             if ($customer->getBoundSalesChannelId() === null) {
  174.                 return true;
  175.             }
  177.             // It is bound, but not to the current one. Skip it
  178.             if ($customer->getBoundSalesChannelId() !== $context->getSalesChannel()->getId()) {
  179.                 return null;
  180.             }
  182.             return true;
  183.         });
  185.         if ($result->count() !== 1) {
  186.             throw new BadCredentialsException();
  187.         }
  189.         return $result->first();
  190.     }
  192.     private function updatePasswordHash(string $passwordCustomerEntity $customerContext $context): void
  193.     {
  194.         $this->customerRepository->update([
  195.             [
  196.                 'id' => $customer->getId(),
  197.                 'password' => $password,
  198.                 'legacyPassword' => null,
  199.                 'legacyEncoder' => null,
  200.             ],
  201.         ], $context);
  202.     }
  203. }