/** * @Rest\RequestParam(name="username", requirements={@Assert\NotBlank}) * @Rest\RequestParam(name="password", requirements={@Assert\NotBlank}) */ public function authenticateAction(Request $request) { $created = date('Y-m-d H:i:s'); $token = new BBUserToken(); $token->setUser($request->request->get('username')); $token->setCreated($created); $token->setNonce(md5(uniqid('', true))); $token->setDigest(md5($token->getNonce() . $created . md5($request->request->get('password')))); $tokenAuthenticated = $this->getApplication()->getSecurityContext()->getAuthenticationManager()->authenticate($token); if (!$tokenAuthenticated->getUser()->getApiKeyEnabled()) { throw new DisabledException('API access forbidden'); } $this->getApplication()->getSecurityContext()->setToken($tokenAuthenticated); return $this->createJsonResponse(null, 201, array('X-API-KEY' => $tokenAuthenticated->getUser()->getApiKeyPublic(), 'X-API-SIGNATURE' => $tokenAuthenticated->getNonce())); }
protected function setUp() { $this->initAutoload(); $bbapp = $this->getBBApp(); $this->initDb($bbapp); $this->initAcl(); $this->getBBApp()->setIsStarted(true); // save user $group = new Group(); $group->setName('groupName'); $bbapp->getEntityManager()->persist($group); // valid user $this->user = new User(); $this->user->addGroup($group); $this->user->setLogin('user123'); $this->user->setEmail('*****@*****.**'); $this->user->setPassword('password123'); $this->user->setActivated(true); $bbapp->getEntityManager()->persist($this->user); // inactive user $user = new User(); $user->addGroup($group); $user->setLogin('user123inactive'); $user->setEmail('*****@*****.**'); $user->setPassword('password123'); $user->setActivated(false); $bbapp->getEntityManager()->persist($user); $bbapp->getEntityManager()->flush(); // login user $created = date('Y-m-d H:i:s'); $token = new BBUserToken(); $token->setUser($this->user); $token->setCreated($created); $token->setNonce(md5(uniqid('', true))); $token->setDigest(md5($token->getNonce() . $created . md5($this->user->getPassword()))); $this->getSecurityContext()->setToken($token); // set up permissions $aclManager = $this->getBBApp()->getContainer()->get('security.acl_manager'); $aclManager->insertOrUpdateClassAce(new ObjectIdentity('all', get_class($this->user)), UserSecurityIdentity::fromAccount($this->user), MaskBuilder::MASK_IDDQD); }
public function checkIdentity($username, $password) { $created = date('Y-m-d H:i:s'); $token = new BBUserToken(); $token->setUser($request->request->get('username')); $token->setCreated($created); $token->setNonce(md5(uniqid('', true))); $token->setDigest(md5($token->getNonce() . $created . md5($password))); $tokenAuthenticated = $this->getApplication()->getSecurityContext()->getAuthenticationManager()->authenticate($token); $this->getApplication()->getSecurityContext()->setToken($tokenAuthenticated); }
/** * Creates a user for the specified group, and authenticates a BBUserToken. * * @param string $groupId * * @return \BackBee\Security\Token\BBUserToken */ protected function createAuthUser($groupId, $roles = array('ROLE_API_USER')) { $token = new BBUserToken($roles); $user = new User(); $user->setEmail('*****@*****.**')->setLogin('admin')->setPassword('pass')->setApiKeyPrivate(uniqid("PRIVATE", true))->setApiKeyPublic(uniqid("PUBLIC", true))->setApiKeyEnabled(true); $group = $this->getBBApp()->getEntityManager()->getRepository('BackBee\\Security\\Group')->findOneBy(array('_name' => $groupId)); if (!$group) { $group = new Group(); $group->setName($groupId); $this->getBBApp()->getEntityManager()->persist($group); $this->getBBApp()->getEntityManager()->flush($group); } $user->addGroup($group); $token->setAuthenticated(true); $token->setUser($user)->setCreated(new \DateTime())->setLifetime(300); $this->getSecurityContext()->setToken($token); return $user; }
/** * Attempts to authenticates a TokenInterface object. * * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token * * @return \BackBee\Security\Token\BBUserToken * * @throws \BackBee\Security\Exception\SecurityException */ public function authenticate(TokenInterface $token) { if (false === $this->supports($token)) { throw new SecurityException('Invalid token provided', SecurityException::UNSUPPORTED_TOKEN); } try { $user = $this->userProvider->loadUserByUsername($token->getUsername()); $secret = $user->getPassword(); if ($this->encoderFactory) { try { $encoder = $this->encoderFactory->getEncoder($user); if ($encoder instanceof PlaintextPasswordEncoder) { $secret = md5($secret); } elseif ($encoder instanceof MessageDigestPasswordEncoder) { // $secret is already md5 encoded // NB: only md5 algo without salt is currently supported due to frontend dependency } else { // currently there is a dependency on md5 in frontend so all other encoders can't be supported throw new \RuntimeException('Encoder is not supported: ' . get_class($encoder)); } } catch (\RuntimeException $e) { // no encoder defined $secret = md5($secret); } } else { // no encoder - still have to encode with md5 $secret = md5($secret); } $this->checkNonce($token, $secret); } catch (\Exception $e) { $this->clearNonce($token); throw $e; } $validToken = new BBUserToken($user->getRoles()); $validToken->setUser($user)->setNonce($token->getNonce())->setCreated(new \DateTime())->setLifetime($this->lifetime); $this->writeNonceValue($validToken); return $validToken; }