Beispiel #1
0
 /**
  * {@inheritdoc}
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return null;
     }
     $translator = $this->factory->getTranslator();
     $requestParameters = $token->getRequestParameters();
     $requestMethod = $token->getRequestMethod();
     $requestUrl = $token->getRequestUrl();
     if ($this->serverService->validateRequest($requestParameters, $requestMethod, $requestUrl)) {
         $accessToken = $this->tokenProvider->loadAccessTokenByToken($requestParameters['oauth_token']);
         $user = $accessToken->getUser();
         if (null !== $user) {
             //Recreate token to include user roles in order to be able to avoid CSRF checks with forms
             $token = new OAuthToken($user->getRoles());
             $token->setRequestParameters($requestParameters);
             $token->setRequestMethod($requestMethod);
             $token->setRequestUrl($requestUrl);
             $token->setAuthenticated(true);
             $token->setUser($user);
         }
         return $token;
     }
     throw new AuthenticationException($translator->trans('mautic.api.oauth.auth.failed'));
 }
Beispiel #2
0
 /**
  * @author William DURAND <*****@*****.**>
  *
  * @param GetResponseEvent $event
  *
  * @return void
  * @throws AuthenticationException
  * @throws HttpException
  */
 public function handle(GetResponseEvent $event)
 {
     $apiMode = $this->factory->getParameter('api_mode');
     if ($apiMode != 'oauth1') {
         return;
     }
     $request = $event->getRequest();
     if (false === $request->attributes->get('oauth_request_parameters', false)) {
         return;
     }
     $token = new OAuthToken();
     $token->setRequestParameters($request->attributes->get('oauth_request_parameters'));
     $token->setRequestMethod($request->attributes->get('oauth_request_method'));
     $token->setRequestUrl($request->attributes->get('oauth_request_url'));
     try {
         $returnValue = $this->authenticationManager->authenticate($token);
         if ($returnValue instanceof TokenInterface) {
             return $this->securityContext->setToken($returnValue);
         } elseif ($returnValue instanceof Response) {
             return $event->setResponse($returnValue);
         }
     } catch (AuthenticationException $e) {
         throw $e;
     }
     throw new HttpException(401);
 }