/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return null;
}
$translator = $this->factory->getTranslator();
$requestParameters = $token->getRequestParameters();
$requestMethod = $token->getRequestMethod();
$requestUrl = $token->getRequestUrl();
if ($this->serverService->validateRequest($requestParameters, $requestMethod, $requestUrl)) {
$accessToken = $this->tokenProvider->loadAccessTokenByToken($requestParameters['oauth_token']);
$user = $accessToken->getUser();
if (null !== $user) {
//Recreate token to include user roles in order to be able to avoid CSRF checks with forms
$token = new OAuthToken($user->getRoles());
$token->setRequestParameters($requestParameters);
$token->setRequestMethod($requestMethod);
$token->setRequestUrl($requestUrl);
$token->setAuthenticated(true);
$token->setUser($user);
}
return $token;
}
throw new AuthenticationException($translator->trans('mautic.api.oauth.auth.failed'));
}
/**
* @author William DURAND <*****@*****.**>
*
* @param GetResponseEvent $event
*
* @return void
* @throws AuthenticationException
* @throws HttpException
*/
public function handle(GetResponseEvent $event)
{
$apiMode = $this->factory->getParameter('api_mode');
if ($apiMode != 'oauth1') {
return;
}
$request = $event->getRequest();
if (false === $request->attributes->get('oauth_request_parameters', false)) {
return;
}
$token = new OAuthToken();
$token->setRequestParameters($request->attributes->get('oauth_request_parameters'));
$token->setRequestMethod($request->attributes->get('oauth_request_method'));
$token->setRequestUrl($request->attributes->get('oauth_request_url'));
try {
$returnValue = $this->authenticationManager->authenticate($token);
if ($returnValue instanceof TokenInterface) {
return $this->securityContext->setToken($returnValue);
} elseif ($returnValue instanceof Response) {
return $event->setResponse($returnValue);
}
} catch (AuthenticationException $e) {
throw $e;
}
throw new HttpException(401);
}