/**
* Login a user using a username and password
* @param Request $request
*
* @return JsonResponse
*/
public function login(Request $request)
{
$username = $request->request->get('username');
$password = $request->request->get('password');
$errors = [];
if (!$username) {
$errors[] = 'missingUsername';
}
if (!$password) {
$errors[] = 'missingPassword';
}
if ($username && $password) {
$authEntity = $this->authManager->findAuthenticationByUsername($username);
if ($authEntity) {
$user = $authEntity->getUser();
$passwordValid = $this->encoder->isPasswordValid($user, $password);
if ($passwordValid) {
$this->updateLegacyPassword($authEntity, $password);
$jwt = $this->jwtManager->createJwtFromUser($user);
return $this->createSuccessResponseFromJWT($jwt);
}
}
$errors[] = 'badCredentials';
}
return new JsonResponse(array('status' => 'error', 'errors' => $errors, 'jwt' => null), JsonResponse::HTTP_BAD_REQUEST);
}
/**
* @param $username
* @param $password
* @return \SSPSoftware\ApiTokenBundle\Entity\ApiTokenInterface
*/
public function authenticate($username, $password)
{
$user = $this->userProvider->loadUserByUsername($username);
if (!$this->passwordEncoder->isPasswordValid($user->getPassword(), $password, $user->getSalt())) {
throw new AuthenticationException('Bad credentials');
}
return $this->apiTokenRepository->createApiToken($user);
}
/**
* {@inheritdoc}
*/
public function checkCredentials($credentials, UserInterface $user)
{
$plainPassword = $credentials['password'];
if (!$this->encoder->isPasswordValid($user, $plainPassword)) {
throw new BadCredentialsException();
}
return true;
}
public function __invoke($username, $password)
{
try {
$user = $this->userProvider->loadUserByUsername($username);
} catch (UsernameNotFoundException $e) {
// in order to prevent timing attacks, we call the same method on a dummy user
// this way it is not revealed that the user by that username does not exist in DB
$this->passwordEncoder->isPasswordValid(AccountUser::dummy(), 'dummy');
return false;
}
return $this->passwordEncoder->isPasswordValid($user, $password) ? $username : false;
}
/**
* Authenticates a user.
*
* @param string $userUniqueIdentifier The username or the email of the user.
* @param string $password Plain text password.
* @return User
*/
public function authenticateUser($userUniqueIdentifier, $password)
{
$user = $this->userManager->getUserByUserNameOrEmail($userUniqueIdentifier);
if (!$user) {
throw new Exception('There is no user with this email or username.');
}
if (!$this->passwordEncoder->isPasswordValid($user, $password)) {
throw new Exception('Incorrect password.');
}
$user = $this->setUserApiKey($user);
return $user;
}
/**
* @param TokenInterface $token
* @param UserProviderInterface $userProvider
* @param $providerKey
* @return UsernamePasswordToken
*/
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
try {
$user = $userProvider->loadUserByUsername($token->getUsername());
} catch (UsernameNotFoundException $e) {
throw new CustomUserMessageAuthenticationException('Invalid username or password');
}
$passwordValid = $this->encoder->isPasswordValid($user, $token->getCredentials());
if ($passwordValid) {
return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles());
}
throw new CustomUserMessageAuthenticationException('Invalid username or password');
}
/**
* Authenticate via the form using users defined in authorized_users
*
* @param AuthenticationEvent $event
*
* @return bool|void
*/
public function onUserFormAuthentication(AuthenticationEvent $event)
{
$username = $event->getUsername();
$password = $event->getToken()->getCredentials();
$user = new User();
$user->setUsername($username);
$authorizedUsers = $this->parametersHelper->getParameter('authorized_users');
if (is_array($authorizedUsers) && isset($authorizedUsers[$username])) {
$testUser = $authorizedUsers[$username];
$user->setPassword($testUser['password']);
if ($this->encoder->isPasswordValid($user, $password)) {
$user->setFirstName($testUser['firstname'])->setLastName($testUser['lastname'])->setEmail($testUser['email'])->setRole($this->em->getReference('MauticUserBundle:Role', 1));
$event->setIsAuthenticated('authorized_users', $user, true);
}
}
}
/**
* @param TokenInterface $token
* @param UserProviderInterface $userProvider
* @param $providerKey
* @return UsernamePasswordToken
*/
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
try {
if ($userProvider instanceof IsidoreApiUserProvider) {
$user = $userProvider->loadUser($token->getUsername(), $token->getCredentials());
} else {
$user = $userProvider->loadUserByUsername($token->getUsername());
}
} catch (UsernameNotFoundException $e) {
throw new CustomUserMessageAuthenticationException("Identifiant ou mot de passe incorrect. Veuillez réessayer.");
}
$passwordValid = $this->encoder->isPasswordValid($user, $token->getCredentials());
if ($passwordValid) {
return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles());
}
throw new CustomUserMessageAuthenticationException("Identifiant ou mot de passe incorrect. Veuillez réessayer.");
}
/**
* @param TokenInterface $token
* @param UserProviderInterface $userProvider
* @param string $providerKey
*
* @return UsernamePasswordToken
*/
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
if (empty($this->secretKey) == false) {
$captcha = $this->request->get('g-recaptcha-response');
$reCaptcha = new ReCaptcha($this->secretKey);
$response = $reCaptcha->verify($captcha, $this->request->getClientIp());
if ($response->isSuccess() == false) {
throw new AuthenticationException('Captcha not passed');
}
}
try {
$user = $userProvider->loadUserByUsername($token->getUsername());
} catch (UsernameNotFoundException $e) {
throw new AuthenticationException('Invalid username or password');
}
$passwordValid = $this->encoder->isPasswordValid($user, $token->getCredentials());
if ($passwordValid) {
return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles());
}
throw new AuthenticationException('Invalid username or password');
}
/**
* @param TokenInterface $token
* @param UserProviderInterface $userProvider
* @param $providerKey
*
* @return UsernamePasswordToken
*/
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
$authenticated = false;
$authenticationService = null;
$response = null;
$failedAuthMessage = null;
$user = $token->getUser();
$authenticatingService = $token instanceof PluginToken ? $token->getAuthenticatingService() : null;
if (!$user instanceof User) {
try {
$user = $userProvider->loadUserByUsername($token->getUsername());
} catch (UsernameNotFoundException $e) {
}
// Will try with the given password unless the plugin explicitly failed authentication
$tryWithPassword = true;
// Try authenticating with a plugin first
if ($this->dispatcher->hasListeners(UserEvents::USER_FORM_AUTHENTICATION)) {
$integrations = $this->integrationHelper->getIntegrationObjects($authenticatingService, ['sso_form'], false, null, true);
$authEvent = new AuthenticationEvent($user, $token, $userProvider, $this->request, false, $authenticatingService, $integrations);
$this->dispatcher->dispatch(UserEvents::USER_FORM_AUTHENTICATION, $authEvent);
if ($authenticated = $authEvent->isAuthenticated()) {
$user = $authEvent->getUser();
$authenticatingService = $authEvent->getAuthenticatingService();
} elseif ($authEvent->isFailed()) {
$tryWithPassword = false;
}
$response = $authEvent->getResponse();
$failedAuthMessage = $authEvent->getFailedAuthenticationMessage();
}
if (!$authenticated && $tryWithPassword && $user instanceof User) {
// Try authenticating with local password
$authenticated = $this->encoder->isPasswordValid($user, $token->getCredentials());
}
} else {
// Assume the user is authenticated although the token will tell for sure
$authenticated = true;
}
if ($authenticated) {
return new PluginToken($providerKey, $authenticatingService, $user, $user->getPassword(), $user->getRoles(), $response);
} elseif ($response) {
return new PluginToken($providerKey, $authenticatingService, $user, '', [], $response);
}
if ($failedAuthMessage) {
throw new AuthenticationException($failedAuthMessage);
}
throw new BadCredentialsException();
}
/**
* {@inheritDoc}
*/
public function checkCredentials($credentials, UserInterface $user)
{
return $this->passwordEncoder->isPasswordValid($user, $credentials->password);
}
