/**
* Validates WordPress authentication cookie
*
* @param UserProviderInterface $userProvider
* @param Cookie $cookie
* @return UserInterface UserInterface if valid.
* @throws RuntimeException
* @throws AuthenticationException
*/
public function validateCookie(UserProviderInterface $userProvider, $cookie)
{
$cookieParts = $this->decodeCookie($cookie);
switch (count($cookieParts)) {
case 3:
list($username, $expiration, $hmac) = $cookieParts;
$token = null;
break;
case 4:
list($username, $expiration, $token, $hmac) = $cookieParts;
break;
default:
throw new AuthenticationException('Invalid WordPress cookie.');
}
if ($expiration < time()) {
throw new AuthenticationException('The WordPress cookie has expired.');
}
try {
$user = $userProvider->loadUserByUsername($username);
} catch (Exception $exception) {
if (!$exception instanceof AuthenticationException) {
$exception = new AuthenticationException($exception->getMessage(), $exception->getCode(), $exception);
}
throw $exception;
}
if (!$user instanceof UserInterface) {
throw new RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
}
if ($token && $hmac !== $this->generateHmacWithToken($username, $expiration, $token, $user->getPassword()) || !$token && $hmac !== $this->generateHmac($username, $expiration, $user->getPassword())) {
throw new AuthenticationException('The WordPress cookie\'s hash is invalid. Your logged in key and salt settings could be wrong.');
}
return $user;
}
/**
* @inheritDocs
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$request->getSession()->setFlash('error', $exception->getMessage());
$this->disconnectAllConnections($request);
$url = $this->container->get('router')->generate('login');
return new RedirectResponse($url);
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
//ladybug_dump_die($exception->getMessage());
$url = $this->router->generate('fos_user_security_login', array("slug" => $exception->getMessage()));
return new RedirectResponse($url);
//$this->container->re
}
{
if ($request->isXmlHttpRequest()) {
$result = array('success' => true);
$response = new Response(json_encode($result));
$response->headers->set('Content-Type', 'application/json');
return $response;
} else {
// Create a flash message with the authentication error message
public function start(Request $request, AuthenticationException $authException = null)
{
$response = new Response();
$response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realmName));
$response->setStatusCode(401, $authException->getMessage());
return $response;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->request->has('_username')) {
$username = $request->request->get('_username');
} else {
$username = '';
}
//if ($exception->getMessage() === 'Captcha is invalid') {
//} else {
$failedLoginIp = $request->getClientIp();
$user = $this->fosUM->findUserByUsername($username);
if ($user) {
$failedLogin = $user->getFailedLogin();
$failedLogin++;
$user->setFailedLogin($failedLogin);
$user->setFailedLoginIp($failedLoginIp);
if ($failedLogin === 3) {
//email do użytkownika i admina
$message = \Swift_Message::newInstance()->setSubject('Nieautoryzowane próby dostępu do konta')->setFrom('*****@*****.**')->setTo(array('*****@*****.**', $user->getEmail()))->setBody($username . ' próbował zalogować się zbyt wiele razy z adresu IP: ' . $failedLoginIp . ' ' . $exception->getMessage());
$this->mailer->send($message);
}
if ($failedLogin === 5) {
$user->setLocked(1);
}
$this->fosUM->updateUser($user);
}
//}
$url = 'fos_user_security_login';
$response = new RedirectResponse($this->router->generate($url));
return $response;
}
/**
* {@inheritDoc}
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->isXmlHttpRequest()) {
return new Response(json_encode(array('has_error' => true, 'error' => $this->translator->trans($exception->getMessage()))));
}
return parent::onAuthenticationFailure($request, $exception);
}
/**
* {@inheritdoc}
*/
protected function processAutoLoginCookie(array $cookieParts, Request $request)
{
if (count($cookieParts) !== 4) {
throw new AuthenticationException('The cookie is invalid.');
}
list($class, $username, $expires, $hash) = $cookieParts;
if (false === ($username = base64_decode($username, true))) {
throw new AuthenticationException('$username contains a character from outside the base64 alphabet.');
}
try {
$user = $this->getUserProvider($class)->loadUserByUsername($username);
} catch (\Exception $ex) {
if (!$ex instanceof AuthenticationException) {
$ex = new AuthenticationException($ex->getMessage(), $ex->getCode(), $ex);
}
throw $ex;
}
if (!$user instanceof UserInterface) {
throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
}
if (true !== $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
throw new AuthenticationException('The cookie\'s hash is invalid.');
}
if ($expires < time()) {
throw new AuthenticationException('The cookie has expired.');
}
return $user;
}
/**
* {@inheritdoc}
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->isXmlHttpRequest()) {
$result = array('success' => false, 'message' => $exception->getMessage());
return new JsonResponse($result);
}
}
/**
* This is called when an interactive authentication attempt fails. This is
* called by authentication listeners inheriting from
* AbstractAuthenticationListener.
*
* @param Request $request
* @param AuthenticationException $exception
*
* @return Response The response to return, never null
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$session = $this->entityManager->getRepository('BDNUserBundle:Session')->createBlock($request->getClientIp());
$this->entityManager->persist($session);
$this->entityManager->flush();
return new JsonResponse(['result' => $exception->getMessage()], 401);
}
public function handle(GetResponseEvent $event)
{
// Don't do anything when the auto_login query parameter is not found
if (!($autoLogin = $event->getRequest()->get('auto_login', false))) {
return;
}
# Decode the parameter and split into username and key.
$autoLogin = base64_decode($autoLogin);
list($username, $autoLoginKey) = explode(':', $autoLogin);
# Find the user in the user provider for the given class
try {
$user = $this->userProvider->loadUserByUsername($username);
} catch (\Exception $ex) {
if (!$ex instanceof AuthenticationException) {
$ex = new AuthenticationException($ex->getMessage(), $ex->getCode(), $ex);
}
throw $ex;
}
// Try and authenticate the token
try {
$token = $this->authenticationManager->authenticate(new AutoLoginToken($user, $this->providerKey, $autoLoginKey));
} catch (AuthenticationException $e) {
return;
}
// If everything is ok, store the received authenticated token
if ($token) {
$this->tokenStorage->setToken($token);
}
}
/**
* This is called when an interactive authentication attempt fails. This is
* called by authentication listeners inheriting from
* AbstractAuthenticationListener.
*
* @param Request $request
* @param AuthenticationException $exception
* @return Response the response to return
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$response = $this->rf->getErrorResponse();
$response->setStatusCode(Response::HTTP_UNAUTHORIZED);
$response->setErrors(array('message' => $exception->getMessage()));
$response->setStatusCode(400);
return $response;
}
/**
* {@inheritDoc}
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->isXmlHttpRequest() || $request->getRequestFormat() !== 'html') {
$json = array('code' => 401, 'message' => $this->translator->trans($exception->getMessage()));
return new Response(json_encode($json), 401);
}
return parent::onAuthenticationFailure($request, $exception);
}
/**
* {@inheritDoc}
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->isXmlHttpRequest()) {
$json = array('has_error' => true, 'error' => $exception->getMessage());
return new JsonResponse($json);
}
return parent::onAuthenticationFailure($request, $exception);
}
/**
* onAuthenticationFailure
*
* @author Joe Sexton <*****@*****.**>
* @param Request $request
* @param AuthenticationException $exception
* @return Response
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$this->logger->warning(sprintf('%s.[%s].%s.[%s] => %s', 'AuthenticationFailure', 'This user fail to connect', $request->getClientIp(), $exception->getCode(), $exception->getMessage()));
if ($request->isXmlHttpRequest()) {
$array = array('success' => false, 'message' => $exception->getMessage());
$response = new Response(json_encode($array));
$response->headers->set('Content-Type', 'application/json');
return $response;
} else {
if ($request->headers->get('Referer')) {
$request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
return new RedirectResponse($request->headers->get('Referer'));
} else {
throw new AuthenticationException("No route used before");
}
}
}
/**
* {@inheritDoc}
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->isXmlHttpRequest()) {
$response = new JsonResponse(array('code' => 400, 'message' => $exception->getMessage()));
} else {
$response = parent::onAuthenticationFailure($request, $exception);
}
return $response;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if (null !== $this->logger) {
$this->logger->info(sprintf('Authentication request failed: %s', $exception->getMessage()));
}
$this->securityContext->setToken(null);
$request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
throw $exception;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->isXmlHttpRequest()) {
$result = array('success' => false, 'message' => $exception->getMessage());
$response = new Response(json_encode($result));
$response->headers->set('Content-Type', 'application/json');
return $response;
}
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$message = $exception->getMessage();
$error['error'] = $message;
$data = json_encode($error, JSON_FORCE_OBJECT);
$response = new Response(null, Response::HTTP_UNAUTHORIZED);
$response->setContent($data);
$response->headers->set('Content-Type', 'application/json');
return $response;
}
/**
* {@inheritdoc}
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($exception instanceof BadCredentialsException) {
if (null !== $this->logger) {
$username = $request->request->get('_username');
$this->logger->error($exception->getMessage(), ['username' => $username]);
}
}
return parent::onAuthenticationFailure($request, $exception);
}
/**
* onAuthenticationFailure
*
* @author Joe Sexton <*****@*****.**>
* @param Request $request
* @param AuthenticationException $exception
* @return Response
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
// if AJAX login
if ($request->isXmlHttpRequest()) {
$array = array('success' => false, 'message' => $exception->getMessage());
// data to return via JSON
if (strstr($exception->getMessage(), 'timed out')) {
$array['csrf_token'] = $this->service_container->get('security.csrf.token_manager')->getToken('authenticate')->getValue();
}
$response = new Response(json_encode($array));
$response->headers->set('Content-Type', 'application/json');
return $response;
// if form login
} else {
// set authentication exception to session
$request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
return new RedirectResponse($this->router->generate('fos_user_security_login'));
}
}
/**
* {@inheritDoc}
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
// We keep the relevant infos of the exception
$alert = array('message' => $exception->getMessage(), 'level' => 'error');
// And return the encoded alert in response
$response = new Response(json_encode($alert), 403);
// OK, this might not be the most appropriate HTTP status code, but apparently nobody agrees on this one
$response->headers->set('Content-Type', 'application/json');
return $response;
}
/**
* This is called when an interactive authentication attempt fails. This is
* called by authentication listeners inheriting from
* AbstractAuthenticationListener.
*
* @param Request $request
* @param AuthenticationException $exception
* @return Response the response to return
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->isXmlHttpRequest()) {
$result = array('success' => false, 'message' => $exception->getMessage());
$response = new Response(json_encode($result));
$response->headers->set('Content-Type', 'application/json');
return $response;
}
$this->container->get('session')->set('error', 'Bad credentials.');
return new RedirectResponse($this->container->get('router')->generate('login'));
}
/**
* This is called when an interactive authentication attempt fails.
*
* @param Request $request
* @param AuthenticationException $exception
*
* @return Response
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->isXmlHttpRequest()) {
$result = array('success' => false);
return new Response(json_encode($result));
} else {
// Handle non XmlHttp request.
$parameters = array('status_text' => $exception->getMessage(), 'status_code' => $exception->getCode());
return $this->templating->renderResponse('TwigBundle:Exception:error.html.twig', $parameters);
}
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$session = $request->getSession();
if (!$session->has('redirect')) {
$session->set('redirect', $request->headers->get('referer'));
}
$url = $this->router->generate('login');
$response = new RedirectResponse($url);
$request->getSession()->setFlash('error', $exception->getMessage());
return $response;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->isXmlHttpRequest()) {
if ($this->env != 'dev') {
$msg = $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
} else {
$msg = $exception->getMessage();
}
return new JsonResponse($msg, Response::HTTP_UNAUTHORIZED);
}
return parent::onAuthenticationFailure($request, $exception);
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$message = $this->translator->trans($exception->getMessage());
if ($request->isXmlHttpRequest()) {
$content = array('success' => false, 'message' => $message);
return new JsonResponse($content, 400);
}
$request->getSession()->set('_target_path', $request->request->get('_target_path'));
$username = $request->request->get('_username');
$this->getLogService()->info('user', 'login_fail', "用户名:{$username},登录失败:{$message}");
return parent::onAuthenticationFailure($request, $exception);
}
/**
* Authentication Failure
*
* @param Request $request
* @param AuthenticationException $exception
* @return \Symfony\Component\HttpFoundation\JsonResponse
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$post = $request->request->all();
$result = array('status' => 'error', 'message' => null, 'code' => 401);
// Validates the login parameters
if (!$post['username']) {
$result['message'] = 'Invalid User.';
} else {
if (!$post['password']) {
$result['message'] = 'Invalid password.';
} else {
if ($exception->getMessage() == 'Bad credentials.') {
$result['message'] = 'Unauthorized access.';
return $this->app->json($result);
} else {
$result['message'] = $exception->getMessage();
}
}
}
return $this->app->json($result, 401);
}
private function handleAuthenticationError(GetResponseEvent $event, BridgeRequest $request, AuthenticationException $failed)
{
$token = $this->tokenStorage->getToken();
if ($token instanceof OAuth2Token) {
$this->tokenStorage->setToken(null);
}
$this->logger->info(sprintf('Authentication request failed : %s', $failed->getMessage()));
if ($this->ignoreFailure) {
return;
}
$event->setResponse($this->authenticationEntryPoint->start($request, $failed));
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$url = $this->router->generate('admin_home');
$response = new RedirectResponse($url);
$request->getSession()->setFlash('error', $exception->getMessage());
return $response;
}
