Beispiel #1
0
 /**
  * 
  * @param string $attribute
  * @param Club $club
  * @param UserInterface $user
  * @return boolean
  */
 protected function isGranted($attribute, $club, $user = null)
 {
     switch ($attribute) {
         case self::VIEW:
             if (!$club->isPrivate()) {
                 return true;
             }
             // make sure there is a user object (i.e. that the user is logged in)
             if (!$user instanceof UserInterface) {
                 return false;
             }
             if (in_array('ROLE_ADMIN', $user->getRoles())) {
                 return true;
             }
             break;
         case self::EDIT:
             // make sure there is a user object (i.e. that the user is logged in)
             if (!$user instanceof UserInterface) {
                 return false;
             }
             foreach ($club->getAdministrators() as $administrator) {
                 if ($administrator->getId() == $user->getId()) {
                     return true;
                 }
             }
             if (in_array('ROLE_ADMIN', $user->getRoles())) {
                 return true;
             }
             return false;
         case self::CREATE:
             break;
     }
     return false;
 }
Beispiel #2
0
 public function isEqualTo(UserInterface $user)
 {
     if ($user instanceof User) {
         // Check that the roles are the same, in any order
         $isEqual = count($this->getRoles()) == count($user->getRoles());
         if ($isEqual) {
             foreach ($this->getRoles() as $role) {
                 $isEqual = $isEqual && in_array($role, $user->getRoles());
             }
         }
         return $isEqual;
     }
     return false;
 }
 private function authenticateUser(UserInterface $user)
 {
     $providerKey = 'secured_area';
     // your firewall name
     $token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
     $this->getSecurityContext()->setToken($token);
 }
Beispiel #4
0
 private function logUser(UserInterface $user, $password)
 {
     $token = new UsernamePasswordToken($user, $password, 'secured_area', $user->getRoles());
     $request = $this->getRequest();
     $session = $request->getSession();
     $session->set('_security_secured_area', serialize($token));
 }
 public function isEqualTo(UserInterface $user)
 {
     if (!$user instanceof LdapUser || $user->getUsername() !== $this->username || $user->getEmail() !== $this->email || count(array_diff($user->getRoles(), $this->roles)) > 0 || $user->getDn() !== $this->dn) {
         return false;
     }
     return true;
 }
 /**
  * @param array $record
  *
  * @return array
  */
 public function processRecord(array $record)
 {
     if (is_null($this->user)) {
         /* @var TokenStorageInterface $securityTokenStorage */
         $securityTokenStorage = $this->container->get('security.token_storage');
         if ($securityTokenStorage !== null && $securityTokenStorage->getToken() !== null && $securityTokenStorage->getToken()->getUser() instanceof \Symfony\Component\Security\Core\User\AdvancedUserInterface) {
             $this->user = $securityTokenStorage->getToken()->getUser();
             $this->record['extra']['user']['username'] = $this->user->getUsername();
             $this->record['extra']['user']['roles'] = $this->user->getRoles();
             $this->record['extra']['user']['is_account_non_expired'] = $this->user->isAccountNonExpired();
             $this->record['extra']['user']['is_account_non_locked'] = $this->user->isAccountNonLocked();
             $this->record['extra']['user']['is_credentials_non_expired'] = $this->user->isCredentialsNonExpired();
             $this->record['extra']['user']['is_enabled'] = $this->user->isEnabled();
         }
     }
     return array_merge($record, $this->record);
 }
 /**
  * Check whether a user is granted a specific role, respecting the role hierarchy.
  *
  * @param UserInterface $user
  * @param $requiredRole
  * @return bool Whether this user is granted the $requiredRole
  */
 public function check(UserInterface $user, $requiredRole)
 {
     $roles = array();
     foreach ($user->getRoles() as $roleName) {
         $roles[] = new Role($roleName);
     }
     $token = new AnonymousToken('dummy', 'dummy', $roles);
     return static::ACCESS_GRANTED == $this->vote($token, null, array($requiredRole));
 }
 public function __construct(UserInterface $user, $providerKey)
 {
     parent::__construct($user->getRoles());
     if (empty($providerKey)) {
         throw new \InvalidArgumentException('$providerKey must not be empty.');
     }
     $this->providerKey = $providerKey;
     $this->setUser($user);
     parent::setAuthenticated(true);
 }
 public function __construct($providerKey, UserInterface $user = null)
 {
     if ($user) {
         parent::__construct($user->getRoles());
         $this->setUser($user);
     } else {
         parent::__construct();
     }
     $this->providerKey = $providerKey;
 }
 /**
  * Returns true if $user is granted $requiredRole
  * @param $requiredRole
  * @param UserInterface $user
  * @return bool
  */
 public function isGranted($requiredRole, UserInterface $user)
 {
     $requiredRole = new Role($requiredRole);
     foreach ($user->getRoles() as $role) {
         $hierarchy = $this->roleHierarchy->getReachableRoles([new Role($role)]);
         if (in_array($requiredRole, $hierarchy)) {
             return true;
         }
     }
     return false;
 }
Beispiel #11
0
 /**
  * Get security role depending on the roles of the user
  *
  * @param \Symfony\Component\Security\Core\User\UserInterface $user
  * @return string
  */
 protected function getSecurityRole(UserInterface $user)
 {
     $securityRole = 'ROLE_SYSTEM_ADMIN';
     foreach ($user->getRoles() as $role) {
         if (in_array($role, $this->adminRoles)) {
             $securityRole = 'ROLE_ADMIN';
             break;
         }
     }
     return $securityRole;
 }
 /**
  * Retrieves roles from user and appends SwitchUserRole if original token contained one.
  *
  * @param UserInterface  $user  The user
  * @param TokenInterface $token The token
  *
  * @return array The user roles
  */
 private function getRoles(UserInterface $user, TokenInterface $token)
 {
     $roles = $user->getRoles();
     foreach ($token->getRoles() as $role) {
         if ($role instanceof SwitchUserRole) {
             $roles[] = $role;
             break;
         }
     }
     return $roles;
 }
 /**
  * @param array $record
  *
  * @return array
  */
 public function processRecord(array $record)
 {
     if (is_null($this->user)) {
         /* @var SecurityContextInterface $securityContext */
         $securityContext = null;
         try {
             $this->container->get("security.context");
         } catch (ServiceCircularReferenceException $e) {
             //since the securitycontext is deprecated getting the context from the container results in a log line which tries to use this method again....
         }
         if ($securityContext !== null && $securityContext->getToken() !== null && $securityContext->getToken()->getUser() instanceof \Symfony\Component\Security\Core\User\AdvancedUserInterface) {
             $this->user = $securityContext->getToken()->getUser();
             $this->record['extra']['user']['username'] = $this->user->getUsername();
             $this->record['extra']['user']['roles'] = $this->user->getRoles();
             $this->record['extra']['user']['is_account_non_expired'] = $this->user->isAccountNonExpired();
             $this->record['extra']['user']['is_account_non_locked'] = $this->user->isAccountNonLocked();
             $this->record['extra']['user']['is_credentials_non_expired'] = $this->user->isCredentialsNonExpired();
             $this->record['extra']['user']['is_enabled'] = $this->user->isEnabled();
         }
     }
     return array_merge($record, $this->record);
 }
Beispiel #14
0
 /**
  * Creates an authenticated client against a firewall.
  *
  * @param Symfony\Component\Security\Core\User\UserInterface $user
  * @param string $firewall
  * @return Symfony\Bundle\FrameworkBundle\Client
  */
 protected function authenticate(UserInterface $user, $firewall)
 {
     $securityKey = sprintf('_security_%s', $firewall);
     $client = $this->getClient();
     $client->followRedirects(false);
     $session = $client->getContainer()->get('session');
     $session->start();
     $cookie = new Cookie($session->getName(), $session->getId());
     $client->getCookieJar()->set($cookie);
     $token = new UsernamePasswordToken($user, null, $firewall, $user->getRoles());
     $session->set($securityKey, serialize($token));
     $session->save();
     return $client;
 }
Beispiel #15
0
 public function equals(UserInterface $user)
 {
     if (!$user instanceof LdapUser) {
         return false;
     }
     if ($user->getUsername() !== $this->username) {
         return false;
     }
     if ($user->getEmail() !== $this->email) {
         return false;
     }
     if ($user->getRoles() !== $this->roles) {
         return false;
     }
     if ($user->getDn() !== $this->dn) {
         return false;
     }
     return true;
 }
Beispiel #16
0
 /**
  * 
  * @param string $attribute
  * @param Post $post
  * @param UserInterface $user
  * @return boolean
  */
 protected function isGranted($attribute, $post, $user = null)
 {
     switch ($attribute) {
         case self::VIEW:
             return true;
         case self::EDIT:
             // make sure there is a user object (i.e. that the user is logged in)
             if (!$user instanceof UserInterface) {
                 return false;
             }
             $role = 'ROLE_ADMIN';
             if (in_array($role, $user->getRoles())) {
                 return true;
             }
             return false;
         case self::CREATE:
             break;
     }
     return false;
 }
Beispiel #17
0
 /**
  * {@inheritdoc}
  */
 public function checkPreAuth(UserInterface $user)
 {
     if (!$user instanceof AppUser) {
         return;
     }
     if ($user->isDeleted()) {
         throw new AccountDeletedException('This user has been deleted.');
     }
     if ($user->isDisabled()) {
         throw new AccountDisabledException('This user has been disabled.');
     }
     $can_login = false;
     /** @var RoleInterface $role */
     foreach ($user->getRoles() as $role) {
         if ($role->canLogin()) {
             $can_login = true;
             break;
         }
     }
     if ($can_login === false) {
         throw new AccountRoleNoLoginPermissionException('This user has no role with the login permission.');
     }
 }
 /**
  * {@inheritdoc}
  */
 public function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
 {
     $connector = new \EpitechAPI\Connector();
     try {
         $connector->authenticate(\EpitechAPI\Connector::SIGN_IN_METHOD_CREDENTIALS, $user->getUsername(), $token->getCredentials());
     } catch (\Exception $ex) {
         throw new \Exception("The Epitech's Intranet is not responding");
     }
     if (!$connector->isSignedIn()) {
         throw new BadCredentialsException();
     }
     $user->updateFromIntranet($connector->getUser());
     $user->setLastConnectionDate(new \DateTime());
     $roles = $user->getRoles();
     foreach (array_keys($roles, 'ROLE_SUPER_ADMIN') as $key) {
         unset($roles[$key]);
     }
     if (in_array($user->getLogin(), $this->superAdminsLogin)) {
         $roles[] = 'ROLE_SUPER_ADMIN';
     }
     $user->setRoles($roles);
     $this->entityManager->persist($user);
     $this->entityManager->flush();
 }
 /**
  * @param UserInterface $user
  *
  * @return UsernamePasswordToken
  */
 protected function createToken(UserInterface $user)
 {
     $token = new UsernamePasswordToken($user, '', 'main', $user->getRoles());
     return $token;
 }
 /**
  * Create User Token.
  *
  * Factory method for creating a User Token object for the firewall based on
  * the user object provided. By default it will be a Username/Password
  * Token based on the user's credentials, but may be overridden for custom
  * tokens in your applications.
  *
  * @param UserInterface $user         The user object to base the token off of
  * @param string        $firewallName name of the firewall provider to use
  *
  * @return TokenInterface The token to be used in the security context
  */
 protected function createUserToken(UserInterface $user, $firewallName)
 {
     return new UsernamePasswordToken($user, null, $firewallName, $user->getRoles());
 }
 public function isEqualTo(UserInterface $user)
 {
     if ($this->email !== $user->getUsername()) {
         return false;
     }
     if (array_diff($this->roles, $user->getRoles())) {
         return false;
     }
     if (array_diff($user->getRoles(), $this->roles)) {
         return false;
     }
     return true;
 }
 /**
  * @param \Symfony\Component\Security\Core\User\UserInterface $user
  */
 function it_should_create_an_authentication_token_with_the_domain_name($user)
 {
     $user->getUsername()->shouldBeCalled()->willReturn('foo');
     $user->getRoles()->shouldBeCalled()->willReturn(['USER']);
     $this->connection->execute(new AuthenticationOperation('foo', 'bar'))->shouldBeCalled()->willReturn(new AuthenticationResponse(true));
     $this->checkCredentials(['username' => 'foo', 'password' => 'bar', 'domain' => ''], $user);
     $this->createAuthenticatedToken($user, 'foo')->shouldReturnAnInstanceOf('Symfony\\Component\\Security\\Guard\\Token\\PostAuthenticationGuardToken');
     $this->createAuthenticatedToken($user, 'foo')->getAttribute('ldap_domain')->shouldEqual('foo.bar');
 }
Beispiel #23
0
 /**
  * Get the role values (rather than the clumsy SfRole objects) for the
  * provided user object.
  *
  * @param SfSecurityUserInterface $user
  * @return array
  */
 protected function getUserRoleValues(SfSecurityUserInterface $user)
 {
     $roles = [];
     foreach ($user->getRoles() as $role) {
         if ($role instanceof SfRole) {
             $role = $role->getRole();
         }
         $roles[] = $role;
     }
     return $roles;
 }
Beispiel #24
0
 /**
  * @param UserInterface $user
  * @param ContainerInterface $container
  */
 private function authenticateUser(UserInterface $user, ContainerInterface $container)
 {
     $providerKey = 'thruway';
     $token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
     //Use the controller's container to set the token
     // This is deprecated in 2.6. we are leaving security.context for BC
     $container->get('security.context')->setToken($token);
     // This is what it should look like in 2.6+
     //$container->get('security.token_storage')->setToken($token);
 }
 /**
  * Shortcut to create a PostAuthenticationGuardToken for you, if you don't really
  * care about which authenticated token you're using.
  *
  * @param UserInterface $user
  * @param string        $providerKey
  *
  * @return PostAuthenticationGuardToken
  */
 public function createAuthenticatedToken(UserInterface $user, $providerKey)
 {
     return new PostAuthenticationGuardToken($user, $providerKey, $user->getRoles());
 }
 /**
  * @param UserInterface $user
  * @param string        $providerKey
  *
  * @return UsernamePasswordToken
  */
 public function createAuthenticatedToken(UserInterface $user, $providerKey)
 {
     return new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
 }
 /**
  * Returns an array with the roles of the given user turned into Role objects,
  * which are needed by methods such as getReachableRoles().
  *
  * @param UserInterface $user
  *
  * @return RoleInterface[]
  */
 private function getUserRolesAsObjects(UserInterface $user)
 {
     $userRoles = array();
     foreach ($user->getRoles() as $userRole) {
         $userRoles[] = $userRole instanceof Role ? $userRole : new Role($userRole);
     }
     return $userRoles;
 }
Beispiel #28
0
 /**
  * When the user signed up successfully
  *
  * @param  UserInterface  $user
  *
  * @return UserInterface
  */
 public function postSignup(UserInterface $user)
 {
     // Set the user session
     $token = new UsernamePasswordToken($user, null, "main", $user->getRoles());
     $this->container->get("security.context")->setToken($token);
     // Dispatch the login event
     $request = $this->container->get("request");
     $event = new InteractiveLoginEvent($request, $token);
     $this->container->get("event_dispatcher")->dispatch("security.interactive_login", $event);
     return $user;
 }
 /**
  * Authenticate a token according to the user provided without any password encoders.
  *
  * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
  * @param \Symfony\Component\Security\Core\User\UserInterface                  $user
  *
  * @return boolean|\BackBee\Security\Token\UsernamePasswordToken
  */
 private function authenticateWithoutEncoder(TokenInterface $token, UserInterface $user)
 {
     if (null !== $user->getSalt() && call_user_func($user->getSalt(), $token->getCredentials()) === $user->getPassword()) {
         return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles());
     } elseif ($token->getCredentials() === $user->getPassword()) {
         return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles());
     } else {
         return false;
     }
 }
Beispiel #30
0
 /**
  * {@inheritdoc}
  */
 public function isEqualTo(UserInterface $user)
 {
     if ($this->getPassword() !== $user->getPassword()) {
         return false;
     }
     $currentRoles = array_map('strval', $this->getRoles());
     $passedRoles = array_map('strval', $user->getRoles());
     sort($currentRoles);
     sort($passedRoles);
     if ($currentRoles !== $passedRoles) {
         return false;
     }
     return true;
 }