Beispiel #1
0
 /**
  * @return string
  * @throws \TYPO3\Flow\Security\Exception\InvalidArgumentForHashGenerationException
  */
 public function getJWTToken()
 {
     /** @var \TYPO3\Flow\Security\Account $account */
     $account = $this->securityContext->getAccount();
     $this->apiToken = $this->securityContext->getAuthenticationTokensOfType('RFY\\JWT\\Security\\Authentication\\Token\\JwtToken')[0];
     if ($account->getAuthenticationProviderName() !== $this->apiToken->getAuthenticationProviderName()) {
         // TODO: Currently you can get only 1 tokenAccount because of the duplication restraint based on accountIdentifier & AuthenticationProviderName
         $account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($account->getAccountIdentifier(), $this->apiToken->getAuthenticationProviderName());
         if ($account === NULL) {
             $account = $this->generateTokenAccount();
         }
     }
     $payload = array();
     $payload['identifier'] = $account->getAccountIdentifier();
     $payload['partyIdentifier'] = $this->persistenceManager->getIdentifierByObject($account->getParty());
     $payload['user_agent'] = $this->request->getHeader('User-Agent');
     $payload['ip_address'] = $this->request->getClientIpAddress();
     if ($account->getCreationDate() instanceof \DateTime) {
         $payload['creationDate'] = $account->getCreationDate()->getTimestamp();
     }
     if ($account->getExpirationDate() instanceof \DateTime) {
         $payload['expirationDate'] = $account->getExpirationDate()->getTimestamp();
     }
     // Add hmac
     $hmac = $this->hashService->generateHmac($this->signature);
     return JWT::encode($payload, $hmac);
 }
Beispiel #2
0
 /**
  * Checks the given token for validity and sets the token authentication status
  * accordingly (success, wrong credentials or no credentials given).
  *
  * @param TokenInterface $authenticationToken The token to be authenticated
  * @return void
  * @throws UnsupportedAuthenticationTokenException
  */
 public function authenticate(TokenInterface $authenticationToken)
 {
     if (!$authenticationToken instanceof JwtToken) {
         throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1417040168);
     }
     /** @var $account Account */
     $account = NULL;
     $credentials = $authenticationToken->getCredentials();
     if (!is_array($credentials) || !isset($credentials['token'])) {
         $authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN);
         return;
     }
     $hmac = $this->hashService->generateHmac($this->signature);
     $payload = NULL;
     try {
         $payload = (array) JWT::decode($credentials['token'], $hmac, array('HS256'));
     } catch (\Exception $exception) {
         $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
     }
     if (isset($credentials['username'])) {
         $providerName = $this->name;
         $accountRepository = $this->accountRepository;
         $this->securityContext->withoutAuthorizationChecks(function () use($credentials, $providerName, $accountRepository, &$account) {
             $account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $providerName);
         });
         if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) {
             $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
             $authenticationToken->setAccount($account);
             return;
         } else {
             $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
             return;
         }
     }
     if ($credentials['user_agent'] === $payload['user_agent'] && $credentials['ip_address'] === $payload['ip_address']) {
         $this->securityContext->withoutAuthorizationChecks(function () use($payload, &$account) {
             $account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($payload['identifier'], $this->name);
         });
     }
     if (is_object($account)) {
         $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
         $authenticationToken->setAccount($account);
         return;
     }
     $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
     return;
 }
Beispiel #3
0
 /**
  * @param string $phrase
  * @return string
  */
 protected function hashPhrase($phrase)
 {
     $phraseBuilder = new \Gregwar\Captcha\PhraseBuilder();
     return $this->hashService->generateHmac($this->salt . "::" . $phraseBuilder->niceize($phrase));
 }
Beispiel #4
0
 /**
  * @test
  */
 public function generatedHashReturnsAHashOf40Characters()
 {
     $hash = $this->hashService->generateHmac('asdf');
     $this->assertSame(40, strlen($hash));
 }