/**
*
*/
public function createAction()
{
$isPublic = (bool) ($this->params('public') ?: $this->showPrompt('public'));
$description = $this->params('description') ?: $this->showPrompt('description');
$grantTypes = $this->params('grant-types') ?: $this->showPrompt('grant-types');
$redirectUri = $this->params('redirect-uri') ?: $this->showPrompt('redirect-uri');
$secret = null;
$encryptedSecret = null;
if (!$isPublic) {
$secret = Rand::getString(32);
$encryptedSecret = $this->password->create($secret);
}
if ($grantTypes) {
$grantTypes = explode(',', $grantTypes);
array_walk($grantTypes, function (&$grant) {
$grant = trim($grant);
});
}
$client = new Client(null, $encryptedSecret, null, $grantTypes, $redirectUri, $description);
$this->clientMapper->save($client);
$this->getConsole()->writeLine();
$this->getConsole()->writeLine('* Client created *', Color::GREEN);
if (!$isPublic) {
$this->getConsole()->writeLine('The client secret was auto-generated and encrypted. Please store it safely.');
$this->getConsole()->writeLine("Don't ever disclose the client secret publicly", Color::YELLOW);
$this->getConsole()->writeLine();
}
$this->getConsole()->writeLine("UUID: \t\t" . $client->getUuid());
if (!$isPublic) {
$this->getConsole()->writeLine("Secret: \t" . $secret);
}
$this->getConsole()->writeLine("Grant types: \t" . implode(', ', $client->getGrantTypes()));
$this->getConsole()->writeLine("Description: \t" . $client->getDescription());
$this->getConsole()->writeLine("Redirect URI: \t" . $client->getRedirectUri());
}
/**
* Performs an authentication attempt
*
* @return \Zend\Authentication\Result
* @throws \Zend\Authentication\Adapter\Exception\ExceptionInterface If authentication cannot be performed
*/
public function authenticate()
{
try {
/** @var UserEntity $user */
$user = $this->userRepository->findOneBy(['login' => $this->getIdentity()]);
} catch (EntityNotFoundException $e) {
return new Result(Result::FAILURE_IDENTITY_NOT_FOUND, null);
} catch (NonUniqueResultException $e) {
return new Result(Result::FAILURE_IDENTITY_AMBIGUOUS, null);
}
if ($user && $this->crypt->verify($this->getCredential(), $user->getPassword())) {
return new Result(Result::SUCCESS, $user->getId());
}
return new Result(Result::FAILURE_CREDENTIAL_INVALID, null);
}
/**
* {@inheritdoc}
*
* @param string $clientId
* @param string $clientSecret
*/
public function checkClientCredentials($clientId, $clientSecret = null)
{
$client = $this->getClientDataMapper()->findByUuid($clientId);
if (!$client instanceof Entity\Client) {
return false;
}
return $this->password->verify($clientSecret, $client->getSecret());
}
public function authenticate()
{
$repository = $this->entityManager->getRepository(IdentityEntity::class);
$identity = $repository->findOneBy(['directory' => $this->directory, 'identity' => $this->getIdentity()]);
if (!$identity) {
return new Result(Result::FAILURE_IDENTITY_NOT_FOUND, $this->getIdentity());
}
/** @var Account $account */
$account = $identity->getAccount();
if ($this->getCredential() && !$this->crypter->verify($this->getCredential(), $account->getCredential())) {
return new Result(Result::FAILURE_CREDENTIAL_INVALID, $this->getIdentity());
}
if ($account->getStatus() !== Account::STATUS_ACTIVE) {
return new Result(Result::FAILURE_UNCATEGORIZED, $this->getIdentity(), ['The account has been deactivated.']);
}
return new Result(Result::SUCCESS, $identity->getId()->toString());
}
public function authenticate()
{
$events = $this->events;
$events('trigger', 'authenticate', $this);
$email = filter_var($this->getIdentity(), FILTER_VALIDATE_EMAIL);
$isValidCredential = filter_var(strlen(trim($this->getCredential())), FILTER_VALIDATE_INT, ['options' => ['min_range' => 8]]);
if (!$email || !$isValidCredential) {
return new Result(Result::FAILURE_CREDENTIAL_INVALID, null, [self::$failMessage]);
}
$user = R::findOne('user', 'mail = ? AND authentication_source = ?', [$email, 'DB']);
if (!$user) {
return new Result(Result::FAILURE_IDENTITY_NOT_FOUND, null, [self::$failMessage]);
}
if (!$this->crypt->verify($this->getCredential(), $user->password)) {
return new Result(Result::FAILURE_CREDENTIAL_INVALID, null, [self::$failMessage]);
}
$identityClass = call_user_func($this->resolveIdentityClass);
$identity = new $identityClass($user->id, $user->uid, $user->mail, $user->displayName, $user->officeName, 'DB');
$events('trigger', 'authenticate.success', $identity);
return new Result(Result::SUCCESS, $identity, ['Authentication success']);
}
public function checkUserCredentials($username, $password)
{
$identityRepository = $this->entityManager->getRepository(IdentityEntity::class);
/** @var IdentityEntity $identity */
$identity = $identityRepository->findOneBy(['directory' => 'username', 'identity' => $username]);
if (!$identity) {
return false;
}
/** @var string $credential */
$credential = $identity->getAccount()->getCredential();
return $this->crypter->verify($password, $credential);
}
/**
* {@inheritdoc}
*/
public function verify($plain, $hashed)
{
return $this->password->verify($plain, $hashed);
}
/**
* @param UserInterface $user
* @param string $password
*
* @return bool
*/
public function isValid(UserInterface $user, $password)
{
return $this->password->verify($password, $user->getPassword());
}
/**
* Hashes a password
* @param string $password
* @return string
*/
private function hashPassword($password)
{
return $this->adapter->create($password);
}