public function __invoke(MvcAuthEvent $mvcAuthEvent)
{
$identity = parent::__invoke($mvcAuthEvent);
$authIdentity = array();
if ($identity instanceof AuthenticatedIdentity) {
//get user details
$authIdentity = $identity->getAuthenticationIdentity();
if (isset($authIdentity['user_id'])) {
$user = $this->userService->findUserByUsername($authIdentity['user_id']);
$user->addHydratorFilter("details", new MethodMatchFilter("getDetails"), FilterComposite::CONDITION_AND);
$userArray = $this->userHydrator->extract($user);
$authIdentity['user_data'] = $userArray;
}
//get oauth client details
if (isset($authIdentity['client_id'])) {
$client = $this->oauthClientMapper->fetchEntity($authIdentity['client_id']);
if ($client) {
$authIdentity['client_data'] = $this->oauthClientMapper->getHydrator()->extract($client);
}
}
$identity = new AuthenticatedIdentity($authIdentity);
$identity->setName($authIdentity['user_data']['roleId']);
}
return $identity;
}
/**
* @param \Application\Model\User $user
*/
public function __construct(\Application\Model\User $user)
{
parent::__construct($user->getId());
if ($user->isAdministrator()) {
$this->setName('admin');
} else {
$this->setName('member');
}
$this->user = $user;
}
/**
* Attempt to authenticate the current request.
*
* @param Request $request
* @param Response $response
* @param MvcAuthEvent $mvcAuthEvent
* @return false|IdentityInterface False on failure, IdentityInterface
* otherwise
*/
public function authenticate(Request $request, Response $response, MvcAuthEvent $mvcAuthEvent)
{
$this->httpAuth->setRequest($request);
$this->httpAuth->setResponse($response);
$result = $this->authenticationService->authenticate($this->httpAuth);
$mvcAuthEvent->setAuthenticationResult($result);
if (! $result->isValid()) {
return false;
}
$resultIdentity = $result->getIdentity();
// Pass fully discovered identity to AuthenticatedIdentity instance
$identity = new Identity\AuthenticatedIdentity($resultIdentity);
// But determine the name separately
$name = $resultIdentity;
if (is_array($resultIdentity)) {
$name = isset($resultIdentity['username'])
? $resultIdentity['username']
: (string) array_shift($resultIdentity);
}
$identity->setName($name);
return $identity;
}
public function getAuthenticated()
{
$username = $this->authenticatedIdentity->getAuthenticationIdentity()['user_id'];
return $this->findByUsername($username);
}
/**
* Attempt to authenticate the current request.
*
* @param Request $request
* @param Response $response
* @param MvcAuthEvent $mvcAuthEvent
* @return false|IdentityInterface False on failure, IdentityInterface
* otherwise
*/
public function authenticate(Request $request, Response $response, MvcAuthEvent $mvcAuthEvent)
{
$content = $request->getContent();
$oauth2request = new OAuth2Request(
$_GET,
$_POST,
array(),
$_COOKIE,
$_FILES,
$_SERVER,
$content,
$request->getHeaders()->toArray()
);
if (! $this->oauth2Server->verifyResourceRequest($oauth2request)) {
return false;
}
$token = $this->oauth2Server->getAccessTokenData($oauth2request);
$identity = new Identity\AuthenticatedIdentity($token);
$identity->setName($token['user_id']);
return $identity;
}
/**
* Attempt to authenticate the current request.
*
* @param Request $request
* @param Response $response
* @param MvcAuthEvent $mvcAuthEvent
* @return false|Identity\IdentityInterface False on failure, IdentityInterface
* otherwise
*/
public function authenticate(Request $request, Response $response, MvcAuthEvent $mvcAuthEvent)
{
$oauth2request = new OAuth2Request($request->getQuery()->toArray(), $request->getPost()->toArray(), [], $request->getCookie() ? $request->getCookie()->getArrayCopy() : [], $request->getFiles() ? $request->getFiles()->toArray() : [], method_exists($request, 'getServer') ? $request->getServer()->toArray() : $_SERVER, $request->getContent(), $request->getHeaders()->toArray());
// Failure to validate
if (!$this->oauth2Server->verifyResourceRequest($oauth2request)) {
$oauth2Response = $this->oauth2Server->getResponse();
$status = $oauth2Response->getStatusCode();
// 401 or 403 mean invalid credentials or unauthorized scopes; report those.
if (in_array($status, [401, 403], true) && null !== $oauth2Response->getParameter('error')) {
return $this->mergeOAuth2Response($status, $response, $oauth2Response);
}
// Merge in any headers; typically sets a WWW-Authenticate header.
$this->mergeOAuth2ResponseHeaders($response, $oauth2Response->getHttpHeaders());
// Otherwise, no credentials were present at all, so we just return a guest identity.
return new Identity\GuestIdentity();
}
$token = $this->oauth2Server->getAccessTokenData($oauth2request);
$identity = new Identity\AuthenticatedIdentity($token);
$identity->setName($token['user_id']);
return $identity;
}
/**
* Listen to authentication events
*
* @param MvcAuthEvent $mvcAuthEvent
* @return mixed
*/
public function __invoke(MvcAuthEvent $mvcAuthEvent)
{
$mvcEvent = $mvcAuthEvent->getMvcEvent();
$request = $mvcEvent->getRequest();
$response = $mvcEvent->getResponse();
//Skip authentication for console requests or OPTIONS requests
if (!$request instanceof HttpRequest || $request->isOptions()) {
return null;
}
//Skip authentication if the requested URI is on the whitelist
$relPath = $this->_getRelativePath($request);
foreach ($this->getUriWhitelist() as $pattern) {
$regex = '/' . str_replace('/', '\\/', $pattern) . '/';
if (preg_match($regex, $relPath)) {
return null;
}
}
//Provide our auth adapter with the request and response objects if it needs them
if (is_callable(array($this->adapter, 'setRequest'))) {
$this->adapter->setRequest($request);
}
if (is_callable(array($this->adapter, 'setResponse'))) {
$this->adapter->setResponse($response);
}
//Ask the adapter to authenticate
$authService = $mvcAuthEvent->getAuthenticationService();
$authResult = $authService->authenticate($this->adapter);
$mvcAuthEvent->setAuthenticationResult($authResult);
//Create the identity object
if ($authResult->isValid()) {
//Create MvcAuth identity
$resultIdentity = $authResult->getIdentity();
$identity = new AuthenticatedIdentity($resultIdentity);
$identity->setName((string) $resultIdentity);
} else {
$identity = new GuestIdentity();
}
$mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
return $identity;
}
/**
* @param MvcAuthEvent $mvcAuthEvent
*
* @return null|Identity\IdentityInterface
*/
public function __invoke(MvcAuthEvent $mvcAuthEvent)
{
$mvcEvent = $mvcAuthEvent->getMvcEvent();
$request = $mvcEvent->getRequest();
if (!$request instanceof HttpRequest) {
return;
}
if (in_array($request->getMethod(), $this->methodsWithoutHash)) {
return;
}
$response = $mvcEvent->getResponse();
$adapter = $this->getAdapter();
// configure tokenServer
$tokenServer = $this->getTokenServer();
$tokenServer->setAdapter($adapter);
$tokenServer->setRequest($request);
$tokenServer->setResponse($response);
try {
if ($tokenServer->authenticate()) {
// Use given identity
$user = $tokenServer->getUserId();
if ($user instanceof Identity\IdentityInterface) {
return $user;
}
// Create identity
$identity = new Identity\AuthenticatedIdentity($user);
$identity->setName($user);
return $identity;
}
} catch (TokenException $e) {
// let's make it a guest
}
return new Identity\GuestIdentity();
}
public function getAuthenticated()
{
return $this->findByUsername($this->auth->getAuthenticationIdentity()['user_id']);
}
/**
* Listen to the authentication event
*
* @param MvcAuthEvent $mvcAuthEvent
* @return mixed
*/
public function __invoke(MvcAuthEvent $mvcAuthEvent)
{
$mvcEvent = $mvcAuthEvent->getMvcEvent();
$request = $mvcEvent->getRequest();
$response = $mvcEvent->getResponse();
if (!$request instanceof HttpRequest || $request->isOptions()) {
return;
}
$type = false;
if ($this->httpAdapter instanceof HttpAuth) {
$this->httpAdapter->setRequest($request);
$this->httpAdapter->setResponse($response);
}
$authHeader = $request->getHeader('Authorization');
if ($authHeader) {
$headerContent = trim($authHeader->getFieldValue());
// we only support headers in the format: Authorization: xxx yyyyy
if (strpos($headerContent, ' ') === false) {
$identity = new Identity\GuestIdentity();
$mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
return $identity;
}
list($type, $credential) = preg_split('# #', $headerContent, 2);
}
if (!$type && !in_array($request->getMethod(), $this->requestsWithoutBodies) && $request->getHeaders()->has('Content-Type') && $request->getHeaders()->get('Content-Type')->match('application/x-www-form-urlencoded') && $request->getPost('access_token')) {
$type = 'oauth2';
}
if (!$type && null !== $request->getQuery('access_token')) {
$type = 'oauth2';
}
if (!$type) {
if ($this->httpAdapter instanceof HttpAuth) {
$this->httpAdapter->challengeClient();
}
$identity = new Identity\GuestIdentity();
$mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
return $identity;
}
switch (strtolower($type)) {
case 'basic':
case 'digest':
if (!$this->httpAdapter instanceof HttpAuth) {
$identity = new Identity\GuestIdentity();
$mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
return $identity;
}
$auth = $mvcAuthEvent->getAuthenticationService();
$result = $auth->authenticate($this->httpAdapter);
$mvcAuthEvent->setAuthenticationResult($result);
if ($result->isValid()) {
$resultIdentity = $result->getIdentity();
// Pass full discovered identity to AuthenticatedIdentity object
$identity = new Identity\AuthenticatedIdentity($resultIdentity);
// But determine name separately
$name = $resultIdentity;
if (is_array($resultIdentity)) {
$name = isset($resultIdentity['username']) ? $resultIdentity['username'] : (string) $resultIdentity;
}
$identity->setName($name);
// Set in MvcEvent
$mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
return $identity;
}
$identity = new Identity\GuestIdentity();
$mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
return $identity;
case 'oauth2':
case 'bearer':
if (!$this->oauth2Server instanceof OAuth2Server) {
$identity = new Identity\GuestIdentity();
$mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
return $identity;
}
$content = $request->getContent();
$oauth2request = new OAuth2Request($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER, $content);
if ($this->oauth2Server->verifyResourceRequest($oauth2request)) {
$token = $this->oauth2Server->getAccessTokenData($oauth2request);
$identity = new Identity\AuthenticatedIdentity($token);
$identity->setName($token['user_id']);
$mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
return $identity;
}
$identity = new Identity\GuestIdentity();
$mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
return $identity;
case 'token':
throw new \Exception('zf-mvc-auth has not yet implemented a "token" authentication adapter');
}
}
