/**
* {@inheritdoc}
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
$response = new Response();
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$event->setResponse($response);
return;
}
$token = new WsseToken();
$token->setUser($matches[1]);
$token->digest = $matches[2];
$token->nonce = $matches[3];
$token->created = $matches[4];
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
//TODO: LOG
}
// By default deny authorization
$response = new Response();
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$event->setResponse($response);
}
/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserByUsername($token->getUsername());
if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) {
$authenticatedToken = new WsseToken($user->getRoles());
$authenticatedToken->setUser($user);
return $authenticatedToken;
}
throw new AuthenticationException('The WSSE authentication failed.');
}
/**
* @depends testValidateDigestWithNonceDirExpectedException
* @depends testValidateDigestWithNonceDir
* @depends testValidateDigestExpireTime
*/
public function testAuthenticate()
{
$user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface');
$user->expects($this->once())->method('getPassword')->will($this->returnValue('test'));
$user->expects($this->once())->method('getRoles')->will($this->returnValue(array('ROLE_API')));
$this->userProvider->expects($this->once())->method('loadUserByUsername')->will($this->returnValue($user));
$expected = new WsseToken(array('ROLE_API'));
$expected->setUser($user);
$expected->setAuthenticated(true);
$time = date('Y-m-d H:i:s');
$digest = base64_encode(sha1(base64_decode(base64_encode('test')) . $time . 'test', true));
$token = new WsseToken();
$token->digest = $digest;
$token->nonce = base64_encode('test');
$token->created = $time;
$provider = new ProviderTestSimple($this->userProvider, self::$nonceDir);
$result = $provider->authenticate($token);
$this->assertEquals($expected, $result);
}
/**
* @test
*/
public function handleReturnResponse()
{
$token = new WsseToken();
$token->setUser('admin');
$token->digest = 'admin';
$token->nonce = 'admin';
$token->created = '2010-12-12 20:00:00';
$response = new Response();
$this->authenticationManager->expects($this->once())->method('authenticate')->with($token)->will($this->returnValue($token));
$this->request->headers->add(array('x-wsse' => 'UsernameToken Username="******"' . ', PasswordDigest="admin", Nonce="admin", Created="2010-12-12 20:00:00"'));
$listener = new WsseListener($this->securityContext, $this->authenticationManager);
$listener->handle($this->responseEvent);
}
