public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
if (!$userProvider instanceof EntityUserProvider) {
throw new \InvalidArgumentException(sprintf('The user provider must be an instance of EntityUserProvider (%s was given).', get_class($userProvider)));
}
try {
$jwt = $token->getCredentials();
$username = $this->jwtManager->getUserIdFromToken($jwt);
$issuedAt = $this->jwtManager->getIssuedAtFromToken($jwt);
} catch (\UnexpectedValueException $e) {
throw new BadCredentialsException('Invalid JSON Web Token: ' . $e->getMessage());
} catch (\Exception $e) {
throw new BadCredentialsException('Invalid JSON Web Token');
}
$user = $userProvider->loadUserByUsername($username);
$authentication = $user->getAuthentication();
if ($authentication) {
$tokenNotValidBefore = $authentication->getInvalidateTokenIssuedBefore();
if ($tokenNotValidBefore) {
if ($tokenNotValidBefore > $issuedAt) {
throw new BadCredentialsException('Invalid JSON Web Token: Not issued before ' . $tokenNotValidBefore->format('c'));
}
}
}
$authenticatedToken = new PreAuthenticatedToken($user, $jwt, $providerKey);
$authenticatedToken->setAuthenticated(true);
return $authenticatedToken;
}
/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return;
}
if (!($user = $token->getUser())) {
throw new BadCredentialsException('No pre-authenticated principal found in request.');
}
$user = $this->userProvider->loadUserByUsername($user);
$this->userChecker->checkPostAuth($user);
$authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
$authenticatedToken->setAttributes($token->getAttributes());
return $authenticatedToken;
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
if (!$userProvider instanceof WebserviceUserProvider) {
throw new \InvalidArgumentException(sprintf('The user provider must be an instance of ApiKeyUserProvider (%s was given).', get_class($userProvider)));
}
$apiKey = $token->getCredentials();
$user = $token->getUser();
if ($user instanceof User) {
return new PreAuthenticatedToken($user, $apiKey, $providerKey, $user->getRoles());
}
$user = $userProvider->loadUserByUsername($apiKey);
$newToken = new PreAuthenticatedToken($user, $apiKey, $providerKey, $user->getRoles());
if (!is_null($user)) {
$newToken->setAuthenticated(true);
}
return $newToken;
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
if (!$userProvider instanceof ApiKeyUserProvider) {
throw new \InvalidArgumentException(sprintf('ApiKeyUserProvider user provider required: %s was provided.', get_class($userProvider)));
}
$apiKey = $token->getCredentials();
$authToken = $userProvider->getAuthTokenForApiKey($apiKey);
if (!$authToken) {
throw new AccessDeniedHttpException(sprintf('API Key "%s" does not exist.', $apiKey));
}
if ($authToken->getExpiresAt() < new DateTime()) {
return null;
}
if (!$authToken->getUserLogin()->getIsActive()) {
return null;
}
$login = $authToken->getUserLogin()->getEmail();
$user = $userProvider->loadUserByUsername($login);
$token = new PreAuthenticatedToken($user, $apiKey, $providerKey, UserEntity::getTopRole($authToken->getIsManager()));
$token->setAttribute("fullName", $authToken->getUserLogin()->getFullName());
return $token;
}
public function it_supports_token(PreAuthenticatedToken $token, $providerKey)
{
$token->getProviderKey()->willReturn($providerKey);
$this->supportsToken($token, $providerKey)->shouldBe(true);
}
public function testEraseCredentials()
{
$token = new PreAuthenticatedToken('foo', 'bar', 'key');
$token->eraseCredentials();
$this->assertEquals('', $token->getCredentials());
}
/**
* @param array|RoleInterface[] $token
* @param string $providerKey
* @param array $roles
*/
public function __construct($token, $providerKey, array $roles = [])
{
parent::__construct($token, $token, $providerKey, $roles);
$this->token = $token;
}
/**
* Update users to the new password encoding when they login
* @param AuthenticationEntityInterface $authEntity
* @param string $password
*/
protected function updateLegacyPassword(AuthenticationEntityInterface $authEntity, $password)
{
if ($authEntity->isLegacyAccount()) {
//we have to have a valid token to update the user because the audit log requires it
$authenticatedToken = new PreAuthenticatedToken($authEntity->getUser(), 'fakekey', 'fakeProvider');
$authenticatedToken->setAuthenticated(true);
$this->tokenStorage->setToken($authenticatedToken);
$authEntity->setPasswordSha256(null);
$encodedPassword = $this->encoder->encodePassword($authEntity->getUser(), $password);
$authEntity->setPasswordBcrypt($encodedPassword);
$this->authManager->updateAuthentication($authEntity);
}
}
public function __construct(UserInterface $consoleUser, $providerKey = 'fos_userbundle')
{
parent::__construct($consoleUser, '', $providerKey, $consoleUser->getRoles());
}
/**
* @param array|\Symfony\Component\Security\Core\Role\RoleInterface[] $user
* @param $credentials
* @param $providerKey
* @param array $roles
*/
public function __construct($user, $credentials, $providerKey, array $roles = array())
{
parent::__construct($user, $credentials, $providerKey, $roles);
}