/** * Attempts to authenticate a TokenInterface object. * * @param TokenInterface $token The TokenInterface instance to authenticate * * @return TokenInterface An authenticated TokenInterface instance, never null * * @throws AuthenticationException if the authentication fails */ public function authenticate(TokenInterface $token) { /** @var SignedTokenInterface $token */ $user = $this->userProvider->loadUserByUsername($token->getUsername()); $signData = $this->getAuthSignData($token->getRequest()); $signData[] = $user->{$this->config['secret_getter']}(); $expectedSignature = hash($this->config['hash_alg'], implode($this->config['data_delimiter'], $signData)); if ($token->getSignature() == $expectedSignature) { $token->setUser($user); return $token; } $this->logger->critical(sprintf('Invalid auth signature. Expect "%s", got "%s"', $expectedSignature, $token->getSignature()), ['signData' => $signData]); throw new AuthenticationException("Invalid auth signature " . $token->getSignature()); }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { /** @var HmacUserToken $token */ if ($this->validateServiceLabel($token->getServiceLabel())) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($this->validateSignature($token->getRequest(), $token->getSignature(), $user->getPassword())) { $authenticatedToken = new HmacUserToken(); $authenticatedToken->setUser($user); $authenticatedToken->setServiceLabel($token->getServiceLabel()); $authenticatedToken->setRequest($token->getRequest()); return $authenticatedToken; } } throw new AuthenticationException('The HMAC authentication failed.'); }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { /** @var SessionlessToken $token */ $signature = $token->getSignature($token); $user = $this->usersProvider->loadUserByUsername($token->getUsername()); // Prepares new token, that represents authenticated user. $regeneratedToken = new SessionlessToken($token->getUsername(), $token->getExpirationTime(), $token->getIpAddress(), $this->generateSignature($token), $user->getRoles()); if ($token->getExpirationTime() >= time() && $signature === $regeneratedToken->getSignature()) { $regeneratedToken->setAuthenticated(true); $regeneratedToken->setUser($user); return $regeneratedToken; } else { $regeneratedToken->setAuthenticated(false); } throw new AuthenticationException('The Sessionless authentication failed.'); }
/** * Check signature * * @param TokenInterface $token * @param ClientInterface $client * @return void */ protected function checkSignature(TokenInterface $token, ClientInterface $client) { if ($client->isSignatureRequired() && !$token->isSigned()) { throw new OAuthInvalidRequestException('The request is not signed.'); } if ($client->isSignatureRequired() && $token->isSigned()) { if (!$this->signature->verify($token->getSignedUrl(), $client->getSecret(), $token->getSignature())) { throw new OAuthInvalidRequestException('The request signature we calculated does not match the signature you provided.'); } } }