Get stored user entity object.
| public getUser ( ) : Bolt\Storage\Entity\Users | ||
| return | Bolt\Storage\Entity\Users | |
public function testGetUser()
{
$userEntity = new Entity\Users(['username' => 'koala']);
$tokenEntity = new Entity\Authtoken();
$token = new Token($userEntity, $tokenEntity);
$user = $token->getUser();
$this->assertInstanceOf('Bolt\\AccessControl\\Token\\Token', $token);
$this->assertInstanceOf('Bolt\\Storage\\Entity\\Users', $user);
$this->assertSame('koala', $user->getUsername());
}
/**
* Check the session is still valid for the device on which it was created,
* and. i.e. the username, IP address, and (if configured) the browser agent
* values are all still the same.
*
* @param Token\Token $sessionAuth
*
* @return boolean
*/
protected function checkSessionKeys(Token\Token $sessionAuth)
{
$userEntity = $sessionAuth->getUser();
$tokenEntity = $sessionAuth->getToken();
// The auth token is based on hostname, IP and browser user agent
$key = $this->getAuthToken($userEntity->getUsername(), $tokenEntity->getSalt());
if ($key === $tokenEntity->getToken()) {
return true;
}
// Audit the failure
$event = new AccessControlEvent($this->requestStack->getCurrentRequest());
/** @var Token\Token $sessionAuth */
$sessionAuth = $this->session->get('authentication');
$userName = $sessionAuth ? $sessionAuth->getToken()->getUsername() : null;
$event->setUserName($userName);
$this->dispatcher->dispatch(AccessControlEvents::ACCESS_CHECK_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID));
$this->systemLogger->error("Invalidating session: Recalculated session token '{$key}' doesn't match user provided token '" . $tokenEntity->getToken() . "'", ['event' => 'authentication']);
$this->systemLogger->info("Automatically logged out user '" . $userEntity->getUsername() . "': Session data didn't match.", ['event' => 'authentication']);
return false;
}
/**
* Check the session is still valid for the device on which it was created,
* and. i.e. the username, IP address, and (if configured) the browser agent
* values are all still the same.
*
* @param Token\Token $sessionAuth
*
* @return boolean
*/
protected function checkSessionKeys(Token\Token $sessionAuth)
{
$userEntity = $sessionAuth->getUser();
$tokenEntity = $sessionAuth->getToken();
// The auth token is based on hostname, IP and browser user agent
$key = $this->getAuthToken($userEntity->getUsername(), $tokenEntity->getSalt());
if ($key === $tokenEntity->getToken()) {
return true;
}
$this->systemLogger->error("Invalidating session: Recalculated session token '{$key}' doesn't match user provided token '" . $tokenEntity->getToken() . "'", ['event' => 'authentication']);
$this->systemLogger->info("Automatically logged out user '" . $userEntity->getUsername() . "': Session data didn't match.", ['event' => 'authentication']);
return false;
}
