/**
* {@inheritdoc}
*/
public function loadUserByUsername($username)
{
$credentials = $this->accountCredentialsRepository->findByEmail(new EmailAddress($username));
if (!$credentials) {
throw new UsernameNotFoundException();
}
return AccountUser::fromAccountCredentials($credentials);
}
public function __invoke($username, $password)
{
try {
$user = $this->userProvider->loadUserByUsername($username);
} catch (UsernameNotFoundException $e) {
// in order to prevent timing attacks, we call the same method on a dummy user
// this way it is not revealed that the user by that username does not exist in DB
$this->passwordEncoder->isPasswordValid(AccountUser::dummy(), 'dummy');
return false;
}
return $this->passwordEncoder->isPasswordValid($user, $password) ? $username : false;
}
function it_authenticates_token_when_request_contains_valid_access_token(ResourceServer $resourceServer, UserProviderInterface $userProvider, EmitterInterface $emitter)
{
$accessToken = 'DDSHs55zpG51Mtxnt6H8vwn5fVJ230dF';
$providerKey = 'default';
$userIdentifier = '*****@*****.**';
$resourceServer->isValidRequest(true)->shouldBeCalled();
$this->resourceServerWillReturnOwnerId($resourceServer, $emitter, $userIdentifier);
$user = AccountUser::fromAccountCredentials(new AccountCredentials(new AccountId('1abfd7a0-e0ff-11e4-b571-0800200c9a66'), new Credentials(new EmailAddress($userIdentifier), 'pa$$word', 'salt123')));
$userProvider->loadUserByUsername($userIdentifier)->willReturn($user);
$token = new PreAuthenticatedToken('anon.', $accessToken, $providerKey);
$authenticatedToken = $this->authenticateToken($token, $userProvider, $providerKey);
$authenticatedToken->shouldBeAnInstanceOf(PreAuthenticatedToken::class);
$authenticatedToken->getUser()->shouldBe($user);
$authenticatedToken->getProviderKey()->shouldBe($providerKey);
$authenticatedToken->getRoles()->shouldBeLike($user->getRoles());
}
