/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if ($user instanceof User) {
$encoder = $this->encoderFactory->getEncoder($user);
if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
throw new BadCredentialsException('The presented password is invalid.');
}
} else {
$ldap = new Ldap($this->params['host'], $this->params['port'], $this->params['version']);
$bind = $ldap->bind($user->getUsername(), $presentedPassword);
$this->logger->debug(sprintf('LDAP bind with username "%s" and password "%s" yielded: %s', $user->getUsername(), $presentedPassword, print_r($bind, true)));
if (!$bind) {
throw new BadCredentialsException('The presented password is invalid.');
}
// There's likely more data in the LDAP result now after a successful bind
$this->userProvider->refreshUser($user);
}
}
}
protected function validateLdapUser($user)
{
$ldap = new Ldap($this->ldapConfiguration['host'], $this->ldapConfiguration['port'], $this->ldapConfiguration['version']);
if (!$ldap) {
throw new \RuntimeException('LDAP configuration error: ' . $ldap->lastError());
}
$dn = 'xxx';
$password = '******';
if (!$ldap->bind($dn, $password)) {
throw new AuthenticationException('The LDAP authentication failed.');
}
return true;
}