/**
* {@inheritdoc}
*/
protected function processAutoLoginCookie(array $cookieParts, Request $request)
{
if (count($cookieParts) !== 4) {
throw new AuthenticationException('The cookie is invalid.');
}
list($class, $username, $expires, $hash) = $cookieParts;
if (false === ($username = base64_decode($username, true))) {
throw new AuthenticationException('$username contains a character from outside the base64 alphabet.');
}
try {
$user = $this->getUserProvider($class)->loadUserByUsername($username);
} catch (\Exception $ex) {
if (!$ex instanceof AuthenticationException) {
$ex = new AuthenticationException($ex->getMessage(), $ex->getCode(), $ex);
}
throw $ex;
}
if (!$user instanceof UserInterface) {
throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
}
if (true !== $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
throw new AuthenticationException('The cookie\'s hash is invalid.');
}
if ($expires < time()) {
throw new AuthenticationException('The cookie has expired.');
}
return $user;
}
/**
* Validates WordPress authentication cookie
*
* @param UserProviderInterface $userProvider
* @param Cookie $cookie
* @return UserInterface UserInterface if valid.
* @throws RuntimeException
* @throws AuthenticationException
*/
public function validateCookie(UserProviderInterface $userProvider, $cookie)
{
$cookieParts = $this->decodeCookie($cookie);
switch (count($cookieParts)) {
case 3:
list($username, $expiration, $hmac) = $cookieParts;
$token = null;
break;
case 4:
list($username, $expiration, $token, $hmac) = $cookieParts;
break;
default:
throw new AuthenticationException('Invalid WordPress cookie.');
}
if ($expiration < time()) {
throw new AuthenticationException('The WordPress cookie has expired.');
}
try {
$user = $userProvider->loadUserByUsername($username);
} catch (Exception $exception) {
if (!$exception instanceof AuthenticationException) {
$exception = new AuthenticationException($exception->getMessage(), $exception->getCode(), $exception);
}
throw $exception;
}
if (!$user instanceof UserInterface) {
throw new RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
}
if ($token && $hmac !== $this->generateHmacWithToken($username, $expiration, $token, $user->getPassword()) || !$token && $hmac !== $this->generateHmac($username, $expiration, $user->getPassword())) {
throw new AuthenticationException('The WordPress cookie\'s hash is invalid. Your logged in key and salt settings could be wrong.');
}
return $user;
}
public function handle(GetResponseEvent $event)
{
// Don't do anything when the auto_login query parameter is not found
if (!($autoLogin = $event->getRequest()->get('auto_login', false))) {
return;
}
# Decode the parameter and split into username and key.
$autoLogin = base64_decode($autoLogin);
list($username, $autoLoginKey) = explode(':', $autoLogin);
# Find the user in the user provider for the given class
try {
$user = $this->userProvider->loadUserByUsername($username);
} catch (\Exception $ex) {
if (!$ex instanceof AuthenticationException) {
$ex = new AuthenticationException($ex->getMessage(), $ex->getCode(), $ex);
}
throw $ex;
}
// Try and authenticate the token
try {
$token = $this->authenticationManager->authenticate(new AutoLoginToken($user, $this->providerKey, $autoLoginKey));
} catch (AuthenticationException $e) {
return;
}
// If everything is ok, store the received authenticated token
if ($token) {
$this->tokenStorage->setToken($token);
}
}
/**
* This is called when an interactive authentication attempt fails.
*
* @param Request $request
* @param AuthenticationException $exception
*
* @return Response
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->isXmlHttpRequest()) {
$result = array('success' => false);
return new Response(json_encode($result));
} else {
// Handle non XmlHttp request.
$parameters = array('status_text' => $exception->getMessage(), 'status_code' => $exception->getCode());
return $this->templating->renderResponse('TwigBundle:Exception:error.html.twig', $parameters);
}
}
/**
* onAuthenticationFailure
*
* @author Joe Sexton <*****@*****.**>
* @param Request $request
* @param AuthenticationException $exception
* @return Response
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$this->logger->warning(sprintf('%s.[%s].%s.[%s] => %s', 'AuthenticationFailure', 'This user fail to connect', $request->getClientIp(), $exception->getCode(), $exception->getMessage()));
if ($request->isXmlHttpRequest()) {
$array = array('success' => false, 'message' => $exception->getMessage());
$response = new Response(json_encode($array));
$response->headers->set('Content-Type', 'application/json');
return $response;
} else {
if ($request->headers->get('Referer')) {
$request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
return new RedirectResponse($request->headers->get('Referer'));
} else {
throw new AuthenticationException("No route used before");
}
}
}
/**
* @param array $cookieParts
* @return array
*/
protected function getUserAndOrganizationFromCookie($cookieParts)
{
if (count($cookieParts) !== 5) {
throw new AuthenticationException('The cookie is invalid.');
}
list($class, $username, $expires, $hash, $organizationId) = $cookieParts;
if (false === ($username = base64_decode($username, true))) {
throw new AuthenticationException('$username contains a character from outside the base64 alphabet.');
}
try {
$organization = $this->entityManager->getRepository('OroOrganizationBundle:Organization')->find($organizationId);
$user = $this->getUserProvider($class)->loadUserByUsername($username);
} catch (\Exception $ex) {
if (!$ex instanceof AuthenticationException) {
$ex = new AuthenticationException($ex->getMessage(), $ex->getCode(), $ex);
}
throw $ex;
}
$this->checkUserData($user, $organization, $class, $username, $organizationId, $expires, $hash);
return [$user, $organization];
}
