/**
  * {@inheritDoc}
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return;
     }
     /* @var OAuthToken $token */
     $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
     $userResponse = $resourceOwner->getUserInformation($token->getRawToken());
     try {
         $user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
     } catch (OAuthAwareExceptionInterface $e) {
         $e->setToken($token);
         $e->setResourceOwnerName($token->getResourceOwnerName());
         throw $e;
     }
     if (!$user instanceof UserInterface) {
         throw new AuthenticationServiceException('loadUserByOAuthUserResponse() must return a UserInterface.');
     }
     try {
         $this->userChecker->checkPreAuth($user);
         $this->userChecker->checkPostAuth($user);
     } catch (BadCredentialsException $e) {
         if ($this->hideUserNotFoundExceptions) {
             throw new BadCredentialsException('Bad credentials', 0, $e);
         }
         throw $e;
     }
     $token = new OAuthToken($token->getRawToken(), $user->getRoles());
     $token->setResourceOwnerName($resourceOwner->getName());
     $token->setUser($user);
     $token->setAuthenticated(true);
     return $token;
 }
Example #2
0
 /**
  * {@inheritDoc}
  */
 public function login(UserInterface $user, $firewallName = 'main')
 {
     $this->userChecker->checkPreAuth($user);
     $token = new UsernamePasswordToken($user, null, $firewallName, $user->getRoles());
     $this->securityContext->setToken($token);
     $this->eventDispatcher->dispatch(UserEvents::SECURITY_IMPLICIT_LOGIN, new UserEvent($user));
 }
 /**
  * {@inheritDoc}
  */
 public function authenticate(TokenInterface $token)
 {
     $ownerName = $token->getResourceOwnerName();
     $oauthUtil = $this->container->get('glory_oauth.util.token2oauth');
     $oauth = $oauthUtil->generate($token);
     $connect = $this->container->get('glory_oauth.connect');
     if (!($user = $connect->getConnect($oauth))) {
         if ($this->container->getParameter('glory_oauth.auto_register')) {
             $user = $connect->connect($oauth);
         } else {
             $key = time();
             $this->container->get('session')->set('glory_oauth.connect.oauth.' . $key, [$oauth->getOwner(), $oauth->getUsername()]);
             $url = $this->container->get('router')->generate('glory_oauth_register', ['key' => $key]);
             return new RedirectResponse($url);
         }
     }
     if (!$user instanceof UserInterface) {
         throw new BadCredentialsException('');
     }
     try {
         $this->userChecker->checkPreAuth($user);
         $this->userChecker->checkPostAuth($user);
     } catch (BadCredentialsException $e) {
         if ($this->hideUserNotFoundExceptions) {
             throw new BadCredentialsException('Bad credentials', 0, $e);
         }
         throw $e;
     }
     $token = new OAuthToken($token->getRawToken(), $user->getRoles());
     $token->setOwnerName($ownerName);
     $token->setUser($user);
     $token->setAuthenticated(true);
     return $token;
 }
 /**
  * @inheritdoc
  */
 public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
 {
     /* @var PreAuthenticatedToken $token */
     $authToken = $token->getToken();
     if (empty($authToken)) {
         $authToken = 'NONE_PROVIDED';
     }
     $tokenEntity = $this->tokenManager->findById($authToken);
     if (!$tokenEntity) {
         throw new BadCredentialsException('Bad token');
     }
     if (true === $this->tokenManager->isExpired($tokenEntity)) {
         throw new TokenExpiredException('Token expired');
     }
     $user = $this->retrieveUser($userProvider, $tokenEntity);
     if (!$user instanceof UserInterface) {
         throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.');
     }
     try {
         $this->userChecker->checkPreAuth($user);
         $this->checkAuthentication($user, $tokenEntity, $token);
         $this->userChecker->checkPostAuth($user);
     } catch (BadCredentialsException $e) {
         throw new BadCredentialsException('Bad credentials', 0, $e);
     }
     $authenticatedToken = new PreAuthenticatedToken($token->getToken(), $providerKey, $user->getRoles());
     $authenticatedToken->setUser($user);
     $authenticatedToken->setAttributes($token->getAttributes());
     return $authenticatedToken;
 }
 /**
  * Attempts to authenticate a TokenInterface object.
  *
  * @param TokenInterface $token The TokenInterface instance to authenticate
  *
  * @return TokenInterface An authenticated TokenInterface instance, never null
  *
  * @throws AuthenticationException if the authentication fails
  */
 public function authenticate(TokenInterface $token)
 {
     if (false === $this->supports($token)) {
         return null;
     }
     /** @var SamlSpResponseToken $token */
     $user = null;
     try {
         $user = $this->loadUser($token);
     } catch (UsernameNotFoundException $ex) {
         $user = $this->createUser($token);
     }
     if (null == $user && $this->force) {
         $user = $this->createDefaultUser($token);
     }
     if (null == $user) {
         $ex = new AuthenticationException('Unable to resolve user');
         $ex->setToken($token);
         throw $ex;
     }
     if ($this->userChecker && $user instanceof UserInterface) {
         $this->userChecker->checkPostAuth($user);
     }
     $attributes = $this->getAttributes($token);
     $result = new SamlSpToken($user instanceof UserInterface ? $user->getRoles() : [], $this->providerKey, $attributes, $user);
     return $result;
 }
 /**
  * @param UserInterface $user
  * @param AppscoToken $token
  * @return AppscoToken
  */
 protected function createAuthenticatedToken($user, AppscoToken $token)
 {
     if ($user instanceof UserInterface && $this->userChecker) {
         $this->userChecker->checkPostAuth($user);
     }
     $authenticatedToken = new AppscoToken($user, $user->getRoles(), $token->getAccount(), $token->getAccessToken(), $token->getIdToken());
     return $authenticatedToken;
 }
Example #7
0
 /**
  * {@inheritdoc}
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return;
     }
     try {
         $tokenString = $token->getToken();
         if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) {
             $scope = $accessToken->getScope();
             $user = $accessToken->getUser();
             if (null !== $user) {
                 try {
                     $this->userChecker->checkPreAuth($user);
                 } catch (AccountStatusException $e) {
                     throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage());
                 }
                 $token->setUser($user);
             }
             $roles = null !== $user ? $user->getRoles() : array();
             /*
              * This is the only modification from the base class.
              * We only add scopes if we're not connected as user.
              * Otherwise, if we support the scope admin, everyone will be admin if no scope are requested because fos-oauth2-lib
              * doesn't support different scope by clients (https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/issues/201)
              * This way, we can bypass this by creating 2 clients: 1 wich grant the password (and refresh) types 
              * (and will require a user authentication)
              * One that grant pretty much all the rest.
              */
             if (!$user) {
                 if (!empty($scope)) {
                     foreach (explode(' ', $scope) as $role) {
                         $roles[] = 'ROLE_' . strtoupper($role);
                     }
                 }
             }
             $roles = array_unique($roles, SORT_REGULAR);
             $token = new OAuthToken($roles);
             $token->setAuthenticated(true);
             $token->setToken($tokenString);
             if (null !== $user) {
                 try {
                     $this->userChecker->checkPostAuth($user);
                 } catch (AccountStatusException $e) {
                     throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage());
                 }
                 $token->setUser($user);
             }
             return $token;
         }
     } catch (OAuth2ServerException $e) {
         if (!method_exists('Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException', 'setToken')) {
             // Symfony 2.1
             throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e);
         }
         throw new AuthenticationException('OAuth2 authentication failed', 0, $e);
     }
     throw new AuthenticationException('OAuth2 authentication failed');
 }
Example #8
0
 function it_logs_user_in(TokenStorageInterface $tokenStorage, UserCheckerInterface $userChecker, EventDispatcherInterface $eventDispatcher, UserInterface $user)
 {
     $user->getRoles()->willReturn(['ROLE_TEST']);
     $userChecker->checkPreAuth($user)->shouldBeCalled();
     $userChecker->checkPostAuth($user)->shouldBeCalled();
     $tokenStorage->setToken(Argument::type(UsernamePasswordToken::class))->shouldBeCalled();
     $eventDispatcher->dispatch(UserEvents::SECURITY_IMPLICIT_LOGIN, Argument::type(UserEvent::class))->shouldBeCalled();
     $this->login($user);
 }
Example #9
0
 /**
  * {@inheritdoc}
  */
 public function login(UserInterface $user, $firewallName = 'main')
 {
     $this->userChecker->checkPreAuth($user);
     $this->userChecker->checkPostAuth($user);
     $token = $this->createToken($user, $firewallName);
     if (!$token->isAuthenticated()) {
         throw new AuthenticationException('Unauthenticated token');
     }
     $this->tokenStorage->setToken($token);
     $this->eventDispatcher->dispatch(UserEvents::SECURITY_IMPLICIT_LOGIN, new UserEvent($user));
 }
Example #10
0
 public final function loginUser($firewallName, User $user, Response $response = null)
 {
     $this->userChecker->checkPostAuth($user);
     $token = $this->createToken($firewallName, $user);
     $request = $this->requestStack->getCurrentRequest();
     if ($request == $this->requestStack->getMasterRequest()) {
         $this->sessionStrategy->onAuthentication($request, $token);
     }
     //TODO: implement rememberme
     $this->tokenStorage->setToken($token);
 }
 /**
  * {@inheritdoc}
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return;
     }
     if (!($user = $token->getUser())) {
         throw new BadCredentialsException('The required token is not found.');
     }
     $user = $this->userProvider->loadUserByUsername($user);
     $this->userChecker->checkPostAuth($user);
     $authenticatedToken = new phpBBToken($user, $this->providerKey, $user->getRoles());
     $authenticatedToken->setAttributes($token->getAttributes());
     return $authenticatedToken;
 }
 /**
  * {@inheritdoc}
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return;
     }
     $username = $token->getUsername();
     if (empty($username)) {
         $username = '******';
     }
     try {
         $user = $this->retrieveUser($username, $token);
     } catch (UsernameNotFoundException $notFound) {
         if ($this->hideUserNotFoundExceptions) {
             throw new BadCredentialsException('Bad credentials.', 0, $notFound);
         }
         $notFound->setUsername($username);
         throw $notFound;
     }
     if (!$user instanceof UserInterface) {
         throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.');
     }
     try {
         $this->userChecker->checkPreAuth($user);
         $this->checkAuthentication($user, $token);
         $this->userChecker->checkPostAuth($user);
     } catch (BadCredentialsException $e) {
         if ($this->hideUserNotFoundExceptions) {
             throw new BadCredentialsException('Bad credentials.', 0, $e);
         }
         throw $e;
     }
     $authenticatedToken = new AsnUsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $this->getRoles($user, $token), $token->getAsn());
     $authenticatedToken->setAttributes($token->getAttributes());
     return $authenticatedToken;
 }
Example #13
0
 /**
  * {@InheritDoc}
  */
 public function authenticate(TokenInterface $token)
 {
     $user = $this->userProvider->loadUserByUsername($token->getUsername());
     $isUser = $user instanceof UserInterface;
     if (!$isUser) {
         throw new WsseAuthenticationException('User not found.');
     }
     $this->userChecker->checkPreAuth($user);
     if (!$this->digestValidator->validateDigest($token, $user)) {
         throw new WsseAuthenticationException('Invalid Digest.');
     }
     $this->userChecker->checkPostAuth($user);
     $authenticatedToken = new WsseUserToken($user->getRoles());
     $authenticatedToken->setUser($user);
     return $authenticatedToken;
 }
 /**
  * {@inheritdoc}
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return;
     }
     try {
         $tokenString = $token->getToken();
         if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) {
             $scope = $accessToken->getScope();
             $user = $accessToken->getUser();
             if (null !== $user) {
                 try {
                     $this->userChecker->checkPreAuth($user);
                 } catch (AccountStatusException $e) {
                     throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage());
                 }
                 $token->setUser($user);
             }
             $roles = null !== $user ? $user->getRoles() : array();
             if (!empty($scope)) {
                 foreach (explode(' ', $scope) as $role) {
                     $roles[] = 'ROLE_' . strtoupper($role);
                 }
             }
             $roles = array_unique($roles);
             $token = new OAuthToken($roles);
             $token->setAuthenticated(true);
             $token->setToken($tokenString);
             if (null !== $user) {
                 try {
                     $this->userChecker->checkPostAuth($user);
                 } catch (AccountStatusException $e) {
                     throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage());
                 }
                 $token->setUser($user);
             }
             return $token;
         }
     } catch (OAuth2ServerException $e) {
         if (!method_exists('Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException', 'setToken')) {
             // Symfony 2.1
             throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e);
         }
         throw new AuthenticationException('OAuth2 authentication failed', 0, $e);
     }
     throw new AuthenticationException('OAuth2 authentication failed');
 }
 /**
  * {@inheritDoc}
  */
 public function authenticate(TokenInterface $token)
 {
     $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
     $userResponse = $resourceOwner->getUserInformation($token->getAccessToken());
     try {
         $user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
     } catch (OAuthAwareExceptionInterface $e) {
         $e->setAccessToken($token->getAccessToken());
         $e->setResourceOwnerName($token->getResourceOwnerName());
         throw $e;
     }
     $token = new OAuthToken($token->getAccessToken(), $user->getRoles());
     $token->setResourceOwnerName($resourceOwner->getName());
     $token->setUser($user);
     $token->setAuthenticated(true);
     $this->userChecker->checkPostAuth($user);
     return $token;
 }
 /**
  * {@inheritDoc}
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return null;
     }
     /* @var OAuthToken $token */
     $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
     if ($token->getUser()) {
         $user = $this->userProvider->refreshUser($token->getUser());
     } else {
         try {
             $userResponse = $resourceOwner->getUserInformation($token->getRawToken());
         } catch (HttpTransportException $e) {
             $token = new AnonymousToken($token->getRawToken(), 'anon.');
             $token->setAuthenticated(true);
             return $token;
         } catch (RequestException $e) {
             $token = new AnonymousToken($token->getRawToken(), 'anon.');
             $token->setAuthenticated(true);
             return $token;
         }
         try {
             $user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
         } catch (OAuthAwareExceptionInterface $e) {
             $e->setToken($token);
             $e->setResourceOwnerName($token->getResourceOwnerName());
             throw $e;
         }
     }
     if (!$user instanceof UserInterface) {
         throw new AuthenticationServiceException('loadUserByOAuthUserResponse() must return a UserInterface.');
     }
     try {
         $this->userChecker->checkPreAuth($user);
         $this->userChecker->checkPostAuth($user);
     } catch (BadCredentialsException $e) {
         throw $e;
     }
     $token = new OAuthToken($token->getRawToken(), $user->getRoles());
     $token->setResourceOwnerName($resourceOwner->getName());
     $token->setUser($user);
     $token->setAuthenticated(true);
     return $token;
 }
 /**
  * @param \OAuth2\ResourceOwner\ResourceOwnerInterface $resource_owner
  *
  * @throws \OAuth2\Exception\BaseExceptionInterface
  */
 private function checkResourceOwner(ResourceOwnerInterface $resource_owner)
 {
     if ($resource_owner instanceof UserInterface) {
         try {
             $this->user_checker->checkPostAuth($resource_owner);
         } catch (AccountStatusException $e) {
             throw new BadCredentialsException($e->getMessage());
         }
     }
 }
 /**
  * @param string $identity
  * @param array $attributes
  * @param array $roles
  * @param mixed $user
  *
  * @return \Fp\OpenIdBundle\Security\Core\Authentication\Token\OpenIdToken
  */
 protected function createAuthenticatedToken($identity, array $attributes, array $roles, $user)
 {
     if ($user instanceof UserInterface) {
         $this->userChecker->checkPostAuth($user);
     }
     $newToken = new OpenIdToken($this->providerKey, $identity, $roles);
     $newToken->setUser($user);
     $newToken->setAttributes($attributes);
     $newToken->setAuthenticated(true);
     return $newToken;
 }
 /**
  * @throws \Symfony\Component\Security\Core\Exception\AuthenticationServiceException
  *
  * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
  *
  * @return SsoToken|null
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return null;
     }
     $validation = $token->getManager()->validateCredentials($token->getCredentials());
     if (!$validation->isSuccess()) {
         throw new BadCredentialsException('Authentication has not been validated by SSO provider.');
     }
     $user = $this->provideUser($validation->getUsername(), $validation->getAttributes());
     $this->userChecker->checkPreAuth($user);
     $this->userChecker->checkPostAuth($user);
     $authenticatedToken = new SsoToken($token->getManager(), $token->getCredentials(), $user, $user->getRoles(), $validation->getAttributes());
     foreach ($token->getAttributes() as $name => $value) {
         if ('sso:validation' == $name) {
             continue;
         }
         $authenticatedToken->setAttribute($name, $value);
     }
     return $authenticatedToken;
 }
 private function checkUser(UserInterface $user)
 {
     try {
         $this->userChecker->checkPreAuth($user);
         $this->userChecker->checkPostAuth($user);
     } catch (BadCredentialsException $e) {
         if ($this->hideUserNotFoundExceptions) {
             throw new BadCredentialsException('Bad credentials.', 0, $e);
         }
         throw $e;
     }
 }
 /**
  * @param \AerialShip\SamlSPBundle\Bridge\SamlSpInfo $samlInfo
  * @param array $attributes
  * @param array $roles
  * @param mixed $user
  * @return SamlSpToken
  */
 protected function createAuthenticatedToken(SamlSpInfo $samlInfo, array $attributes, array $roles, $user)
 {
     if ($user instanceof UserInterface && $this->userChecker) {
         $this->userChecker->checkPostAuth($user);
     }
     $newToken = new SamlSpToken($this->providerKey, $roles);
     $newToken->setUser($user);
     $newToken->setAttributes($attributes);
     $newToken->setSamlSpInfo($samlInfo);
     $newToken->setAuthenticated(true);
     if (!in_array('ROLE_USER', $roles)) {
         $roles[] = 'ROLE_USER';
     }
     return $newToken;
 }
Example #22
0
 /**
  * {@inheritDoc}
  *
  * @throws OAuthAwareExceptionInterface
  */
 public function authenticate(TokenInterface $token)
 {
     if (null === $this->tokenFactory) {
         throw new AuthenticationException('Token Factory is not set in OAuthProvider.');
     }
     /* @var OAuthToken $token */
     $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
     try {
         $userResponse = $resourceOwner->getUserInformation($token->getRawToken());
         $user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
     } catch (OAuthAwareExceptionInterface $e) {
         $e->setToken($token);
         $e->setResourceOwnerName($token->getResourceOwnerName());
         throw $e;
     }
     $organization = $this->guessOrganization($user, $token);
     $token = $this->tokenFactory->create($token->getRawToken(), $user->getRoles());
     $token->setResourceOwnerName($resourceOwner->getName());
     $token->setOrganizationContext($organization);
     $token->setUser($user);
     $token->setAuthenticated(true);
     $this->userChecker->checkPostAuth($user);
     return $token;
 }
 /**
  * @param TokenInterface $token
  * @return null|UsernamePasswordToken
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return null;
     }
     $adminUsername = $token->getUsername();
     if ($token->hasAttribute('desired_user')) {
         $username = $token->getAttribute('desired_user');
     }
     try {
         $adminUser = $this->retrieveUser($adminUsername, $token);
         $user = empty($username) ? $adminUser : $this->retrieveUser($username, $token);
     } catch (UsernameNotFoundException $notFound) {
         if ($this->hideUserNotFoundException) {
             throw new BadCredentialsException('Bad credentials', 0, $notFound);
         }
         throw $notFound;
     }
     if (!$adminUser instanceof UserInterface) {
         throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.');
     }
     try {
         $this->userChecker->checkPreAuth($user);
         $this->checkAuthentication($adminUser, $token);
         $this->userChecker->checkPostAuth($user);
     } catch (BadCredentialsException $e) {
         if ($this->hideUserNotFoundException) {
             throw new BadCredentialsException('Bad credentials', 0, $e);
         }
         throw $e;
     }
     $attributes = $token->getAttributes();
     $roles = $user->getRoles();
     if ($token->hasAttribute('desired_user')) {
         $roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', new UsernamePasswordToken($adminUser, $adminUser->getPassword(), $this->providerKey, $adminUser->getRoles()));
         unset($attributes['desired_user']);
     }
     $authenticatedToken = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles);
     $authenticatedToken->setAttributes($attributes);
     return $authenticatedToken;
 }
Example #24
0
 /**
  * {@inheritdoc}
  */
 public final function logInUser(UserInterface $user, $firewallName)
 {
     $this->userChecker->checkPostAuth($user);
     $token = $this->createToken($user, $firewallName);
     $this->tokenStorage->setToken($token);
 }