Example #1
0
 /**
  * {@inheritdoc}
  */
 public function checkCredentials($credentials, UserInterface $user)
 {
     if ($user->getPassword() === $credentials['password']) {
         return true;
     }
     throw new CustomUserMessageAuthenticationException($this->failMessage);
 }
 /**
  * {@inheritdoc}
  */
 protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
 {
     $currentUser = $token->getUser();
     if ($currentUser instanceof UserInterface) {
         if ($currentUser->getPassword() !== $user->getPassword()) {
             throw new BadCredentialsException('The credentials were changed from another session.');
         }
     } else {
         if (!($presentedPassword = $token->getCredentials())) {
             throw new BadCredentialsException('The presented password cannot be empty.');
         }
         if ($user instanceof User) {
             $encoder = $this->encoderFactory->getEncoder($user);
             if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
                 throw new BadCredentialsException('The presented password is invalid.');
             }
         } else {
             $ldap = new Ldap($this->params['host'], $this->params['port'], $this->params['version']);
             $bind = $ldap->bind($user->getUsername(), $presentedPassword);
             $this->logger->debug(sprintf('LDAP bind with username "%s" and password "%s" yielded: %s', $user->getUsername(), $presentedPassword, print_r($bind, true)));
             if (!$bind) {
                 throw new BadCredentialsException('The presented password is invalid.');
             }
             // There's likely more data in the LDAP result now after a successful bind
             $this->userProvider->refreshUser($user);
         }
     }
 }
 /**
  * {@inheritdoc}
  */
 protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
 {
     $currentUser = $token->getUser();
     if ($currentUser instanceof UserInterface) {
         if ($currentUser->getPassword() !== $user->getPassword()) {
             throw new BadCredentialsException('The credentials were changed from another session.');
         }
     } else {
         if (!($presentedPassword = $token->getCredentials())) {
             throw new BadCredentialsException('The presented password cannot be empty.');
         }
         $client = $this->clientFactory->build('en');
         $request = CustomerLoginRequest::ofEmailAndPassword($token->getUser(), $presentedPassword);
         $response = $request->executeWithClient($client);
         if ($response->isError()) {
             throw new BadCredentialsException('The presented password is invalid.');
         }
         $result = $request->mapResponse($response);
         $customer = $result->getCustomer();
         if ($currentUser !== $customer->getEmail()) {
             throw new BadCredentialsException('The presented password is invalid.');
         }
         $this->session->set('customer.id', $customer->getId());
     }
 }
Example #4
0
 public function checkCredentials($credentials, UserInterface $user)
 {
     if ($user->getPassword() === $this->passwordEncoder->encodePassword($user, $credentials['password'])) {
         return true;
     }
     throw new CustomUserMessageAuthenticationException("Password is incorrect.");
 }
 public function isEqualTo(UserInterface $user)
 {
     if (!$user instanceof CorredorUser || $this->password !== $user->getPassword() || $this->salt !== $user->getSalt() || $this->username !== $user->getUsername()) {
         return false;
     }
     return true;
 }
 /**
  * {@InheritDoc}
  *
  * @throws NonceExpiredException
  */
 public function validateDigest(WsseUserToken $wsseToken, UserInterface $user)
 {
     $created = $wsseToken->created;
     $nonce = $wsseToken->nonce;
     $digest = $wsseToken->digest;
     $secret = $user->getPassword();
     // Check created time is not too far in the future (leaves 5 minutes margin)
     if (strtotime($created) > time() + 300) {
         throw new WsseAuthenticationException(sprintf('Token created date cannot be in future (%d seconds in the future).', time() - strtotime($created)));
     }
     // Expire timestamp after 5 minutes
     if (strtotime($created) < time() - 300) {
         throw new WsseAuthenticationException(sprintf('Token created date has expired its 300 seconds of validity (%d seconds).', strtotime($created) - time()));
     }
     // Validate that the nonce is *not* used in the last 10 minutes
     // if it has, this could be a replay attack
     if (file_exists($this->cacheDir . '/' . $nonce) && file_get_contents($this->cacheDir . '/' . $nonce) + 600 > time()) {
         throw new NonceExpiredException('Previously used nonce detected.');
     }
     // If cache directory does not exist we create it
     if (!is_dir($this->cacheDir)) {
         mkdir($this->cacheDir, 0777, true);
     }
     file_put_contents($this->cacheDir . '/' . $nonce, time());
     // Validate Secret
     $expected = base64_encode(sha1(base64_decode($nonce) . $created . $secret, true));
     if (!StringUtils::equals($expected, $digest)) {
         throw new WsseAuthenticationException('Token digest is not valid.');
     }
     return true;
 }
 /**
  * Create WordPress logged in cookie
  *
  * @param UserInterface $user
  * @param int $lifetime
  * @return Cookie
  */
 public function createLoggedInCookie(UserInterface $user, $lifetime = 31536000)
 {
     $username = $user->getUsername();
     $password = $user->getPassword();
     $expiration = time() + $lifetime;
     $hmac = $this->generateHmac($username, $expiration, $password);
     return new Cookie($this->getLoggedInCookieName(), $this->encodeCookie(array($username, $expiration, $hmac)), $expiration, $this->configuration->getCookiePath(), $this->configuration->getCookieDomain());
 }
Example #8
0
 public function isEqualTo(UserInterface $user)
 {
     if (!$user instanceof LdapUser) {
         return false;
     }
     if ($this->password !== $user->getPassword()) {
         return false;
     }
     if ($this->username !== $user->getUsername()) {
         return false;
     }
     return true;
 }
Example #9
0
 /**
  * {@inheritdoc}
  */
 protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
 {
     $currentUser = $token->getUser();
     if ($currentUser instanceof UserInterface) {
         if ($currentUser->getPassword() !== $user->getPassword()) {
             throw new BadCredentialsException('The credentials were changed from another session.');
         }
     } else {
         if (!($presentedPassword = $token->getCredentials())) {
             throw new BadCredentialsException('The presented password cannot be empty.');
         }
         if ($user->getPassword()) {
             $encoder = $this->encoderFactory->getEncoder($user);
             $encodedPassword = $encoder->encodePassword($presentedPassword, $user->getSalt());
             if ($encodedPassword != $user->getPassword()) {
                 throw new BadCredentialsException('The presented password is invalid.');
             }
         } elseif (!$this->galittProvider->checkAccount($user->getUsername(), $presentedPassword)) {
             throw new BadCredentialsException('The presented password is invalid.');
         }
     }
 }
Example #10
0
 public function isEqualTo(UserInterface $user)
 {
     if (!$user instanceof UsuariosService) {
         return false;
     }
     if ($this->password !== $user->getPassword()) {
         return false;
     }
     if ($this->salt !== $user->getSalt()) {
         return false;
     }
     if ($this->username !== $user->getUsername()) {
         return false;
     }
     return true;
 }
 public function equals(UserInterface $user)
 {
     if (!$user instanceof self) {
         return false;
     }
     if ($this->password !== $user->getPassword()) {
         return false;
     }
     if ($this->getSalt() !== $user->getSalt()) {
         return false;
     }
     if ($this->username !== $user->getUsername()) {
         return false;
     }
     return true;
 }
Example #12
0
 public function isEqualTo(UserInterface $user)
 {
     if (!$user instanceof RedisUser) {
         return false;
     }
     if ($this->password !== $user->getPassword()) {
         return false;
     }
     if ($this->salt !== $user->getSalt()) {
         return false;
     }
     if ($this->email !== $user->getUsername()) {
         return false;
     }
     return true;
 }
 /**
  * {@inheritdoc}
  */
 protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
 {
     $currentUser = $token->getUser();
     if ($currentUser instanceof UserInterface) {
         if ($currentUser->getPassword() !== $user->getPassword()) {
             throw new BadCredentialsException('The credentials were changed from another session.');
         }
     } else {
         if (!($presentedPassword = $token->getCredentials())) {
             throw new BadCredentialsException('Bad credentials');
         }
         if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
             throw new BadCredentialsException('Bad credentials');
         }
     }
 }
 /**
  * {@inheritdoc}
  */
 protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
 {
     $currentUser = $token->getUser();
     if ($currentUser instanceof UserInterface) {
         if ($currentUser->getPassword() !== $user->getPassword()) {
             throw new BadCredentialsException('The credentials were changed from another session.');
         }
     } else {
         if (!($presentedPassword = $token->getCredentials())) {
             throw new BadCredentialsException('The presented password cannot be empty.');
         }
         if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
             $this->userProvider->handleWrongPassword($user);
             throw new BadCredentialsException('The presented password is invalid.');
         } else {
             $this->userProvider->handleGoodPassword($user);
         }
         if (!$user->isAccountNonLocked()) {
             throw new LockedException(strtr('User account is locked%until%.', array('%until%' => $user->getLockedUntil() ? sprintf(' until %s', $user->getLockedUntil()->format('Y-m-d H:i:s')) : '')), $user);
         }
     }
 }
 /**
  *{@inheritdoc}
  */
 public function isEqualTo(UserInterface $user)
 {
     if (!$user instanceof User) {
         // @codeCoverageIgnoreStart
         return false;
         // @codeCoverageIgnoreEnd
     }
     if ($this->password !== $user->getPassword()) {
         // @codeCoverageIgnoreStart
         return false;
         // @codeCoverageIgnoreEnd
     }
     if ($this->salt !== $user->getSalt()) {
         // @codeCoverageIgnoreStart
         return false;
         // @codeCoverageIgnoreEnd
     }
     if ($this->username !== $user->getUsername()) {
         // @codeCoverageIgnoreStart
         return false;
         // @codeCoverageIgnoreEnd
     }
     return true;
 }
Example #16
0
 /**
  * Implementation of SecurityUserInterface.
  *
  * @param \Symfony\Component\Security\Core\User\UserInterface $user
  * @return Boolean
  */
 public function equals(SecurityUserInterface $user)
 {
     if (!$user instanceof User) {
         return false;
     }
     if ($this->getPassword() !== $user->getPassword()) {
         return false;
     }
     if ($this->getSalt() !== $user->getSalt()) {
         return false;
     }
     if ($this->getUsernameCanonical() !== $user->getUsernameCanonical()) {
         return false;
     }
     if ($this->isAccountNonExpired() !== $user->isAccountNonExpired()) {
         return false;
     }
     if ($this->isAccountNonLocked() !== $user->isAccountNonLocked()) {
         return false;
     }
     if ($this->isCredentialsNonExpired() !== $user->isCredentialsNonExpired()) {
         return false;
     }
     if ($this->isEnabled() !== $user->isEnabled()) {
         return false;
     }
     return true;
 }
 public function isEqualTo(UserInterface $user)
 {
     if (!$user instanceof self) {
         return false;
     }
     if ($this->id !== $user->getId()) {
         return false;
     }
     if ($this->password !== $user->getPassword()) {
         return false;
     }
     if ($this->salt !== $user->getSalt()) {
         return false;
     }
     return true;
 }
Example #18
0
 /**
  * @inheritDoc
  */
 public function isEqualTo(BaseUserInterface $user)
 {
     if ($this->getPassword() !== $user->getPassword()) {
         return false;
     }
     if ($this->getSalt() !== $user->getSalt()) {
         return false;
     }
     if ($this->getUsername() !== $user->getUsername()) {
         return false;
     }
     return true;
 }
 private function changePasswordUser(\Symfony\Component\Security\Core\User\UserInterface $user)
 {
     $em = $this->get('doctrine.orm.entity_manager');
     $request = $this->container->get('request');
     $old_password = $user->getPassword();
     $encoder = $this->get('security.encoder_factory')->getEncoder($user);
     $form = $this->get('form.factory')->create(new UserPassword(), $user);
     if ('POST' === $request->getMethod()) {
         $form->handleRequest($request);
         if ($form->isValid()) {
             // first we check if the old password is correct
             $proof_password = $form->get('old_password')->getData();
             if ($old_password !== $encoder->encodePassword($proof_password, $user->getSalt())) {
                 $this->get('session')->getFlashBag()->set('error', "L'ancien mot de passe est incorrect");
                 return $this->render('TrezLogicielTrezBundle:User:change_password.html.twig', array('form' => $form->createView(), 'user' => $user, 'cancel_link' => $this->generateUrl('_welcome')));
             }
             // now changes
             $password = $encoder->encodePassword($user->getPassword(), $user->getSalt());
             $user->setPassword($password);
             $em->flush();
             $this->get('session')->getFlashBag()->set('info', 'Le mot de passe a bien été changé');
             return new RedirectResponse($this->generateUrl('_welcome'));
         }
     }
     return $this->render('TrezLogicielTrezBundle:User:change_password.html.twig', array('form' => $form->createView(), 'user' => $user, 'cancel_link' => $this->generateUrl('_welcome')));
 }
Example #20
0
 public function getPassword()
 {
     return $this->wrappedUser->getPassword();
 }
 protected function assertSameUser(User $user1, UserInterface $user2)
 {
     foreach ([$user1->getCredentials()->getUsername() => $user2->getUsername(), $user1->getCredentials()->getPassword()->getHash() => $user2->getPassword()] as $expected => $actual) {
         $this->assertSame($expected, $actual);
     }
 }
Example #22
0
 /**
  * @inheritDoc
  */
 public function isEqualTo(UserInterface $user)
 {
     if (!$user instanceof WebserviceUser) {
         return false;
     }
     if ($this->getPassword() !== $user->getPassword()) {
         return false;
     }
     if ($this->getSalt() !== $user->getSalt()) {
         return false;
     }
     if ($this->getUsername() !== $user->getUsername()) {
         return false;
     }
     return true;
 }
Example #23
0
 public function isEqualTo(UserInterface $user)
 {
     return $user instanceof User && $this->getUsername() === $user->getUsername() && $this->getPassword() === $user->getPassword() && $this->getSalt() === $user->getSalt();
 }
 /**
  * It logs in the given user in the 'main' application firewall (or the
  * optionally given firewall name).
  *
  * @param UserInterface $user
  * @param string $firewallName
  *
  * @return UserInterface
  */
 public function login(UserInterface $user, $firewallName = 'main')
 {
     $token = new UsernamePasswordToken($user, $user->getPassword(), $firewallName, $user->getRoles());
     $token->setAuthenticated(true);
     $this->tokenStorage->setToken($token);
     $this->session->set('_security_' . $firewallName, serialize($token));
     $this->session->save();
     return $user;
 }
 /**
  * Validates the password for wsse.
  *
  * @param UserInterface  $user  The provided user.
  * @param TokenInterface $token The created token.
  *
  * @return boolean
  *
  * @throws NonceExpiredException If the none is used again if the lifetime is expired.
  */
 protected function validateDigest(UserInterface $user, TokenInterface $token)
 {
     $created = $token->getCreated();
     $nonce = $token->getNonce();
     // expired after the lifetime
     if (time() - strtotime($created) > $this->lifetime) {
         return false;
     }
     if ($this->filesystem->exists($this->cacheDir . '/' . $nonce) && file_get_contents($this->cacheDir . '/' . $nonce) + $this->lifetime > time()) {
         throw new NonceExpiredException('Previously used nonce detected');
     }
     // if cache directory does not exist it will be created
     if ($this->filesystem->exists($this->cacheDir) === false) {
         $this->filesystem->mkdir($this->cacheDir, 0777);
     }
     $this->filesystem->dumpFile($this->cacheDir . '/' . $nonce, time());
     $salt = base64_decode($nonce) . $created;
     if (!$this->encoder->isPasswordValid($token->getDigest(), $user->getPassword(), $salt)) {
         throw new BadCredentialsException('The presented password is invalid.');
     }
     return true;
 }
 /**
  * Authenticate a token according to the user provided without any password encoders.
  *
  * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
  * @param \Symfony\Component\Security\Core\User\UserInterface                  $user
  *
  * @return boolean|\BackBee\Security\Token\UsernamePasswordToken
  */
 private function authenticateWithoutEncoder(TokenInterface $token, UserInterface $user)
 {
     if (null !== $user->getSalt() && call_user_func($user->getSalt(), $token->getCredentials()) === $user->getPassword()) {
         return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles());
     } elseif ($token->getCredentials() === $user->getPassword()) {
         return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles());
     } else {
         return false;
     }
 }
 /**
  * @param UserInterface $user
  * @param UsernamePasswordToken $token
  */
 protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
 {
     $currentUser = $token->getUser();
     if ($currentUser instanceof UserInterface) {
         // this happens if we were already logged in
         if ($currentUser->getPassword() !== $user->getPassword()) {
             throw new BadCredentialsException('The credentials were changed from another session.');
         }
     } else {
         if ("" === ($presentedPassword = $token->getCredentials())) {
             throw new BadCredentialsException('The presented password cannot be empty.');
         }
         if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
             throw new BadCredentialsException('The presented password is invalid.');
         }
     }
     if ($token->hasAttribute('desired_user')) {
         $roles = $user->getRoles();
         if (!in_array('ROLE_ALLOWED_TO_SWITCH', $roles)) {
             throw new BadCredentialsException('You are not allowed to login as other users.');
         }
     }
 }
Example #28
0
 protected function getSecret(UserInterface $user)
 {
     return $user->getPassword();
 }
Example #29
0
 /**
  * {@inheritdoc}
  */
 public function isEqualTo(UserInterface $user)
 {
     if ($this->getPassword() !== $user->getPassword()) {
         return false;
     }
     $currentRoles = array_map('strval', $this->getRoles());
     $passedRoles = array_map('strval', $user->getRoles());
     sort($currentRoles);
     sort($passedRoles);
     if ($currentRoles !== $passedRoles) {
         return false;
     }
     return true;
 }
 /**
  * @param UserInterface $user
  * @return string
  */
 private function getSecret(UserInterface $user)
 {
     return $user->getPassword();
 }