/**
*
* @param string $attribute
* @param Club $club
* @param UserInterface $user
* @return boolean
*/
protected function isGranted($attribute, $club, $user = null)
{
switch ($attribute) {
case self::VIEW:
if (!$club->isPrivate()) {
return true;
}
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof UserInterface) {
return false;
}
if (in_array('ROLE_ADMIN', $user->getRoles())) {
return true;
}
break;
case self::EDIT:
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof UserInterface) {
return false;
}
foreach ($club->getAdministrators() as $administrator) {
if ($administrator->getId() == $user->getId()) {
return true;
}
}
if (in_array('ROLE_ADMIN', $user->getRoles())) {
return true;
}
return false;
case self::CREATE:
break;
}
return false;
}
public function isEqualTo(UserInterface $user)
{
if ($user instanceof User) {
// Check that the roles are the same, in any order
$isEqual = count($this->getRoles()) == count($user->getRoles());
if ($isEqual) {
foreach ($this->getRoles() as $role) {
$isEqual = $isEqual && in_array($role, $user->getRoles());
}
}
return $isEqual;
}
return false;
}
private function authenticateUser(UserInterface $user)
{
$providerKey = 'secured_area';
// your firewall name
$token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
$this->getSecurityContext()->setToken($token);
}
private function logUser(UserInterface $user, $password)
{
$token = new UsernamePasswordToken($user, $password, 'secured_area', $user->getRoles());
$request = $this->getRequest();
$session = $request->getSession();
$session->set('_security_secured_area', serialize($token));
}
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof LdapUser || $user->getUsername() !== $this->username || $user->getEmail() !== $this->email || count(array_diff($user->getRoles(), $this->roles)) > 0 || $user->getDn() !== $this->dn) {
return false;
}
return true;
}
/**
* @param array $record
*
* @return array
*/
public function processRecord(array $record)
{
if (is_null($this->user)) {
/* @var TokenStorageInterface $securityTokenStorage */
$securityTokenStorage = $this->container->get('security.token_storage');
if ($securityTokenStorage !== null && $securityTokenStorage->getToken() !== null && $securityTokenStorage->getToken()->getUser() instanceof \Symfony\Component\Security\Core\User\AdvancedUserInterface) {
$this->user = $securityTokenStorage->getToken()->getUser();
$this->record['extra']['user']['username'] = $this->user->getUsername();
$this->record['extra']['user']['roles'] = $this->user->getRoles();
$this->record['extra']['user']['is_account_non_expired'] = $this->user->isAccountNonExpired();
$this->record['extra']['user']['is_account_non_locked'] = $this->user->isAccountNonLocked();
$this->record['extra']['user']['is_credentials_non_expired'] = $this->user->isCredentialsNonExpired();
$this->record['extra']['user']['is_enabled'] = $this->user->isEnabled();
}
}
return array_merge($record, $this->record);
}
/**
* Check whether a user is granted a specific role, respecting the role hierarchy.
*
* @param UserInterface $user
* @param $requiredRole
* @return bool Whether this user is granted the $requiredRole
*/
public function check(UserInterface $user, $requiredRole)
{
$roles = array();
foreach ($user->getRoles() as $roleName) {
$roles[] = new Role($roleName);
}
$token = new AnonymousToken('dummy', 'dummy', $roles);
return static::ACCESS_GRANTED == $this->vote($token, null, array($requiredRole));
}
public function __construct(UserInterface $user, $providerKey)
{
parent::__construct($user->getRoles());
if (empty($providerKey)) {
throw new \InvalidArgumentException('$providerKey must not be empty.');
}
$this->providerKey = $providerKey;
$this->setUser($user);
parent::setAuthenticated(true);
}
public function __construct($providerKey, UserInterface $user = null)
{
if ($user) {
parent::__construct($user->getRoles());
$this->setUser($user);
} else {
parent::__construct();
}
$this->providerKey = $providerKey;
}
/**
* Returns true if $user is granted $requiredRole
* @param $requiredRole
* @param UserInterface $user
* @return bool
*/
public function isGranted($requiredRole, UserInterface $user)
{
$requiredRole = new Role($requiredRole);
foreach ($user->getRoles() as $role) {
$hierarchy = $this->roleHierarchy->getReachableRoles([new Role($role)]);
if (in_array($requiredRole, $hierarchy)) {
return true;
}
}
return false;
}
/**
* Get security role depending on the roles of the user
*
* @param \Symfony\Component\Security\Core\User\UserInterface $user
* @return string
*/
protected function getSecurityRole(UserInterface $user)
{
$securityRole = 'ROLE_SYSTEM_ADMIN';
foreach ($user->getRoles() as $role) {
if (in_array($role, $this->adminRoles)) {
$securityRole = 'ROLE_ADMIN';
break;
}
}
return $securityRole;
}
/**
* Retrieves roles from user and appends SwitchUserRole if original token contained one.
*
* @param UserInterface $user The user
* @param TokenInterface $token The token
*
* @return array The user roles
*/
private function getRoles(UserInterface $user, TokenInterface $token)
{
$roles = $user->getRoles();
foreach ($token->getRoles() as $role) {
if ($role instanceof SwitchUserRole) {
$roles[] = $role;
break;
}
}
return $roles;
}
/**
* @param array $record
*
* @return array
*/
public function processRecord(array $record)
{
if (is_null($this->user)) {
/* @var SecurityContextInterface $securityContext */
$securityContext = null;
try {
$this->container->get("security.context");
} catch (ServiceCircularReferenceException $e) {
//since the securitycontext is deprecated getting the context from the container results in a log line which tries to use this method again....
}
if ($securityContext !== null && $securityContext->getToken() !== null && $securityContext->getToken()->getUser() instanceof \Symfony\Component\Security\Core\User\AdvancedUserInterface) {
$this->user = $securityContext->getToken()->getUser();
$this->record['extra']['user']['username'] = $this->user->getUsername();
$this->record['extra']['user']['roles'] = $this->user->getRoles();
$this->record['extra']['user']['is_account_non_expired'] = $this->user->isAccountNonExpired();
$this->record['extra']['user']['is_account_non_locked'] = $this->user->isAccountNonLocked();
$this->record['extra']['user']['is_credentials_non_expired'] = $this->user->isCredentialsNonExpired();
$this->record['extra']['user']['is_enabled'] = $this->user->isEnabled();
}
}
return array_merge($record, $this->record);
}
/**
* Creates an authenticated client against a firewall.
*
* @param Symfony\Component\Security\Core\User\UserInterface $user
* @param string $firewall
* @return Symfony\Bundle\FrameworkBundle\Client
*/
protected function authenticate(UserInterface $user, $firewall)
{
$securityKey = sprintf('_security_%s', $firewall);
$client = $this->getClient();
$client->followRedirects(false);
$session = $client->getContainer()->get('session');
$session->start();
$cookie = new Cookie($session->getName(), $session->getId());
$client->getCookieJar()->set($cookie);
$token = new UsernamePasswordToken($user, null, $firewall, $user->getRoles());
$session->set($securityKey, serialize($token));
$session->save();
return $client;
}
public function equals(UserInterface $user)
{
if (!$user instanceof LdapUser) {
return false;
}
if ($user->getUsername() !== $this->username) {
return false;
}
if ($user->getEmail() !== $this->email) {
return false;
}
if ($user->getRoles() !== $this->roles) {
return false;
}
if ($user->getDn() !== $this->dn) {
return false;
}
return true;
}
/**
*
* @param string $attribute
* @param Post $post
* @param UserInterface $user
* @return boolean
*/
protected function isGranted($attribute, $post, $user = null)
{
switch ($attribute) {
case self::VIEW:
return true;
case self::EDIT:
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof UserInterface) {
return false;
}
$role = 'ROLE_ADMIN';
if (in_array($role, $user->getRoles())) {
return true;
}
return false;
case self::CREATE:
break;
}
return false;
}
/**
* {@inheritdoc}
*/
public function checkPreAuth(UserInterface $user)
{
if (!$user instanceof AppUser) {
return;
}
if ($user->isDeleted()) {
throw new AccountDeletedException('This user has been deleted.');
}
if ($user->isDisabled()) {
throw new AccountDisabledException('This user has been disabled.');
}
$can_login = false;
/** @var RoleInterface $role */
foreach ($user->getRoles() as $role) {
if ($role->canLogin()) {
$can_login = true;
break;
}
}
if ($can_login === false) {
throw new AccountRoleNoLoginPermissionException('This user has no role with the login permission.');
}
}
/**
* {@inheritdoc}
*/
public function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$connector = new \EpitechAPI\Connector();
try {
$connector->authenticate(\EpitechAPI\Connector::SIGN_IN_METHOD_CREDENTIALS, $user->getUsername(), $token->getCredentials());
} catch (\Exception $ex) {
throw new \Exception("The Epitech's Intranet is not responding");
}
if (!$connector->isSignedIn()) {
throw new BadCredentialsException();
}
$user->updateFromIntranet($connector->getUser());
$user->setLastConnectionDate(new \DateTime());
$roles = $user->getRoles();
foreach (array_keys($roles, 'ROLE_SUPER_ADMIN') as $key) {
unset($roles[$key]);
}
if (in_array($user->getLogin(), $this->superAdminsLogin)) {
$roles[] = 'ROLE_SUPER_ADMIN';
}
$user->setRoles($roles);
$this->entityManager->persist($user);
$this->entityManager->flush();
}
/**
* @param UserInterface $user
*
* @return UsernamePasswordToken
*/
protected function createToken(UserInterface $user)
{
$token = new UsernamePasswordToken($user, '', 'main', $user->getRoles());
return $token;
}
/**
* Create User Token.
*
* Factory method for creating a User Token object for the firewall based on
* the user object provided. By default it will be a Username/Password
* Token based on the user's credentials, but may be overridden for custom
* tokens in your applications.
*
* @param UserInterface $user The user object to base the token off of
* @param string $firewallName name of the firewall provider to use
*
* @return TokenInterface The token to be used in the security context
*/
protected function createUserToken(UserInterface $user, $firewallName)
{
return new UsernamePasswordToken($user, null, $firewallName, $user->getRoles());
}
public function isEqualTo(UserInterface $user)
{
if ($this->email !== $user->getUsername()) {
return false;
}
if (array_diff($this->roles, $user->getRoles())) {
return false;
}
if (array_diff($user->getRoles(), $this->roles)) {
return false;
}
return true;
}
/**
* @param \Symfony\Component\Security\Core\User\UserInterface $user
*/
function it_should_create_an_authentication_token_with_the_domain_name($user)
{
$user->getUsername()->shouldBeCalled()->willReturn('foo');
$user->getRoles()->shouldBeCalled()->willReturn(['USER']);
$this->connection->execute(new AuthenticationOperation('foo', 'bar'))->shouldBeCalled()->willReturn(new AuthenticationResponse(true));
$this->checkCredentials(['username' => 'foo', 'password' => 'bar', 'domain' => ''], $user);
$this->createAuthenticatedToken($user, 'foo')->shouldReturnAnInstanceOf('Symfony\\Component\\Security\\Guard\\Token\\PostAuthenticationGuardToken');
$this->createAuthenticatedToken($user, 'foo')->getAttribute('ldap_domain')->shouldEqual('foo.bar');
}
/**
* Get the role values (rather than the clumsy SfRole objects) for the
* provided user object.
*
* @param SfSecurityUserInterface $user
* @return array
*/
protected function getUserRoleValues(SfSecurityUserInterface $user)
{
$roles = [];
foreach ($user->getRoles() as $role) {
if ($role instanceof SfRole) {
$role = $role->getRole();
}
$roles[] = $role;
}
return $roles;
}
/**
* @param UserInterface $user
* @param ContainerInterface $container
*/
private function authenticateUser(UserInterface $user, ContainerInterface $container)
{
$providerKey = 'thruway';
$token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
//Use the controller's container to set the token
// This is deprecated in 2.6. we are leaving security.context for BC
$container->get('security.context')->setToken($token);
// This is what it should look like in 2.6+
//$container->get('security.token_storage')->setToken($token);
}
/**
* Shortcut to create a PostAuthenticationGuardToken for you, if you don't really
* care about which authenticated token you're using.
*
* @param UserInterface $user
* @param string $providerKey
*
* @return PostAuthenticationGuardToken
*/
public function createAuthenticatedToken(UserInterface $user, $providerKey)
{
return new PostAuthenticationGuardToken($user, $providerKey, $user->getRoles());
}
/**
* @param UserInterface $user
* @param string $providerKey
*
* @return UsernamePasswordToken
*/
public function createAuthenticatedToken(UserInterface $user, $providerKey)
{
return new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
}
/**
* Returns an array with the roles of the given user turned into Role objects,
* which are needed by methods such as getReachableRoles().
*
* @param UserInterface $user
*
* @return RoleInterface[]
*/
private function getUserRolesAsObjects(UserInterface $user)
{
$userRoles = array();
foreach ($user->getRoles() as $userRole) {
$userRoles[] = $userRole instanceof Role ? $userRole : new Role($userRole);
}
return $userRoles;
}
/**
* When the user signed up successfully
*
* @param UserInterface $user
*
* @return UserInterface
*/
public function postSignup(UserInterface $user)
{
// Set the user session
$token = new UsernamePasswordToken($user, null, "main", $user->getRoles());
$this->container->get("security.context")->setToken($token);
// Dispatch the login event
$request = $this->container->get("request");
$event = new InteractiveLoginEvent($request, $token);
$this->container->get("event_dispatcher")->dispatch("security.interactive_login", $event);
return $user;
}
/**
* Authenticate a token according to the user provided without any password encoders.
*
* @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
* @param \Symfony\Component\Security\Core\User\UserInterface $user
*
* @return boolean|\BackBee\Security\Token\UsernamePasswordToken
*/
private function authenticateWithoutEncoder(TokenInterface $token, UserInterface $user)
{
if (null !== $user->getSalt() && call_user_func($user->getSalt(), $token->getCredentials()) === $user->getPassword()) {
return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles());
} elseif ($token->getCredentials() === $user->getPassword()) {
return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles());
} else {
return false;
}
}
/**
* {@inheritdoc}
*/
public function isEqualTo(UserInterface $user)
{
if ($this->getPassword() !== $user->getPassword()) {
return false;
}
$currentRoles = array_map('strval', $this->getRoles());
$passedRoles = array_map('strval', $user->getRoles());
sort($currentRoles);
sort($passedRoles);
if ($currentRoles !== $passedRoles) {
return false;
}
return true;
}
