public function getAuthenticateFromChallenge(ChallengeMessage $msg) { echo "Got challenge:\n"; echo $msg->getSerializedMessage(); echo "\n"; if (!in_array($msg->getAuthMethod(), $this->getAuthMethods())) { //throw new \Exception("method isn't in methods"); return false; } if (!is_array($msg->getDetails())) { echo "No details sent with challenge.\n"; return false; } $challenge = ''; if (isset($msg->getDetails()['challenge'])) { $challenge = $msg->getDetails()['challenge']; } else { echo "No challenge for wampcra?\n"; return false; } $keyToUse = $this->key; if (isset($msg->getDetails()['salt'])) { // we need a salted key $salt = $msg->getDetails()['salt']; $keyLen = 32; if (isset($msg->getDetails()['keylen'])) { if (is_numeric($msg->getDetails()['keylen'])) { $keyLen = $msg->getDetails()['keylen']; } else { echo "keylen is not numeric.\n"; } } $iterations = 1000; if (isset($msg->getDetails()['iterations'])) { if (is_numeric($msg->getDetails()['iterations'])) { $iterations = $msg->getDetails()['iterations']; } else { echo "iterations is not numeric.\n"; } } $keyToUse = $this->getDerivedKey($this->key, $salt, $iterations, $keyLen); } $token = base64_encode(hash_hmac('sha256', $challenge, $keyToUse, true)); $authMessage = new AuthenticateMessage($token); echo "returning: " . $authMessage->getSerializedMessage() . "\n"; return $authMessage; }
/** * Call the handler that was registered to handle the Authenticate Message * * @param $authMethod * @param $authMethodInfo * @param Realm $realm * @param Session $session * @param AuthenticateMessage $msg */ private function onAuthenticateHandler($authMethod, $authMethodInfo, Realm $realm, Session $session, AuthenticateMessage $msg) { $onAuthenticateSuccess = function ($res) use($realm, $session) { if (count($res) < 1) { $session->abort(new \stdClass(), "thruway.error.authentication_failure"); return; } // we should figure out a way to have the router send the welcome // message so that the roles and extras that go along with it can be // filled in if ($res[0] == "SUCCESS") { $welcomeDetails = new \stdClass(); if (isset($res[1]->authid)) { $session->getAuthenticationDetails()->setAuthId($res[1]->authid); } else { $session->getAuthenticationDetails()->setAuthId('authenticated_user'); } $authRole = 'authenticated_user'; $session->getAuthenticationDetails()->addAuthRole($authRole); if (isset($res[1]->authroles)) { $session->getAuthenticationDetails()->addAuthRole($res[1]->authroles); } if (isset($res[1]->authrole)) { $session->getAuthenticationDetails()->addAuthRole($res[1]->authrole); } if (isset($res[1]->_thruway_authextra)) { $session->getAuthenticationDetails()->setAuthExtra($res[1]->_thruway_authextra); } if (isset($res[1]) && is_object($res[1])) { $res[1]->authrole = $session->getAuthenticationDetails()->getAuthRole(); $res[1]->authroles = $session->getAuthenticationDetails()->getAuthRoles(); $res[1]->authid = $session->getAuthenticationDetails()->getAuthId(); foreach ($res[1] as $k => $v) { $welcomeDetails->{$k} = $v; } } $session->setAuthenticated(true); $session->sendMessage(new WelcomeMessage($session->getSessionId(), $welcomeDetails)); } else { $session->abort(new \stdClass(), "thruway.error.authentication_failure"); } }; $onAuthenticateError = function () use($session) { Logger::error($this, "onauthenticate rejected the promise"); $session->abort("thruway.error.unknown"); }; $extra = new \stdClass(); $extra->challenge_details = $session->getAuthenticationDetails()->getChallengeDetails(); $arguments = new \stdClass(); $arguments->extra = $extra; $arguments->authid = $session->getAuthenticationDetails()->getAuthId(); $arguments->challenge = $session->getAuthenticationDetails()->getChallenge(); $arguments->signature = $msg->getSignature(); $arguments->authmethod = $authMethod; $arguments->hello_message = $session->getHelloMessage(); // now we send our authenticate information to the RPC $onAuthenticateHandler = $authMethodInfo['handlers']->onauthenticate; $this->session->call($onAuthenticateHandler, [$arguments])->then($onAuthenticateSuccess, $onAuthenticateError); }
/** * Handle Authenticate message * * @param \Thruway\Realm $realm * @param \Thruway\Session $session * @param \Thruway\Message\AuthenticateMessage $msg * @throws \Exception */ public function handleAuthenticateMessage(Realm $realm, Session $session, AuthenticateMessage $msg) { if ($session->getAuthenticationDetails() === null) { throw new \Exception('Authenticate with no previous auth details'); } $authMethod = $session->getAuthenticationDetails()->getAuthMethod(); // find the auth method foreach ($this->authMethods as $am => $authMethodInfo) { if ($authMethod == $am) { // found it // now we send our authenticate information to the RPC $this->getCaller()->call($this->session, $authMethodInfo['handlers']['onauthenticate'], ['authmethod' => $authMethod, 'challenge' => $session->getAuthenticationDetails()->getChallenge(), 'extra' => ['challenge_details' => $session->getAuthenticationDetails()->getChallengeDetails()], 'signature' => $msg->getSignature(), 'authid' => $session->getAuthenticationDetails()->getAuthId()])->then(function ($res) use($session) { // if (!is_array($res)) { // return; // } if (count($res) < 1) { return; } // we should figure out a way to have the router send the welcome // message so that the roles and extras that go along with it can be // filled in if ($res[0] == "SUCCESS") { $welcomeDetails = ["roles" => []]; if (isset($res[1]) && isset($res[1]['authid'])) { $session->getAuthenticationDetails()->setAuthId($res[1]['authid']); } else { $session->getAuthenticationDetails()->setAuthId('authenticated_user'); $res[1]['authid'] = $session->getAuthenticationDetails()->getAuthId(); } $authRole = 'authenticated_user'; $session->getAuthenticationDetails()->addAuthRole($authRole); if (isset($res[1]) && isset($res[1]['authroles'])) { $session->getAuthenticationDetails()->addAuthRole($res[1]['authroles']); $authRole = $session->getAuthenticationDetails()->getAuthRole(); } if (isset($res[1]) && isset($res[1]['authrole'])) { $session->getAuthenticationDetails()->addAuthRole($res[1]['authrole']); } if (isset($res[1])) { $res[1]['authrole'] = $session->getAuthenticationDetails()->getAuthRole(); $res[1]['authroles'] = $session->getAuthenticationDetails()->getAuthRoles(); $res[1]['authid'] = $session->getAuthenticationDetails()->getAuthId(); if (is_array($res[1])) { $welcomeDetails = array_merge($welcomeDetails, $res[1]); } } $session->setAuthenticated(true); $session->sendMessage(new WelcomeMessage($session->getSessionId(), $welcomeDetails)); } else { $session->abort(new \stdClass(), "bad.login"); } }, function () use($session) { Logger::error($this, "onauthenticate rejected the promise"); $session->abort("thruway.error.unknown"); }); } } }