/**
  * Login a user using a username and password
  * to bind against an LDAP server
  * @param Request $request
  *
  * @return JsonResponse
  */
 public function login(Request $request)
 {
     $username = $request->request->get('username');
     $password = $request->request->get('password');
     $code = JsonResponse::HTTP_OK;
     $errors = [];
     if (!$username) {
         $errors[] = 'missingUsername';
         $code = JsonResponse::HTTP_BAD_REQUEST;
     }
     if (!$password) {
         $errors[] = 'missingPassword';
         $code = JsonResponse::HTTP_BAD_REQUEST;
     }
     if ($username && $password) {
         $authEntity = $this->authManager->findAuthenticationByUsername($username);
         if ($authEntity) {
             $user = $authEntity->getUser();
             if ($user->isEnabled()) {
                 $passwordValid = $this->checkLdapPassword($username, $password);
                 if ($passwordValid) {
                     $jwt = $this->jwtManager->createJwtFromUser($user);
                     return $this->createSuccessResponseFromJWT($jwt);
                 }
             }
         }
         $errors[] = 'badCredentials';
         $code = JsonResponse::HTTP_UNAUTHORIZED;
     }
     return new JsonResponse(array('status' => 'error', 'errors' => $errors, 'jwt' => null), $code);
 }
Exemple #2
0
 /**
  * Login a user using a username and password
  * @param Request $request
  *
  * @return JsonResponse
  */
 public function login(Request $request)
 {
     $username = $request->request->get('username');
     $password = $request->request->get('password');
     $errors = [];
     if (!$username) {
         $errors[] = 'missingUsername';
     }
     if (!$password) {
         $errors[] = 'missingPassword';
     }
     if ($username && $password) {
         $authEntity = $this->authManager->findAuthenticationByUsername($username);
         if ($authEntity) {
             $user = $authEntity->getUser();
             $passwordValid = $this->encoder->isPasswordValid($user, $password);
             if ($passwordValid) {
                 $this->updateLegacyPassword($authEntity, $password);
                 $jwt = $this->jwtManager->createJwtFromUser($user);
                 return $this->createSuccessResponseFromJWT($jwt);
             }
         }
         $errors[] = 'badCredentials';
     }
     return new JsonResponse(array('status' => 'error', 'errors' => $errors, 'jwt' => null), JsonResponse::HTTP_BAD_REQUEST);
 }
 public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
 {
     if (!$userProvider instanceof EntityUserProvider) {
         throw new \InvalidArgumentException(sprintf('The user provider must be an instance of EntityUserProvider (%s was given).', get_class($userProvider)));
     }
     try {
         $jwt = $token->getCredentials();
         $username = $this->jwtManager->getUserIdFromToken($jwt);
         $issuedAt = $this->jwtManager->getIssuedAtFromToken($jwt);
     } catch (\UnexpectedValueException $e) {
         throw new BadCredentialsException('Invalid JSON Web Token: ' . $e->getMessage());
     } catch (\Exception $e) {
         throw new BadCredentialsException('Invalid JSON Web Token');
     }
     $user = $userProvider->loadUserByUsername($username);
     $authentication = $user->getAuthentication();
     if ($authentication) {
         $tokenNotValidBefore = $authentication->getInvalidateTokenIssuedBefore();
         if ($tokenNotValidBefore) {
             if ($tokenNotValidBefore > $issuedAt) {
                 throw new BadCredentialsException('Invalid JSON Web Token: Not issued before ' . $tokenNotValidBefore->format('c'));
             }
         }
     }
     $authenticatedToken = new PreAuthenticatedToken($user, $jwt, $providerKey);
     $authenticatedToken->setAuthenticated(true);
     return $authenticatedToken;
 }
 public function testCreateJwtFromUserWhichExpiresAfterMaximumTime()
 {
     $user = m::mock('Ilios\\CoreBundle\\Entity\\UserInterface')->shouldReceive('getId')->andReturn(42)->mock();
     $obj = new JsonWebTokenManager('secret');
     $jwt = $obj->createJwtFromUser($user, 'P400D');
     $now = new DateTime();
     $expiresAt = $obj->getExpiresAtFromToken($jwt);
     $this->assertTrue($now->diff($expiresAt)->d < 365);
 }
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $userId = $input->getArgument('userId');
     $user = $this->userManager->findUserBy(['id' => $userId]);
     if (!$user) {
         throw new \Exception("No user with id #{$userId} was found.");
     }
     $jwt = $this->jwtManager->createJwtFromUser($user, $input->getOption('ttl'));
     $output->writeln('Success!');
     $output->writeln('Token: ' . $jwt);
 }
 /**
  * Authenticate a user from shibboleth
  *
  * If the user is not yet logged in send a redirect Request
  * If the user is logged in, but no account exists send an error
  * If the user is authenticated send a JWT
  * @param Request $request
  *
  * @throws \Exception when the shibboleth attributes do not contain a value for the configured user id attribute
  * @return JsonResponse
  */
 public function login(Request $request)
 {
     $applicationId = $request->server->get('Shib-Application-ID');
     if (!$applicationId) {
         return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
     }
     $userId = $request->server->get($this->userIdAttribute);
     if (!$userId) {
         $msg = "No '{$this->userIdAttribute}' found for authenticated user.";
         $logVars = [];
         $shibProperties = ['Shib-Session-ID', 'Shib-Authentication-Instant', 'Shib-Authentication-Method', 'Shib-Session-Index'];
         foreach ($shibProperties as $key) {
             $logVars[$key] = $request->server->get($key);
         }
         $logVars['HTTP_REFERER'] = $request->server->get('HTTP_REFERER');
         $logVars['REMOTE_ADDR'] = $request->server->get('REMOTE_ADDR');
         $this->logger->error($msg, ['server variables' => var_export($logVars, true)]);
         throw new \Exception($msg);
     }
     /* @var \Ilios\CoreBundle\Entity\AuthenticationInterface $authEntity */
     $authEntity = $this->authManager->findOneBy(array('username' => $userId));
     if ($authEntity) {
         $user = $authEntity->getUser();
         if ($user->isEnabled()) {
             $jwt = $this->jwtManager->createJwtFromUser($user);
             return $this->createSuccessResponseFromJWT($jwt);
         }
     }
     return new JsonResponse(array('status' => 'noAccountExists', 'userId' => $userId, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
 }
 /**
  * Authenticate a user from shibboleth
  *
  * If the user is not yet logged in send a redirect Request
  * If the user is logged in, but no account exists send an error
  * If the user is authenticated send a JWT
  * @param Request $request
  *
  * @throws \Exception when the shibboleth attributes do not contain an eppn
  * @return JsonResponse
  */
 public function login(Request $request)
 {
     $applicationId = $request->server->get('Shib-Application-ID');
     if (!$applicationId) {
         return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
     }
     $eppn = $request->server->get('eppn');
     if (!$eppn) {
         $msg = "No 'eppn' found for authenticated user.";
         $this->logger->error($msg, ['server vars' => var_export($_SERVER, true)]);
         throw new \Exception($msg);
     }
     $authEntity = $this->authManager->findAuthenticationBy(array('username' => $eppn));
     if (!$authEntity) {
         return new JsonResponse(array('status' => 'noAccountExists', 'eppn' => $eppn, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_BAD_REQUEST);
     }
     $jwt = $this->jwtManager->createJwtFromUser($authEntity->getUser());
     return $this->createSuccessResponseFromJWT($jwt);
 }
 /**
  * Authenticate a user from shibboleth
  *
  * If the user is not yet logged in send a redirect Request
  * If the user is logged in, but no account exists send an error
  * If the user is authenticated send a JWT
  * @param Request $request
  *
  * @throws \Exception when the shibboleth attributes do not contain a value for the configured user id attribute
  * @return JsonResponse
  */
 public function login(Request $request)
 {
     $service = $request->query->get('service');
     $ticket = $request->query->get('ticket');
     if (!$ticket) {
         return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
     }
     $userId = $this->casManager->getUserId($service, $ticket);
     if (!$userId) {
         $msg = "No user found for authenticated user.";
         $this->logger->error($msg, ['server vars' => var_export($_SERVER, true)]);
         throw new \Exception($msg);
     }
     /* @var \Ilios\CoreBundle\Entity\AuthenticationInterface $authEntity */
     $authEntity = $this->authManager->findOneBy(array('username' => $userId));
     if ($authEntity) {
         $user = $authEntity->getUser();
         if ($user->isEnabled()) {
             $jwt = $this->jwtManager->createJwtFromUser($user);
             return $this->createSuccessResponseFromJWT($jwt);
         }
     }
     return new JsonResponse(array('status' => 'noAccountExists', 'userId' => $userId, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
 }