/**
* Login a user using a username and password
* to bind against an LDAP server
* @param Request $request
*
* @return JsonResponse
*/
public function login(Request $request)
{
$username = $request->request->get('username');
$password = $request->request->get('password');
$code = JsonResponse::HTTP_OK;
$errors = [];
if (!$username) {
$errors[] = 'missingUsername';
$code = JsonResponse::HTTP_BAD_REQUEST;
}
if (!$password) {
$errors[] = 'missingPassword';
$code = JsonResponse::HTTP_BAD_REQUEST;
}
if ($username && $password) {
$authEntity = $this->authManager->findAuthenticationByUsername($username);
if ($authEntity) {
$user = $authEntity->getUser();
if ($user->isEnabled()) {
$passwordValid = $this->checkLdapPassword($username, $password);
if ($passwordValid) {
$jwt = $this->jwtManager->createJwtFromUser($user);
return $this->createSuccessResponseFromJWT($jwt);
}
}
}
$errors[] = 'badCredentials';
$code = JsonResponse::HTTP_UNAUTHORIZED;
}
return new JsonResponse(array('status' => 'error', 'errors' => $errors, 'jwt' => null), $code);
}
/**
* Login a user using a username and password
* @param Request $request
*
* @return JsonResponse
*/
public function login(Request $request)
{
$username = $request->request->get('username');
$password = $request->request->get('password');
$errors = [];
if (!$username) {
$errors[] = 'missingUsername';
}
if (!$password) {
$errors[] = 'missingPassword';
}
if ($username && $password) {
$authEntity = $this->authManager->findAuthenticationByUsername($username);
if ($authEntity) {
$user = $authEntity->getUser();
$passwordValid = $this->encoder->isPasswordValid($user, $password);
if ($passwordValid) {
$this->updateLegacyPassword($authEntity, $password);
$jwt = $this->jwtManager->createJwtFromUser($user);
return $this->createSuccessResponseFromJWT($jwt);
}
}
$errors[] = 'badCredentials';
}
return new JsonResponse(array('status' => 'error', 'errors' => $errors, 'jwt' => null), JsonResponse::HTTP_BAD_REQUEST);
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
if (!$userProvider instanceof EntityUserProvider) {
throw new \InvalidArgumentException(sprintf('The user provider must be an instance of EntityUserProvider (%s was given).', get_class($userProvider)));
}
try {
$jwt = $token->getCredentials();
$username = $this->jwtManager->getUserIdFromToken($jwt);
$issuedAt = $this->jwtManager->getIssuedAtFromToken($jwt);
} catch (\UnexpectedValueException $e) {
throw new BadCredentialsException('Invalid JSON Web Token: ' . $e->getMessage());
} catch (\Exception $e) {
throw new BadCredentialsException('Invalid JSON Web Token');
}
$user = $userProvider->loadUserByUsername($username);
$authentication = $user->getAuthentication();
if ($authentication) {
$tokenNotValidBefore = $authentication->getInvalidateTokenIssuedBefore();
if ($tokenNotValidBefore) {
if ($tokenNotValidBefore > $issuedAt) {
throw new BadCredentialsException('Invalid JSON Web Token: Not issued before ' . $tokenNotValidBefore->format('c'));
}
}
}
$authenticatedToken = new PreAuthenticatedToken($user, $jwt, $providerKey);
$authenticatedToken->setAuthenticated(true);
return $authenticatedToken;
}
public function testCreateJwtFromUserWhichExpiresAfterMaximumTime()
{
$user = m::mock('Ilios\\CoreBundle\\Entity\\UserInterface')->shouldReceive('getId')->andReturn(42)->mock();
$obj = new JsonWebTokenManager('secret');
$jwt = $obj->createJwtFromUser($user, 'P400D');
$now = new DateTime();
$expiresAt = $obj->getExpiresAtFromToken($jwt);
$this->assertTrue($now->diff($expiresAt)->d < 365);
}
/**
* {@inheritdoc}
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$userId = $input->getArgument('userId');
$user = $this->userManager->findUserBy(['id' => $userId]);
if (!$user) {
throw new \Exception("No user with id #{$userId} was found.");
}
$jwt = $this->jwtManager->createJwtFromUser($user, $input->getOption('ttl'));
$output->writeln('Success!');
$output->writeln('Token: ' . $jwt);
}
/**
* Authenticate a user from shibboleth
*
* If the user is not yet logged in send a redirect Request
* If the user is logged in, but no account exists send an error
* If the user is authenticated send a JWT
* @param Request $request
*
* @throws \Exception when the shibboleth attributes do not contain a value for the configured user id attribute
* @return JsonResponse
*/
public function login(Request $request)
{
$applicationId = $request->server->get('Shib-Application-ID');
if (!$applicationId) {
return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
}
$userId = $request->server->get($this->userIdAttribute);
if (!$userId) {
$msg = "No '{$this->userIdAttribute}' found for authenticated user.";
$logVars = [];
$shibProperties = ['Shib-Session-ID', 'Shib-Authentication-Instant', 'Shib-Authentication-Method', 'Shib-Session-Index'];
foreach ($shibProperties as $key) {
$logVars[$key] = $request->server->get($key);
}
$logVars['HTTP_REFERER'] = $request->server->get('HTTP_REFERER');
$logVars['REMOTE_ADDR'] = $request->server->get('REMOTE_ADDR');
$this->logger->error($msg, ['server variables' => var_export($logVars, true)]);
throw new \Exception($msg);
}
/* @var \Ilios\CoreBundle\Entity\AuthenticationInterface $authEntity */
$authEntity = $this->authManager->findOneBy(array('username' => $userId));
if ($authEntity) {
$user = $authEntity->getUser();
if ($user->isEnabled()) {
$jwt = $this->jwtManager->createJwtFromUser($user);
return $this->createSuccessResponseFromJWT($jwt);
}
}
return new JsonResponse(array('status' => 'noAccountExists', 'userId' => $userId, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
}
/**
* Authenticate a user from shibboleth
*
* If the user is not yet logged in send a redirect Request
* If the user is logged in, but no account exists send an error
* If the user is authenticated send a JWT
* @param Request $request
*
* @throws \Exception when the shibboleth attributes do not contain an eppn
* @return JsonResponse
*/
public function login(Request $request)
{
$applicationId = $request->server->get('Shib-Application-ID');
if (!$applicationId) {
return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
}
$eppn = $request->server->get('eppn');
if (!$eppn) {
$msg = "No 'eppn' found for authenticated user.";
$this->logger->error($msg, ['server vars' => var_export($_SERVER, true)]);
throw new \Exception($msg);
}
$authEntity = $this->authManager->findAuthenticationBy(array('username' => $eppn));
if (!$authEntity) {
return new JsonResponse(array('status' => 'noAccountExists', 'eppn' => $eppn, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_BAD_REQUEST);
}
$jwt = $this->jwtManager->createJwtFromUser($authEntity->getUser());
return $this->createSuccessResponseFromJWT($jwt);
}
/**
* Authenticate a user from shibboleth
*
* If the user is not yet logged in send a redirect Request
* If the user is logged in, but no account exists send an error
* If the user is authenticated send a JWT
* @param Request $request
*
* @throws \Exception when the shibboleth attributes do not contain a value for the configured user id attribute
* @return JsonResponse
*/
public function login(Request $request)
{
$service = $request->query->get('service');
$ticket = $request->query->get('ticket');
if (!$ticket) {
return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
}
$userId = $this->casManager->getUserId($service, $ticket);
if (!$userId) {
$msg = "No user found for authenticated user.";
$this->logger->error($msg, ['server vars' => var_export($_SERVER, true)]);
throw new \Exception($msg);
}
/* @var \Ilios\CoreBundle\Entity\AuthenticationInterface $authEntity */
$authEntity = $this->authManager->findOneBy(array('username' => $userId));
if ($authEntity) {
$user = $authEntity->getUser();
if ($user->isEnabled()) {
$jwt = $this->jwtManager->createJwtFromUser($user);
return $this->createSuccessResponseFromJWT($jwt);
}
}
return new JsonResponse(array('status' => 'noAccountExists', 'userId' => $userId, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
}
