public function testSupportsShouldReturnTrueForOAuthToken()
{
$this->resourceOwnerMap->expects($this->once())->method('hasResourceOwnerByName')->with($this->equalTo('google'))->will($this->returnValue(true));
$token = new HWIOauthToken('token');
$token->setResourceOwnerName('google');
$this->assertTrue($this->oauthProvider->supports($token));
}
/**
* {@inheritDoc}
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return;
}
/* @var OAuthToken $token */
$resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
$userResponse = $resourceOwner->getUserInformation($token->getRawToken());
try {
$user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
} catch (OAuthAwareExceptionInterface $e) {
$e->setToken($token);
$e->setResourceOwnerName($token->getResourceOwnerName());
throw $e;
}
if (!$user instanceof UserInterface) {
throw new AuthenticationServiceException('loadUserByOAuthUserResponse() must return a UserInterface.');
}
$this->userChecker->checkPreAuth($user);
$this->userChecker->checkPostAuth($user);
$token = new OAuthToken($token->getRawToken(), $user->getRoles());
$token->setResourceOwnerName($resourceOwner->getName());
$token->setUser($user);
$token->setAuthenticated(true);
return $token;
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
$accessToken = $resourceOwner->getAccessToken($request->query->get('code'), $this->httpUtils->createRequest($request, $checkPath)->getUri());
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
public function testSerializationOfOAuth1Token()
{
$oauth1Token = new OAuthToken(array('oauth_token' => 'oauth1_access_token', 'oauth_token_secret' => 'oauth1_token_secret'), array('ROLE_TEST'));
$oauth1Token->setResourceOwnerName('twitter');
$oauth1Token = unserialize(serialize($oauth1Token));
$this->assertEquals('oauth1_access_token', $oauth1Token->getAccessToken());
$this->assertEquals('oauth1_token_secret', $oauth1Token->getTokenSecret());
$this->assertEquals('twitter', $oauth1Token->getResourceOwnerName());
}
public function testSupportsOAuthToken()
{
$resourceOwnerMapMock = $this->getResourceOwnerMapMock();
$resourceOwnerMapMock->expects($this->once())->method('hasResourceOwnerByName')->with($this->equalTo('owner'))->will($this->returnValue(true));
$oauthProvider = new OAuthProvider($this->getOAuthAwareUserProviderMock(), $resourceOwnerMapMock, $this->getUserCheckerMock());
$token = new OAuthToken('');
$token->setResourceOwnerName('owner');
$this->assertTrue($oauthProvider->supports($token));
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
$this->handleOAuthError($request);
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
if (!$resourceOwner->handles($request)) {
throw new AuthenticationException('No oauth code in the request.');
}
$accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri());
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
if (!$resourceOwner->handles($request)) {
// Can't use AuthenticationException below, as it leads to infinity loop
throw new \RuntimeException('No oauth code in the request.');
}
$accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri());
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
/**
* {@inheritDoc}
*/
public function authenticate(TokenInterface $token)
{
$resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
$userResponse = $resourceOwner->getUserInformation($token->getAccessToken());
try {
$user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
} catch (OAuthAwareExceptionInterface $e) {
$e->setAccessToken($token->getAccessToken());
$e->setResourceOwnerName($token->getResourceOwnerName());
throw $e;
}
$token = new OAuthToken($token->getAccessToken(), $user->getRoles());
$token->setResourceOwnerName($resourceOwner->getName());
$token->setUser($user);
$token->setAuthenticated(true);
return $token;
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
$this->handleOAuthError($request);
/* @var ResourceOwnerInterface $resourceOwner */
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
if (!$resourceOwner) {
throw new AuthenticationException('No resource owner match the request.');
}
if (!$resourceOwner->handles($request)) {
throw new AuthenticationException('No oauth code in the request.');
}
// If resource owner supports only one url authentication, call redirect
if ($request->query->has('authenticated') && $resourceOwner->getOption('auth_with_one_url')) {
$request->attributes->set('service', $resourceOwner->getName());
return new RedirectResponse(sprintf('%s?code=%s&authenticated=true', $this->httpUtils->generateUri($request, 'hwi_oauth_connect_service'), $request->query->get('code')));
}
$resourceOwner->isCsrfTokenValid($request->get('state'));
$accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri());
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
/**
* Authenticate a user with Symfony Security
*
* @param Request $request
* @param UserInterface $user
* @param string $resourceOwnerName
* @param string $accessToken
* @param boolean $fakeLogin
*/
protected function authenticateUser(Request $request, UserInterface $user, $resourceOwnerName, $accessToken, $fakeLogin = true)
{
try {
$this->container->get('hwi_oauth.user_checker')->checkPostAuth($user);
} catch (AccountStatusException $e) {
// Don't authenticate locked, disabled or expired users
return;
}
$token = new OAuthToken($accessToken, $user->getRoles());
$token->setResourceOwnerName($resourceOwnerName);
$token->setUser($user);
$token->setAuthenticated(true);
$this->container->get('security.context')->setToken($token);
if ($fakeLogin) {
// Since we're "faking" normal login, we need to throw our INTERACTIVE_LOGIN event manually
$this->container->get('event_dispatcher')->dispatch(SecurityEvents::INTERACTIVE_LOGIN, new InteractiveLoginEvent($request, $token));
}
}
public function testGetSetResourceOwnerName()
{
$this->token->setResourceOwnerName('github');
$this->assertEquals('github', $this->token->getResourceOwnerName());
}
