/**
* {@inheritDoc}
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return;
}
/* @var OAuthToken $token */
$resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
$userResponse = $resourceOwner->getUserInformation($token->getRawToken());
try {
$user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
} catch (OAuthAwareExceptionInterface $e) {
$e->setToken($token);
$e->setResourceOwnerName($token->getResourceOwnerName());
throw $e;
}
if (!$user instanceof UserInterface) {
throw new AuthenticationServiceException('loadUserByOAuthUserResponse() must return a UserInterface.');
}
try {
$this->userChecker->checkPreAuth($user);
$this->userChecker->checkPostAuth($user);
} catch (BadCredentialsException $e) {
if ($this->hideUserNotFoundExceptions) {
throw new BadCredentialsException('Bad credentials', 0, $e);
}
throw $e;
}
$token = new OAuthToken($token->getRawToken(), $user->getRoles());
$token->setResourceOwnerName($resourceOwner->getName());
$token->setUser($user);
$token->setAuthenticated(true);
return $token;
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
$this->handleOAuthError($request);
/* @var ResourceOwnerInterface $resourceOwner */
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
if (!$resourceOwner) {
throw new AuthenticationException('No resource owner match the request.');
}
if (!$resourceOwner->handles($request)) {
throw new AuthenticationException('No oauth code in the request.');
}
// If resource owner supports only one url authentication, call redirect
if ($request->query->has('authenticated') && $resourceOwner->getOption('auth_with_one_url')) {
$request->attributes->set('service', $resourceOwner->getName());
return new RedirectResponse(sprintf('%s?code=%s&authenticated=true', $this->httpUtils->generateUri($request, 'hwi_oauth_connect_service'), $request->query->get('code')));
}
$resourceOwner->isCsrfTokenValid($request->get('state'));
try {
$accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri());
} catch (HttpTransportException $e) {
throw new AuthenticationException('Cannot retrieve access token.');
}
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
$accessToken = $resourceOwner->getAccessToken($request->query->get('code'), $this->httpUtils->createRequest($request, $checkPath)->getUri());
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
$this->handleOAuthError($request);
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
if (!$resourceOwner->handles($request)) {
throw new AuthenticationException('No oauth code in the request.');
}
$accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri());
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
/**
* {@inheritDoc}
*/
protected function attemptAuthentication(Request $request)
{
list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request);
if (!$resourceOwner->handles($request)) {
// Can't use AuthenticationException below, as it leads to infinity loop
throw new \RuntimeException('No oauth code in the request.');
}
$accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri());
$token = new OAuthToken($accessToken);
$token->setResourceOwnerName($resourceOwner->getName());
return $this->authenticationManager->authenticate($token);
}
/**
* {@inheritDoc}
*/
public function authenticate(TokenInterface $token)
{
$resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
$userResponse = $resourceOwner->getUserInformation($token->getCredentials());
try {
$user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
} catch (OAuthAwareExceptionInterface $e) {
$e->setAccessToken($token->getCredentials());
$e->setResourceOwnerName($token->getResourceOwnerName());
throw $e;
}
$token = new OAuthToken($token->getCredentials(), $user->getRoles());
$token->setUser($user);
$token->setAuthenticated(true);
return $token;
}
/**
* @param string $name
*
* @return ResourceOwnerInterface
*
* @throws \RuntimeException
*/
protected function getResourceOwner($name)
{
$resourceOwner = $this->ownerMap->getResourceOwnerByName($name);
if (!$resourceOwner instanceof ResourceOwnerInterface) {
throw new \RuntimeException(sprintf("No resource owner with name '%s'.", $name));
}
return $resourceOwner;
}
/**
* {@inheritDoc}
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return null;
}
/* @var OAuthToken $token */
$resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
if ($token->getUser()) {
$user = $this->userProvider->refreshUser($token->getUser());
} else {
try {
$userResponse = $resourceOwner->getUserInformation($token->getRawToken());
} catch (HttpTransportException $e) {
$token = new AnonymousToken($token->getRawToken(), 'anon.');
$token->setAuthenticated(true);
return $token;
} catch (RequestException $e) {
$token = new AnonymousToken($token->getRawToken(), 'anon.');
$token->setAuthenticated(true);
return $token;
}
try {
$user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
} catch (OAuthAwareExceptionInterface $e) {
$e->setToken($token);
$e->setResourceOwnerName($token->getResourceOwnerName());
throw $e;
}
}
if (!$user instanceof UserInterface) {
throw new AuthenticationServiceException('loadUserByOAuthUserResponse() must return a UserInterface.');
}
try {
$this->userChecker->checkPreAuth($user);
$this->userChecker->checkPostAuth($user);
} catch (BadCredentialsException $e) {
throw $e;
}
$token = new OAuthToken($token->getRawToken(), $user->getRoles());
$token->setResourceOwnerName($resourceOwner->getName());
$token->setUser($user);
$token->setAuthenticated(true);
return $token;
}
/**
* Attempts to authenticate a TokenInterface object.
*
* @param OAuthToken $token The TokenInterface instance to authenticate
*
* @return TokenInterface An authenticated TokenInterface instance, never null
*
* @throws AuthenticationException if the authentication fails
*/
public function authenticate(TokenInterface $token)
{
$resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
try {
$userResponse = $resourceOwner->getUserInformation($token->getRawToken());
$user = $this->userProvider->loadUserByOAuthUserResponse($userResponse);
} catch (OAuthAwareExceptionInterface $e) {
$e->setToken($token);
$e->setResourceOwnerName($token->getResourceOwnerName());
throw $e;
}
$organization = $this->guessOrganization($user, $token);
$token = new OAuthToken($token->getRawToken(), $user->getRoles());
$token->setResourceOwnerName($resourceOwner->getName());
$token->setOrganizationContext($organization);
$token->setUser($user);
$token->setAuthenticated(true);
$this->userChecker->checkPostAuth($user);
return $token;
}
public function testTokenShouldBeAuthenticated()
{
$this->oauthProvider->setTokenFactory($this->tokenFactory);
$token = new OAuthToken('token');
$token->setResourceOwnerName('google');
$organization = new Organization();
$organization->setEnabled(true);
$token->setOrganizationContext($organization);
$userResponse = $this->getMock('HWI\\Bundle\\OAuthBundle\\OAuth\\Response\\UserResponseInterface');
$resourceOwner = $this->getMock('HWI\\Bundle\\OAuthBundle\\OAuth\\ResourceOwnerInterface');
$resourceOwner->expects($this->any())->method('getName')->will($this->returnValue('google'));
$resourceOwner->expects($this->any())->method('getUserInformation')->will($this->returnValue($userResponse));
$this->resourceOwnerMap->expects($this->any())->method('getResourceOwnerByName')->will($this->returnValue($resourceOwner));
$user = new User();
$user->addOrganization($organization);
$this->userProvider->expects($this->any())->method('loadUserByOAuthUserResponse')->with($userResponse)->will($this->returnValue($user));
$resultToken = $this->oauthProvider->authenticate($token);
$this->assertInstanceOf('Oro\\Bundle\\SSOBundle\\Security\\OAuthToken', $resultToken);
$this->assertSame($user, $resultToken->getUser());
$this->assertEquals('google', $resultToken->getResourceOwnerName());
$this->assertTrue($resultToken->isAuthenticated());
}
/**
* @param string $accessToken
*
* @return PathUserResponse
*/
public function getUserInfo($accessToken)
{
$resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName(self::RESOURCE_OWNER_GOOGLE);
return $resourceOwner->getUserInformation(['access_token' => $accessToken]);
}
/**
* {@inheritDoc}
*/
public function supports(TokenInterface $token)
{
return $token instanceof OAuthToken && $this->resourceOwnerMap->hasResourceOwnerByName($token->getResourceOwnerName());
}