/** * Get valid UserApi for given token * * @param TokenInterface $token * @param PersistentCollection $secrets * @param User $user * * @return bool|UserApi */ protected function getValidUserApi(TokenInterface $token, PersistentCollection $secrets, User $user) { $currentIteration = 0; $nonce = $token->getAttribute('nonce'); $secretsCount = $secrets->count(); /** @var UserApi $userApi */ foreach ($secrets as $userApi) { $currentIteration++; $isSecretValid = $this->validateDigest($token->getAttribute('digest'), $nonce, $token->getAttribute('created'), $userApi->getApiKey(), $this->getSalt($user)); if ($isSecretValid && !$userApi->getUser()->getOrganizations()->contains($userApi->getOrganization())) { throw new BadCredentialsException('Wrong API key.'); } if ($isSecretValid && !$userApi->getOrganization()->isEnabled()) { throw new BadCredentialsException('Organization is not active.'); } // delete nonce from cache because user have another api keys if (!$isSecretValid && $secretsCount !== $currentIteration) { $this->getNonceCache()->delete($nonce); } if ($isSecretValid) { return $userApi; } } return false; }
public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user && $this->validateDigest($token->getCredentials(), $token->getAttribute('nonce'), $token->getAttribute('created'), $this->getSecret($user), $this->getSalt($user))) { $authenticatedToken = new Token($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); return $authenticatedToken; } throw new AuthenticationException('WSSE authentication failed.'); }
/** * @param TokenInterface $token * @return WsseToken|TokenInterface */ public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user && $this->validateDigest($token->getAttribute('digest'), $token->getAttribute('nonce'), $token->getAttribute('created'), $this->getSecret($user), $this->getSalt($user), $user)) { $authenticatedToken = new WsseToken($user->getRoles()); $authenticatedToken->setUser($user); $authenticatedToken->setAuthenticated(true); return $authenticatedToken; } $this->logger->error(sprintf('Attempt of unauthorized access for user: %s', $token->getUsername())); throw new AuthenticationException(' Incorrect email or password.'); }
/** * Authenticate API user by API key * * @param TokenInterface $token * @return Token * @throws AuthenticationException */ public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user && $user->getApi()) { if ($this->validateDigest($token->getAttribute('digest'), $token->getAttribute('nonce'), $token->getAttribute('created'), $user->getApi()->getApiKey(), $user->getSalt())) { $authToken = new Token($user->getRoles()); $authToken->setUser($user); $authToken->setAuthenticated(true); return $authToken; } } throw new AuthenticationException('WSSE authentication failed.'); }
function it_should_switch_the_domain_if_the_token_has_the_ldap_domain_set() { // It first grabs a copy of the domain context, then checks against it, then checks it at the end... $this->ldap->getDomainContext()->willReturn('foo.bar', 'foo.bar', 'example.local'); $this->token->hasAttribute('ldap_domain')->willReturn(true); $this->token->getAttribute('ldap_domain')->willReturn('example.local'); $this->ldap->switchDomain('example.local')->shouldBeCalledTimes(1); $this->ldap->switchDomain('foo.bar')->shouldBeCalledTimes(1); $this->authenticate($this->token)->shouldReturnAnInstanceOf('\\Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken'); }
/** * Attempts to authenticate a TokenInterface object. * * @param TokenInterface $token The TokenInterface instance to authenticate * * @return TokenInterface An authenticated TokenInterface instance, never null * * @throws AuthenticationException if the authentication fails */ public function authenticate(TokenInterface $token) { try { $key = $token->getAttribute('key'); /** @var ApiUser $user */ $user = $this->apiUserProvider->loadUserByKey($key); $authenticatedToken = new ApiUserToken($user->getRoles()); $authenticatedToken->setUser($user); $authenticatedToken->setAuthenticated(true); return $authenticatedToken; } catch (BadCredentialsException $notFoundException) { throw new AuthenticationException('User not found'); } }
/** * Validate a Raven user token. * * @param TokenInterface $token Raven user token. * * @return bool true if the token is valid, false otherwise. * * @throws OpenSslException If there is an OpenSSL problem. */ protected function validateToken(TokenInterface $token) { // @codeCoverageIgnoreStart if (false === function_exists('openssl_verify')) { throw new OpenSslException('OpenSSL is unavailable'); } // @codeCoverageIgnoreEnd $data = implode('!', array($token->getAttribute('ver'), $token->getAttribute('status'), $token->getAttribute('msg'), $token->getAttribute('issue')->format('Ymd\\THis\\Z'), $token->getAttribute('id'), $token->getAttribute('url'), $token->getUsername(), $token->getAttribute('auth'), $token->getAttribute('sso'), $token->getAttribute('life'), $token->getAttribute('params'))); $sig = base64_decode(preg_replace(array('/-/', '/\\./', '/_/'), array('+', '/', '='), rawurldecode($token->getAttribute('sig')))); $key = openssl_pkey_get_public($this->raven->getCertificate()); $result = openssl_verify($data, $sig, $key); openssl_free_key($key); switch ($result) { case 1: return true; break; case 0: return false; break; // @codeCoverageIgnoreStart // @codeCoverageIgnoreStart default: throw new OpenSslException('OpenSSL has returned a error when verifying the signature'); break; } // @codeCoverageIgnoreEnd }
/** * If the domain needs to a different context for the request, then switch it. * * @param TokenInterface $token */ protected function switchDomainIfNeeded(TokenInterface $token) { if ($token->hasAttribute('ldap_domain') && $this->ldap->getDomainContext() !== $token->getAttribute('ldap_domain')) { $this->ldap->switchDomain($token->getAttribute('ldap_domain')); } }
public function getAttribute($name) { return $this->innerToken->getAttribute($name); }