public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
// Deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
return;
}
$token = new WsseUserToken();
$token->setUser($matches[1]);
$token->digest = $matches[2];
$token->nonce = $matches[3];
$token->created = $matches[4];
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
// ... you might log something here
$failedMessage = 'WSSE Login failed for ' . $token->getUsername() . '. Why ? ' . $failed->getMessage();
$this->logger->err($failedMessage);
//To deny the authentication clear the token. This will redirect to the login page.
//Make sure to only clear your token, not those of other authentication listeners.
$this->securityContext->setToken(null);
// Deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(403);
$response->setContent($failedMessage);
$event->setResponse($response);
return;
}
}
/**
* {@InheritDoc}
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if (!$request->headers->has('x-wsse')) {
return;
}
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
return;
}
$token = new WsseUserToken();
$token->setUser($matches[1]);
$token->digest = $matches[2];
$token->nonce = $matches[3];
$token->created = $matches[4];
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($authToken);
return;
} catch (AuthenticationException $e) {
throw $e;
// To deny the authentication clear the token. This will redirect to the login page.
// Make sure to only clear your token, not those of other authentication listeners.
// $token = $this->tokenStorage->getToken();
// if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) {
// $this->tokenStorage->setToken(null);
// }
// return;
}
// By default deny authorization
$response = new Response();
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$event->setResponse($response);
}
/**
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
if (null !== $this->tokenStorage->getToken()) {
return;
}
$request = $event->getRequest();
$token = new PluginToken($this->providerKey, $request->get('integration', null));
try {
$authToken = $this->authenticationManager->authenticate($token);
if ($authToken instanceof PluginToken) {
$response = $authToken->getResponse();
if ($authToken->isAuthenticated()) {
$this->tokenStorage->setToken($authToken);
if ('api' != $this->providerKey) {
$response = $this->onSuccess($request, $authToken, $response);
}
} elseif (empty($response)) {
throw new AuthenticationException('mautic.user.auth.error.invalidlogin');
}
}
} catch (AuthenticationException $exception) {
if ('api' != $this->providerKey) {
$response = $this->onFailure($request, $exception);
}
}
if ($response) {
$event->setResponse($response);
}
}
/**
* @param $unauth_token
*/
private function authenticate($unauth_token)
{
$this->authenticationManager = $this->container->get('security.context')->getAuthenticationManager();
$authenticatedToken = $this->authenticationManager->authenticate($unauth_token);
$this->container->get('security.context')->setToken($authenticatedToken);
$this->container->get('session')->set('security_token', $authenticatedToken);
}
/**
* Handles the authentication for user.
*
* @param GetResponseEvent $event The response event.
*
* @throws AuthenticationException When the request is not authenticated.
*
* @return void
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
return;
}
$token = new WsseUserToken($this->providerKey);
$token->setUser($matches[1]);
$token->setDigest($matches[2]);
$token->setNonce($matches[3]);
$token->setCreated($matches[4]);
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
$failedMessage = 'WSSE Login failed for ' . $token->getUsername() . '. Because: ' . $failed->getMessage();
$token = $this->securityContext->getToken();
if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) {
$this->securityContext->setToken(null);
}
// deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
return;
}
// by default deny authorization
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
}
/**
* @param GetResponseEvent $event
*
* @return bool
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
switch ($this->getAuthType()) {
case self::AUTH_TYPE_HEADER:
$requestToken = $request->headers->get($this->getAuthKeyName());
break;
case self::AUTH_TYPE_REQUEST:
$requestToken = $request->get($this->getAuthKeyName());
break;
default:
throw new InvalidConfigurationException("Unknown auth type" . $this->getAuthType());
}
if (!$requestToken) {
throw new AuthenticationException('Empty authentication token');
}
$requestTokenData = $this->parseAuthToken($requestToken);
$token = new SignedUserToken();
$token->setUser($requestTokenData[0]);
$token->setSignature($requestTokenData[1]);
$token->setRequest($request);
try {
$authenticatedToken = $this->authManager->authenticate($token);
$this->tokenStorage->setToken($authenticatedToken);
return true;
} catch (AuthenticationException $failed) {
}
$response = new Response('', Response::HTTP_FORBIDDEN);
$event->setResponse($response);
return false;
}
/**
* {@inheritdoc}
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if (null !== ($authorization = $request->headers->get($this->authenticationHeaderName))) {
$headerParts = array_map('trim', explode(' ', $authorization, 2));
if (2 === count($headerParts)) {
$credentialParts = explode(':', $headerParts[1]);
if (2 === count($credentialParts)) {
$token = new HmacUserToken();
$token->setServiceLabel($headerParts[0]);
$token->setUser($credentialParts[0]);
$token->setSignature($credentialParts[1]);
$token->setRequest($request);
try {
$authenticatedToken = $this->authenticationManager->authenticate($token);
// Call setToken() on an instance of SecurityContextInterface or TokenStorageInterface (>=2.6)
$this->tokenStorage->setToken($authenticatedToken);
// Success
return;
} catch (AuthenticationException $exception) {
}
}
}
}
$event->setResponse(new Response(null, 401));
}
/**
* {@inheritdoc}
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if ($this->securityContext->getToken() !== null) {
return;
}
if ($request->getRequestUri() == '/app_dev.php/api/login' || $request->getRequestUri() == '/api/login') {
return;
}
//Try to reach token from HTTP headers
if ($request->headers->has('X-Auth-Token')) {
$tokenId = $request->headers->get('X-Auth-Token');
} else {
$tokenId = $request->get('token');
}
//by token
if (isset($tokenId)) {
$user = $this->userProvider->findUserByToken($tokenId);
if (!$user) {
throw new BadCredentialsException();
}
try {
$token = new ApiToken([], $this->providerId, $this->key);
$token->setUser($user);
$authenticatedToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authenticatedToken);
} catch (AuthenticationException $e) {
//log something
}
}
}
/**
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event The event.
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if (null === ($oauthToken = $this->serverService->getBearerToken($event->getRequest(), true))) {
//if it's null, then we try to regular authentication...
$token = $this->handleCookie($event);
if ($token) {
$this->securityContext->setToken($token);
return;
}
}
$token = new OAuthToken();
$token->setToken($oauthToken);
$returnValue = $this->authenticationManager->authenticate($token);
try {
$returnValue = $this->authenticationManager->authenticate($token);
if ($returnValue instanceof TokenInterface) {
return $this->securityContext->setToken($returnValue);
}
if ($returnValue instanceof Response) {
return $event->setResponse($returnValue);
}
} catch (AuthenticationException $e) {
if (null !== ($p = $e->getPrevious())) {
$event->setResponse($p->getHttpResponse());
}
}
}
/**
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if (empty($request->headers->get("Authorization"))) {
return;
}
$authHeader = $request->headers->get("Authorization");
if (strpos($authHeader, " ") === false) {
return;
}
list($tokenType, $token) = explode(" ", $authHeader, 2);
if (strtolower($tokenType) !== "bearer") {
return;
}
// Verify that there is an access_token present
/*
if(empty($request->get("access_token"))) {
return;
}
$token = $request->get("access_token");*/
$unauthenticatedToken = new OAuthToken();
$unauthenticatedToken->setToken($token);
try {
$authenticatedToken = $this->authenticationManager->authenticate($unauthenticatedToken);
$this->tokenStorage->setToken($authenticatedToken);
return;
} catch (AuthenticationException $e) {
if ($this->logger !== null) {
$this->logger->notice("Access token authentication failed");
}
}
$response = new Response();
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$event->setResponse($response);
}
/**
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if (!$request->headers->has('cookie')) {
return;
}
if (strstr($request->headers->get('cookie'), 'SimpleSAMLAuthToken') === false) {
return;
}
if (!$request->query->has('csrf-token')) {
$this->logger->notice('Ssp Firewall: Auth Token cookie but no CSRF Token');
return;
}
$csrfToken = $request->query->getAlnum('csrf-token');
if (!$this->csrfProvider->isCsrfTokenValid('api', $csrfToken)) {
$this->logger->notice('Ssp Firewall: Invalid CSRF token for api use: ' . $csrfToken);
return;
}
try {
$authToken = $this->authenticationManager->authenticate(new SspToken());
$this->securityContext->setToken($authToken);
} catch (AuthenticationException $failed) {
$this->logger->warning('Ssp Firewall: failed:' . $failed->getMessage());
$token = $this->securityContext->getToken();
if ($token instanceof SspToken) {
$this->securityContext->setToken(null);
}
return;
}
}
/**
* This interface must be implemented by firewall listeners.
*
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if (!$this->keyExtractor->hasKey($request)) {
$response = new Response();
$response->setStatusCode(401);
$event->setResponse($response);
return;
}
$apiKey = $this->keyExtractor->extractKey($request);
$token = new ApiKeyUserToken();
$token->setApiKey($apiKey);
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
$token = $this->securityContext->getToken();
if ($token instanceof ApiKeyUserToken && $token->getCredentials() == $apiKey) {
$this->securityContext->setToken(null);
}
$message = $failed->getMessage();
}
$response = new Response();
$response->setContent($message);
$response->setStatusCode(403);
$event->setResponse($response);
}
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
//find out if the current request contains any information by which the user might be authenticated
if (!$request->headers->has('X-WSSE')) {
return;
}
$ae_message = null;
$this->wsseHeader = $request->headers->get('X-WSSE');
$wsseHeaderInfo = $this->parseHeader();
if ($wsseHeaderInfo !== false) {
$token = new Token($wsseHeaderInfo['Username'], $wsseHeaderInfo['PasswordDigest'], $this->providerKey);
$token->setAttribute('nonce', $wsseHeaderInfo['Nonce']);
$token->setAttribute('created', $wsseHeaderInfo['Created']);
try {
$returnValue = $this->authenticationManager->authenticate($token);
if ($returnValue instanceof TokenInterface) {
return $this->tokenStorage->setToken($returnValue);
} else {
if ($returnValue instanceof Response) {
return $event->setResponse($returnValue);
}
}
} catch (AuthenticationException $ae) {
$event->setResponse($this->authenticationEntryPoint->start($request, $ae));
}
}
}
/**
* Handles basic authentication.
*
* @param GetResponseEvent $event A GetResponseEvent instance
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if (false === ($username = $request->headers->get('PHP_AUTH_USER', false))) {
return;
}
if (null !== ($token = $this->securityContext->getToken())) {
if ($token instanceof OrganizationContextTokenInterface && $token->isAuthenticated() && $token->getUsername() === $username) {
return;
}
}
$this->logProcess($username);
try {
$organizationId = $request->headers->get('PHP_AUTH_ORGANIZATION');
if ($organizationId) {
$authToken = new UsernamePasswordOrganizationToken($username, $request->headers->get('PHP_AUTH_PW'), $this->providerKey, $this->manager->getOrganizationById($organizationId));
} else {
$authToken = new UsernamePasswordToken($username, $request->headers->get('PHP_AUTH_PW'), $this->providerKey);
}
$this->securityContext->setToken($this->authenticationManager->authenticate($authToken));
} catch (AuthenticationException $failed) {
$token = $this->securityContext->getToken();
if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) {
$this->securityContext->setToken(null);
}
$this->logError($username, $failed->getMessage());
if ($this->ignoreFailure) {
return;
}
$event->setResponse($this->authenticationEntryPoint->start($request, $failed));
}
}
/**
* This interface must be implemented by firewall listeners.
*
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$apiKey = $request->headers->get('Authorization', $request->query->get('api_key'));
if (!$apiKey) {
if (true === $this->forceApiKey) {
$response = new Response();
$response->setStatusCode(401);
$event->setResponse($response);
}
return;
}
$token = new ApiKeyUserToken();
$token->setApiKey($apiKey);
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
$token = $this->securityContext->getToken();
if ($token instanceof ApiKeyUserToken && $token->getCredentials() == $apiKey) {
$this->securityContext->setToken(null);
}
$message = $failed->getMessage();
}
if ($this->isJsonRequest($request)) {
$response = new JsonResponse(array('error' => $message));
} else {
$response = new Response();
$response->setContent($message);
}
$response->setStatusCode(401);
$event->setResponse($response);
}
/**
* {@inheritdoc}
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
$response = new Response();
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$event->setResponse($response);
return;
}
$token = new WsseToken();
$token->setUser($matches[1]);
$token->digest = $matches[2];
$token->nonce = $matches[3];
$token->created = $matches[4];
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
//TODO: LOG
}
// By default deny authorization
$response = new Response();
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$event->setResponse($response);
}
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
$response = new Response();
$response->setStatusCode(403);
$response->setContent('Invalid or missing WSSE.');
$event->setResponse($response);
return;
}
$token = new WsseUserToken();
$token->setUser($matches[1]);
$token->digest = $matches[2];
$token->nonce = $matches[3];
$token->created = $matches[4];
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($authToken);
} catch (AuthenticationException $failed) {
$response = new Response();
$response->setStatusCode(403);
$response->getContent($failed->getMessage());
$event->setResponse($response);
}
}
function it_stores_the_token_returned_by_AuthenticationManager(AuthenticationManagerInterface $authenticationManager, TokenStorageInterface $tokenStorage, GetResponseEvent $event)
{
$request = new Request();
$event->getRequest()->willReturn($request);
$authToken = new JWTToken();
$authenticationManager->authenticate(Argument::any())->willReturn($authToken);
$this->handle($event);
$tokenStorage->setToken($authToken)->shouldBeCalled();
}
/**
* This interface must be implemented by firewall listeners.
*
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if ($request->headers->has(static::AUTH_HEADER)) {
$unauthenticatedToken = new ApiUserToken();
$unauthenticatedToken->setAttribute('key', $request->headers->get(static::AUTH_HEADER));
$authenticatedToken = $this->authenticationManager->authenticate($unauthenticatedToken);
$this->tokenStorage->setToken($authenticatedToken);
}
}
/**
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$token = new ApiUnauthenticatedUserToken($this->getRequestService()->parse($event->getRequest()));
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
} catch (AuthenticationException $e) {
$response = new JsonResponse(['code' => $e->getCode(), 'message' => $e->getMessage()], $e->getCode() > 0 ? $e->getCode() : 403);
$event->setResponse($response);
}
}
function it_stores_the_token_returned_by_AuthenticationManager(AuthenticationManagerInterface $authenticationManager, TokenStorageInterface $tokenStorage, GetResponseEvent $event)
{
$request = new Request();
$request->headers->add(['Authorization' => 'Bearer JWTToken']);
$event->getRequest()->willReturn($request);
$jwtToken = new JWTToken();
$jwtToken->setToken('JWTToken');
$authToken = new JWTToken();
$authenticationManager->authenticate($jwtToken)->willReturn($authToken);
$this->handle($event);
$tokenStorage->setToken($authToken)->shouldBeCalled();
}
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
// Check if authentication Token is present
if ($request->headers->has('x-wsse')) {
// Token parser
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
$token = new WsseUserToken();
$token->setUser($matches[1]);
$token->digest = $matches[2];
$token->nonce = $matches[3];
$token->created = $matches[4];
try {
// Authentication process
$authToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
$failedMessage = 'WSSE Login failed for ' . $token->getUsername() . '. Why ? ' . $failed->getMessage();
// $this->logger->err($failedMessage);
// To deny the authentication clear the token. This will redirect to the login page.
// $token = $this->securityContext->getToken();
// if ( $token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) {
// $this->securityContext->setToken(null);
// }
// Deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(403);
$response->setContent($failedMessage);
$event->setResponse($response);
return;
} catch (NonceExpiredException $expired) {
$failedMessage = 'WSSE Nonce Expired for ' . $token->getUsername() . '. Why ? ' . $failed->getMessage();
// $this->logger->err($failedMessage);
// Deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(403);
$response->setContent($failedMessage);
$event->setResponse($response);
return;
}
// By default deny authorization
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
}
}
// By default deny authentication
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
}
/**
* This interface must be implemented by firewall listeners.
*
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
try {
$jwtTokenValue = $this->jwtRetrievalStrategy->getToken($event->getRequest());
} catch (JWTNotFoundException $e) {
return;
}
$jwtToken = new JWTToken();
$jwtToken->setToken($jwtTokenValue);
$authToken = $this->authenticationManager->authenticate($jwtToken);
$this->tokenStorage->setToken($authToken);
}
/**
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$user = $this->userSessionService->getMinimalUserInfo();
if (!is_null($user)) {
$token = new UiTIDToken();
$token->setUser((string) $user->getId());
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($authToken);
return;
} catch (AuthenticationException $exception) {
}
}
$response = new Response('Unauthorized access.', Response::HTTP_UNAUTHORIZED);
$event->setResponse($response);
}
/**
* This interface must be implemented by firewall listeners.
*
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$requestToken = $this->getToken($request->headers->get($this->options['header_name'], null));
if (!empty($requestToken)) {
try {
$decoded = $this->encode->decode($requestToken);
$token = new JWTToken();
$token->setTokenContext($decoded);
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
} catch (HttpEncodingException $e) {
} catch (\UnexpectedValueException $e) {
}
}
}
/**
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$jwtString = $this->getJwtString($request);
if (empty($jwtString)) {
return;
}
$jwt = $this->decoderService->parse(new StringLiteral($jwtString));
$token = new JwtUserToken($jwt);
try {
$authenticatedToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($authenticatedToken);
} catch (AuthenticationException $e) {
$event->setResponse(new Response($e->getMessage(), 401));
}
}
/**
* {@inheritDoc}
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
// Requests require an Authorization header.
if (!$request->headers->has('Authorization')) {
$event->setResponse($this->entryPoint->start($request));
return;
}
$token = new HmacToken($request);
try {
$authToken = $this->authManager->authenticate($token);
$this->tokenStorage->setToken($authToken);
$request->attributes->set('hmac.key', $authToken->getCredentials());
} catch (AuthenticationException $e) {
$event->setResponse($this->entryPoint->start($request, $e));
}
}
/**
* {@inheritDoc}
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
// Look for an access token
$authHeader = preg_split('/[\\s]+/', $request->headers->get('Authorization'));
$access_token = isset($authHeader[1]) ? $authHeader[1] : $request->get('access_token');
if (!empty($access_token)) {
$token = new OAuth2Token();
$token->setAccessToken($access_token);
$authToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($authToken);
return;
}
// By default deny authorization
$response = new Response(null, 403);
$event->setResponse($response);
}
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
throw new AccessDeniedHttpException('Missing WSSE headers.');
$response = new Response();
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->setContent('Missing WSSE headers.');
$event->setResponse($response);
return;
}
$token = new WsseUserToken();
$token->setUser($matches[1]);
$token->digest = $matches[2];
$token->nonce = $matches[3];
$token->created = $matches[4];
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
throw new AccessDeniedHttpException('WSSE Login failed.');
// ... you might log something here
$failedMessage = 'WSSE Login failed for ' . $token->getUsername() . '. Why ? ' . $failed->getMessage();
$this->logger->err($failedMessage);
// To deny the authentication clear the token. This will redirect to the login page.
// Make sure to only clear your token, not those of other authentication listeners.
// $token = $this->tokenStorage->getToken();
// if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) {
// $this->tokenStorage->setToken(null);
// }
// return;
// Deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->setContent($failedMessage);
$event->setResponse($response);
return;
}
// By default deny authorization
$response = new Response();
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$event->setResponse($response);
}
/**
* {@inheritdoc}
*/
public function handle(GetResponseEvent $event)
{
$cookieData = $this->cookie->getValue();
if (!$this->authCookieService->validateCookie($cookieData)) {
$this->tokenStorage->setToken(null);
return false;
}
$token = new SessionlessToken($cookieData['username'], $cookieData['expiration'], $event->getRequest()->getClientIp(), $cookieData['signature']);
try {
$regeneratedToken = $this->authenticationManager->authenticate($token);
$this->tokenStorage->setToken($regeneratedToken);
} catch (AuthenticationException $e) {
$this->cookie->setClear(true);
$this->tokenStorage->setToken(null);
return false;
}
return $regeneratedToken;
}
