/**
* Authenticate a token according to the user provider.
*
* @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
*
* @return \Symfony\Component\Security\Core\User\UserProviderInterface
*
* @throws SecurityException Occures on invalid connection
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return;
}
$username = $token->getUsername();
if (empty($username)) {
$username = '******';
}
$user = $this->_userProvider->loadUserByUsername($username);
if (false === is_array($user)) {
$user = array($user);
}
$authenticatedToken = false;
while (false === $authenticatedToken) {
if (null !== ($provider = array_pop($user))) {
$authenticatedToken = $this->authenticateUser($token, $provider);
} else {
break;
}
}
if (false === $authenticatedToken) {
throw new SecurityException('Invalid authentication informations', SecurityException::INVALID_CREDENTIALS);
}
return $authenticatedToken;
}
/**
* Whether this provider supports the given user class.
*
* @param string $class
*
* @return bool
*/
public function supportsClass($class)
{
if ($this->provider) {
return $this->provider->supportsClass($class);
}
return false;
}
/**
* Load user from payload, using username by default.
* Override this to load by another property.
*
* @param array $payload
*
* @return \Symfony\Component\Security\Core\User\UserInterface
*/
protected function getUserFromPayload(array $payload)
{
if (!isset($payload[$this->userIdentityField])) {
throw new AuthenticationException('Invalid JWT Token');
}
return $this->userProvider->loadUserByUsername($payload[$this->userIdentityField]);
}
/**
* @param TokenInterface $token
* @return BlockCypherUserToken
*/
public function authenticate(TokenInterface $token)
{
// if (!$userProvider instanceof ApiKeyUserProvider) {
// throw new \InvalidArgumentException(
// sprintf(
// 'The user provider must be an instance of ApiKeyUserProvider (%s was given).',
// get_class($userProvider)
// )
// );
// }
//$blockCypherToken = null;
$blockCypherToken = $token->getCredentials();
$username = $blockCypherToken;
// DEBUG
//var_dump($blockCypherToken);
//die();
/** @var User $user */
$user = $this->userProvider->loadUserByUsername($username);
// DEBUG
//var_dump($user);
//die();
if ($user) {
$blockCypherToken = $user->getBlockCypherToken();
}
if ($user && $this->validateBlockCypherToken($blockCypherToken)) {
$authenticatedToken = new BlockCypherUserToken($user, $blockCypherToken, 'blockcypher', $user->getRoles());
//$authenticatedToken->setUser($user);
return $authenticatedToken;
}
throw new AuthenticationException('BlockCypher token empty or invalid.');
}
/**
* @inheritdoc
*/
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
try {
$user = $userProvider->loadUserByUsername($token->getUsername());
} catch (UsernameNotFoundException $e) {
throw new CustomUserMessageAuthenticationException('Invalid username or password');
}
$username = $token->getUsername();
$password = $token->getCredentials();
$sessionCreationResult = null;
try {
$sessionCreationResult = $this->userSessionRepository->createSessionIdByCredentials($username, $password);
} catch (\InvalidArgumentException $e) {
throw new CustomUserMessageAuthenticationException('Invalid username or password');
} catch (RepositoryInfrastructureException $e) {
throw new CustomUserMessageAuthenticationException('Cannot connect to Revive service');
}
$passwordValid = $sessionCreationResult !== null && UserSessionCreationAuthenticationResult::isSuccess($sessionCreationResult->getSessionCreationAuthenticationResult());
if ($passwordValid) {
$sessionId = $sessionCreationResult->getSessionId();
$roles = [];
$roles[] = 'USER';
if (UserSessionCreationAuthorizationSessionCreationResult::isSuccess($sessionCreationResult->getSessionCreationAuthorizationSessionCreation())) {
$roles[] = 'ADMIN';
}
$token = new ReviveAuthenticationToken($user, $sessionId, $providerKey, $roles);
return $token;
}
throw new CustomUserMessageAuthenticationException('Invalid username or password');
}
/**
* Function used for user authentication based on token object
*
* @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
* @param \Symfony\Component\Security\Core\User\UserProviderInterface $userProvider
* @param string $providerKey
* @return \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
* @throws BadCredentialsException
*/
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
$passwordValid = false;
// Load user object
try {
$user = $userProvider->loadUserByUsername($token->getUsername());
} catch (UsernameNotFoundException $e) {
throw new BadCredentialsException('Invalid username or password', 0, $e);
}
try {
$this->userChecker->checkPreAuth($user);
// Call the correct authentication method
if (null !== $this->ldapManager && $user->isLdapEnabled()) {
$passwordValid = $this->checkAuthenticationLdap($user, $token);
} else {
$passwordValid = $this->checkAuthentication($user, $token);
}
$this->userChecker->checkPostAuth($user);
} catch (BadCredentialsException $e) {
if ($this->hideUserNotFoundExceptions) {
throw new BadCredentialsException('Invalid username or password', 0, $e);
}
throw $e;
}
// Set the authenticated token
if ($passwordValid) {
return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles());
}
throw new BadCredentialsException('Invalid username or password');
}
function it_gets_user(UserProviderInterface $userProvider, UserCommandBus $commandBus, LogInUserCommand $credentials, User $user)
{
$commandBus->handle($credentials)->shouldBeCalled();
$credentials->email()->shouldBeCalled()->willReturn('*****@*****.**');
$userProvider->loadUserByUsername('*****@*****.**')->shouldBeCalled()->willReturn($user);
$this->getUser($credentials, $userProvider)->shouldReturn($user);
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
$secret = $token->getCredentials();
$userData = $this->session->getFlashBag()->get('arcanys_sso_auth.user_data');
if ($userData) {
// TODO create mapping config in the future
$username = reset($userData['uid']);
$email = reset($userData['email']);
$firstname = reset($userData['firstname']);
$lastname = reset($userData['lastname']);
$token = reset($userData['token']);
$roles = $userData['rights'];
if (!$roles) {
$roles = ['ROLE_USER'];
}
} else {
$this->saml2->login();
exit;
}
if (!$username) {
throw new AuthenticationException("Failed to authenticate from SSO");
}
$user = $userProvider->loadUserByUsername(['username' => $username, 'email' => $email, 'firstname' => $firstname, 'lastname' => $lastname, 'token' => $token, 'roles' => $roles]);
return new PreAuthenticatedToken($user, $secret, $providerKey, $user->getRoles($roles));
}
/**
* Attempt to authenticate the provided token using the provided user provider.
* @param TokenInterface $token
* @param UserProviderInterface $userProvider
* @param string $providerKey
* @return UsernamePasswordToken
* @throws BadCredentialsException
*/
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
if (($user = $userProvider->loadUserByUsername($token->getUsername())) && $user->getPassword() == $token->getCredentials()) {
return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles());
}
throw new BadCredentialsException('The presented password is invalid.');
}
/**
* Validates WordPress authentication cookie
*
* @param UserProviderInterface $userProvider
* @param Cookie $cookie
* @return UserInterface UserInterface if valid.
* @throws RuntimeException
* @throws AuthenticationException
*/
public function validateCookie(UserProviderInterface $userProvider, $cookie)
{
$cookieParts = $this->decodeCookie($cookie);
switch (count($cookieParts)) {
case 3:
list($username, $expiration, $hmac) = $cookieParts;
$token = null;
break;
case 4:
list($username, $expiration, $token, $hmac) = $cookieParts;
break;
default:
throw new AuthenticationException('Invalid WordPress cookie.');
}
if ($expiration < time()) {
throw new AuthenticationException('The WordPress cookie has expired.');
}
try {
$user = $userProvider->loadUserByUsername($username);
} catch (Exception $exception) {
if (!$exception instanceof AuthenticationException) {
$exception = new AuthenticationException($exception->getMessage(), $exception->getCode(), $exception);
}
throw $exception;
}
if (!$user instanceof UserInterface) {
throw new RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
}
if ($token && $hmac !== $this->generateHmacWithToken($username, $expiration, $token, $user->getPassword()) || !$token && $hmac !== $this->generateHmac($username, $expiration, $user->getPassword())) {
throw new AuthenticationException('The WordPress cookie\'s hash is invalid. Your logged in key and salt settings could be wrong.');
}
return $user;
}
/**
* Calls the UserProvider providing a valid User
* @param array $credentials
* @param UserProviderInterface $userProvider
* @return bool
*/
public function getUser($credentials, UserProviderInterface $userProvider)
{
if (isset($credentials[$this->username_attribute])) {
return $userProvider->loadUserByUsername($credentials[$this->username_attribute]);
} else {
return null;
}
}
/**
* {@inheritdoc}
*/
public function getUser($credentials, UserProviderInterface $userProvider)
{
try {
return $userProvider->loadUserByUsername($credentials['username']);
} catch (UsernameNotFoundException $e) {
throw new CustomUserMessageAuthenticationException($this->translator->trans($this->failMessage));
}
}
/**
* @param string $username
* @param UsernamePasswordToken $token
* @return null|UserInterface
*/
public function retrieveUser($username, UsernamePasswordToken $token)
{
try {
return $this->userProvider->loadUserByUsername($username);
} catch (NoResultException $e) {
return null;
}
}
function it_does_not_get_user_because_user_is_inactive(JWTEncoderInterface $jwtEncoder, UserProviderInterface $userProvider, User $user)
{
$jwtEncoder->decode('bearer-token')->shouldBeCalled()->willReturn(['email' => '*****@*****.**']);
$userProvider->loadUserByUsername('*****@*****.**')->shouldBeCalled()->willReturn($user);
$user->confirmationToken = 'confirmation-token';
$user->invitationToken = null;
$this->shouldThrow(new CustomUserMessageAuthenticationException('The user does not exist'))->duringGetUser('bearer-token', $userProvider);
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
$user = $userProvider->loadUserByUsername($token->getUsername());
if (!$user) {
throw new AuthenticationException('User not found');
}
return new PreAuthenticatedToken($user, $token->getUsername(), $providerKey, $user->getRoles());
}
/**
* {@inheritDoc}
*/
public function authenticate(TokenInterface $token)
{
$username = $this->oauthProvider->getUsername($token->getCredentials());
$user = $this->userProvider->loadUserByUsername($username);
$token = new OAuthToken($token->getCredentials(), $user->getRoles());
$token->setUser($user);
$token->setAuthenticated(true);
return $token;
}
public function getUser($credentials, UserProviderInterface $userProvider)
{
try {
$user = $userProvider->loadUserByUsername($credentials['username']);
return $user;
} catch (\Exception $ex) {
throw new CustomUserMessageAuthenticationException("User was not found.");
}
}
public function testRetrieveUserReturnsUserFromTokenOnReauthentication()
{
$method = $this->setMethodAccessible('retrieveUser');
$this->userProvider->expects($this->never())->method('loadUserByUsername');
$user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface');
$token = new UsernamePasswordToken($user, '', 'provider_key', array());
$result = $method->invoke($this->ldapAuthenticationProvider, null, $token);
$this->assertSame($user, $result);
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
try {
$user = $userProvider->loadUserByUsername($token->getUsername());
return $this->authenticate($user, $token, $providerKey);
} catch (UsernameNotFoundException $e) {
return $this->getFromProviders($token, $providerKey);
}
}
/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserByUsername($token->getUsername());
if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) {
$authenticatedToken = new WsseToken($user->getRoles());
$authenticatedToken->setUser($user);
return $authenticatedToken;
}
throw new AuthenticationException('The WSSE authentication failed.');
}
function it_throws_authentication_exception_when_user_could_not_be_loaded(ResourceServer $resourceServer, UserProviderInterface $userProvider, EmitterInterface $emitter)
{
$providerKey = 'default';
$userIdentifier = '*****@*****.**';
$token = new PreAuthenticatedToken('anon.', 'DDSHs55zpG51Mtxnt6H8vwn5fVJ230dF', $providerKey);
$resourceServer->isValidRequest(true)->shouldBeCalled();
$this->resourceServerWillReturnOwnerId($resourceServer, $emitter, $userIdentifier);
$userProvider->loadUserByUsername($userIdentifier)->willThrow(UsernameNotFoundException::class);
$this->shouldThrow(AuthenticationException::class)->during('authenticateToken', [$token, $userProvider, $providerKey]);
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
$user = $userProvider->loadUserByUsername($token->getUsername());
$this->userChecker->checkPreAuth($user);
if (!$this->encoder->isPasswordValid($user, $token->getCredentials())) {
throw new BadCredentialsException('The presented password is invalid.');
}
$this->userChecker->checkPostAuth($user);
return new UsernamePasswordToken($user, $token->getCredentials(), $providerKey, $user->getRoles());
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
$webToken = $token->getWebToken();
$user = $userProvider->loadUserByUsername($webToken->getSubject());
$this->userChecker->checkPreAuth($user);
$this->userChecker->checkPostAuth($user);
$token = new WebTokenToken($providerKey, $webToken, $user->getRoles());
$token->setUser($user)->setAuthenticated(true);
return $token;
}
public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserByUsername($token->getUsername());
if ($user && ($token->isAuthenticated() || $this->crowd->isauthenticationvalid($token->getUsername(), $token->getCredentials()))) {
$authenticatedToken = new CrowdToken($user->getRoles());
$authenticatedToken->setUser($user);
return $authenticatedToken;
}
throw new AuthenticationException('The Crowd authentication failed.');
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
$username = $token->getUsername();
$user = $userProvider->loadUserByUsername($username);
if ($user instanceof SamlUserInterface) {
$user->setSamlAttributes($token->getAttributes());
}
$authenticatedToken = new SamlToken($user, $user->getRoles());
$authenticatedToken->setAttributes($token->getAttributes());
return $authenticatedToken;
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
$accessToken = $token->getCredentials();
try {
$user = $userProvider->loadUserByUsername($accessToken);
} catch (UsernameNotFoundException $e) {
throw new UnauthorizedApiException($e->getMessage());
}
$token->setUser($user);
return $token;
}
/**
* {@inheritdoc}
*/
public function getUser($credentials, UserProviderInterface $userProvider)
{
if (!$userProvider instanceof InMemoryUserProvider) {
return;
}
try {
return $userProvider->loadUserByUsername($credentials['username']);
} catch (UsernameNotFoundException $e) {
throw new CustomUserMessageAuthenticationException($this->failMessage);
}
}
/**
* Return a UserInterface object based on the credentials returned by getCredentials()
* if null, authentication will fail
* if a User object, checkCredentials() is called
*/
public function getUser($credentials, UserProviderInterface $userProvider)
{
if (isset($credentials['token'])) {
return $this->em->getRepository('AppBundle:User')->findOneBy(array('apiToken' => $credentials['token']));
} else {
if (isset($credentials['username']) && isset($credentials['plainPassword'])) {
return $userProvider->loadUserByUsername($credentials['username']);
}
}
return null;
}
/**
* {@inheritDocs}
*/
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
list($uid, $timestamp, $hashedPassword) = $token->getCredentials();
/** @var $userProvider \Bangpound\Bundle\DrupalBundle\Security\User\UserProvider */
$username = $userProvider->getUsernameForHashedPassword($uid, $timestamp, $hashedPassword);
if (!$username) {
throw new AuthenticationException(sprintf(' "%s" does not exist.', serialize($token->getCredentials())));
}
$user = $userProvider->loadUserByUsername($username);
return new PreAuthenticatedToken($user, $token->getCredentials(), $providerKey, $user->getRoles());
}
/**
* @param TokenInterface $token
* @param UserProviderInterface $userProvider
* @param $providerKey
* @throw AuthenticationException
* @thorw BadCredentialsException
* @return UsernamePasswordToken
*/
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
try {
$user = $userProvider->loadUserByUsername($token->getUsername());
} catch (UsernameNotFoundException $e) {
throw new AuthenticationException(sprintf('Can\'t find user by "%s" username', $token->getUsername()));
}
if (true === $this->pamAuth($token->getUsername(), $token->getCredentials())) {
return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, in_array($user->getUsername(), $this->rootUsers) ? ['ROLE_USER', 'ROLE_ADMIN'] : ['ROLE_USER']);
}
throw new BadCredentialsException('Bad credentials', 403);
}
