/** * {@inheritdoc} */ public function execute(BlockContextInterface $blockContext, Response $response = null) { $criteria = array(); if ('admin' !== $blockContext->getSetting('mode')) { $criteria['customer'] = $this->customerManager->findOneBy(array('user' => $this->securityContext->getToken()->getUser())); } return $this->renderPrivateResponse($blockContext->getTemplate(), array('context' => $blockContext, 'settings' => $blockContext->getSettings(), 'block' => $blockContext->getBlock(), 'orders' => $this->orderManager->findBy($criteria, array('createdAt' => 'DESC'), $blockContext->getSetting('number'))), $response); }
/** * @param GetResponseEvent $event */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); if (!$request->headers->has('cookie')) { return; } if (strstr($request->headers->get('cookie'), 'SimpleSAMLAuthToken') === false) { return; } if (!$request->query->has('csrf-token')) { $this->logger->notice('Ssp Firewall: Auth Token cookie but no CSRF Token'); return; } $csrfToken = $request->query->getAlnum('csrf-token'); if (!$this->csrfProvider->isCsrfTokenValid('api', $csrfToken)) { $this->logger->notice('Ssp Firewall: Invalid CSRF token for api use: ' . $csrfToken); return; } try { $authToken = $this->authenticationManager->authenticate(new SspToken()); $this->securityContext->setToken($authToken); } catch (AuthenticationException $failed) { $this->logger->warning('Ssp Firewall: failed:' . $failed->getMessage()); $token = $this->securityContext->getToken(); if ($token instanceof SspToken) { $this->securityContext->setToken(null); } return; } }
/** * @return \Symfony\Component\Security\Core\User\UserInterface */ private function getUser() { if (is_null($this->user)) { $this->user = $this->securityContext->getToken()->getUser(); } return $this->user; }
/** * If user is logged-in in legacy_mode (e.g. legacy admin interface), * will inject currently logged-in user in the repository. * * @param GetResponseEvent $event */ public function onKernelRequest( GetResponseEvent $event ) { /** @var \eZ\Publish\Core\MVC\ConfigResolverInterface $configResolver */ $request = $event->getRequest(); $session = $request->getSession(); if ( $event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST || !$this->configResolver->getParameter( 'legacy_mode' ) || !( $session->isStarted() && $session->has( 'eZUserLoggedInID' ) ) ) { return; } try { $apiUser = $this->repository->getUserService()->loadUser( $session->get( 'eZUserLoggedInID' ) ); $this->repository->setCurrentUser( $apiUser ); $token = $this->securityContext->getToken(); if ( $token instanceof TokenInterface ) { $token->setUser( new User( $apiUser ) ); $token->setAuthenticated( true ); } } catch ( NotFoundException $e ) { // Invalid user ID, the user may have been removed => invalidate the token and the session. $this->securityContext->setToken( null ); $session->invalidate(); } }
/** * This interface must be implemented by firewall listeners. * * @param GetResponseEvent $event */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $apiKey = $request->headers->get('Authorization', $request->query->get('api_key')); if (!$apiKey) { if (true === $this->forceApiKey) { $response = new Response(); $response->setStatusCode(401); $event->setResponse($response); } return; } $token = new ApiKeyUserToken(); $token->setApiKey($apiKey); try { $authToken = $this->authenticationManager->authenticate($token); $this->securityContext->setToken($authToken); return; } catch (AuthenticationException $failed) { $token = $this->securityContext->getToken(); if ($token instanceof ApiKeyUserToken && $token->getCredentials() == $apiKey) { $this->securityContext->setToken(null); } $message = $failed->getMessage(); } if ($this->isJsonRequest($request)) { $response = new JsonResponse(array('error' => $message)); } else { $response = new Response(); $response->setContent($message); } $response->setStatusCode(401); $event->setResponse($response); }
public function onKernelController(FilterControllerEvent $event) { if (!is_array($controller = $event->getController())) { return; } $className = class_exists('Doctrine\\Common\\Util\\ClassUtils') ? ClassUtils::getClass($controller[0]) : get_class($controller[0]); $object = new \ReflectionClass($className); $method = $object->getMethod($controller[1]); /** * @var UserType\UserTypeInterface[] $requiredUserTypes */ $requiredUserTypes = array_merge($this->getConfigurations($this->reader->getClassAnnotations($object)), $this->getConfigurations($this->reader->getMethodAnnotations($method))); if (count($requiredUserTypes) === 0) { return; } $token = $this->securityContext->getToken(); if (null === $token) { throw new AccessDeniedException(sprintf("You are not authenticated, a known user type is required for access.")); } $user = $token->getUser(); foreach ($requiredUserTypes as $userType) { $userClass = $userType->getUserClass(); if (!interface_exists($userClass) && !class_exists($userClass)) { throw new RuntimeException(sprintf("The user type class '%s' does not exist", $userClass)); } if (!$user instanceof $userClass) { throw new AccessDeniedException(sprintf("You do not have the required user type. A user type of '%s' is required.", $userClass)); } unset($userType, $userClass); } }
/** * {@inheritdoc} */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); if ($this->securityContext->getToken() !== null) { return; } if ($request->getRequestUri() == '/app_dev.php/api/login' || $request->getRequestUri() == '/api/login') { return; } //Try to reach token from HTTP headers if ($request->headers->has('X-Auth-Token')) { $tokenId = $request->headers->get('X-Auth-Token'); } else { $tokenId = $request->get('token'); } //by token if (isset($tokenId)) { $user = $this->userProvider->findUserByToken($tokenId); if (!$user) { throw new BadCredentialsException(); } try { $token = new ApiToken([], $this->providerId, $this->key); $token->setUser($user); $authenticatedToken = $this->authenticationManager->authenticate($token); $this->securityContext->setToken($authenticatedToken); } catch (AuthenticationException $e) { //log something } } }
public function isVisible() { if ($this->securityContext === null) { return true; } return !$this->securityContext->getToken(); }
/** * Checking request and response and decide whether we need a redirect * * @param FilterResponseEvent $event */ public function onResponse(FilterResponseEvent $event) { $request = $event->getRequest(); $response = $event->getResponse(); if ($request->get(self::HASH_NAVIGATION_HEADER) || $request->headers->get(self::HASH_NAVIGATION_HEADER)) { $location = ''; $isFullRedirect = false; if ($response->isRedirect()) { $location = $response->headers->get('location'); if ($request->attributes->get('_fullRedirect') || !is_object($this->security->getToken())) { $isFullRedirect = true; } } if ($response->isNotFound() || $response->getStatusCode() == 503 && !$this->isDebug) { $location = $request->getUri(); $isFullRedirect = true; } if ($location) { $response = $this->templating->renderResponse('OroNavigationBundle:HashNav:redirect.html.twig', array('full_redirect' => $isFullRedirect, 'location' => $location)); } // disable cache for ajax navigation pages and change content type to json $response->headers->set('Content-Type', 'application/json'); $response->headers->addCacheControlDirective('no-cache', true); $response->headers->addCacheControlDirective('max-age', 0); $response->headers->addCacheControlDirective('must-revalidate', true); $response->headers->addCacheControlDirective('no-store', true); $event->setResponse($response); } }
/** * Assigns the Security token's user to the vote. * * @param VoteEvent $vote * @return void */ public function blame(VoteEvent $event) { $vote = $event->getVote(); if (null === $this->securityContext) { if ($this->logger) { $this->logger->debug("Vote Blamer did not receive the security.context service."); } return; } if (!$vote instanceof SignedVoteInterface) { if ($this->logger) { $this->logger->debug("Vote does not implement SignedVoteInterface, skipping"); } return; } if (null === $this->securityContext->getToken()) { if ($this->logger) { $this->logger->debug("There is no firewall configured. We cant get a user."); } return; } if ($this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) { $vote->setVoter($this->securityContext->getToken()->getUser()); } }
/** * Process form * * @param AccountUser $accountUser * @return bool True on successful processing, false otherwise */ public function process(AccountUser $accountUser) { if (in_array($this->request->getMethod(), ['POST', 'PUT'], true)) { $this->form->submit($this->request); if ($this->form->isValid()) { if (!$accountUser->getId()) { if ($this->form->get('passwordGenerate')->getData()) { $generatedPassword = $this->userManager->generatePassword(10); $accountUser->setPlainPassword($generatedPassword); } if ($this->form->get('sendEmail')->getData()) { $this->userManager->sendWelcomeEmail($accountUser); } } $token = $this->securityContext->getToken(); if ($token instanceof OrganizationContextTokenInterface) { $organization = $token->getOrganizationContext(); $accountUser->setOrganization($organization)->addOrganization($organization); } $this->userManager->updateUser($accountUser); return true; } } return false; }
/** * Gets customer based on currently logged user. * * @return CustomerInterface|null */ public function getCustomer() { if ($this->securityContext->getToken() && $this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED') && $this->securityContext->getToken()->getUser() instanceof UserInterface) { return $this->securityContext->getToken()->getUser()->getCustomer(); } return null; }
/** * @param GetResponseEvent $event */ public function onCoreRequest(GetResponseEvent $event) { if (HttpKernel::MASTER_REQUEST != $event->getRequestType()) { return; } $token = $this->securityContext->getToken(); if (!$token) { return; } if (!$token instanceof UsernamePasswordToken) { return; } $key = $this->helper->getSessionKey($this->securityContext->getToken()); $request = $event->getRequest(); $session = $event->getRequest()->getSession(); $user = $this->securityContext->getToken()->getUser(); if (!$session->has($key)) { return; } if ($session->get($key) === true) { return; } $state = 'init'; if ($request->getMethod() == 'POST') { if ($this->helper->checkCode($user, $request->get('_code')) == true) { $session->set($key, true); return; } $state = 'error'; } $event->setResponse($this->templating->renderResponse('SonataUserBundle:Admin:Security/two_step_form.html.twig', array('state' => $state))); }
/** * Get the customer. * * @throws \RuntimeException * * @return \Sonata\Component\Customer\CustomerInterface */ public function get() { $customer = null; $user = null; if (true === $this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) { // user is authenticated $user = $this->securityContext->getToken()->getUser(); if (!$user instanceof UserInterface) { throw new \RuntimeException('User must be an instance of FOS\\UserBundle\\Model\\UserInterface'); } $customer = $this->customerManager->findOneBy(array('user' => $user->getId())); } if (!$customer) { $basket = $this->getBasket(); if ($basket && $basket->getCustomer()) { $customer = $basket->getCustomer(); } } if (!$customer) { $customer = $this->customerManager->create(); } if (!$customer->getLocale()) { $customer->setLocale($this->locale); } if ($user && $customer) { $customer->setUser($user); } return $customer; }
/** * This interface must be implemented by firewall listeners. * * @param GetResponseEvent $event */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); if (!$this->keyExtractor->hasKey($request)) { $response = new Response(); $response->setStatusCode(401); $event->setResponse($response); return; } $apiKey = $this->keyExtractor->extractKey($request); $token = new ApiKeyUserToken(); $token->setApiKey($apiKey); try { $authToken = $this->authenticationManager->authenticate($token); $this->securityContext->setToken($authToken); return; } catch (AuthenticationException $failed) { $token = $this->securityContext->getToken(); if ($token instanceof ApiKeyUserToken && $token->getCredentials() == $apiKey) { $this->securityContext->setToken(null); } $message = $failed->getMessage(); } $response = new Response(); $response->setContent($message); $response->setStatusCode(403); $event->setResponse($response); }
public function __construct(ItemFactory $navigationItemFactory, SecurityContextInterface $securityContext, EntityManager $entityManager, TitleServiceInterface $titleService) { $this->navItemFactory = $navigationItemFactory; $this->user = !$securityContext->getToken() || is_string($securityContext->getToken()->getUser()) ? null : $securityContext->getToken()->getUser(); $this->em = $entityManager; $this->titleService = $titleService; }
/** * Refresh organization context in token * * @param GetResponseEvent $event */ public function onKernelRequest(GetResponseEvent $event) { $token = $this->context->getToken(); if ($token instanceof OrganizationContextTokenInterface) { $token->setOrganizationContext($this->manager->getOrganizationById($token->getOrganizationContext()->getId())); } }
/** * Handles the authentication for user. * * @param GetResponseEvent $event The response event. * * @throws AuthenticationException When the request is not authenticated. * * @return void */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { return; } $token = new WsseUserToken($this->providerKey); $token->setUser($matches[1]); $token->setDigest($matches[2]); $token->setNonce($matches[3]); $token->setCreated($matches[4]); try { $authToken = $this->authenticationManager->authenticate($token); $this->securityContext->setToken($authToken); return; } catch (AuthenticationException $failed) { $failedMessage = 'WSSE Login failed for ' . $token->getUsername() . '. Because: ' . $failed->getMessage(); $token = $this->securityContext->getToken(); if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) { $this->securityContext->setToken(null); } // deny authentication with a '403 Forbidden' HTTP response $response = new Response(); $response->setStatusCode(403); $event->setResponse($response); return; } // by default deny authorization $response = new Response(); $response->setStatusCode(403); $event->setResponse($response); }
/** * Methode qui est déclenché après l'événement InteractiveLogin * qui est l'action de login dans la sécurité * @param InteractiveLoginEvent $event */ public function onAuthenticationSuccess(InteractiveLoginEvent $event) { $now = new \DateTime('now'); // récupére l'utilisateur courant connecté $user = $this->securityContext->getToken()->getUser(); //recupere tous les produits de l'utilisateur via le repository ProductRepository // et via getProductsQuantityIsLower() qui on une quantité < 5 $products = $this->em->getRepository('StoreBackendBundle:Product')->getProductsQuantityIsLower($user); //pour chaque produit foreach ($products as $product) { // si la quantité du produit est égal à 1 if ($product->getQuantity() == 1) { $this->notification->notify($product->getId(), 'Attention, votre produit ' . $product->getTitle() . ' a une seule quantité', 'product', 'danger'); } else { $this->notification->notify($product->getId(), 'Attention, votre produit ' . $product->getTitle() . ' a quantité bientot épuisé', 'product', 'warning'); } } // declencher une notification dans mes produits $date = $user->getDateAuth(); $oldyear = new \DateTime('-2 month'); $route = 'store_backend_index'; // Long time to control use account if ($date < $oldyear || !$date) { $this->session->set('first', true); $route = 'store_backend_jeweler_myaccount'; } // met à jour la date de connexion de l'utilisateur $user->setDateAuth($now); //enregistre mon utilisateur avec sa date modifié $this->em->persist($user); $this->em->flush(); return new RedirectResponse($this->router->generate($route)); }
/** * @param string $attributes * @param $object * * @return bool */ public function isGranted($attributes, $object) { if (!is_object($object) && !is_string($object)) { return false; } $objectIdentity = null; /** @var Owned $object */ if (is_object($object)) { $objectIdentity = get_class($object); $user = $this->securityContext->getToken()->getUser(); $objectOwner = $object->getOwner(); if ($attributes == 'EDIT' || $attributes == 'DELETE' || $attributes == 'VIEW') { if ($objectOwner->isDiamanteUser()) { $ownerId = $this->diamanteUserRepository->findUserByEmail($user->getUserName())->getId(); if ($ownerId != $objectOwner->getId()) { return false; } } } } if (is_string($object)) { $objectIdentity = $object; } if (array_key_exists($objectIdentity, $this->permissionsMap)) { if (in_array($attributes, $this->permissionsMap[$objectIdentity])) { return true; } } return false; }
/** * Handles basic authentication. * * @param GetResponseEvent $event A GetResponseEvent instance */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); if (false === ($username = $request->headers->get('PHP_AUTH_USER', false))) { return; } if (null !== ($token = $this->securityContext->getToken())) { if ($token instanceof OrganizationContextTokenInterface && $token->isAuthenticated() && $token->getUsername() === $username) { return; } } $this->logProcess($username); try { $organizationId = $request->headers->get('PHP_AUTH_ORGANIZATION'); if ($organizationId) { $authToken = new UsernamePasswordOrganizationToken($username, $request->headers->get('PHP_AUTH_PW'), $this->providerKey, $this->manager->getOrganizationById($organizationId)); } else { $authToken = new UsernamePasswordToken($username, $request->headers->get('PHP_AUTH_PW'), $this->providerKey); } $this->securityContext->setToken($this->authenticationManager->authenticate($authToken)); } catch (AuthenticationException $failed) { $token = $this->securityContext->getToken(); if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) { $this->securityContext->setToken(null); } $this->logError($username, $failed->getMessage()); if ($this->ignoreFailure) { return; } $event->setResponse($this->authenticationEntryPoint->start($request, $failed)); } }
/** * @param GenerateKeyEvent $event */ public function onGenerateKey(GenerateKeyEvent $event) { $token = $this->securityContext->getToken(); if (!$token instanceof \FOS\OAuthServerBundle\Security\Authentication\Token\OAuthToken) { return; } $event->addToKey($token->getToken()); }
public function isOroUser() { $token = $this->securityContext->getToken(); if (!$token) { return false; } return $token->getUser() instanceof User; }
protected function initAdminListConfigurator() { $this->em = $this->getEntityManager(); $this->locale = $this->getRequest()->getLocale(); $this->securityContext = $this->container->get('security.context'); $this->user = $this->securityContext->getToken()->getUser(); $this->aclHelper = $this->container->get('kunstmaan_admin.acl.helper'); }
/** * Gets logged user object or null * * @return mixed */ public function getLoggedUser() { if (null === ($token = $this->securityContext->getToken())) { return null; } $user = $token->getUser(); return $user; }
/** * Get a user from the Security Context * * @return \Symfony\Component\Security\Core\User\UserInterface|null * * @see Symfony\Component\Security\Core\Authentication\Token\TokenInterface::getUser() */ protected function getUser() { $token = $this->securityContext->getToken(); if (null === $token || !is_object($user = $token->getUser())) { return null; } return $user; }
/** * @return UserInterface * @throws AccessDeniedException */ public function getAuthenticatedUser() { $user = $this->securityContext->getToken()->getUser(); if (!$user instanceof UserInterface) { throw new AccessDeniedException('Must be logged in with a User instance'); } return $user; }
/** * {@inheritdoc} */ public function execute(BlockContextInterface $blockContext, Response $response = null) { $user_current = $this->securityContext->getToken()->getUser(); $info = $this->em->getRepository("ApplicationSonataUserBundle:Matching")->lastMatchingFromUser($user_current); // merge settings $settings = array_merge($this->getDefaultSettings(), $blockContext->getSettings()); return $this->renderResponse($blockContext->getTemplate(), array('block' => $blockContext->getBlock(), 'base_template' => $this->pool->getTemplate('layout'), 'info' => $info, 'settings' => $blockContext->getSettings()), $response); }
/** * @param FormInterface $form * @param string $entityName */ protected function fillEmailTemplateChoices(FormInterface $form, $entityName) { /** @var UsernamePasswordOrganizationToken $token */ $token = $this->securityContext->getToken(); FormUtils::replaceField($form, 'template', ['selectedEntity' => $entityName, 'query_builder' => function (EmailTemplateRepository $templateRepository) use($entityName, $token) { return $templateRepository->getEntityTemplatesQueryBuilder($entityName, $token->getOrganizationContext()); }], ['choice_list', 'choices']); }
/** * Gets the current authenticated user * * @return ParticipantInterface */ public function getAuthenticatedParticipant() { $participant = $this->securityContext->getToken()->getUser(); if (!$participant instanceof ParticipantInterface) { throw new AccessDeniedException('Must be logged in with a ParticipantInterface instance'); } return $participant; }