Esempio n. 1
0
 /**
  * Handles digest authentication.
  *
  * @param GetResponseEvent $event A GetResponseEvent instance
  */
 public function handle(GetResponseEvent $event)
 {
     $request = $event->getRequest();
     echo '<pre>';
     print_r($_SERVER['PHP_AUTH_DIGEST']);
     echo '</pre>';
     if (!($header = $request->server->get('PHP_AUTH_DIGEST'))) {
         return;
     }
     $digestAuth = new DigestData($header);
     if (null !== ($token = $this->securityContext->getToken())) {
         if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $digestAuth->getUsername()) {
             return;
         }
     }
     if (null !== $this->logger) {
         $this->logger->debug(sprintf('Digest Authorization header received from user agent: %s', $header));
     }
     try {
         $digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
     } catch (BadCredentialsException $e) {
         $this->fail($event, $request, $e);
         return;
     }
     try {
         $user = $this->provider->loadUserByUsername($digestAuth->getUsername());
         if (null === $user) {
             throw new AuthenticationServiceException('AuthenticationDao returned null, which is an interface contract violation');
         }
         $serverDigestMd5 = $digestAuth->calculateServerDigest($user->getPassword(), $request->getMethod());
     } catch (UsernameNotFoundException $notFound) {
         $this->fail($event, $request, new BadCredentialsException(sprintf('Username %s not found.', $digestAuth->getUsername())));
         return;
     }
     if ($serverDigestMd5 !== $digestAuth->getResponse()) {
         if (null !== $this->logger) {
             $this->logger->debug(sprintf("Expected response: '%s' but received: '%s'; is AuthenticationDao returning clear text passwords?", $serverDigestMd5, $digestAuth->getResponse()));
         }
         $this->fail($event, $request, new BadCredentialsException('Incorrect response'));
         return;
     }
     if ($digestAuth->isNonceExpired()) {
         $this->fail($event, $request, new NonceExpiredException('Nonce has expired/timed out.'));
         return;
     }
     if (null !== $this->logger) {
         $this->logger->info(sprintf('Authentication success for user "%s" with response "%s"', $digestAuth->getUsername(), $digestAuth->getResponse()));
     }
     $this->securityContext->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey));
 }
Esempio n. 2
0
 /**
  * Handles digest authentication.
  *
  * @param GetResponseEvent $event A GetResponseEvent instance
  *
  * @throws AuthenticationServiceException
  */
 public function handle(GetResponseEvent $event)
 {
     $request = $event->getRequest();
     if (!($header = $request->server->get('PHP_AUTH_DIGEST'))) {
         return;
     }
     $digestAuth = new DigestData($header);
     if (null !== ($token = $this->tokenStorage->getToken())) {
         if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $digestAuth->getUsername()) {
             return;
         }
     }
     if (null !== $this->logger) {
         $this->logger->debug('Digest Authorization header received from user agent.', array('header' => $header));
     }
     try {
         $digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
     } catch (BadCredentialsException $e) {
         $this->fail($event, $request, $e);
         return;
     }
     try {
         $user = $this->provider->loadUserByUsername($digestAuth->getUsername());
         if (null === $user) {
             throw new AuthenticationServiceException('Digest User provider returned null, which is an interface contract violation');
         }
         $serverDigestMd5 = $digestAuth->calculateServerDigest($user->getPassword(), $request->getMethod());
     } catch (UsernameNotFoundException $e) {
         $this->fail($event, $request, new BadCredentialsException(sprintf('Username %s not found.', $digestAuth->getUsername())));
         return;
     }
     if ($serverDigestMd5 !== $digestAuth->getResponse()) {
         if (null !== $this->logger) {
             $this->logger->debug('Unexpected response from the DigestAuth received; is the header returning a clear text passwords?', array('expected' => $serverDigestMd5, 'received' => $digestAuth->getResponse()));
         }
         $this->fail($event, $request, new BadCredentialsException('Incorrect response'));
         return;
     }
     if ($digestAuth->isNonceExpired()) {
         $this->fail($event, $request, new NonceExpiredException('Nonce has expired/timed out.'));
         return;
     }
     if (null !== $this->logger) {
         $this->logger->info('Digest authentication successful.', array('username' => $digestAuth->getUsername(), 'received' => $digestAuth->getResponse()));
     }
     $this->tokenStorage->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey));
 }
Esempio n. 3
0
 public function testGetUsernameWithEscape()
 {
     $digestAuth = new DigestData('username="******"u\\ser\\"", realm="Welcome, robot!", ' . 'nonce="MTM0NzMyMTgyMy42NzkzOmRlZjM4NmIzOGNjMjE0OWJiNDU0MDAxNzJmYmM1MmZl", ' . 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", ' . 'response="b52938fc9e6d7c01be7702ece9031b42"');
     $this->assertEquals('"u\\ser"', $digestAuth->getUsername());
 }