/**
*
* TODO: Add Recaptcha, but first:
* * add recaptcha config to newscoop preferences not in recaptcha plugin config
* * remove old recaptcha libraries
* * reenable failed logins counter here Newscoop\NewscoopBundle\Security\Http\Authentication\AuthenticationFailedHandler
* * clean code
*
* {@inheritdoc}
*/
protected function attemptAuthentication(Request $request)
{
if ($request->request->has('captcha_code', $request->query->has('captcha_code')) && \LoginAttempts::MaxLoginAttemptsExceeded()) {
if (false) {
throw new AuthenticationException($translator->trans("CAPTCHA code is not valid. Please try again.", array(), 'home'));
}
}
return parent::attemptAuthentication($request);
}
protected function attemptAuthentication(Request $request)
{
// check for a valid captcha here
// I am using the GregwarCaptchaBundle
// only shown when throttling in my case
$captcha = $request->request->get('login[recaptcha]', null, true);
if (null !== $captcha) {
$check = $request->getSession()->get('gcb_recaptcha');
if ($captcha !== $check['phrase']) {
throw new BadCredentialsException('Captcha is invalid');
}
}
return parent::attemptAuthentication($request);
}
/**
* @dataProvider getUsernameForLength
*/
public function testHandleWhenUsernameLength($username, $ok)
{
$request = Request::create('/login_check', 'POST', array('_username' => $username));
$request->setSession($this->getMockBuilder('Symfony\\Component\\HttpFoundation\\Session\\SessionInterface')->getMock());
$httpUtils = $this->getMockBuilder('Symfony\\Component\\Security\\Http\\HttpUtils')->getMock();
$httpUtils->expects($this->any())->method('checkRequestPath')->will($this->returnValue(true));
$failureHandler = $this->getMockBuilder('Symfony\\Component\\Security\\Http\\Authentication\\AuthenticationFailureHandlerInterface')->getMock();
$failureHandler->expects($ok ? $this->never() : $this->once())->method('onAuthenticationFailure')->will($this->returnValue(new Response()));
$authenticationManager = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationProviderManager')->disableOriginalConstructor()->getMock();
$authenticationManager->expects($ok ? $this->once() : $this->never())->method('authenticate')->will($this->returnValue(new Response()));
$listener = new UsernamePasswordFormAuthenticationListener($this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\Storage\\TokenStorageInterface')->getMock(), $authenticationManager, $this->getMockBuilder('Symfony\\Component\\Security\\Http\\Session\\SessionAuthenticationStrategyInterface')->getMock(), $httpUtils, 'TheProviderKey', $this->getMockBuilder('Symfony\\Component\\Security\\Http\\Authentication\\AuthenticationSuccessHandlerInterface')->getMock(), $failureHandler, array('require_previous_session' => false));
$event = $this->getMockBuilder('Symfony\\Component\\HttpKernel\\Event\\GetResponseEvent')->disableOriginalConstructor()->getMock();
$event->expects($this->any())->method('getRequest')->will($this->returnValue($request));
$listener->handle($event);
}
protected function attemptAuthentication(Request $request)
{
$options = $this->getFilter($request);
$accessSession = $this->registerAttempt($request);
$request->getSession()->set(Security::LAST_USERNAME, $options['username']);
$formType = 'LoginCidadao\\CoreBundle\\Form\\Type\\LoginFormType';
$check_captcha = $accessSession->getVal() >= $this->bruteForceThreshold;
$form = $this->formFactory->create($formType, null, compact('check_captcha'));
$form->handleRequest($request);
if (!$form->isValid()) {
$translator = $this->translator;
foreach ($form->getErrors() as $error) {
if ($error->getOrigin()->getName() === 'recaptcha') {
throw new RecaptchaException($error->getMessage());
}
throw new BadCredentialsException($translator->trans($error->getMessage()));
}
throw new BadCredentialsException();
}
return parent::attemptAuthentication($request);
}
/**
* {@inheritdoc}
* @SuppressWarnings(PHPMD.ExcessiveParameterList)
*/
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null)
{
parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, $options, $logger, $dispatcher, $csrfProvider);
$this->csrfProvider = $csrfProvider;
}
