/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } $translator = $this->factory->getTranslator(); $requestParameters = $token->getRequestParameters(); $requestMethod = $token->getRequestMethod(); $requestUrl = $token->getRequestUrl(); if ($this->serverService->validateRequest($requestParameters, $requestMethod, $requestUrl)) { $accessToken = $this->tokenProvider->loadAccessTokenByToken($requestParameters['oauth_token']); $user = $accessToken->getUser(); if (null !== $user) { //Recreate token to include user roles in order to be able to avoid CSRF checks with forms $token = new OAuthToken($user->getRoles()); $token->setRequestParameters($requestParameters); $token->setRequestMethod($requestMethod); $token->setRequestUrl($requestUrl); $token->setAuthenticated(true); $token->setUser($user); } return $token; } throw new AuthenticationException($translator->trans('mautic.api.oauth.auth.failed')); }
/** * @author William DURAND <*****@*****.**> * * @param GetResponseEvent $event * * @return void * @throws AuthenticationException * @throws HttpException */ public function handle(GetResponseEvent $event) { $apiMode = $this->factory->getParameter('api_mode'); if ($apiMode != 'oauth1') { return; } $request = $event->getRequest(); if (false === $request->attributes->get('oauth_request_parameters', false)) { return; } $token = new OAuthToken(); $token->setRequestParameters($request->attributes->get('oauth_request_parameters')); $token->setRequestMethod($request->attributes->get('oauth_request_method')); $token->setRequestUrl($request->attributes->get('oauth_request_url')); try { $returnValue = $this->authenticationManager->authenticate($token); if ($returnValue instanceof TokenInterface) { return $this->securityContext->setToken($returnValue); } elseif ($returnValue instanceof Response) { return $event->setResponse($returnValue); } } catch (AuthenticationException $e) { throw $e; } throw new HttpException(401); }