/** * @param string $username * @param string $passwordToken * @return NULL|User */ public function authenticateWithToken($username, $passwordToken) { try { $user = $this->repository->findByUsername($username); } catch (NotFound $e) { return null; } if (!StringHelper::equals($this->createPasswordToken($user), $passwordToken)) { return null; } return $user; }
public function isValid($intention, $token) { if (strpos($token, '-') === false) { return false; } list($timestamp, $_hash) = explode('-', $token, 2); if (!is_numeric($timestamp)) { return false; } $timestamp = (int) $timestamp; if ($timestamp > time() || $timestamp + $this->validityTime < time()) { return false; } return StringHelper::equals($this->generateToken($intention, $timestamp), $token); }
private function getCookieData(Request $request) { if (!$request->cookies->has(self::COOKIE_NAME)) { return null; } $base64 = $request->cookies->get(self::COOKIE_NAME); $json = base64_decode($base64); if ($json === false) { return null; } $data = json_decode($json, true, 3); if (!is_array($data)) { return null; } if (!isset($data[self::FIELD_SIGNATURE]) || !isset($data[self::FIELD_PAYLOAD]) || !is_array($data[self::FIELD_PAYLOAD])) { return null; } $payload = $data[self::FIELD_PAYLOAD]; $signature = $data[self::FIELD_SIGNATURE]; foreach (array(self::FIELD_PAYLOAD_USERNAME, self::FIELD_PAYLOAD_TOKEN, self::FIELD_CREATION_TIME) as $k) { if (!isset($payload[$k])) { return null; } } //See if we can trust that the data hasn't been tampered with. if (!StringHelper::equals($this->sign($payload), $signature)) { return null; } return $payload; }