/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } try { $tokenString = $token->getToken(); if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) { $scope = $accessToken->getScope(); $user = $accessToken->getUser(); $roles = null !== $user ? $user->getRoles() : array(); if (!empty($scope)) { foreach (explode(' ', $scope) as $role) { $roles[] = 'ROLE_' . strtoupper($role); } } $token = new OAuthToken($roles); $token->setAuthenticated(true); $token->setToken($tokenString); if (null !== $user) { $token->setUser($user); } return $token; } } catch (OAuth2ServerException $e) { throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e); } throw new AuthenticationException('OAuth2 authentication failed'); }
/** * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event The event. */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); if (null === ($oauthToken = $this->serverService->getBearerToken($event->getRequest(), true))) { //if it's null, then we try to regular authentication... $token = $this->handleCookie($event); if ($token) { $this->securityContext->setToken($token); return; } } $token = new OAuthToken(); $token->setToken($oauthToken); $returnValue = $this->authenticationManager->authenticate($token); try { $returnValue = $this->authenticationManager->authenticate($token); if ($returnValue instanceof TokenInterface) { return $this->securityContext->setToken($returnValue); } if ($returnValue instanceof Response) { return $event->setResponse($returnValue); } } catch (AuthenticationException $e) { if (null !== ($p = $e->getPrevious())) { $event->setResponse($p->getHttpResponse()); } } }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { /** @var OAuthToken $token */ if (!$this->supports($token)) { return null; } try { $tokenString = $token->getToken(); /** @var AccessToken $accessToken */ if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) { $userRepository = $this->entityManager->getRepository(ClassPath::USER); $scope = $accessToken->getScope(); /** @var User $user */ $user = $userRepository->find($accessToken->getUserId()); if (!empty($user)) { try { $this->userChecker->checkPreAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } $roles = null !== $user ? $user->getRoles() : array(); if (!empty($scope)) { foreach (explode(' ', $scope) as $role) { $roles[] = 'ROLE_' . strtoupper($role); } } $token = new OAuthToken($roles); $token->setAuthenticated(true); $token->setToken($tokenString); if (null !== $user) { try { $this->userChecker->checkPostAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } return $token; } } catch (OAuth2ServerException $e) { if (!method_exists('Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException', 'setToken')) { // Symfony 2.1 throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e); } throw new AuthenticationException('OAuth2 authentication failed', 0, $e); } throw new AuthenticationException('OAuth2 authentication failed'); }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } try { $tokenString = $token->getToken(); if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) { $scope = $accessToken->getScope(); $user = $accessToken->getUser(); if (null !== $user) { try { $this->userChecker->checkPreAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } $roles = null !== $user ? $user->getRoles() : array(); /* * This is the only modification from the base class. * We only add scopes if we're not connected as user. * Otherwise, if we support the scope admin, everyone will be admin if no scope are requested because fos-oauth2-lib * doesn't support different scope by clients (https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/issues/201) * This way, we can bypass this by creating 2 clients: 1 wich grant the password (and refresh) types * (and will require a user authentication) * One that grant pretty much all the rest. */ if (!$user) { if (!empty($scope)) { foreach (explode(' ', $scope) as $role) { $roles[] = 'ROLE_' . strtoupper($role); } } } $roles = array_unique($roles, SORT_REGULAR); $token = new OAuthToken($roles); $token->setAuthenticated(true); $token->setToken($tokenString); if (null !== $user) { try { $this->userChecker->checkPostAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } return $token; } } catch (OAuth2ServerException $e) { if (!method_exists('Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException', 'setToken')) { // Symfony 2.1 throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e); } throw new AuthenticationException('OAuth2 authentication failed', 0, $e); } throw new AuthenticationException('OAuth2 authentication failed'); }
private function tryOauthAuth(GetResponseEvent $event, $oauthToken) { $token = new OAuthToken(); $token->setToken($oauthToken); $returnValue = $this->authenticationManager->authenticate($token); try { $returnValue = $this->authenticationManager->authenticate($token); if ($returnValue instanceof TokenInterface) { return $this->securityContext->setToken($returnValue); } if ($returnValue instanceof Response) { return $event->setResponse($returnValue); } } catch (AuthenticationException $e) { if (null !== ($p = $e->getPrevious())) { $event->setResponse($p->getHttpResponse()); } } }
public function testAuthenticateWithEmptyScope() { $token = new OAuthToken(); $token->setToken('x'); $accessToken = new AccessToken(); $accessToken->setScope(''); $this->serverService->expects($this->once())->method('verifyAccessToken')->with('x')->will($this->returnValue($accessToken)); $result = $this->provider->authenticate($token); $this->assertNull($result->getUser()); $this->assertTrue($result->isAuthenticated()); $roles = $result->getRoles(); $this->assertCount(0, $roles); }