/** * Checks the given token for validity and sets the token authentication status * accordingly (success, wrong credentials or no credentials given). * * @param TokenInterface $authenticationToken The token to be authenticated * @return void * @throws UnsupportedAuthenticationTokenException */ public function authenticate(TokenInterface $authenticationToken) { if (!$authenticationToken instanceof UsernamePassword) { throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840); } /** @var $account Account */ $account = null; $credentials = $authenticationToken->getCredentials(); if ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN); } if (!is_array($credentials) || !isset($credentials['username']) || !isset($credentials['password'])) { return; } $providerName = $this->name; $accountRepository = $this->accountRepository; $this->securityContext->withoutAuthorizationChecks(function () use($credentials, $providerName, $accountRepository, &$account) { $account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $providerName); }); $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS); if ($account === null) { $this->hashService->validatePassword($credentials['password'], 'bcrypt=>$2a$14$DummySaltToPreventTim,.ingAttacksOnThisProvider'); return; } if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) { $account->authenticationAttempted(TokenInterface::AUTHENTICATION_SUCCESSFUL); $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); $authenticationToken->setAccount($account); } else { $account->authenticationAttempted(TokenInterface::WRONG_CREDENTIALS); } $this->accountRepository->update($account); $this->persistenceManager->whitelistObject($account); }
/** * Returns TRUE if the given token can be authenticated by this provider * * @param TokenInterface $authenticationToken The token that should be authenticated * @return boolean TRUE if the given token class can be authenticated by this provider */ public function canAuthenticate(TokenInterface $authenticationToken) { if ($authenticationToken->getAuthenticationProviderName() === $this->name) { return true; } else { return false; } }
/** * Sets isAuthenticated to TRUE for all tokens. * * @param TokenInterface $authenticationToken The token to be authenticated * @return void */ public function authenticate(TokenInterface $authenticationToken) { $authenticationToken->setAuthenticationStatus($this->authenticationStatus); if ($this->authenticationStatus === TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAccount($this->account); } else { $authenticationToken->setAccount(null); } }
/** * Sets isAuthenticated to TRUE for all tokens. * * @param TokenInterface $authenticationToken The token to be authenticated * @return void * @throws UnsupportedAuthenticationTokenException */ public function authenticate(TokenInterface $authenticationToken) { if (!$authenticationToken instanceof PasswordToken) { throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840); } $credentials = $authenticationToken->getCredentials(); if (is_array($credentials) && isset($credentials['password'])) { if ($this->hashService->validatePassword($credentials['password'], $this->fileBasedSimpleKeyService->getKey($this->options['keyName']))) { $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); $account = new Account(); $roles = []; foreach ($this->options['authenticateRoles'] as $roleIdentifier) { $roles[] = $this->policyService->getRole($roleIdentifier); } $account->setRoles($roles); $authenticationToken->setAccount($account); } else { $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS); } } elseif ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN); } }
/** * Evaluates any RequestPatterns of the given token to determine whether it is active for the current request * - If no RequestPattern is configured for this token, it is active * - Otherwise it is active only if at least one configured RequestPattern per type matches the request * * @param TokenInterface $token * @return bool TRUE if the given token is active, otherwise FALSE */ protected function isTokenActive(TokenInterface $token) { if (!$token->hasRequestPatterns()) { return true; } $requestPatternsByType = []; /** @var $requestPattern RequestPatternInterface */ foreach ($token->getRequestPatterns() as $requestPattern) { $patternType = TypeHandling::getTypeForValue($requestPattern); if (isset($requestPatternsByType[$patternType]) && $requestPatternsByType[$patternType] === true) { continue; } $requestPatternsByType[$patternType] = $requestPattern->matchRequest($this->request); } return !in_array(false, $requestPatternsByType, true); }