public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $wsseHeader = $request->headers->get(self::WSSE_HEADER, false); if (!$wsseHeader || 1 !== preg_match(self::WSSE_REGEX, $wsseHeader, $matches)) { $event->setResponse(new Response('', Response::HTTP_FORBIDDEN, array('WWW-Authenticate' => 'WSSE realm="webservice", profile="ApplicationToken"'))); return; } $token = new TelenorUserToken($this->providerKey, $matches[2], $matches[3], $matches[4]); $token->setUser($matches[1]); try { $authenticatedToken = $this->authenticationManager->authenticate($token); $this->securityContext->setToken($authenticatedToken); return; } catch (NonceExpiredException $failed) { $this->logger->debug("Nonce expired: " . $wsseHeader); } catch (AuthenticationException $failed) { $this->logger->debug("Authentication failed: " . $failed->getMessage()); } $token = $this->securityContext->getToken(); if ($token instanceof TelenorUserToken) { $this->securityContext->setToken(null); } $response = new Response("", Response::HTTP_UNAUTHORIZED, array(Headers::LOCATION => $this->router->generate('telenor.authentication.login'))); $event->setResponse($response); }
/** * @param TelenorUserToken $token * @return bool true if token is not expired * @throws NonceExpiredException if the token is expired */ private function validateIfTokenIsNotExpired(TelenorUserToken $token) { // Check created time is not in the future if (strtotime($token->getCreated()) > time()) { $this->logger->debug("WSSE Token generated for future time: " . $token->getCreated()); throw new NonceExpiredException("WSSE Token generated for future time: " . $token->getCreated()); } // Expire timestamp after 5 minutes if (time() - strtotime($token->getCreated()) > 300) { $this->logger->debug("WSSE Token expired: " . $token->getCreated()); throw new NonceExpiredException("WSSE Token expired: " . $token->getCreated()); } // Validate that the nonce is *not* used in the last 5 minutes // if it has, this could be a replay attack if (file_exists($this->cacheDir . '/' . $token->getNonce()) && (int) file_get_contents($this->cacheDir . '/' . $token->getNonce()) + 300 > time()) { $this->logger->debug("Previously used nonce detected: " . $token->getNonce()); throw new NonceExpiredException("Previously used nonce detected: " . $token->getNonce()); } return true; }