/**
* @param SamlToken $token
* @return TokenInterface|void
*/
public function authenticate(TokenInterface $token)
{
$translatedAssertion = $this->attributeDictionary->translate($token->assertion);
$nameId = $translatedAssertion->getNameID();
$institution = $translatedAssertion->getAttribute('schacHomeOrganization');
$email = $translatedAssertion->getAttribute('mail');
$commonName = $translatedAssertion->getAttribute('commonName');
$identity = $this->identityService->findByNameIdAndInstitution($nameId, $institution);
if ($identity === null) {
$identity = new Identity();
$identity->id = Uuid::generate();
$identity->nameId = $nameId;
$identity->institution = $institution;
$identity->email = $email;
$identity->commonName = $commonName;
$identity->preferredLocale = $this->preferredLocaleProvider->providePreferredLocale();
$this->identityService->createIdentity($identity);
} elseif ($identity->email !== $email || $identity->commonName !== $commonName) {
$identity->email = $email;
$identity->commonName = $commonName;
$this->identityService->updateIdentity($identity);
}
$authenticatedToken = new SamlToken(['ROLE_USER']);
$authenticatedToken->setUser($identity);
return $authenticatedToken;
}
/**
* @param string $identityId
* @param string $stepupProvider
* @param string $gssfId
* @return string|null
*/
public function provePossession($identityId, $stepupProvider, $gssfId)
{
$command = new ProveGssfPossessionCommand();
$command->identityId = $identityId;
$command->secondFactorId = Uuid::generate();
$command->stepupProvider = $stepupProvider;
$command->gssfId = $gssfId;
$result = $this->commandService->execute($command);
return $result->isSuccessful() ? $command->secondFactorId : null;
}
/**
* @param VerifyYubikeyOtpCommand $command
* @return ProofOfPossessionResult
*/
public function provePossession(VerifyYubikeyOtpCommand $command)
{
$verificationResult = $this->yubikeyService->verify($command);
if (!$verificationResult->isSuccessful()) {
if ($verificationResult->isClientError()) {
return ProofOfPossessionResult::invalidOtp();
} elseif ($verificationResult->isServerError()) {
return ProofOfPossessionResult::otpVerificationFailed();
}
throw new RuntimeException('Unexpected Verification result, result is not successful but has neither client nor server error');
}
$secondFactorId = Uuid::generate();
$otp = YubikeyOtp::fromString($command->otp);
$publicId = YubikeyPublicId::fromOtp($otp);
$provePossessionCommand = new ProveYubikeyPossessionCommand();
$provePossessionCommand->identityId = $command->identity;
$provePossessionCommand->secondFactorId = $secondFactorId;
$provePossessionCommand->yubikeyPublicId = $publicId->getYubikeyPublicId();
$result = $this->commandService->execute($provePossessionCommand);
if (!$result->isSuccessful()) {
return ProofOfPossessionResult::proofOfPossessionCommandFailed();
}
return ProofOfPossessionResult::secondFactorCreated($secondFactorId);
}
/**
* @param VerifySmsChallengeCommand $challengeCommand
* @return ProofOfPossessionResult
*/
public function provePossession(VerifySmsChallengeCommand $challengeCommand)
{
$stepupCommand = new VerifyPossessionOfPhoneCommand();
$stepupCommand->challenge = $challengeCommand->challenge;
$verification = $this->smsSecondFactorService->verifyPossession($stepupCommand);
if ($verification->didOtpExpire()) {
return ProofOfPossessionResult::challengeExpired();
} elseif ($verification->wasAttemptedTooManyTimes()) {
return ProofOfPossessionResult::tooManyAttempts();
} elseif (!$verification->wasSuccessful()) {
return ProofOfPossessionResult::incorrectChallenge();
}
$command = new ProvePhonePossessionCommand();
$command->identityId = $challengeCommand->identity;
$command->secondFactorId = Uuid::generate();
$command->phoneNumber = $verification->getPhoneNumber();
$result = $this->commandService->execute($command);
if (!$result->isSuccessful()) {
return ProofOfPossessionResult::proofOfPossessionCommandFailed();
}
return ProofOfPossessionResult::secondFactorCreated($command->secondFactorId);
}
