/** * {@inheritdoc} */ protected function attemptAuthentication(Request $request) { if ($this->options['post_only'] && 'post' !== strtolower($request->getMethod())) { if (null !== $this->logger) { $this->logger->debug(sprintf('Authentication method not supported: %s.', $request->getMethod())); } return null; } if (null !== $this->csrfProvider) { $csrfToken = $request->get($this->options['csrf_parameter'], null, true); if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) { throw new InvalidCsrfTokenException('Invalid CSRF token.'); } } if (null !== $this->recaptcha && false === $this->recaptchaDisabled) { try { if (true !== $this->recaptcha->checkAnswer($request->server->get('REMOTE_ADDR'), $request->get($this->recaptcha->getChallengeField()), $request->get($this->recaptcha->getResponseField()))) { throw new InvalidRecaptchaException('Invalid captcha.'); } } catch (Exception $e) { throw new AuthenticationException('Invalid captcha.', null, null, $e); } } $username = trim($request->get($this->options['username_parameter'], null, true)); $password = $request->get($this->options['password_parameter'], null, true); $request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username); return $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $password, $this->providerKey)); }
/** * @param GetResponseEvent $event */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); if (!$request->headers->has('cookie')) { return; } if (strstr($request->headers->get('cookie'), 'SimpleSAMLAuthToken') === false) { return; } if (!$request->query->has('csrf-token')) { $this->logger->notice('Ssp Firewall: Auth Token cookie but no CSRF Token'); return; } $csrfToken = $request->query->getAlnum('csrf-token'); if (!$this->csrfProvider->isCsrfTokenValid('api', $csrfToken)) { $this->logger->notice('Ssp Firewall: Invalid CSRF token for api use: ' . $csrfToken); return; } try { $authToken = $this->authenticationManager->authenticate(new SspToken()); $this->securityContext->setToken($authToken); } catch (AuthenticationException $failed) { $this->logger->warning('Ssp Firewall: failed:' . $failed->getMessage()); $token = $this->securityContext->getToken(); if ($token instanceof SspToken) { $this->securityContext->setToken(null); } return; } }
public function onBindClientData(DataEvent $event) { $form = $event->getForm(); $data = $event->getData(); if ((!$form->hasParent() || $form->getParent()->isRoot()) && !$this->csrfProvider->isCsrfTokenValid($this->intention, $data)) { $form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form')); // If the session timed out, the token is invalid now. // Regenerate the token so that a resubmission is possible. $event->setData($this->csrfProvider->generateCsrfToken($this->intention)); } }
public function onBindClientData(FilterDataEvent $event) { $form = $event->getForm(); $data = $event->getData(); if ($form->isRoot() && $form->hasChildren() && isset($data[$this->fieldName])) { if (!$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) { $form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form')); } unset($data[$this->fieldName]); } $event->setData($data); }
public function preBind(FormEvent $event) { $form = $event->getForm(); $data = $event->getData(); if ($form->isRoot() && $form->getConfig()->getOption('compound')) { if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) { $form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form.')); } unset($data[$this->fieldName]); } $event->setData($data); }
/** * This method validates CSRF token if CSRF protection is enabled. * * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event * * @throws \eZ\Publish\Core\Base\Exceptions\UnauthorizedException */ public function onKernelRequest(GetResponseEvent $event) { if (!$this->container->getParameter('form.type_extension.csrf.enabled')) { return; } // skip CSRF validation if no session is running if (!$event->getRequest()->getSession()->isStarted()) { return; } if ($event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST) { return; } if (!$this->isRestRequest($event->getRequest())) { return; } if (in_array($event->getRequest()->getMethod(), array('GET', 'HEAD'))) { return; } // TODO: add CSRF token to protect against force-login attacks if ($event->getRequest()->get("_route") == "ezpublish_rest_createSession") { return; } if (!$event->getRequest()->headers->has(self::CSRF_TOKEN_HEADER) || !$this->csrfProvider->isCsrfTokenValid($this->container->getParameter('ezpublish_rest.csrf_token_intention'), $event->getRequest()->headers->get(self::CSRF_TOKEN_HEADER))) { throw new UnauthorizedException("Missing or invalid CSRF token", $event->getRequest()->getMethod() . " " . $event->getRequest()->getPathInfo()); } // Dispatching event so that CSRF token intention can be injected into Legacy Stack /** @var \Symfony\Component\EventDispatcher\EventDispatcherInterface $eventDispatcher */ $eventDispatcher = $this->container->get("event_dispatcher"); $eventDispatcher->dispatch(RestEvents::REST_CSRF_TOKEN_VALIDATED); }
/** * @param GetResponseEvent $event * * @return bool */ protected function checkCsrfToken(Request $request) { if (!$request->headers->has(self::CSRF_TOKEN_HEADER)) { return false; } return $this->csrfProvider->isCsrfTokenValid($this->csrfTokenIntention, $request->headers->get(self::CSRF_TOKEN_HEADER)); }
public function preSubmit(FormEvent $event) { $form = $event->getForm(); $data = $event->getData(); if ($form->isRoot() && $form->getConfig()->getOption('compound')) { if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) { $errorMessage = $this->errorMessage; if (null !== $this->translator) { $errorMessage = $this->translator->trans($errorMessage, array(), $this->translationDomain); } $form->addError(new FormError($errorMessage)); } if (is_array($data)) { unset($data[$this->fieldName]); } } $event->setData($data); }
/** * {@inheritdoc} */ protected function attemptAuthentication(Request $request) { $organization = $this->getOrganization($request->get($this->options['organization_parameter'], null, true)); if (null !== $this->csrfProvider) { $csrfToken = $request->get($this->options['csrf_parameter'], null, true); if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) { throw new InvalidCsrfTokenException('Invalid CSRF token.'); } } if ($this->options['post_only']) { $username = trim($request->request->get($this->options['username_parameter'], null, true)); $password = $request->request->get($this->options['password_parameter'], null, true); } else { $username = trim($request->get($this->options['username_parameter'], null, true)); $password = $request->get($this->options['password_parameter'], null, true); } $request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username); return $this->authenticationManager->authenticate(new UsernamePasswordOrganizationToken($username, $password, $this->providerKey, $organization, array())); }
/** * @param string $intention * @param string $token * @return boolean */ public function isTokenValid($intention, $token) { return $this->csrfProvider->isCsrfTokenValid($intention, $token); }
/** * {@inheritdoc} */ public function isTokenValid(CsrfToken $token) { return $this->csrfProvider->isCsrfTokenValid($token->getId(), $token->getValue()); }
public function validateRequest(Request $req) { if (!$this->csrf->isCsrfTokenValid(__CLASS__, $req->query->get(self::STATE_KEY, ''))) { throw new AuthenticationException("Invalid state"); } }
private function checkCSRFToken() { if (!$this->csrfProvider->isCsrfTokenValid($this->getConfiguration()->getCSRFIntention(), $this->getRequest()->get('_token'))) { throw new \Exception('Bad CSRF Token'); } }