/**
* Validates the password for wsse.
*
* @param UserInterface $user The provided user.
* @param TokenInterface $token The created token.
*
* @return boolean
*
* @throws NonceExpiredException If the none is used again if the lifetime is expired.
*/
protected function validateDigest(UserInterface $user, TokenInterface $token)
{
$created = $token->getCreated();
$nonce = $token->getNonce();
// expired after the lifetime
if (time() - strtotime($created) > $this->lifetime) {
return false;
}
if ($this->filesystem->exists($this->cacheDir . '/' . $nonce) && file_get_contents($this->cacheDir . '/' . $nonce) + $this->lifetime > time()) {
throw new NonceExpiredException('Previously used nonce detected');
}
// if cache directory does not exist it will be created
if ($this->filesystem->exists($this->cacheDir) === false) {
$this->filesystem->mkdir($this->cacheDir, 0777);
}
$this->filesystem->dumpFile($this->cacheDir . '/' . $nonce, time());
$salt = base64_decode($nonce) . $created;
if (!$this->encoder->isPasswordValid($token->getDigest(), $user->getPassword(), $salt)) {
throw new BadCredentialsException('The presented password is invalid.');
}
return true;
}
