コード例 #1
0
 /**
  * @inheritdoc
  */
 public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
 {
     /* @var PreAuthenticatedToken $token */
     $authToken = $token->getToken();
     if (empty($authToken)) {
         $authToken = 'NONE_PROVIDED';
     }
     $tokenEntity = $this->tokenManager->findById($authToken);
     if (!$tokenEntity) {
         throw new BadCredentialsException('Bad token');
     }
     if (true === $this->tokenManager->isExpired($tokenEntity)) {
         throw new TokenExpiredException('Token expired');
     }
     $user = $this->retrieveUser($userProvider, $tokenEntity);
     if (!$user instanceof UserInterface) {
         throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.');
     }
     try {
         $this->userChecker->checkPreAuth($user);
         $this->checkAuthentication($user, $tokenEntity, $token);
         $this->userChecker->checkPostAuth($user);
     } catch (BadCredentialsException $e) {
         throw new BadCredentialsException('Bad credentials', 0, $e);
     }
     $authenticatedToken = new PreAuthenticatedToken($token->getToken(), $providerKey, $user->getRoles());
     $authenticatedToken->setUser($user);
     $authenticatedToken->setAttributes($token->getAttributes());
     return $authenticatedToken;
 }
コード例 #2
0
 /**
  * {@inheritdoc}
  */
 public function handle(GetResponseEvent $event)
 {
     $request = $event->getRequest();
     $session = $request->getSession();
     if ($session->has('wls_response')) {
         // There's a Raven response to process
         $token = RavenUserToken::factory($session->get('wls_response'));
         $session->remove('wls_response');
         if (null !== $this->logger) {
             $this->logger->debug('Found WLS response', array('CRSid' => $token->getUsername()));
         }
         if (rawurldecode($token->getAttribute('url')) !== $request->getUri()) {
             throw new RavenException('URL mismatch');
         }
         switch ($token->getAttribute('status')) {
             case 200:
                 // Successful authentication
                 break;
             case 410:
                 throw new AuthenticationCancelledException();
                 break;
             default:
                 switch ($token->getAttribute('status')) {
                     case 510:
                         $message = 'No mutually acceptable authentication types available';
                         break;
                     case 520:
                         $message = 'Unsupported protocol version';
                         break;
                     case 530:
                         $message = 'General request parameter error';
                         break;
                     case 540:
                         $message = 'Interaction would be required';
                         break;
                     case 560:
                         $message = 'WAA not authorised';
                         break;
                     case 570:
                         $message = 'Authentication declined';
                         break;
                     default:
                         $message = null;
                         break;
                 }
                 throw new RavenException($message, $token->getAttribute('status'));
                 break;
         }
         $token = $this->authenticationManager->authenticate($token);
         $this->tokens->setToken($token);
         $this->dispatcher->dispatch(RavenEvents::LOGIN, new InteractiveLoginEvent($request, $token));
     } elseif ($this->tokens->getToken() != null && $this->tokens->getToken()->getUser() instanceof UserInterface) {
         // The user is already logged in
     } else {
         $this->requestAuthentication($event, $request->getUri());
     }
 }
コード例 #3
0
 /**
  * @param TokenInterface $token
  *
  * @return OAuthToken|TokenInterface
  * @throws \Symfony\Component\Security\Core\Exception\AuthenticationException
  */
 public function authenticate(TokenInterface $token)
 {
     try {
         $tokenString = $token->getToken();
         $user = $this->userProvider->loadUserByToken($tokenString);
         $token = new OAuthToken($user->getRoles());
         $token->setToken($tokenString);
         $token->setUser($user);
         $token->setAuthenticated(true);
         return $token;
     } catch (\Exception $e) {
         if ($this->logger) {
             $this->logger->alert('Can not authenticate user', array('message' => $e->getMessage()));
         }
     }
     throw new AuthenticationException('The OAuth authentication failed.');
 }
コード例 #4
0
 private function logAccessToken(ActionLog $log, TokenInterface $token)
 {
     if (!$token instanceof OAuthToken) {
         return;
     }
     $accessTokenRepo = $this->em->getRepository('LoginCidadaoOAuthBundle:AccessToken');
     $accessToken = $accessTokenRepo->findOneBy(array('token' => $token->getToken()));
     $log->setAccessToken($token->getToken());
     $log->setClientId($accessToken->getClient()->getId());
     $log->setUserId($accessToken->getUser()->getId());
 }