/** * @expectedException \Symfony\Component\Security\Core\Exception\CredentialsExpiredException */ public function testCheckPostAuthCredentialsExpired() { $checker = new UserChecker(); $account = $this->getMock('Symfony\\Component\\Security\\Core\\User\\AdvancedUserInterface'); $account->expects($this->once())->method('isCredentialsNonExpired')->will($this->returnValue(false)); $checker->checkPostAuth($account); }
/** * Attempts to authenticate a TokenInterface object. * * @param TokenInterface $token The TokenInterface instance to authenticate * * @return TokenInterface An authenticated TokenInterface instance, never null * * @throws AuthenticationException if the authentication fails */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } $user = $token->getUser(); /** @var ApiToken $token */ if ($this->key !== $token->getKey()) { throw new BadCredentialsException('The presented key does not match.'); } $this->userChecker->checkPostAuth($user); $authenticatedToken = new ApiToken($user->getRoles(), $this->providerId, $this->key); $authenticatedToken->setUser($user); $authenticatedToken->setAttributes($token->getAttributes()); $authenticatedToken->setAuthenticated(true); return $authenticatedToken; }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } try { $tokenString = $token->getToken(); if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) { $scope = $accessToken->getScope(); $user = $accessToken->getUser(); if (null !== $user) { try { $this->userChecker->checkPreAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } $roles = null !== $user ? $user->getRoles() : array(); if (!empty($scope)) { foreach (explode(' ', $scope) as $role) { $roles[] = 'ROLE_' . strtoupper($role); } } $token = new OAuthToken($roles); $token->setAuthenticated(true); $token->setToken($tokenString); if (null !== $user) { try { $this->userChecker->checkPostAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } return $token; } } catch (OAuth2ServerException $e) { if (!method_exists('Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException', 'setToken')) { // Symfony 2.1 throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e); } throw new AuthenticationException('OAuth2 authentication failed', 0, $e); } throw new AuthenticationException('OAuth2 authentication failed'); }