/** * {@inheritDoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } /* @var OAuthToken $token */ $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName()); $userResponse = $resourceOwner->getUserInformation($token->getRawToken()); try { $user = $this->userProvider->loadUserByOAuthUserResponse($userResponse); } catch (OAuthAwareExceptionInterface $e) { $e->setToken($token); $e->setResourceOwnerName($token->getResourceOwnerName()); throw $e; } if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('loadUserByOAuthUserResponse() must return a UserInterface.'); } try { $this->userChecker->checkPreAuth($user); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $e); } throw $e; } $token = new OAuthToken($token->getRawToken(), $user->getRoles()); $token->setResourceOwnerName($resourceOwner->getName()); $token->setUser($user); $token->setAuthenticated(true); return $token; }
/** * {@inheritDoc} */ public function authenticate(TokenInterface $token) { $ownerName = $token->getResourceOwnerName(); $oauthUtil = $this->container->get('glory_oauth.util.token2oauth'); $oauth = $oauthUtil->generate($token); $connect = $this->container->get('glory_oauth.connect'); if (!($user = $connect->getConnect($oauth))) { if ($this->container->getParameter('glory_oauth.auto_register')) { $user = $connect->connect($oauth); } else { $key = time(); $this->container->get('session')->set('glory_oauth.connect.oauth.' . $key, [$oauth->getOwner(), $oauth->getUsername()]); $url = $this->container->get('router')->generate('glory_oauth_register', ['key' => $key]); return new RedirectResponse($url); } } if (!$user instanceof UserInterface) { throw new BadCredentialsException(''); } try { $this->userChecker->checkPreAuth($user); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $e); } throw $e; } $token = new OAuthToken($token->getRawToken(), $user->getRoles()); $token->setOwnerName($ownerName); $token->setUser($user); $token->setAuthenticated(true); return $token; }
/** * @inheritdoc */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { /* @var PreAuthenticatedToken $token */ $authToken = $token->getToken(); if (empty($authToken)) { $authToken = 'NONE_PROVIDED'; } $tokenEntity = $this->tokenManager->findById($authToken); if (!$tokenEntity) { throw new BadCredentialsException('Bad token'); } if (true === $this->tokenManager->isExpired($tokenEntity)) { throw new TokenExpiredException('Token expired'); } $user = $this->retrieveUser($userProvider, $tokenEntity); if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.'); } try { $this->userChecker->checkPreAuth($user); $this->checkAuthentication($user, $tokenEntity, $token); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { throw new BadCredentialsException('Bad credentials', 0, $e); } $authenticatedToken = new PreAuthenticatedToken($token->getToken(), $providerKey, $user->getRoles()); $authenticatedToken->setUser($user); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; }
/** * {@inheritDoc} */ public function login(UserInterface $user, $firewallName = 'main') { $this->userChecker->checkPreAuth($user); $token = new UsernamePasswordToken($user, null, $firewallName, $user->getRoles()); $this->securityContext->setToken($token); $this->eventDispatcher->dispatch(UserEvents::SECURITY_IMPLICIT_LOGIN, new UserEvent($user)); }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } try { $tokenString = $token->getToken(); if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) { $scope = $accessToken->getScope(); $user = $accessToken->getUser(); if (null !== $user) { try { $this->userChecker->checkPreAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } $roles = null !== $user ? $user->getRoles() : array(); /* * This is the only modification from the base class. * We only add scopes if we're not connected as user. * Otherwise, if we support the scope admin, everyone will be admin if no scope are requested because fos-oauth2-lib * doesn't support different scope by clients (https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/issues/201) * This way, we can bypass this by creating 2 clients: 1 wich grant the password (and refresh) types * (and will require a user authentication) * One that grant pretty much all the rest. */ if (!$user) { if (!empty($scope)) { foreach (explode(' ', $scope) as $role) { $roles[] = 'ROLE_' . strtoupper($role); } } } $roles = array_unique($roles, SORT_REGULAR); $token = new OAuthToken($roles); $token->setAuthenticated(true); $token->setToken($tokenString); if (null !== $user) { try { $this->userChecker->checkPostAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } return $token; } } catch (OAuth2ServerException $e) { if (!method_exists('Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException', 'setToken')) { // Symfony 2.1 throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e); } throw new AuthenticationException('OAuth2 authentication failed', 0, $e); } throw new AuthenticationException('OAuth2 authentication failed'); }
/** * {@inheritdoc} */ public function login(UserInterface $user, $firewallName = 'main') { $this->userChecker->checkPreAuth($user); $this->userChecker->checkPostAuth($user); $token = $this->createToken($user, $firewallName); if (!$token->isAuthenticated()) { throw new AuthenticationException('Unauthenticated token'); } $this->tokenStorage->setToken($token); $this->eventDispatcher->dispatch(UserEvents::SECURITY_IMPLICIT_LOGIN, new UserEvent($user)); }
/** * {@InheritDoc} */ public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); $isUser = $user instanceof UserInterface; if (!$isUser) { throw new WsseAuthenticationException('User not found.'); } $this->userChecker->checkPreAuth($user); if (!$this->digestValidator->validateDigest($token, $user)) { throw new WsseAuthenticationException('Invalid Digest.'); } $this->userChecker->checkPostAuth($user); $authenticatedToken = new WsseUserToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } $username = $token->getUsername(); if (empty($username)) { $username = '******'; } try { $user = $this->retrieveUser($username, $token); } catch (UsernameNotFoundException $notFound) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials.', 0, $notFound); } $notFound->setUsername($username); throw $notFound; } if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.'); } try { $this->userChecker->checkPreAuth($user); $this->checkAuthentication($user, $token); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials.', 0, $e); } throw $e; } $authenticatedToken = new AsnUsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $this->getRoles($user, $token), $token->getAsn()); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } try { $tokenString = $token->getToken(); if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) { $scope = $accessToken->getScope(); $user = $accessToken->getUser(); if (null !== $user) { try { $this->userChecker->checkPreAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } $roles = null !== $user ? $user->getRoles() : array(); if (!empty($scope)) { foreach (explode(' ', $scope) as $role) { $roles[] = 'ROLE_' . strtoupper($role); } } $roles = array_unique($roles); $token = new OAuthToken($roles); $token->setAuthenticated(true); $token->setToken($tokenString); if (null !== $user) { try { $this->userChecker->checkPostAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } return $token; } } catch (OAuth2ServerException $e) { if (!method_exists('Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException', 'setToken')) { // Symfony 2.1 throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e); } throw new AuthenticationException('OAuth2 authentication failed', 0, $e); } throw new AuthenticationException('OAuth2 authentication failed'); }
function it_logs_user_in(TokenStorageInterface $tokenStorage, UserCheckerInterface $userChecker, EventDispatcherInterface $eventDispatcher, UserInterface $user) { $user->getRoles()->willReturn(['ROLE_TEST']); $userChecker->checkPreAuth($user)->shouldBeCalled(); $userChecker->checkPostAuth($user)->shouldBeCalled(); $tokenStorage->setToken(Argument::type(UsernamePasswordToken::class))->shouldBeCalled(); $eventDispatcher->dispatch(UserEvents::SECURITY_IMPLICIT_LOGIN, Argument::type(UserEvent::class))->shouldBeCalled(); $this->login($user); }
/** * {@inheritDoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } /* @var OAuthToken $token */ $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName()); if ($token->getUser()) { $user = $this->userProvider->refreshUser($token->getUser()); } else { try { $userResponse = $resourceOwner->getUserInformation($token->getRawToken()); } catch (HttpTransportException $e) { $token = new AnonymousToken($token->getRawToken(), 'anon.'); $token->setAuthenticated(true); return $token; } catch (RequestException $e) { $token = new AnonymousToken($token->getRawToken(), 'anon.'); $token->setAuthenticated(true); return $token; } try { $user = $this->userProvider->loadUserByOAuthUserResponse($userResponse); } catch (OAuthAwareExceptionInterface $e) { $e->setToken($token); $e->setResourceOwnerName($token->getResourceOwnerName()); throw $e; } } if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('loadUserByOAuthUserResponse() must return a UserInterface.'); } try { $this->userChecker->checkPreAuth($user); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { throw $e; } $token = new OAuthToken($token->getRawToken(), $user->getRoles()); $token->setResourceOwnerName($resourceOwner->getName()); $token->setUser($user); $token->setAuthenticated(true); return $token; }
/** * @throws \Symfony\Component\Security\Core\Exception\AuthenticationServiceException * * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token * * @return SsoToken|null */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } $validation = $token->getManager()->validateCredentials($token->getCredentials()); if (!$validation->isSuccess()) { throw new BadCredentialsException('Authentication has not been validated by SSO provider.'); } $user = $this->provideUser($validation->getUsername(), $validation->getAttributes()); $this->userChecker->checkPreAuth($user); $this->userChecker->checkPostAuth($user); $authenticatedToken = new SsoToken($token->getManager(), $token->getCredentials(), $user, $user->getRoles(), $validation->getAttributes()); foreach ($token->getAttributes() as $name => $value) { if ('sso:validation' == $name) { continue; } $authenticatedToken->setAttribute($name, $value); } return $authenticatedToken; }
private function checkUser(UserInterface $user) { try { $this->userChecker->checkPreAuth($user); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials.', 0, $e); } throw $e; } }
/** * @param TokenInterface $token * @return null|UsernamePasswordToken */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } $adminUsername = $token->getUsername(); if ($token->hasAttribute('desired_user')) { $username = $token->getAttribute('desired_user'); } try { $adminUser = $this->retrieveUser($adminUsername, $token); $user = empty($username) ? $adminUser : $this->retrieveUser($username, $token); } catch (UsernameNotFoundException $notFound) { if ($this->hideUserNotFoundException) { throw new BadCredentialsException('Bad credentials', 0, $notFound); } throw $notFound; } if (!$adminUser instanceof UserInterface) { throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.'); } try { $this->userChecker->checkPreAuth($user); $this->checkAuthentication($adminUser, $token); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { if ($this->hideUserNotFoundException) { throw new BadCredentialsException('Bad credentials', 0, $e); } throw $e; } $attributes = $token->getAttributes(); $roles = $user->getRoles(); if ($token->hasAttribute('desired_user')) { $roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', new UsernamePasswordToken($adminUser, $adminUser->getPassword(), $this->providerKey, $adminUser->getRoles())); unset($attributes['desired_user']); } $authenticatedToken = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles); $authenticatedToken->setAttributes($attributes); return $authenticatedToken; }