/** * Loads the user for the given username. * * This method must throw UsernameNotFoundException if the user is not * found. * * @param string $username The username * * @return UserInterface * * @see UsernameNotFoundException * * @throws UsernameNotFoundException if the user is not found */ public function loadUserByUsername($username) { if ($this->provider) { return $this->provider->loadUserByUsername($username); } throw new UsernameNotFoundException(); }
/** * Load user from payload, using username by default. * Override this to load by another property. * * @param array $payload * * @return \Symfony\Component\Security\Core\User\UserInterface */ protected function getUserFromPayload(array $payload) { if (!isset($payload[$this->userIdentityField])) { throw new AuthenticationException('Invalid JWT Token'); } return $this->userProvider->loadUserByUsername($payload[$this->userIdentityField]); }
/** * Authenticate a token according to the user provider. * * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token * * @return \Symfony\Component\Security\Core\User\UserProviderInterface * * @throws SecurityException Occures on invalid connection */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } $username = $token->getUsername(); if (empty($username)) { $username = '******'; } $user = $this->_userProvider->loadUserByUsername($username); if (false === is_array($user)) { $user = array($user); } $authenticatedToken = false; while (false === $authenticatedToken) { if (null !== ($provider = array_pop($user))) { $authenticatedToken = $this->authenticateUser($token, $provider); } else { break; } } if (false === $authenticatedToken) { throw new SecurityException('Invalid authentication informations', SecurityException::INVALID_CREDENTIALS); } return $authenticatedToken; }
/** * Get user from cached, otherwise get it from the source User Provider. * @param string $username * @return type */ public function loadUserByUsername($username) { if (!isset($this->cachedUsers[$username])) { $this->cachedUsers[$username] = $this->userProvider->loadUserByUsername($username); } return $this->cachedUsers[$username]; }
/** * @param TokenInterface $token * @return BlockCypherUserToken */ public function authenticate(TokenInterface $token) { // if (!$userProvider instanceof ApiKeyUserProvider) { // throw new \InvalidArgumentException( // sprintf( // 'The user provider must be an instance of ApiKeyUserProvider (%s was given).', // get_class($userProvider) // ) // ); // } //$blockCypherToken = null; $blockCypherToken = $token->getCredentials(); $username = $blockCypherToken; // DEBUG //var_dump($blockCypherToken); //die(); /** @var User $user */ $user = $this->userProvider->loadUserByUsername($username); // DEBUG //var_dump($user); //die(); if ($user) { $blockCypherToken = $user->getBlockCypherToken(); } if ($user && $this->validateBlockCypherToken($blockCypherToken)) { $authenticatedToken = new BlockCypherUserToken($user, $blockCypherToken, 'blockcypher', $user->getRoles()); //$authenticatedToken->setUser($user); return $authenticatedToken; } throw new AuthenticationException('BlockCypher token empty or invalid.'); }
/** * @param string $username * @param UsernamePasswordToken $token * @return null|UserInterface */ public function retrieveUser($username, UsernamePasswordToken $token) { try { return $this->userProvider->loadUserByUsername($username); } catch (NoResultException $e) { return null; } }
/** * {@inheritDoc} */ public function authenticate(TokenInterface $token) { $username = $this->oauthProvider->getUsername($token->getCredentials()); $user = $this->userProvider->loadUserByUsername($username); $token = new OAuthToken($token->getCredentials(), $user->getRoles()); $token->setUser($user); $token->setAuthenticated(true); return $token; }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { $authenticatedToken = new WsseToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; } throw new AuthenticationException('The WSSE authentication failed.'); }
public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user && ($token->isAuthenticated() || $this->crowd->isauthenticationvalid($token->getUsername(), $token->getCredentials()))) { $authenticatedToken = new CrowdToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; } throw new AuthenticationException('The Crowd authentication failed.'); }
public function __invoke($username, $password) { try { $user = $this->userProvider->loadUserByUsername($username); } catch (UsernameNotFoundException $e) { // in order to prevent timing attacks, we call the same method on a dummy user // this way it is not revealed that the user by that username does not exist in DB $this->passwordEncoder->isPasswordValid(AccountUser::dummy(), 'dummy'); return false; } return $this->passwordEncoder->isPasswordValid($user, $password) ? $username : false; }
private function getTokenForUsername($username, $attributes = array()) { /** @var User $user */ $user = $this->userProvider->loadUserByUsername($username); if (!$user) { throw new AuthenticationException("No user by the name of '{$username}'"); } $token = new SspToken($user->getRoles()); $token->setUser($user); $token->setAttributes($attributes); return $token; }
/** * @param TokenInterface $token * * @return WsseUserToken */ public function authenticate(TokenInterface $token) { /** @var WsseUserToken $token */ $user = $this->userProvider->loadUserByUsername($token->getUsername()); $secret = $user->getApiKey() . '{' . $user->getSalt() . '}'; if ($this->validateDigest($token->digest, $token->nonce, $token->created, $secret)) { $authenticatedToken = new WsseUserToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; } throw new AuthenticationException('The WSSE authentication failed.'); }
/** * Attempts to authenticate a TokenInterface object. * * @param TokenInterface $token The TokenInterface instance to authenticate * * @return TokenInterface An authenticated TokenInterface instance, never null * * @throws AuthenticationException if the authentication fails */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } if (!($user = $token->getUser())) { throw new AuthenticationException('JWT auth failed'); } $user = $this->userProvider->loadUserByUsername($user); $this->userChecker->checkPostAuth($user); $token = new JWTToken($user, $token->getCredentials(), $this->providerKey, $this->getRoles($user, $token)); return $token; }
/** * Attempts to authenticate a TokenInterface object. * * @param TokenInterface $token The TokenInterface instance to authenticate * * @return TokenInterface An authenticated TokenInterface instance, never null * * @throws AuthenticationException if the authentication fails */ public function authenticate(TokenInterface $token) { $userName = $token->getUsername(); $user = $this->userProvider->loadUserByUsername($userName); if (null != $user) { $lastContext = $token->getTokenContext(); $token = new JWTToken($user->getRoles()); $token->setTokenContext($lastContext); $token->setUser($user); return $token; } throw new AuthenticationException('JWT auth failed'); }
/** * Authenticate API user by API key * * @param TokenInterface $token * @return Token * @throws AuthenticationException */ public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user && $user->getApi()) { if ($this->validateDigest($token->getAttribute('digest'), $token->getAttribute('nonce'), $token->getAttribute('created'), $user->getApi()->getApiKey(), $user->getSalt())) { $authToken = new Token($user->getRoles()); $authToken->setUser($user); $authToken->setAuthenticated(true); return $authToken; } } throw new AuthenticationException('WSSE authentication failed.'); }
public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if (!$user) { throw new AuthenticationException('The authentication failed.'); } $authenticatedToken = new ChoiceAuthToken($user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); $authenticatedToken->setUser($user); $authenticatedToken->setProviderKey($this->providerKey); $authenticatedToken->setAuthenticated(true); return $authenticatedToken; }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } if (!($user = $token->getUser())) { throw new BadCredentialsException('The required token is not found.'); } $user = $this->userProvider->loadUserByUsername($user); $this->userChecker->checkPostAuth($user); $authenticatedToken = new phpBBToken($user, $this->providerKey, $user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; }
/** * Attempts to authenticate a TokenInterface object. * * @param TokenInterface $token The TokenInterface instance to authenticate * * @return TokenInterface An authenticated TokenInterface instance, never null * * @throws AuthenticationException if the authentication fails */ public function authenticate(TokenInterface $token) { /** @var SignedTokenInterface $token */ $user = $this->userProvider->loadUserByUsername($token->getUsername()); $signData = $this->getAuthSignData($token->getRequest()); $signData[] = $user->{$this->config['secret_getter']}(); $expectedSignature = hash($this->config['hash_alg'], implode($this->config['data_delimiter'], $signData)); if ($token->getSignature() == $expectedSignature) { $token->setUser($user); return $token; } $this->logger->critical(sprintf('Invalid auth signature. Expect "%s", got "%s"', $expectedSignature, $token->getSignature()), ['signData' => $signData]); throw new AuthenticationException("Invalid auth signature " . $token->getSignature()); }
/** * Attempts to authenticate a TokenInterface object. * * @param TokenInterface $token The TokenInterface instance to authenticate * * @return TokenInterface An authenticated TokenInterface instance, never null * * @throws AuthenticationException if the authentication fails */ public function authenticate(TokenInterface $token) { if ($token instanceof JWTToken) { $userName = $token->getTokenContext()->name; } else { $userName = $token->getUsername(); } $user = $this->userProvider->loadUserByUsername($userName); if (null != $user) { $token->setUser($user); return $token; } throw new AuthenticationException('JWT auth failed'); }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user instanceof UserInterface) { if ("" === $token->getDigest()) { throw new BadCredentialsException('The presented password cannot be empty.'); } if ($this->validateDigest($user, $token)) { $authenticatedToken = new WsseUserToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; } } throw new AuthenticationException('The WSSE authentication failed.'); }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { /** @var HmacUserToken $token */ if ($this->validateServiceLabel($token->getServiceLabel())) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($this->validateSignature($token->getRequest(), $token->getSignature(), $user->getPassword())) { $authenticatedToken = new HmacUserToken(); $authenticatedToken->setUser($user); $authenticatedToken->setServiceLabel($token->getServiceLabel()); $authenticatedToken->setRequest($token->getRequest()); return $authenticatedToken; } } throw new AuthenticationException('The HMAC authentication failed.'); }
/** * {@inheritdoc} */ public function notify(NotificationInterface $notification, array $users) { $userNotifications = []; foreach ($users as $user) { try { $user = is_object($user) ? $user : $this->userProvider->loadUserByUsername($user); $userNotifications[] = $this->userNotifFactory->createUserNotification($notification, $user); } catch (UsernameNotFoundException $e) { continue; } } $this->notificationSaver->save($notification); $this->userNotifsSaver->saveAll($userNotifications); return $this; }
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { $secret = $token->getCredentials(); $userData = $this->session->getFlashBag()->get('arcanys_sso_auth.user_data'); if ($userData) { // TODO create mapping config in the future $username = reset($userData['uid']); $email = reset($userData['email']); $firstname = reset($userData['firstname']); $lastname = reset($userData['lastname']); $token = reset($userData['token']); $roles = $userData['rights']; if (!$roles) { $roles = ['ROLE_USER']; } } else { $this->saml2->login(); exit; } if (!$username) { throw new AuthenticationException("Failed to authenticate from SSO"); } $user = $userProvider->loadUserByUsername(['username' => $username, 'email' => $email, 'firstname' => $firstname, 'lastname' => $lastname, 'token' => $token, 'roles' => $roles]); return new PreAuthenticatedToken($user, $secret, $providerKey, $user->getRoles($roles)); }
/** * @inheritdoc */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { try { $user = $userProvider->loadUserByUsername($token->getUsername()); } catch (UsernameNotFoundException $e) { throw new CustomUserMessageAuthenticationException('Invalid username or password'); } $username = $token->getUsername(); $password = $token->getCredentials(); $sessionCreationResult = null; try { $sessionCreationResult = $this->userSessionRepository->createSessionIdByCredentials($username, $password); } catch (\InvalidArgumentException $e) { throw new CustomUserMessageAuthenticationException('Invalid username or password'); } catch (RepositoryInfrastructureException $e) { throw new CustomUserMessageAuthenticationException('Cannot connect to Revive service'); } $passwordValid = $sessionCreationResult !== null && UserSessionCreationAuthenticationResult::isSuccess($sessionCreationResult->getSessionCreationAuthenticationResult()); if ($passwordValid) { $sessionId = $sessionCreationResult->getSessionId(); $roles = []; $roles[] = 'USER'; if (UserSessionCreationAuthorizationSessionCreationResult::isSuccess($sessionCreationResult->getSessionCreationAuthorizationSessionCreation())) { $roles[] = 'ADMIN'; } $token = new ReviveAuthenticationToken($user, $sessionId, $providerKey, $roles); return $token; } throw new CustomUserMessageAuthenticationException('Invalid username or password'); }
/** * {@InheritDoc} */ public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); $isUser = $user instanceof UserInterface; if (!$isUser) { throw new WsseAuthenticationException('User not found.'); } $this->userChecker->checkPreAuth($user); if (!$this->digestValidator->validateDigest($token, $user)) { throw new WsseAuthenticationException('Invalid Digest.'); } $this->userChecker->checkPostAuth($user); $authenticatedToken = new WsseUserToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; }
/** * Function used for user authentication based on token object * * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token * @param \Symfony\Component\Security\Core\User\UserProviderInterface $userProvider * @param string $providerKey * @return \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken * @throws BadCredentialsException */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { $passwordValid = false; // Load user object try { $user = $userProvider->loadUserByUsername($token->getUsername()); } catch (UsernameNotFoundException $e) { throw new BadCredentialsException('Invalid username or password', 0, $e); } try { $this->userChecker->checkPreAuth($user); // Call the correct authentication method if (null !== $this->ldapManager && $user->isLdapEnabled()) { $passwordValid = $this->checkAuthenticationLdap($user, $token); } else { $passwordValid = $this->checkAuthentication($user, $token); } $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Invalid username or password', 0, $e); } throw $e; } // Set the authenticated token if ($passwordValid) { return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles()); } throw new BadCredentialsException('Invalid username or password'); }
/** * Attempt to authenticate the provided token using the provided user provider. * @param TokenInterface $token * @param UserProviderInterface $userProvider * @param string $providerKey * @return UsernamePasswordToken * @throws BadCredentialsException */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { if (($user = $userProvider->loadUserByUsername($token->getUsername())) && $user->getPassword() == $token->getCredentials()) { return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles()); } throw new BadCredentialsException('The presented password is invalid.'); }
/** * Initialize the SecurityContext from the given $stepExecution * * @param StepExecution $stepExecution */ protected function initSecurityContext(StepExecution $stepExecution) { $username = $stepExecution->getJobExecution()->getUser(); $user = $this->userProvider->loadUserByUsername($username); $token = new UsernamePasswordToken($user, null, 'main', $user->getRoles()); $this->tokenStorage->setToken($token); }
public function checkUserCredentials(IOAuth2Client $client, $username, $password) { if (!$client instanceof ClientInterface) { throw new \InvalidArgumentException('Client has to implement the ClientInterface'); } try { $user = $this->userProvider->loadUserByUsername($username); } catch (AuthenticationException $e) { return false; } if (null !== $user) { $data = array('data' => $user); if ($this->tokenPathAuth === 'plain') { $encoder = $this->encoderFactory->getEncoder($user); if ($encoder->isPasswordValid($user->getPassword(), $password, $user->getSalt())) { return $data; } } elseif ($this->tokenPathAuth === 'hash') { if ($user->getPassword() === $password) { return $data; } } else { throw new \InvalidArgumentException('Token Path Auth is not valid'); } } return false; }
/** * Validates WordPress authentication cookie * * @param UserProviderInterface $userProvider * @param Cookie $cookie * @return UserInterface UserInterface if valid. * @throws RuntimeException * @throws AuthenticationException */ public function validateCookie(UserProviderInterface $userProvider, $cookie) { $cookieParts = $this->decodeCookie($cookie); switch (count($cookieParts)) { case 3: list($username, $expiration, $hmac) = $cookieParts; $token = null; break; case 4: list($username, $expiration, $token, $hmac) = $cookieParts; break; default: throw new AuthenticationException('Invalid WordPress cookie.'); } if ($expiration < time()) { throw new AuthenticationException('The WordPress cookie has expired.'); } try { $user = $userProvider->loadUserByUsername($username); } catch (Exception $exception) { if (!$exception instanceof AuthenticationException) { $exception = new AuthenticationException($exception->getMessage(), $exception->getCode(), $exception); } throw $exception; } if (!$user instanceof UserInterface) { throw new RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user))); } if ($token && $hmac !== $this->generateHmacWithToken($username, $expiration, $token, $user->getPassword()) || !$token && $hmac !== $this->generateHmac($username, $expiration, $user->getPassword())) { throw new AuthenticationException('The WordPress cookie\'s hash is invalid. Your logged in key and salt settings could be wrong.'); } return $user; }