/**
* @expectedException Mage_Webapi_Model_Soap_Security_UsernameToken_NonceUsedException
*/
public function testValidateNonceUsed()
{
$nonce = 'abc123';
$timestamp = time();
$this->_cacheMock->expects($this->once())->method('load')->with($this->_nonceStorage->getNonceCacheId($nonce))->will($this->returnValue($timestamp));
$this->_nonceStorage->validateNonce($nonce, $timestamp);
}
/**
* Authenticate username token data.
*
* @param string $username username value from token.
* @param string $password password value from token.
* @param string $created timestamp created value (must be in ISO-8601 format).
* @param string $nonce timestamp nonce.
* @return Mage_Webapi_Model_Acl_User
* @throws Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidCredentialException
* @throws Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidDateException
*/
public function authenticate($username, $password, $created, $nonce)
{
$createdTimestamp = $this->_getTimestampFromDate($created);
if (!$createdTimestamp) {
throw new Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidDateException();
}
$this->_nonceStorage->validateNonce($nonce, $createdTimestamp);
$user = $this->_userFactory->create();
if (!$user->load($username, 'api_key')->getId()) {
throw new Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidCredentialException();
}
$localPassword = $user->getSecret();
if ($this->_passwordType == self::PASSWORD_TYPE_DIGEST) {
$baseString = base64_decode($nonce) . $created . $localPassword;
$localPassword = base64_encode(hash('sha1', $baseString, true));
}
if ($localPassword != $password) {
throw new Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidCredentialException();
}
return $user;
}
