/** * @expectedException Mage_Webapi_Model_Soap_Security_UsernameToken_NonceUsedException */ public function testValidateNonceUsed() { $nonce = 'abc123'; $timestamp = time(); $this->_cacheMock->expects($this->once())->method('load')->with($this->_nonceStorage->getNonceCacheId($nonce))->will($this->returnValue($timestamp)); $this->_nonceStorage->validateNonce($nonce, $timestamp); }
/** * Authenticate username token data. * * @param string $username username value from token. * @param string $password password value from token. * @param string $created timestamp created value (must be in ISO-8601 format). * @param string $nonce timestamp nonce. * @return Mage_Webapi_Model_Acl_User * @throws Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidCredentialException * @throws Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidDateException */ public function authenticate($username, $password, $created, $nonce) { $createdTimestamp = $this->_getTimestampFromDate($created); if (!$createdTimestamp) { throw new Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidDateException(); } $this->_nonceStorage->validateNonce($nonce, $createdTimestamp); $user = $this->_userFactory->create(); if (!$user->load($username, 'api_key')->getId()) { throw new Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidCredentialException(); } $localPassword = $user->getSecret(); if ($this->_passwordType == self::PASSWORD_TYPE_DIGEST) { $baseString = base64_decode($nonce) . $created . $localPassword; $localPassword = base64_encode(hash('sha1', $baseString, true)); } if ($localPassword != $password) { throw new Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidCredentialException(); } return $user; }