public function authenticate(TokenInterface $token)
{
if (strlen($token->getOAuthToken()) === 0) {
$url = $this->remoteApiUrl . "/oauth/v2/token?" . "client_id=" . $this->remoteApiId . "&client_secret=" . $this->remoteApiSecret . "&grant_type=password" . "&username="******"&password=" . $token->getPassword();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$apiResponse = json_decode(curl_exec($ch));
curl_close($ch);
if (isset($apiResponse->access_token)) {
$user = $this->userManager->createUser();
$user->setUsername($token->getUsername());
$authenticatedToken = new OAuthUserToken($user->getRoles());
$authenticatedToken->setUser($user);
$authenticatedToken->setOAuthToken($apiResponse->access_token);
$authenticatedToken->setRefreshToken($apiResponse->refresh_token);
$authenticatedToken->setTokenType($apiResponse->token_type);
// We take 3 minutes less (180 seconds) just to be sure.
$authenticatedToken->setExpireTime(time() + $apiResponse->expires_in - 180);
return $authenticatedToken;
} elseif (isset($apiResponse->error_description)) {
throw new AuthenticationException($apiResponse->error_description);
} else {
throw new AuthenticationException('The OAuth authentication failed.');
}
} else {
return $token;
}
}
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$oauthEvent = new OAuth2AuthenticationEvent($this->securityContext);
if ($request->request->get("_username") !== null && $request->request->get("_password") !== null) {
$token = new OAuthUserToken();
$token->setUser($request->request->get("_username"));
$token->setPassword($request->request->get("_password"));
try {
$this->eventDispatcher->dispatch(PreAuthenticationEvents::OAUTH2_PRE_AUTHENTICATION, $oauthEvent);
$authToken = $this->authenticationManager->authenticate($token);
$authToken->setAuthenticated(true);
$this->securityContext->setToken($authToken);
$this->eventDispatcher->dispatch(PostAuthenticationSuccessEvents::OAUTH2_POST_AUTHENTICATION_SUCCESS, $oauthEvent);
} catch (AuthenticationException $failed) {
// To deny the authentication clear the token.
// Make sure to only clear your token, not those of other authentication listeners.
$token = $this->securityContext->getToken();
if ($token instanceof OAuthUserToken) {
$this->securityContext->setToken(null);
}
$this->eventDispatcher->dispatch(PostAuthenticationFailureEvents::OAUTH2_POST_AUTHENTICATION_FAILURE, $oauthEvent);
}
} else {
$token = $this->securityContext->getToken();
if ($token instanceof OAuthUserToken) {
if (time() > $token->getExpireTime()) {
try {
$this->eventDispatcher->dispatch(PreRefreshEvents::OAUTH2_PRE_REFRESH, $oauthEvent);
$newToken = $this->authenticationManager->refresh($token);
$this->securityContext->setToken($newToken);
$this->eventDispatcher->dispatch(PostRefreshSuccessEvents::OAUTH2_POST_REFRESH_SUCCESS, $oauthEvent);
} catch (AuthenticationException $failed) {
// To deny the authentication clear the token.
// Make sure to only clear your token, not those of other authentication listeners.
$token = $this->securityContext->getToken();
if ($token instanceof OAuthUserToken) {
$this->securityContext->setToken(null);
}
$this->eventDispatcher->dispatch(PostRefreshFailureEvents::OAUTH2_POST_REFRESH_FAILURE, $oauthEvent);
}
}
}
}
// elsewhere we do nothing
return;
}
