/**
* Checks the given token for validity and sets the token authentication status
* accordingly (success, wrong credentials or no credentials given).
*
* @param TokenInterface $authenticationToken The token to be authenticated
* @return void
* @throws UnsupportedAuthenticationTokenException
*/
public function authenticate(TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof UsernamePassword) {
throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
}
/** @var $account Account */
$account = null;
$credentials = $authenticationToken->getCredentials();
if ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) {
$authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN);
}
if (!is_array($credentials) || !isset($credentials['username']) || !isset($credentials['password'])) {
return;
}
$providerName = $this->name;
$accountRepository = $this->accountRepository;
$this->securityContext->withoutAuthorizationChecks(function () use($credentials, $providerName, $accountRepository, &$account) {
$account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $providerName);
});
$authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
if ($account === null) {
$this->hashService->validatePassword($credentials['password'], 'bcrypt=>$2a$14$DummySaltToPreventTim,.ingAttacksOnThisProvider');
return;
}
if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) {
$account->authenticationAttempted(TokenInterface::AUTHENTICATION_SUCCESSFUL);
$authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
$authenticationToken->setAccount($account);
} else {
$account->authenticationAttempted(TokenInterface::WRONG_CREDENTIALS);
}
$this->accountRepository->update($account);
$this->persistenceManager->whitelistObject($account);
}
/**
* Returns TRUE if the given token can be authenticated by this provider
*
* @param TokenInterface $authenticationToken The token that should be authenticated
* @return boolean TRUE if the given token class can be authenticated by this provider
*/
public function canAuthenticate(TokenInterface $authenticationToken)
{
if ($authenticationToken->getAuthenticationProviderName() === $this->name) {
return true;
} else {
return false;
}
}
/**
* Sets isAuthenticated to TRUE for all tokens.
*
* @param TokenInterface $authenticationToken The token to be authenticated
* @return void
*/
public function authenticate(TokenInterface $authenticationToken)
{
$authenticationToken->setAuthenticationStatus($this->authenticationStatus);
if ($this->authenticationStatus === TokenInterface::AUTHENTICATION_SUCCESSFUL) {
$authenticationToken->setAccount($this->account);
} else {
$authenticationToken->setAccount(null);
}
}
/**
* Sets isAuthenticated to TRUE for all tokens.
*
* @param TokenInterface $authenticationToken The token to be authenticated
* @return void
* @throws UnsupportedAuthenticationTokenException
*/
public function authenticate(TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof PasswordToken) {
throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
}
$credentials = $authenticationToken->getCredentials();
if (is_array($credentials) && isset($credentials['password'])) {
if ($this->hashService->validatePassword($credentials['password'], $this->fileBasedSimpleKeyService->getKey($this->options['keyName']))) {
$authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
$account = new Account();
$roles = [];
foreach ($this->options['authenticateRoles'] as $roleIdentifier) {
$roles[] = $this->policyService->getRole($roleIdentifier);
}
$account->setRoles($roles);
$authenticationToken->setAccount($account);
} else {
$authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
}
} elseif ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) {
$authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN);
}
}
/**
* Evaluates any RequestPatterns of the given token to determine whether it is active for the current request
* - If no RequestPattern is configured for this token, it is active
* - Otherwise it is active only if at least one configured RequestPattern per type matches the request
*
* @param TokenInterface $token
* @return bool TRUE if the given token is active, otherwise FALSE
*/
protected function isTokenActive(TokenInterface $token)
{
if (!$token->hasRequestPatterns()) {
return true;
}
$requestPatternsByType = [];
/** @var $requestPattern RequestPatternInterface */
foreach ($token->getRequestPatterns() as $requestPattern) {
$patternType = TypeHandling::getTypeForValue($requestPattern);
if (isset($requestPatternsByType[$patternType]) && $requestPatternsByType[$patternType] === true) {
continue;
}
$requestPatternsByType[$patternType] = $requestPattern->matchRequest($this->request);
}
return !in_array(false, $requestPatternsByType, true);
}
