/** * Checks the given token for validity and sets the token authentication status * accordingly (success, wrong credentials or no credentials given). * * @param TokenInterface $authenticationToken The token to be authenticated * @return void * @throws UnsupportedAuthenticationTokenException */ public function authenticate(TokenInterface $authenticationToken) { if (!$authenticationToken instanceof UsernamePassword) { throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840); } /** @var $account Account */ $account = null; $credentials = $authenticationToken->getCredentials(); if ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN); } if (!is_array($credentials) || !isset($credentials['username']) || !isset($credentials['password'])) { return; } $providerName = $this->name; $accountRepository = $this->accountRepository; $this->securityContext->withoutAuthorizationChecks(function () use($credentials, $providerName, $accountRepository, &$account) { $account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $providerName); }); $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS); if ($account === null) { $this->hashService->validatePassword($credentials['password'], 'bcrypt=>$2a$14$DummySaltToPreventTim,.ingAttacksOnThisProvider'); return; } if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) { $account->authenticationAttempted(TokenInterface::AUTHENTICATION_SUCCESSFUL); $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); $authenticationToken->setAccount($account); } else { $account->authenticationAttempted(TokenInterface::WRONG_CREDENTIALS); } $this->accountRepository->update($account); $this->persistenceManager->whitelistObject($account); }
/** * @test */ public function validatePasswordWillUseStrategyIdentifierFromHashedPassword() { $mockStrategy = $this->createMock(PasswordHashingStrategyInterface::class); $this->mockObjectManager->expects($this->any())->method('get')->will($this->returnValue($mockStrategy)); $mockStrategy->expects($this->atLeastOnce())->method('validatePassword')->with('myTestPassword', '---hashed-password---')->will($this->returnValue(true)); $result = $this->hashService->validatePassword('myTestPassword', 'TestStrategy=>---hashed-password---'); $this->assertEquals(true, $result); }
/** * Sets isAuthenticated to TRUE for all tokens. * * @param TokenInterface $authenticationToken The token to be authenticated * @return void * @throws UnsupportedAuthenticationTokenException */ public function authenticate(TokenInterface $authenticationToken) { if (!$authenticationToken instanceof PasswordToken) { throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840); } $credentials = $authenticationToken->getCredentials(); if (is_array($credentials) && isset($credentials['password'])) { if ($this->hashService->validatePassword($credentials['password'], $this->fileBasedSimpleKeyService->getKey($this->options['keyName']))) { $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); $account = new Account(); $roles = []; foreach ($this->options['authenticateRoles'] as $roleIdentifier) { $roles[] = $this->policyService->getRole($roleIdentifier); } $account->setRoles($roles); $authenticationToken->setAccount($account); } else { $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS); } } elseif ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN); } }