/** * {@inheritdoc} */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { $response = new Response(); $response->setStatusCode(Response::HTTP_FORBIDDEN); $event->setResponse($response); return; } $token = new WsseToken(); $token->setUser($matches[1]); $token->digest = $matches[2]; $token->nonce = $matches[3]; $token->created = $matches[4]; try { $authToken = $this->authenticationManager->authenticate($token); $this->tokenStorage->setToken($authToken); return; } catch (AuthenticationException $failed) { //TODO: LOG } // By default deny authorization $response = new Response(); $response->setStatusCode(Response::HTTP_FORBIDDEN); $event->setResponse($response); }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { $authenticatedToken = new WsseToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; } throw new AuthenticationException('The WSSE authentication failed.'); }
/** * @depends testValidateDigestWithNonceDirExpectedException * @depends testValidateDigestWithNonceDir * @depends testValidateDigestExpireTime */ public function testAuthenticate() { $user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $user->expects($this->once())->method('getPassword')->will($this->returnValue('test')); $user->expects($this->once())->method('getRoles')->will($this->returnValue(array('ROLE_API'))); $this->userProvider->expects($this->once())->method('loadUserByUsername')->will($this->returnValue($user)); $expected = new WsseToken(array('ROLE_API')); $expected->setUser($user); $expected->setAuthenticated(true); $time = date('Y-m-d H:i:s'); $digest = base64_encode(sha1(base64_decode(base64_encode('test')) . $time . 'test', true)); $token = new WsseToken(); $token->digest = $digest; $token->nonce = base64_encode('test'); $token->created = $time; $provider = new ProviderTestSimple($this->userProvider, self::$nonceDir); $result = $provider->authenticate($token); $this->assertEquals($expected, $result); }
/** * @test */ public function handleReturnResponse() { $token = new WsseToken(); $token->setUser('admin'); $token->digest = 'admin'; $token->nonce = 'admin'; $token->created = '2010-12-12 20:00:00'; $response = new Response(); $this->authenticationManager->expects($this->once())->method('authenticate')->with($token)->will($this->returnValue($token)); $this->request->headers->add(array('x-wsse' => 'UsernameToken Username="******"' . ', PasswordDigest="admin", Nonce="admin", Created="2010-12-12 20:00:00"')); $listener = new WsseListener($this->securityContext, $this->authenticationManager); $listener->handle($this->responseEvent); }