private function handleEvent(GetResponseEvent $event) { if ($this->tokenStorage->getToken()) { return; } if (!$this->samlInteractionProvider->isSamlAuthenticationInitiated()) { $this->sessionHandler->setCurrentRequestUri($event->getRequest()->getUri()); $event->setResponse($this->samlInteractionProvider->initiateSamlRequest()); $logger = $this->logger->forAuthentication($this->sessionHandler->getRequestId()); $logger->notice('Sending AuthnRequest'); return; } $expectedInResponseTo = $this->sessionHandler->getRequestId(); $logger = $this->logger->forAuthentication($expectedInResponseTo); try { $assertion = $this->samlInteractionProvider->processSamlResponse($event->getRequest()); } catch (PreconditionNotMetException $e) { $logger->notice(sprintf('SAML response precondition not met: "%s"', $e->getMessage())); return $this->setPreconditionExceptionResponse($e, $event); } catch (Exception $e) { $logger->error(sprintf('Failed SAMLResponse Parsing: "%s"', $e->getMessage())); throw new AuthenticationException('Failed SAMLResponse parsing', 0, $e); } if (!InResponseTo::assertEquals($assertion, $expectedInResponseTo)) { $logger->error('Unknown or unexpected InResponseTo in SAMLResponse'); throw new AuthenticationException('Unknown or unexpected InResponseTo in SAMLResponse'); } $logger->notice('Successfully processed SAMLResponse, attempting to authenticate'); $token = new SamlToken(); $token->assertion = $assertion; try { $authToken = $this->authenticationManager->authenticate($token); } catch (AuthenticationException $failed) { $logger->error(sprintf('Authentication Failed, reason: "%s"', $failed->getMessage())); // By default deny authorization $response = new Response(); $response->setStatusCode(Response::HTTP_FORBIDDEN); $event->setResponse($response); return; } $this->tokenStorage->setToken($authToken); // migrate the session to prevent session hijacking $this->sessionHandler->migrate(); $event->setResponse(new RedirectResponse($this->sessionHandler->getCurrentRequestUri())); $logger->notice('Authentication succeeded, redirecting to original location'); }
/** * @test * @expectedException \Surfnet\SamlBundle\Exception\RuntimeException */ public function it_throws_when_no_authentication() { $logger = new SamlAuthenticationLogger(m::mock('Psr\\Log\\LoggerInterface')); $logger->emergency('message2'); }