/** * @param SamlToken $token * @return TokenInterface|void */ public function authenticate(TokenInterface $token) { $translatedAssertion = $this->attributeDictionary->translate($token->assertion); $nameId = $translatedAssertion->getNameID(); $institution = $translatedAssertion->getAttribute('schacHomeOrganization'); $email = $translatedAssertion->getAttribute('mail'); $commonName = $translatedAssertion->getAttribute('commonName'); $identity = $this->identityService->findByNameIdAndInstitution($nameId, $institution); if ($identity === null) { $identity = new Identity(); $identity->id = Uuid::generate(); $identity->nameId = $nameId; $identity->institution = $institution; $identity->email = $email; $identity->commonName = $commonName; $identity->preferredLocale = $this->preferredLocaleProvider->providePreferredLocale(); $this->identityService->createIdentity($identity); } elseif ($identity->email !== $email || $identity->commonName !== $commonName) { $identity->email = $email; $identity->commonName = $commonName; $this->identityService->updateIdentity($identity); } $authenticatedToken = new SamlToken(['ROLE_USER']); $authenticatedToken->setUser($identity); return $authenticatedToken; }
/** * @param string $identityId * @param string $stepupProvider * @param string $gssfId * @return string|null */ public function provePossession($identityId, $stepupProvider, $gssfId) { $command = new ProveGssfPossessionCommand(); $command->identityId = $identityId; $command->secondFactorId = Uuid::generate(); $command->stepupProvider = $stepupProvider; $command->gssfId = $gssfId; $result = $this->commandService->execute($command); return $result->isSuccessful() ? $command->secondFactorId : null; }
/** * @param VerifyYubikeyOtpCommand $command * @return ProofOfPossessionResult */ public function provePossession(VerifyYubikeyOtpCommand $command) { $verificationResult = $this->yubikeyService->verify($command); if (!$verificationResult->isSuccessful()) { if ($verificationResult->isClientError()) { return ProofOfPossessionResult::invalidOtp(); } elseif ($verificationResult->isServerError()) { return ProofOfPossessionResult::otpVerificationFailed(); } throw new RuntimeException('Unexpected Verification result, result is not successful but has neither client nor server error'); } $secondFactorId = Uuid::generate(); $otp = YubikeyOtp::fromString($command->otp); $publicId = YubikeyPublicId::fromOtp($otp); $provePossessionCommand = new ProveYubikeyPossessionCommand(); $provePossessionCommand->identityId = $command->identity; $provePossessionCommand->secondFactorId = $secondFactorId; $provePossessionCommand->yubikeyPublicId = $publicId->getYubikeyPublicId(); $result = $this->commandService->execute($provePossessionCommand); if (!$result->isSuccessful()) { return ProofOfPossessionResult::proofOfPossessionCommandFailed(); } return ProofOfPossessionResult::secondFactorCreated($secondFactorId); }
/** * @param VerifySmsChallengeCommand $challengeCommand * @return ProofOfPossessionResult */ public function provePossession(VerifySmsChallengeCommand $challengeCommand) { $stepupCommand = new VerifyPossessionOfPhoneCommand(); $stepupCommand->challenge = $challengeCommand->challenge; $verification = $this->smsSecondFactorService->verifyPossession($stepupCommand); if ($verification->didOtpExpire()) { return ProofOfPossessionResult::challengeExpired(); } elseif ($verification->wasAttemptedTooManyTimes()) { return ProofOfPossessionResult::tooManyAttempts(); } elseif (!$verification->wasSuccessful()) { return ProofOfPossessionResult::incorrectChallenge(); } $command = new ProvePhonePossessionCommand(); $command->identityId = $challengeCommand->identity; $command->secondFactorId = Uuid::generate(); $command->phoneNumber = $verification->getPhoneNumber(); $result = $this->commandService->execute($command); if (!$result->isSuccessful()) { return ProofOfPossessionResult::proofOfPossessionCommandFailed(); } return ProofOfPossessionResult::secondFactorCreated($command->secondFactorId); }