예제 #1
0
 /**
  * Get valid UserApi for given token
  *
  * @param TokenInterface       $token
  * @param PersistentCollection $secrets
  * @param User                 $user
  *
  * @return bool|UserApi
  */
 protected function getValidUserApi(TokenInterface $token, PersistentCollection $secrets, User $user)
 {
     $currentIteration = 0;
     $nonce = $token->getAttribute('nonce');
     $secretsCount = $secrets->count();
     /** @var UserApi $userApi */
     foreach ($secrets as $userApi) {
         $currentIteration++;
         $isSecretValid = $this->validateDigest($token->getAttribute('digest'), $nonce, $token->getAttribute('created'), $userApi->getApiKey(), $this->getSalt($user));
         if ($isSecretValid && !$userApi->getUser()->getOrganizations()->contains($userApi->getOrganization())) {
             throw new BadCredentialsException('Wrong API key.');
         }
         if ($isSecretValid && !$userApi->getOrganization()->isEnabled()) {
             throw new BadCredentialsException('Organization is not active.');
         }
         // delete nonce from cache because user have another api keys
         if (!$isSecretValid && $secretsCount !== $currentIteration) {
             $this->getNonceCache()->delete($nonce);
         }
         if ($isSecretValid) {
             return $userApi;
         }
     }
     return false;
 }
예제 #2
0
 public function authenticate(TokenInterface $token)
 {
     $user = $this->userProvider->loadUserByUsername($token->getUsername());
     if ($user && $this->validateDigest($token->getCredentials(), $token->getAttribute('nonce'), $token->getAttribute('created'), $this->getSecret($user), $this->getSalt($user))) {
         $authenticatedToken = new Token($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
         return $authenticatedToken;
     }
     throw new AuthenticationException('WSSE authentication failed.');
 }
예제 #3
0
 /**
  * @param TokenInterface $token
  * @return WsseToken|TokenInterface
  */
 public function authenticate(TokenInterface $token)
 {
     $user = $this->userProvider->loadUserByUsername($token->getUsername());
     if ($user && $this->validateDigest($token->getAttribute('digest'), $token->getAttribute('nonce'), $token->getAttribute('created'), $this->getSecret($user), $this->getSalt($user), $user)) {
         $authenticatedToken = new WsseToken($user->getRoles());
         $authenticatedToken->setUser($user);
         $authenticatedToken->setAuthenticated(true);
         return $authenticatedToken;
     }
     $this->logger->error(sprintf('Attempt of unauthorized access for user: %s', $token->getUsername()));
     throw new AuthenticationException(' Incorrect email or password.');
 }
예제 #4
0
 /**
  * Authenticate API user by API key
  *
  * @param  TokenInterface          $token
  * @return Token
  * @throws AuthenticationException
  */
 public function authenticate(TokenInterface $token)
 {
     $user = $this->userProvider->loadUserByUsername($token->getUsername());
     if ($user && $user->getApi()) {
         if ($this->validateDigest($token->getAttribute('digest'), $token->getAttribute('nonce'), $token->getAttribute('created'), $user->getApi()->getApiKey(), $user->getSalt())) {
             $authToken = new Token($user->getRoles());
             $authToken->setUser($user);
             $authToken->setAuthenticated(true);
             return $authToken;
         }
     }
     throw new AuthenticationException('WSSE authentication failed.');
 }
예제 #5
0
 function it_should_switch_the_domain_if_the_token_has_the_ldap_domain_set()
 {
     // It first grabs a copy of the domain context, then checks against it, then checks it at the end...
     $this->ldap->getDomainContext()->willReturn('foo.bar', 'foo.bar', 'example.local');
     $this->token->hasAttribute('ldap_domain')->willReturn(true);
     $this->token->getAttribute('ldap_domain')->willReturn('example.local');
     $this->ldap->switchDomain('example.local')->shouldBeCalledTimes(1);
     $this->ldap->switchDomain('foo.bar')->shouldBeCalledTimes(1);
     $this->authenticate($this->token)->shouldReturnAnInstanceOf('\\Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken');
 }
예제 #6
0
 /**
  * Attempts to authenticate a TokenInterface object.
  *
  * @param TokenInterface $token The TokenInterface instance to authenticate
  *
  * @return TokenInterface An authenticated TokenInterface instance, never null
  *
  * @throws AuthenticationException if the authentication fails
  */
 public function authenticate(TokenInterface $token)
 {
     try {
         $key = $token->getAttribute('key');
         /** @var ApiUser $user */
         $user = $this->apiUserProvider->loadUserByKey($key);
         $authenticatedToken = new ApiUserToken($user->getRoles());
         $authenticatedToken->setUser($user);
         $authenticatedToken->setAuthenticated(true);
         return $authenticatedToken;
     } catch (BadCredentialsException $notFoundException) {
         throw new AuthenticationException('User not found');
     }
 }
예제 #7
0
 /**
  * Validate a Raven user token.
  *
  * @param TokenInterface $token Raven user token.
  *
  * @return bool true if the token is valid, false otherwise.
  *
  * @throws OpenSslException If there is an OpenSSL problem.
  */
 protected function validateToken(TokenInterface $token)
 {
     // @codeCoverageIgnoreStart
     if (false === function_exists('openssl_verify')) {
         throw new OpenSslException('OpenSSL is unavailable');
     }
     // @codeCoverageIgnoreEnd
     $data = implode('!', array($token->getAttribute('ver'), $token->getAttribute('status'), $token->getAttribute('msg'), $token->getAttribute('issue')->format('Ymd\\THis\\Z'), $token->getAttribute('id'), $token->getAttribute('url'), $token->getUsername(), $token->getAttribute('auth'), $token->getAttribute('sso'), $token->getAttribute('life'), $token->getAttribute('params')));
     $sig = base64_decode(preg_replace(array('/-/', '/\\./', '/_/'), array('+', '/', '='), rawurldecode($token->getAttribute('sig'))));
     $key = openssl_pkey_get_public($this->raven->getCertificate());
     $result = openssl_verify($data, $sig, $key);
     openssl_free_key($key);
     switch ($result) {
         case 1:
             return true;
             break;
         case 0:
             return false;
             break;
             // @codeCoverageIgnoreStart
         // @codeCoverageIgnoreStart
         default:
             throw new OpenSslException('OpenSSL has returned a error when verifying the signature');
             break;
     }
     // @codeCoverageIgnoreEnd
 }
예제 #8
0
 /**
  * If the domain needs to a different context for the request, then switch it.
  *
  * @param TokenInterface $token
  */
 protected function switchDomainIfNeeded(TokenInterface $token)
 {
     if ($token->hasAttribute('ldap_domain') && $this->ldap->getDomainContext() !== $token->getAttribute('ldap_domain')) {
         $this->ldap->switchDomain($token->getAttribute('ldap_domain'));
     }
 }
예제 #9
0
 public function getAttribute($name)
 {
     return $this->innerToken->getAttribute($name);
 }