/**
* Attempts to authenticate a GrantToken
*
* @param GrantToken $token
*
* @return GrantToken
*
* @throws AuthenticationException
*/
public function authenticate(TokenInterface $token)
{
$credentials = $token->getCredentials();
$clientId = $credentials['client_id'];
/** @var ClientInterface $client */
$client = $this->clientRepository->find($clientId);
// Verify client id
if (!$client) {
throw new AuthenticationException("Client with id {$clientId} does not exist");
}
// Verify client secret
$clientSecret = $credentials['client_secret'];
if (!$client->getSecret() === $clientSecret) {
throw new AuthenticationException("Invalid client secret");
}
// Verify grant type
if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) {
throw new AuthenticationException("Grant type not allowed");
}
if ($client->getUser() === null) {
throw new AuthenticationException("Client is not associated with any user");
}
$token->setUser($client->getUser());
$token->setClient($client);
return $token;
}
/**
* Attempts to authenticate a GrantToken
*
* @param GrantToken $token
*
* @return GrantToken
*
* @throws AuthenticationException
*/
public function authenticate(TokenInterface $token)
{
$credentials = $token->getCredentials();
$clientId = $credentials['client_id'];
/** @var ClientInterface $client */
$client = $this->clientRepository->find($clientId);
// Verify client id
if (!$client) {
throw new AuthenticationException("Client with id {$clientId} does not exist");
}
// Verify client secret
$clientSecret = $credentials['client_secret'];
if (!$client->getSecret() === $clientSecret) {
throw new AuthenticationException("Invalid client secret");
}
// Verify grant type
if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) {
throw new AuthenticationException("Grant type not allowed");
}
// Verify refresh_token
$refreshToken = $this->refreshTokenRepository->findOneBy(["token" => $credentials['refresh_token'], "client" => $client]);
if ($refreshToken === null) {
throw new AuthenticationException("Invalid token");
}
// Verify expiry date
if ($refreshToken->isExpired()) {
throw new AuthenticationException("Token has expired");
}
$user = $refreshToken->getUser();
$token->setUser($user);
$token->setClient($client);
return $token;
}
public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserByUsername($token->getCredentials());
if ($user) {
$token->setUser($user);
return $token;
}
throw new AuthenticationException('Unable to get user for this token');
}
public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserByUsername($token->getUsername());
die("XXX");
if ($user && $this->validateLdapUser($user)) {
$token->setUser($user);
return $token;
}
throw new AuthenticationException('The LDAP authentication failed.');
}
public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserByUsername($token->getUsername());
if (empty($user) || $user->checkToken($token->token) === false) {
throw new AuthenticationException('Token authentication failed.');
}
$token->setAuthenticated(true);
$token->setUser($user);
return $token;
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
$accessToken = $token->getCredentials();
try {
$user = $userProvider->loadUserByUsername($accessToken);
} catch (UsernameNotFoundException $e) {
throw new UnauthorizedApiException($e->getMessage());
}
$token->setUser($user);
return $token;
}
/**
* Attempts to authenticate a TokenInterface object.
*
* @param TokenInterface $token The TokenInterface instance to authenticate
*
* @return TokenInterface An authenticated TokenInterface instance, never null
*
* @throws AuthenticationException if the authentication fails
*/
public function authenticate(TokenInterface $token)
{
if (!$token instanceof JWTToken) {
throw new AuthenticationException(sprintf('%s works only for JWTToken', __CLASS__));
}
if (!$token->getCredentials()) {
throw new AuthenticationException('JWTToken must contain a token in order to authenticate.');
}
$decodedToken = $this->JWTDecoder->decode($token->getCredentials());
$user = $this->userConverter->buildUserFromToken($decodedToken);
$token->setUser($user);
return $token;
}
public function authenticate(TokenInterface $token)
{
$this->service_container->get($this->wordpress_loader_id)->load();
$user = wp_get_current_user();
if (isset($user->data) && isset($user->data->user_nicename)) {
$token->setUser($user->data->user_email);
$token->setAuthenticated(true);
//$token->setRoles(array());
} else {
$token->setRedirectUrl($this->redirect_url);
}
return $token;
}
/**
* Attempts to authenticate a GrantToken
*
* @param OAuthToken $token
*
* @return OAuthToken
*
* @throws AuthenticationException
*/
public function authenticate(TokenInterface $token)
{
$tokenValue = $token->getCredentials();
$accessToken = $this->accessTokenRepository->findOneBy(["token" => $tokenValue]);
if ($accessToken === null) {
throw new AuthenticationException("Invalid access token");
}
if ($accessToken->isExpired()) {
throw new AuthenticationException("Access token has expired");
}
$user = $accessToken->getUser();
$token->setUser($user);
return $token;
}
/**
* Attempts to authenticate a TokenInterface object.
*
* @param TokenInterface $token The TokenInterface instance to authenticate
*
* @return TokenInterface An authenticated TokenInterface instance, never null
*
* @throws AuthenticationException if the authentication fails
*/
public function authenticate(TokenInterface $token)
{
/** @var SignedTokenInterface $token */
$user = $this->userProvider->loadUserByUsername($token->getUsername());
$signData = $this->getAuthSignData($token->getRequest());
$signData[] = $user->{$this->config['secret_getter']}();
$expectedSignature = hash($this->config['hash_alg'], implode($this->config['data_delimiter'], $signData));
if ($token->getSignature() == $expectedSignature) {
$token->setUser($user);
return $token;
}
$this->logger->critical(sprintf('Invalid auth signature. Expect "%s", got "%s"', $expectedSignature, $token->getSignature()), ['signData' => $signData]);
throw new AuthenticationException("Invalid auth signature " . $token->getSignature());
}
/**
* Attempts to authenticate a TokenInterface object.
*
* @param TokenInterface $token The TokenInterface instance to authenticate
*
* @return TokenInterface An authenticated TokenInterface instance, never null
*
* @throws AuthenticationException if the authentication fails
*/
public function authenticate(TokenInterface $token)
{
if ($token instanceof JWTToken) {
$userName = $token->getTokenContext()->name;
} else {
$userName = $token->getUsername();
}
$user = $this->userProvider->loadUserByUsername($userName);
if (null != $user) {
$token->setUser($user);
return $token;
}
throw new AuthenticationException('JWT auth failed');
}
/**
* Attempts to authenticate a TokenInterface object.
*
* @param TokenInterface $token The TokenInterface instance to authenticate
*
* @throws AuthenticationException if the authentication fails
* @return TokenInterface An authenticated TokenInterface instance, never null
*
*/
public function authenticate(TokenInterface $token)
{
if (!$token instanceof JWTToken) {
throw new AuthenticationException(sprintf('%s works only for JWTToken', __CLASS__));
}
if (!$token->getCredentials()) {
throw new AuthenticationException('JWTToken must contain a token in order to authenticate.');
}
try {
$user = $this->userBuilder->buildUserFromToken($token->getCredentials());
} catch (JWTDecodeUnexpectedValueException $e) {
throw new AuthenticationException('Failed to decode the JWT');
}
$token->setUser($user);
return $token;
}
/**
* Attempts to authenticate a TokenInterface object.
*
* @param TokenInterface $token The TokenInterface instance to authenticate
*
* @return TokenInterface An authenticated TokenInterface instance, never null
*
* @throws AuthenticationException if the authentication fails
*/
public function authenticate(TokenInterface $token)
{
$params = $token->getRequestParameters();
if (!empty($params['ask_response']) && $params['ask_response'] == 'give_response') {
$response = new Response();
$response->setContent('mockedResponseWithAskResponseParameter');
return $response;
}
if ($params['oauth_token'] == 'nnch734d00sl2jdk') {
$user = new UserMock('123456789', 'testUser', '*****@*****.**');
$token->setUser($user);
return $token;
} else {
throw new AuthenticationException('OAuth authentication failed');
}
}
/**
* @param mixed $user
* @param TokenInterface $token
* @throws \InvalidArgumentException
*/
protected function setUser($user, TokenInterface $token)
{
if (!$user) {
return;
}
$userId = filter_var($user, FILTER_VALIDATE_INT);
if ($userId) {
$userEntity = $this->registry->getRepository('OroUserBundle:User')->find($userId);
} else {
$userEntity = $this->userManager->findUserByUsernameOrEmail($user);
}
if ($userEntity) {
$token->setUser($userEntity);
} else {
throw new \InvalidArgumentException(sprintf('Can\'t find user with identifier %s', $user));
}
}
/**
* Attempts to authenticate a GrantToken
*
* @param GrantToken $token
*
* @return GrantToken
*
* @throws AuthenticationException
*/
public function authenticate(TokenInterface $token)
{
$credentials = $token->getCredentials();
$clientId = $credentials['client_id'];
/** @var ClientInterface $client */
$client = $this->clientRepository->find($clientId);
// Verify client id
if (!$client) {
throw new AuthenticationException("Client with id {$clientId} does not exist");
}
// Verify client secret
$clientSecret = $credentials['client_secret'];
if (!$client->getSecret() === $clientSecret) {
throw new AuthenticationException("Invalid client secret");
}
// Verify grant type
if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) {
throw new AuthenticationException("Grant type not allowed");
}
// Verify redirect uri
$redirectUri = $credentials['redirect_uri'];
if (!in_array($redirectUri, $client->getRedirectUris())) {
throw new AuthenticationException("Invalid redirect uri");
}
// Verify authorization code
$code = $credentials['code'];
$authorizationCode = $this->authorizationCodeRepository->findOneBy(["code" => $code, "client" => $client]);
if ($authorizationCode === null) {
throw new AuthenticationException("Invalid code");
}
// Verify that redirect uri's match
if ($authorizationCode->getRedirectUri() !== $redirectUri) {
throw new AuthenticationException("Redirect uri does not match redirect uri from previous request");
}
// Verify expiry date
if ($authorizationCode->isExpired()) {
throw new AuthenticationException("Code has expired");
}
$user = $authorizationCode->getUser();
$token->setUser($user);
$token->setClient($client);
return $token;
}
/**
* @param OnClearEventArgs $event
* @param TokenInterface $token
*/
protected function checkUser(OnClearEventArgs $event, TokenInterface $token)
{
$user = $token->getUser();
if (!is_object($user)) {
return;
}
$userClass = ClassUtils::getClass($user);
if ($event->getEntityClass() && $event->getEntityClass() !== $userClass) {
return;
}
$em = $event->getEntityManager();
if ($em !== $this->doctrine->getManagerForClass($userClass)) {
return;
}
$user = $this->refreshEntity($user, $userClass, $em);
if ($user) {
$token->setUser($user);
} else {
$this->securityTokenStorage->setToken(null);
}
}
public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserById($token->getUserId());
if ($user && $token instanceof UserToken) {
$token->setUser($user);
global $_G;
$em = \Dev::getDoctrine()->getManager();
$user->setupDiscuzRoles($em, $_G);
return $token;
}
if (\Dev::getContainer()->getParameter('kernel.debug')) {
throw new AuthenticationException('The app authentication failed.');
} else {
if (\Dev::getContainer()->getParameter('debug_redirects')) {
\Dev::dump('The app authentication failed.');
exit;
}
$host = \Dev::getContainer()->getParameter('sf.web_host');
header('location:' . $host);
exit;
}
}
/**
* Refreshes the user by reloading it from the user provider
*
* @param TokenInterface $token
*
* @return TokenInterface|null
*/
private function refreshUser(TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return $token;
}
if (null !== $this->logger) {
$this->logger->debug(sprintf('Reloading user from user provider.'));
}
foreach ($this->userProviders as $provider) {
try {
$token->setUser($provider->loadUser($user));
if (null !== $this->logger) {
$this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $user->getUsername()));
}
return $token;
} catch (UnsupportedUserException $unsupported) {
// let's try the next user provider
} catch (UsernameNotFoundException $notFound) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('Username "%s" could not be found.', $user->getUsername()));
}
return null;
}
}
throw new \RuntimeException(sprintf('There is no user provider for user "%s".', get_class($user)));
}
public function setUser($user)
{
$this->innerToken->setUser($user);
}
/**
* Refreshes the user by reloading it from the user provider.
* This method was copied from Symfony\Component\Security\Http\Firewall\ContextListener.
*
* @param TokenInterface $token
*
* @return TokenInterface|null
*
* @throws \RuntimeException
*/
protected function refreshUser(TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return;
}
$refreshedUser = $this->userProvider->refreshUser($user);
$token->setUser($refreshedUser);
return $token;
}
/**
* Refreshes the user by reloading it from the user provider.
*
* @param TokenInterface $token
*
* @return TokenInterface|null
*
* @throws \RuntimeException
*/
protected function refreshUser(TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return $token;
}
foreach ($this->userProviders as $provider) {
try {
$refreshedUser = $provider->refreshUser($user);
$token->setUser($refreshedUser);
if (null !== $this->logger) {
$this->logger->debug('User was reloaded from a user provider.', array('username' => $refreshedUser->getUsername(), 'provider' => get_class($provider)));
}
return $token;
} catch (UnsupportedUserException $e) {
// let's try the next user provider
} catch (UsernameNotFoundException $e) {
if (null !== $this->logger) {
$this->logger->warning('Username could not be found in the selected user provider.', array('username' => $e->getUsername(), 'provider' => get_class($provider)));
}
return;
}
}
throw new \RuntimeException(sprintf('There is no user provider for user "%s".', get_class($user)));
}
