/** * {@inheritdoc} */ protected function processAutoLoginCookie(array $cookieParts, Request $request) { if (count($cookieParts) !== 4) { throw new AuthenticationException('The cookie is invalid.'); } list($class, $username, $expires, $hash) = $cookieParts; if (false === ($username = base64_decode($username, true))) { throw new AuthenticationException('$username contains a character from outside the base64 alphabet.'); } try { $user = $this->getUserProvider($class)->loadUserByUsername($username); } catch (\Exception $ex) { if (!$ex instanceof AuthenticationException) { $ex = new AuthenticationException($ex->getMessage(), $ex->getCode(), $ex); } throw $ex; } if (!$user instanceof UserInterface) { throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user))); } if (true !== $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) { throw new AuthenticationException('The cookie\'s hash is invalid.'); } if ($expires < time()) { throw new AuthenticationException('The cookie has expired.'); } return $user; }
/** * Validates WordPress authentication cookie * * @param UserProviderInterface $userProvider * @param Cookie $cookie * @return UserInterface UserInterface if valid. * @throws RuntimeException * @throws AuthenticationException */ public function validateCookie(UserProviderInterface $userProvider, $cookie) { $cookieParts = $this->decodeCookie($cookie); switch (count($cookieParts)) { case 3: list($username, $expiration, $hmac) = $cookieParts; $token = null; break; case 4: list($username, $expiration, $token, $hmac) = $cookieParts; break; default: throw new AuthenticationException('Invalid WordPress cookie.'); } if ($expiration < time()) { throw new AuthenticationException('The WordPress cookie has expired.'); } try { $user = $userProvider->loadUserByUsername($username); } catch (Exception $exception) { if (!$exception instanceof AuthenticationException) { $exception = new AuthenticationException($exception->getMessage(), $exception->getCode(), $exception); } throw $exception; } if (!$user instanceof UserInterface) { throw new RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user))); } if ($token && $hmac !== $this->generateHmacWithToken($username, $expiration, $token, $user->getPassword()) || !$token && $hmac !== $this->generateHmac($username, $expiration, $user->getPassword())) { throw new AuthenticationException('The WordPress cookie\'s hash is invalid. Your logged in key and salt settings could be wrong.'); } return $user; }
public function handle(GetResponseEvent $event) { // Don't do anything when the auto_login query parameter is not found if (!($autoLogin = $event->getRequest()->get('auto_login', false))) { return; } # Decode the parameter and split into username and key. $autoLogin = base64_decode($autoLogin); list($username, $autoLoginKey) = explode(':', $autoLogin); # Find the user in the user provider for the given class try { $user = $this->userProvider->loadUserByUsername($username); } catch (\Exception $ex) { if (!$ex instanceof AuthenticationException) { $ex = new AuthenticationException($ex->getMessage(), $ex->getCode(), $ex); } throw $ex; } // Try and authenticate the token try { $token = $this->authenticationManager->authenticate(new AutoLoginToken($user, $this->providerKey, $autoLoginKey)); } catch (AuthenticationException $e) { return; } // If everything is ok, store the received authenticated token if ($token) { $this->tokenStorage->setToken($token); } }
/** * This is called when an interactive authentication attempt fails. * * @param Request $request * @param AuthenticationException $exception * * @return Response */ public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { if ($request->isXmlHttpRequest()) { $result = array('success' => false); return new Response(json_encode($result)); } else { // Handle non XmlHttp request. $parameters = array('status_text' => $exception->getMessage(), 'status_code' => $exception->getCode()); return $this->templating->renderResponse('TwigBundle:Exception:error.html.twig', $parameters); } }
/** * onAuthenticationFailure * * @author Joe Sexton <*****@*****.**> * @param Request $request * @param AuthenticationException $exception * @return Response */ public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { $this->logger->warning(sprintf('%s.[%s].%s.[%s] => %s', 'AuthenticationFailure', 'This user fail to connect', $request->getClientIp(), $exception->getCode(), $exception->getMessage())); if ($request->isXmlHttpRequest()) { $array = array('success' => false, 'message' => $exception->getMessage()); $response = new Response(json_encode($array)); $response->headers->set('Content-Type', 'application/json'); return $response; } else { if ($request->headers->get('Referer')) { $request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception); return new RedirectResponse($request->headers->get('Referer')); } else { throw new AuthenticationException("No route used before"); } } }
/** * @param array $cookieParts * @return array */ protected function getUserAndOrganizationFromCookie($cookieParts) { if (count($cookieParts) !== 5) { throw new AuthenticationException('The cookie is invalid.'); } list($class, $username, $expires, $hash, $organizationId) = $cookieParts; if (false === ($username = base64_decode($username, true))) { throw new AuthenticationException('$username contains a character from outside the base64 alphabet.'); } try { $organization = $this->entityManager->getRepository('OroOrganizationBundle:Organization')->find($organizationId); $user = $this->getUserProvider($class)->loadUserByUsername($username); } catch (\Exception $ex) { if (!$ex instanceof AuthenticationException) { $ex = new AuthenticationException($ex->getMessage(), $ex->getCode(), $ex); } throw $ex; } $this->checkUserData($user, $organization, $class, $username, $organizationId, $expires, $hash); return [$user, $organization]; }