/** * Process AuthenticateMessage * * @param \Thruway\Session $session * @param \Thruway\Message\AuthenticateMessage $msg */ private function processAuthenticate(Session $session, AuthenticateMessage $msg) { $session->abort(new \stdClass(), "thruway.error.internal"); Logger::error($this, "Authenticate sent to realm without auth manager."); }
/** * Handle Authenticate message * * @param \Thruway\Realm $realm * @param \Thruway\Session $session * @param \Thruway\Message\AuthenticateMessage $msg * @throws \Exception */ public function handleAuthenticateMessage(Realm $realm, Session $session, AuthenticateMessage $msg) { if ($session->getAuthenticationDetails() === null) { throw new \Exception('Authenticate with no previous auth details'); } $authMethod = $session->getAuthenticationDetails()->getAuthMethod(); // find the auth method foreach ($this->authMethods as $am => $authMethodInfo) { if ($authMethod == $am) { // found it // now we send our authenticate information to the RPC $this->getCaller()->call($this->session, $authMethodInfo['handlers']['onauthenticate'], ['authmethod' => $authMethod, 'challenge' => $session->getAuthenticationDetails()->getChallenge(), 'extra' => ['challenge_details' => $session->getAuthenticationDetails()->getChallengeDetails()], 'signature' => $msg->getSignature(), 'authid' => $session->getAuthenticationDetails()->getAuthId()])->then(function ($res) use($session) { // if (!is_array($res)) { // return; // } if (count($res) < 1) { return; } // we should figure out a way to have the router send the welcome // message so that the roles and extras that go along with it can be // filled in if ($res[0] == "SUCCESS") { $welcomeDetails = ["roles" => []]; if (isset($res[1]) && isset($res[1]['authid'])) { $session->getAuthenticationDetails()->setAuthId($res[1]['authid']); } else { $session->getAuthenticationDetails()->setAuthId('authenticated_user'); $res[1]['authid'] = $session->getAuthenticationDetails()->getAuthId(); } $authRole = 'authenticated_user'; $session->getAuthenticationDetails()->addAuthRole($authRole); if (isset($res[1]) && isset($res[1]['authroles'])) { $session->getAuthenticationDetails()->addAuthRole($res[1]['authroles']); $authRole = $session->getAuthenticationDetails()->getAuthRole(); } if (isset($res[1]) && isset($res[1]['authrole'])) { $session->getAuthenticationDetails()->addAuthRole($res[1]['authrole']); } if (isset($res[1])) { $res[1]['authrole'] = $session->getAuthenticationDetails()->getAuthRole(); $res[1]['authroles'] = $session->getAuthenticationDetails()->getAuthRoles(); $res[1]['authid'] = $session->getAuthenticationDetails()->getAuthId(); if (is_array($res[1])) { $welcomeDetails = array_merge($welcomeDetails, $res[1]); } } $session->setAuthenticated(true); $session->sendMessage(new WelcomeMessage($session->getSessionId(), $welcomeDetails)); } else { $session->abort(new \stdClass(), "bad.login"); } }, function () use($session) { Logger::error($this, "onauthenticate rejected the promise"); $session->abort("thruway.error.unknown"); }); } } }
/** * Call the handler that was registered to handle the Authenticate Message * * @param $authMethod * @param $authMethodInfo * @param Realm $realm * @param Session $session * @param AuthenticateMessage $msg */ private function onAuthenticateHandler($authMethod, $authMethodInfo, Realm $realm, Session $session, AuthenticateMessage $msg) { $onAuthenticateSuccess = function ($res) use($realm, $session) { if (count($res) < 1) { $session->abort(new \stdClass(), "thruway.error.authentication_failure"); return; } // we should figure out a way to have the router send the welcome // message so that the roles and extras that go along with it can be // filled in if ($res[0] == "SUCCESS") { $welcomeDetails = new \stdClass(); if (isset($res[1]->authid)) { $session->getAuthenticationDetails()->setAuthId($res[1]->authid); } else { $session->getAuthenticationDetails()->setAuthId('authenticated_user'); } $authRole = 'authenticated_user'; $session->getAuthenticationDetails()->addAuthRole($authRole); if (isset($res[1]->authroles)) { $session->getAuthenticationDetails()->addAuthRole($res[1]->authroles); } if (isset($res[1]->authrole)) { $session->getAuthenticationDetails()->addAuthRole($res[1]->authrole); } if (isset($res[1]->_thruway_authextra)) { $session->getAuthenticationDetails()->setAuthExtra($res[1]->_thruway_authextra); } if (isset($res[1]) && is_object($res[1])) { $res[1]->authrole = $session->getAuthenticationDetails()->getAuthRole(); $res[1]->authroles = $session->getAuthenticationDetails()->getAuthRoles(); $res[1]->authid = $session->getAuthenticationDetails()->getAuthId(); foreach ($res[1] as $k => $v) { $welcomeDetails->{$k} = $v; } } $session->setAuthenticated(true); $session->sendMessage(new WelcomeMessage($session->getSessionId(), $welcomeDetails)); } else { $session->abort(new \stdClass(), "thruway.error.authentication_failure"); } }; $onAuthenticateError = function () use($session) { Logger::error($this, "onauthenticate rejected the promise"); $session->abort("thruway.error.unknown"); }; $extra = new \stdClass(); $extra->challenge_details = $session->getAuthenticationDetails()->getChallengeDetails(); $arguments = new \stdClass(); $arguments->extra = $extra; $arguments->authid = $session->getAuthenticationDetails()->getAuthId(); $arguments->challenge = $session->getAuthenticationDetails()->getChallenge(); $arguments->signature = $msg->getSignature(); $arguments->authmethod = $authMethod; $arguments->hello_message = $session->getHelloMessage(); // now we send our authenticate information to the RPC $onAuthenticateHandler = $authMethodInfo['handlers']->onauthenticate; $this->session->call($onAuthenticateHandler, [$arguments])->then($onAuthenticateSuccess, $onAuthenticateError); }
/** * Send an abort message to the session if the Authenticator sent a FAILURE response * Returns true if the abort was sent, false otherwise * * @param Session $session * @param $response * @return bool * @throws \Exception */ private function abortSessionUsingResponse(Session $session, $response) { // $response needs to be a failure if (!isset($response[0]) || $response[0] !== 'FAILURE') { return false; } if (!isset($response[1]) || !is_object($response[1])) { // there are no other details to send - just fail it $session->abort(new \stdClass(), "thruway.error.authentication_failure"); return true; } $details = new \stdClass(); if (isset($response[1]->details) && is_object($response[1]->details)) { $details = $response[1]->details; } $abortUri = "thruway.error.authentication_failure"; if (isset($response[1]->abort_uri) && is_scalar($response[1]->abort_uri)) { $abortUri = $response[1]->abort_uri; } $session->abort($details, $abortUri); return true; }