/** * Returns User object for the provided auth token and device token. * If user is not found, or session is invalid, an exception is thrown. * * @param $authToken * @param $deviceToken * * @return bool|\Webiny\Component\Security\User\UserAbstract * @throws LoginException * @throws \Webiny\Component\Security\Authentication\FirewallException * @throws \Webiny\Component\Security\SecurityException */ public function getUser($authToken, $deviceToken = '') { // 1. get user from firewall $this->security($this->fwName)->getToken()->setTokenString($authToken); $user = $this->security($this->fwName)->getUser(); if (!$user->isAuthenticated()) { throw new LoginException('User is not authenticated', 6); } // 2. extract username $this->username = $user->getUsername(); // do the checks if ($this->isAccountBlocked($this->username)) { $this->security->firewall($this->fwName)->processLogout(); throw new LoginException('User account is blocked.', 2); } if (!$this->isAccountActive($this->username)) { $this->security->firewall($this->fwName)->processLogout(); throw new LoginException('User hasn\'t confirmed his account.', 4); } if ($this->config->get('Login.2FactorAuth', true)) { // validate the device if (!$this->isDeviceSessionValid($deviceToken)) { $this->security->firewall($this->fwName)->processLogout(); //todo: invalidate session in login meta throw new LoginException('The device session is no longer valid.', 8); } } // is session still valid if (!$this->isSessionValid($authToken)) { $this->security->firewall($this->fwName)->processLogout(); throw new LoginException('The current auth session is no longer valid.', 7); } // return User return $user; }
/** * @param Security $security * * @dataProvider dataProvider * @expectedException \Webiny\Component\Security\SecurityException * @expectedExceptionMessage Firewall 'test' is not defined */ public function testFirewallException($security) { $this->assertInstanceOf('\\Webiny\\Component\\Security\\Authentication\\Firewall', $security->firewall('test')); }