/**
* @Rest\RequestParam(name="username", requirements={@Assert\NotBlank})
* @Rest\RequestParam(name="password", requirements={@Assert\NotBlank})
*/
public function authenticateAction(Request $request)
{
$created = date('Y-m-d H:i:s');
$token = new BBUserToken();
$token->setUser($request->request->get('username'));
$token->setCreated($created);
$token->setNonce(md5(uniqid('', true)));
$token->setDigest(md5($token->getNonce() . $created . md5($request->request->get('password'))));
$tokenAuthenticated = $this->getApplication()->getSecurityContext()->getAuthenticationManager()->authenticate($token);
if (!$tokenAuthenticated->getUser()->getApiKeyEnabled()) {
throw new DisabledException('API access forbidden');
}
$this->getApplication()->getSecurityContext()->setToken($tokenAuthenticated);
return $this->createJsonResponse(null, 201, array('X-API-KEY' => $tokenAuthenticated->getUser()->getApiKeyPublic(), 'X-API-SIGNATURE' => $tokenAuthenticated->getNonce()));
}
protected function setUp()
{
$this->initAutoload();
$bbapp = $this->getBBApp();
$this->initDb($bbapp);
$this->initAcl();
$this->getBBApp()->setIsStarted(true);
// save user
$group = new Group();
$group->setName('groupName');
$bbapp->getEntityManager()->persist($group);
// valid user
$this->user = new User();
$this->user->addGroup($group);
$this->user->setLogin('user123');
$this->user->setEmail('*****@*****.**');
$this->user->setPassword('password123');
$this->user->setActivated(true);
$bbapp->getEntityManager()->persist($this->user);
// inactive user
$user = new User();
$user->addGroup($group);
$user->setLogin('user123inactive');
$user->setEmail('*****@*****.**');
$user->setPassword('password123');
$user->setActivated(false);
$bbapp->getEntityManager()->persist($user);
$bbapp->getEntityManager()->flush();
// login user
$created = date('Y-m-d H:i:s');
$token = new BBUserToken();
$token->setUser($this->user);
$token->setCreated($created);
$token->setNonce(md5(uniqid('', true)));
$token->setDigest(md5($token->getNonce() . $created . md5($this->user->getPassword())));
$this->getSecurityContext()->setToken($token);
// set up permissions
$aclManager = $this->getBBApp()->getContainer()->get('security.acl_manager');
$aclManager->insertOrUpdateClassAce(new ObjectIdentity('all', get_class($this->user)), UserSecurityIdentity::fromAccount($this->user), MaskBuilder::MASK_IDDQD);
}
public function checkIdentity($username, $password)
{
$created = date('Y-m-d H:i:s');
$token = new BBUserToken();
$token->setUser($request->request->get('username'));
$token->setCreated($created);
$token->setNonce(md5(uniqid('', true)));
$token->setDigest(md5($token->getNonce() . $created . md5($password)));
$tokenAuthenticated = $this->getApplication()->getSecurityContext()->getAuthenticationManager()->authenticate($token);
$this->getApplication()->getSecurityContext()->setToken($tokenAuthenticated);
}
/**
* Create a signature for a given user.
*
* @param BackBee\Security\Token\BBUserToken the token we want to generate API signature key
*
* @return string the generated signature
*/
public function createSignature(BBUserToken $token)
{
return md5($token->getUser()->getApiKeyPublic() . $token->getUser()->getApiKeyPrivate() . $token->getNonce());
}
/**
* Updates the nonce value.
*
* @param string $nonce
*/
protected function writeNonceValue(BBUserToken $token)
{
$now = strtotime($token->getCreated());
$nonce = $token->getNonce();
$signature_generator = new RequestSignatureEncoder();
$signature = $signature_generator->createSignature($token);
if (null === $this->registryRepository) {
file_put_contents($this->nonceDir . DIRECTORY_SEPARATOR . $nonce, "{$now};{$signature}");
} else {
$registry = $this->getRegistry($nonce)->setValue("{$now};{$signature}");
$this->registryRepository->save($registry);
}
}
