/** * Login a user using a username and password * to bind against an LDAP server * @param Request $request * * @return JsonResponse */ public function login(Request $request) { $username = $request->request->get('username'); $password = $request->request->get('password'); $code = JsonResponse::HTTP_OK; $errors = []; if (!$username) { $errors[] = 'missingUsername'; $code = JsonResponse::HTTP_BAD_REQUEST; } if (!$password) { $errors[] = 'missingPassword'; $code = JsonResponse::HTTP_BAD_REQUEST; } if ($username && $password) { $authEntity = $this->authManager->findAuthenticationByUsername($username); if ($authEntity) { $user = $authEntity->getUser(); if ($user->isEnabled()) { $passwordValid = $this->checkLdapPassword($username, $password); if ($passwordValid) { $jwt = $this->jwtManager->createJwtFromUser($user); return $this->createSuccessResponseFromJWT($jwt); } } } $errors[] = 'badCredentials'; $code = JsonResponse::HTTP_UNAUTHORIZED; } return new JsonResponse(array('status' => 'error', 'errors' => $errors, 'jwt' => null), $code); }
/** * Login a user using a username and password * @param Request $request * * @return JsonResponse */ public function login(Request $request) { $username = $request->request->get('username'); $password = $request->request->get('password'); $errors = []; if (!$username) { $errors[] = 'missingUsername'; } if (!$password) { $errors[] = 'missingPassword'; } if ($username && $password) { $authEntity = $this->authManager->findAuthenticationByUsername($username); if ($authEntity) { $user = $authEntity->getUser(); $passwordValid = $this->encoder->isPasswordValid($user, $password); if ($passwordValid) { $this->updateLegacyPassword($authEntity, $password); $jwt = $this->jwtManager->createJwtFromUser($user); return $this->createSuccessResponseFromJWT($jwt); } } $errors[] = 'badCredentials'; } return new JsonResponse(array('status' => 'error', 'errors' => $errors, 'jwt' => null), JsonResponse::HTTP_BAD_REQUEST); }
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { if (!$userProvider instanceof EntityUserProvider) { throw new \InvalidArgumentException(sprintf('The user provider must be an instance of EntityUserProvider (%s was given).', get_class($userProvider))); } try { $jwt = $token->getCredentials(); $username = $this->jwtManager->getUserIdFromToken($jwt); $issuedAt = $this->jwtManager->getIssuedAtFromToken($jwt); } catch (\UnexpectedValueException $e) { throw new BadCredentialsException('Invalid JSON Web Token: ' . $e->getMessage()); } catch (\Exception $e) { throw new BadCredentialsException('Invalid JSON Web Token'); } $user = $userProvider->loadUserByUsername($username); $authentication = $user->getAuthentication(); if ($authentication) { $tokenNotValidBefore = $authentication->getInvalidateTokenIssuedBefore(); if ($tokenNotValidBefore) { if ($tokenNotValidBefore > $issuedAt) { throw new BadCredentialsException('Invalid JSON Web Token: Not issued before ' . $tokenNotValidBefore->format('c')); } } } $authenticatedToken = new PreAuthenticatedToken($user, $jwt, $providerKey); $authenticatedToken->setAuthenticated(true); return $authenticatedToken; }
public function testCreateJwtFromUserWhichExpiresAfterMaximumTime() { $user = m::mock('Ilios\\CoreBundle\\Entity\\UserInterface')->shouldReceive('getId')->andReturn(42)->mock(); $obj = new JsonWebTokenManager('secret'); $jwt = $obj->createJwtFromUser($user, 'P400D'); $now = new DateTime(); $expiresAt = $obj->getExpiresAtFromToken($jwt); $this->assertTrue($now->diff($expiresAt)->d < 365); }
/** * {@inheritdoc} */ protected function execute(InputInterface $input, OutputInterface $output) { $userId = $input->getArgument('userId'); $user = $this->userManager->findUserBy(['id' => $userId]); if (!$user) { throw new \Exception("No user with id #{$userId} was found."); } $jwt = $this->jwtManager->createJwtFromUser($user, $input->getOption('ttl')); $output->writeln('Success!'); $output->writeln('Token: ' . $jwt); }
/** * Authenticate a user from shibboleth * * If the user is not yet logged in send a redirect Request * If the user is logged in, but no account exists send an error * If the user is authenticated send a JWT * @param Request $request * * @throws \Exception when the shibboleth attributes do not contain a value for the configured user id attribute * @return JsonResponse */ public function login(Request $request) { $applicationId = $request->server->get('Shib-Application-ID'); if (!$applicationId) { return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK); } $userId = $request->server->get($this->userIdAttribute); if (!$userId) { $msg = "No '{$this->userIdAttribute}' found for authenticated user."; $logVars = []; $shibProperties = ['Shib-Session-ID', 'Shib-Authentication-Instant', 'Shib-Authentication-Method', 'Shib-Session-Index']; foreach ($shibProperties as $key) { $logVars[$key] = $request->server->get($key); } $logVars['HTTP_REFERER'] = $request->server->get('HTTP_REFERER'); $logVars['REMOTE_ADDR'] = $request->server->get('REMOTE_ADDR'); $this->logger->error($msg, ['server variables' => var_export($logVars, true)]); throw new \Exception($msg); } /* @var \Ilios\CoreBundle\Entity\AuthenticationInterface $authEntity */ $authEntity = $this->authManager->findOneBy(array('username' => $userId)); if ($authEntity) { $user = $authEntity->getUser(); if ($user->isEnabled()) { $jwt = $this->jwtManager->createJwtFromUser($user); return $this->createSuccessResponseFromJWT($jwt); } } return new JsonResponse(array('status' => 'noAccountExists', 'userId' => $userId, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK); }
/** * Authenticate a user from shibboleth * * If the user is not yet logged in send a redirect Request * If the user is logged in, but no account exists send an error * If the user is authenticated send a JWT * @param Request $request * * @throws \Exception when the shibboleth attributes do not contain an eppn * @return JsonResponse */ public function login(Request $request) { $applicationId = $request->server->get('Shib-Application-ID'); if (!$applicationId) { return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK); } $eppn = $request->server->get('eppn'); if (!$eppn) { $msg = "No 'eppn' found for authenticated user."; $this->logger->error($msg, ['server vars' => var_export($_SERVER, true)]); throw new \Exception($msg); } $authEntity = $this->authManager->findAuthenticationBy(array('username' => $eppn)); if (!$authEntity) { return new JsonResponse(array('status' => 'noAccountExists', 'eppn' => $eppn, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_BAD_REQUEST); } $jwt = $this->jwtManager->createJwtFromUser($authEntity->getUser()); return $this->createSuccessResponseFromJWT($jwt); }
/** * Authenticate a user from shibboleth * * If the user is not yet logged in send a redirect Request * If the user is logged in, but no account exists send an error * If the user is authenticated send a JWT * @param Request $request * * @throws \Exception when the shibboleth attributes do not contain a value for the configured user id attribute * @return JsonResponse */ public function login(Request $request) { $service = $request->query->get('service'); $ticket = $request->query->get('ticket'); if (!$ticket) { return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK); } $userId = $this->casManager->getUserId($service, $ticket); if (!$userId) { $msg = "No user found for authenticated user."; $this->logger->error($msg, ['server vars' => var_export($_SERVER, true)]); throw new \Exception($msg); } /* @var \Ilios\CoreBundle\Entity\AuthenticationInterface $authEntity */ $authEntity = $this->authManager->findOneBy(array('username' => $userId)); if ($authEntity) { $user = $authEntity->getUser(); if ($user->isEnabled()) { $jwt = $this->jwtManager->createJwtFromUser($user); return $this->createSuccessResponseFromJWT($jwt); } } return new JsonResponse(array('status' => 'noAccountExists', 'userId' => $userId, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK); }