/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
if ($this->disablePassword) {
return true;
}
parent::checkAuthentication($user, $token);
}
/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
/** @var UsernamePasswordOrganizationToken $token */
$usernamePasswordToken = parent::authenticate($token);
$this->checkUserOrganization($usernamePasswordToken->getUser(), $token->getOrganizationContext());
$authenticatedToken = new UsernamePasswordOrganizationToken($usernamePasswordToken->getUser(), $usernamePasswordToken->getCredentials(), $usernamePasswordToken->getProviderKey(), $token->getOrganizationContext(), $usernamePasswordToken->getRoles());
return $authenticatedToken;
}
/**
* Retrieve user with password token and use it to decrypt the cipher key in the user
* The encryption manager will store it in the session for the following requests
* {@inheritdoc}
*/
protected function retrieveUser($username, UsernamePasswordToken $token)
{
$user = parent::retrieveUser($username, $token);
if ($user instanceof UserEncryptionProviderInterface && null !== $token->getCredentials()) {
$this->encryptionManager->decryptCipherKey($user, $token->getCredentials());
}
return $user;
}
/**
* Fetch username from POST.
*
* @param Request $request Incoming request object.
*
* @return string The supplied username.
*
* @throw InvalidRequestException If username or password in invalid format.
* @throw InvalidGrantException If reported as bad credentials from authentication provider.
*/
private function checkUsername(Request $request)
{
// username must exist and in valid format.
$username = $request->request->get('username');
$errors = $this->validator->validate($username, [new NotBlank(), new Username()]);
if (count($errors) > 0) {
throw new InvalidRequestException(['error_description' => 'The request includes an invalid parameter value.']);
}
// password must exist and in valid format.
$password = $request->request->get('password');
$errors = $this->validator->validate($password, [new NotBlank(), new Password()]);
if (count($errors) > 0) {
throw new InvalidRequestException(['error_description' => 'The request includes an invalid parameter value.']);
}
// Validate credentials with authentication manager.
try {
$token = new UsernamePasswordToken($username, $password, 'oauth2');
$authenticationProvider = new DaoAuthenticationProvider($this->userProvider, $this->userChecker, 'oauth2', $this->encoderFactory);
$authenticationProvider->authenticate($token);
} catch (BadCredentialsException $e) {
throw new InvalidGrantException(['error_description' => 'The provided resource owner credentials is invalid.']);
}
return $username;
}
/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
$guesser = new UserOrganizationGuesser();
/** @var TokenInterface $token */
$authenticatedToken = parent::authenticate($token);
/** @var User $user */
$user = $authenticatedToken->getUser();
$organization = $guesser->guess($user, $token);
if (!$organization) {
throw new BadCredentialsException("You don't have active organization assigned.");
} elseif (!$user->getOrganizations(true)->contains($organization)) {
throw new BadCredentialsException(sprintf("You don't have access to organization '%s'", $organization->getName()));
}
$authenticatedToken = new UsernamePasswordOrganizationToken($authenticatedToken->getUser(), $authenticatedToken->getCredentials(), $authenticatedToken->getProviderKey(), $organization, $authenticatedToken->getRoles());
return $authenticatedToken;
}
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
if (!$user instanceof EzUserInterface) {
return parent::checkAuthentication($user, $token);
}
// $currentUser can either be an instance of UserInterface or just the username (e.g. during form login).
/** @var EzUserInterface|string $currentUser */
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getAPIUser()->passwordHash !== $user->getAPIUser()->passwordHash) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
$apiUser = $currentUser->getAPIUser();
} else {
try {
$apiUser = $this->repository->getUserService()->loadUserByCredentials($token->getUsername(), $token->getCredentials());
} catch (NotFoundException $e) {
throw new BadCredentialsException('Invalid credentials', 0, $e);
}
}
// Finally inject current user in the Repository
$this->repository->setCurrentUser($apiUser);
}
public function __construct(EntityManager $em, UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true)
{
parent::__construct($userProvider, $userChecker, $providerKey, $encoderFactory, $hideUserNotFoundExceptions);
$this->em = $em;
}
/**
* Constructor.
*
* @param EntityManager $entityManager
* @param UserProviderInterface $userProvider
* @param UserCheckerInterface $userChecker
* @param EncoderFactoryInterface $providerKey
* @param EncoderFactoryInterface $encoderFactory
* @param bool|true $hideUserNotFoundExceptions
* @param array $superAdminsLogin
*/
public function __construct(EntityManager $entityManager, UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true, array $superAdminsLogin = array())
{
parent::__construct($userProvider, $userChecker, $providerKey, $encoderFactory, $hideUserNotFoundExceptions);
$this->entityManager = $entityManager;
$this->superAdminsLogin = $superAdminsLogin;
}
