/**
* {@inheritdoc}
*/
protected function retrieveUser($username, UsernamePasswordToken $token)
{
$user = $token->getUser();
if ($user instanceof UserInterface) {
return $user;
}
try {
if ($this->getAuthService()->hasPartnerAuth()) {
try {
$user = $this->userProvider->loadUserByUsername($username);
$bind = $this->getUserService()->getUserBindByTypeAndUserId($this->getAuthService()->getPartnerName(), $user['id']);
if ($bind) {
$partnerUser = $this->getAuthService()->checkPartnerLoginById($bind['fromId'], $token->getCredentials());
if ($partnerUser) {
$user = $this->syncEmailAndPassword($user, $partnerUser, $token);
}
}
} catch (UsernameNotFoundException $notFound) {
if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
$partnerUser = $this->getAuthService()->checkPartnerLoginByEmail($username, $token->getCredentials());
} else {
$partnerUser = $this->getAuthService()->checkPartnerLoginByNickname($username, $token->getCredentials());
}
if (empty($partnerUser)) {
throw $notFound;
}
$bind = $this->getUserService()->getUserBindByTypeAndFromId($this->getAuthService()->getPartnerName(), $partnerUser['id']);
if ($bind) {
$user = $this->getUserService()->getUser($bind['toId']);
$user = $this->syncEmailAndPassword($user, $partnerUser, $token);
} else {
$setting = $this->getSettingService()->get('user_partner', array());
$email_filter = explode("\n", $setting['email_filter']);
if (in_array($partnerUser['email'], $email_filter)) {
$partnerUser['email'] = $partnerUser['id'] . '_dz_' . $this->getRandomString(5) . '@edusoho.net';
}
$registration = array();
$registration['nickname'] = $partnerUser['nickname'];
$registration['email'] = $partnerUser['email'];
$registration['password'] = $token->getCredentials();
$registration['createdIp'] = $partnerUser['createdIp'];
$registration['token'] = array('userId' => $partnerUser['id']);
$this->getUserService()->register($registration, $this->getAuthService()->getPartnerName());
$user = $this->userProvider->loadUserByUsername($username);
}
}
} else {
$user = $this->userProvider->loadUserByUsername($username);
}
if (!$user instanceof UserInterface) {
throw new AuthenticationServiceException('The user provider must return a UserInterface object.');
}
return $user;
} catch (UsernameNotFoundException $notFound) {
$notFound->setUsername($username);
throw $notFound;
} catch (\Exception $repositoryProblem) {
$ex = new AuthenticationServiceException($repositoryProblem->getMessage(), 0, $repositoryProblem);
$ex->setToken($token);
throw $ex;
}
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if ($user instanceof User) {
$encoder = $this->encoderFactory->getEncoder($user);
if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
throw new BadCredentialsException('The presented password is invalid.');
}
} else {
$ldap = new Ldap($this->params['host'], $this->params['port'], $this->params['version']);
$bind = $ldap->bind($user->getUsername(), $presentedPassword);
$this->logger->debug(sprintf('LDAP bind with username "%s" and password "%s" yielded: %s', $user->getUsername(), $presentedPassword, print_r($bind, true)));
if (!$bind) {
throw new BadCredentialsException('The presented password is invalid.');
}
// There's likely more data in the LDAP result now after a successful bind
$this->userProvider->refreshUser($user);
}
}
}
public function authUserFromRedmine(UsernamePasswordToken $token)
{
$pass = $token->getCredentials();
$username = $token->getUser();
try {
$response = $this->client->redmineLogin($username, $pass);
$q = json_decode($response);
$em = $this->em;
$user = $em->getRepository("RedmineAppBundle:RedmineUser")->findOneBy(['redmineToken' => $q->user->api_key, 'redmineUserID' => $q->user->id]);
if ($user) {
return $user->getUsername();
} else {
$user = new RedmineUser();
$user->setUsername($q->user->login)->setEmail($q->user->mail)->setPassword($this->encoder->encodePassword($user, md5(uniqid())))->setName($q->user->firstname)->setSurname($q->user->lastname)->setRedmineUserID($q->user->id)->setRedmineToken($q->user->api_key);
$settings = new Settings();
$settings->setSms(false)->setPush(false)->setCheckFirst(Carbon::createFromTime(17, 45))->setCheckSecond(Carbon::createFromTime(20, 0))->setCheckThird(Carbon::createFromTime(9, 30))->setUser($user);
$this->em->persist($user);
$this->em->persist($settings);
$this->em->flush();
return $user->getUsername();
}
} catch (\Exception $e) {
return null;
}
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
$client = $this->clientFactory->build('en');
$request = CustomerLoginRequest::ofEmailAndPassword($token->getUser(), $presentedPassword);
$response = $request->executeWithClient($client);
if ($response->isError()) {
throw new BadCredentialsException('The presented password is invalid.');
}
$result = $request->mapResponse($response);
$customer = $result->getCustomer();
if ($currentUser !== $customer->getEmail()) {
throw new BadCredentialsException('The presented password is invalid.');
}
$this->session->set('customer.id', $customer->getId());
}
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$password = $token->getCredentials();
if ($password === null || $password === '') {
throw new BadCredentialsException('The presented password is invalid.');
}
return parent::checkAuthentication($user, $token);
}
public function authenticate(TokenInterface $token)
{
if ($this->code != $token->getCredentials()) {
throw new AuthenticationException("Authentication code does not match");
}
$user = $token->getUser();
// TODO: Provide a mechanism to get the real user object, and set user roles in token
$token = new UsernamePasswordToken($user, $token->getCredentials(), $this->name, ['ROLE_USER']);
return $token;
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$password = $token->getCredentials();
try {
$username = $user->getUsername();
$this->ldap->bind($username, $password);
} catch (ConnectionException $e) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
/**
* {@inheritdoc}
*/
protected function retrieveUser($username, UsernamePasswordToken $token)
{
$repository = $this->getRepository();
try {
$apiUser = $repository->getUserService()->loadUserByCredentials($username, $token->getCredentials());
$repository->setCurrentUser($apiUser);
return new User($apiUser);
} catch (NotFoundException $e) {
throw new AuthenticationException('Authentication to eZ Publish failed', $e->getCode(), $e);
}
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$username = $token->getUsername();
$password = $token->getCredentials();
try {
$username = $this->ldap->escape($username, '', LDAP_ESCAPE_DN);
$dn = str_replace('{username}', $username, $this->dnString);
$this->ldap->bind($dn, $password);
} catch (ConnectionException $e) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
public function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$connector = new Connector($user->getUsername(), $token->getCredentials());
if (!$connector->isSignedIn()) {
throw new BadCredentialsException();
}
$student = $connector->getStudent();
$user->fromStudent($student);
$user->setLastConnectionAt(new \DateTime());
if ($user->getId() == null || $user->getAccount() == null) {
$user->setAccount(new Account());
}
$this->em->persist($user);
$this->em->flush();
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if ('' === ($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
}
/**
* {@inheritdoc}
*/
protected function retrieveUser($username, UsernamePasswordToken $token)
{
$user = $token->getUser();
if ($user instanceof UserInterface) {
return $user;
}
try {
$user = $this->userProvider->loadUserByUsernameAndPassword($username, $token->getCredentials());
if (!$user instanceof UserInterface) {
throw new AuthenticationServiceException('The user provider must return a UserInterface object.');
}
return $user;
} catch (UsernameNotFoundException $notFound) {
throw $notFound;
}
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token)
{
$user = $token->getUser();
if ($user instanceof AccountInterface) {
if ($account->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = (string) $token->getCredentials())) {
throw new BadCredentialsException('Bad credentials');
}
if (!$this->encoderFactory->getEncoder($account)->isPasswordValid($account->getPassword(), $presentedPassword, $account->getSalt())) {
throw new BadCredentialsException('Bad credentials');
}
}
}
/**
* {@inheritdoc}
*/
public function handle(Request $request, ClientInterface $client)
{
$username = $request->request->get('username');
$password = $request->request->get('password');
$scope = $request->request->get('scope');
if (empty($username)) {
throw new OAuthInvalidRequestException('Missing username parameter.');
}
if (empty($password)) {
throw new OAuthInvalidRequestException('Missing password parameter.');
}
$user = $this->userProvider->loadUserByUsername($username);
$token = new UsernamePasswordToken($username, $password, $this->providerKey);
if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $token->getCredentials(), $user->getSalt())) {
throw new OAuthInvalidRequestException('Bad credentials.');
}
$accessToken = $this->accessTokenProvider->create($user, $client, $scope);
$data = ['access_token' => $accessToken->getId(), 'token_type' => 'bearer', 'expires_in' => $accessToken->getExpires()];
return new Response(json_encode($data), 200, ['Content-Type' => 'application/json;charset=UTF-8', 'Cache-Control' => 'no-store', 'Pragma' => 'no-cache']);
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
$presentedPassword = $token->getCredentials();
if ($currentUser instanceof UserInterface) {
if ('' === $presentedPassword) {
throw new BadCredentialsException('The password in the token is empty. You may forgive turn off `erase_credentials` in your `security.yml`');
}
if (!$this->ldapManager->bind($currentUser, $presentedPassword)) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if ('' === $presentedPassword) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (!$this->ldapManager->bind($user, $presentedPassword)) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
$this->userProvider->handleWrongPassword($user);
throw new BadCredentialsException('The presented password is invalid.');
} else {
$this->userProvider->handleGoodPassword($user);
}
if (!$user->isAccountNonLocked()) {
throw new LockedException(strtr('User account is locked%until%.', array('%until%' => $user->getLockedUntil() ? sprintf(' until %s', $user->getLockedUntil()->format('Y-m-d H:i:s')) : '')), $user);
}
}
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof LdapUserInterface) {
if (!$this->ldapManager->bind($currentUser, $currentUser->getPassword())) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!$user->getDn()) {
$userLdap = $this->ldapManager->findUserByUsername($user->getUsername());
if (!$userLdap) {
throw new BadCredentialsException(sprintf('User "%s" not found', $user->getUsername()));
}
$user->setDn($userLdap->getDn());
}
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (!$this->ldapManager->bind($user, $presentedPassword)) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
}
/**
* {@inheritdoc}
*/
public function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$connector = new \EpitechAPI\Connector();
try {
$connector->authenticate(\EpitechAPI\Connector::SIGN_IN_METHOD_CREDENTIALS, $user->getUsername(), $token->getCredentials());
} catch (\Exception $ex) {
throw new \Exception("The Epitech's Intranet is not responding");
}
if (!$connector->isSignedIn()) {
throw new BadCredentialsException();
}
$user->updateFromIntranet($connector->getUser());
$user->setLastConnectionDate(new \DateTime());
$roles = $user->getRoles();
foreach (array_keys($roles, 'ROLE_SUPER_ADMIN') as $key) {
unset($roles[$key]);
}
if (in_array($user->getLogin(), $this->superAdminsLogin)) {
$roles[] = 'ROLE_SUPER_ADMIN';
}
$user->setRoles($roles);
$this->entityManager->persist($user);
$this->entityManager->flush();
}
/**
* @param UserInterface $user
* @param UsernamePasswordToken $token
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
// this happens if we were already logged in
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if ("" === ($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
if ($token->hasAttribute('desired_user')) {
$roles = $user->getRoles();
if (!in_array('ROLE_ALLOWED_TO_SWITCH', $roles)) {
throw new BadCredentialsException('You are not allowed to login as other users.');
}
}
}
public function testEraseCredentials()
{
$token = new UsernamePasswordToken('foo', 'bar', 'key');
$token->eraseCredentials();
$this->assertEquals('', $token->getCredentials());
}
/**
* {@inheritdoc}
*/
protected function retrieveUser($username, UsernamePasswordToken $token)
{
$user = $token->getUser();
if ($user instanceof UserInterface) {
return $user;
}
try {
$user = $this->userProvider->loadUserByUsername($username, $token->getAsn(), $token->getCredentials());
if (!$user instanceof UserInterface) {
throw new AuthenticationServiceException('The user provider must return a UserInterface object.');
}
return $user;
} catch (UsernameNotFoundException $notFound) {
$notFound->setUsername($username);
throw $notFound;
} catch (\Exception $repositoryProblem) {
$ex = new AuthenticationServiceException($repositoryProblem->getMessage(), 0, $repositoryProblem);
$ex->setToken($token);
throw $ex;
}
}
/**
* Authenticates the user via ldap
*
* @param \Symfony\Component\Security\Core\User\UserInterface $user
* @param \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken $token
* @return boolean $passwordValid
* @throws BadCredentialsException
*/
protected function checkAuthenticationLdap(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
// Due to ldap restrinctions we expect a user authenticated once the token
// contains a user object
if ($currentUser instanceof UserInterface) {
return true;
}
try {
$this->ldapManager->bind($token->getUsername(), $token->getCredentials());
$passwordValid = (bool) $this->ldapManager->getBoundUser();
if (null !== $this->logger && !$token->isAuthenticated()) {
$this->logger->info("[LdapAuthenticator] Ldap authentication successful.", array('user' => $this->ldapManager->getBoundUser()));
}
return $passwordValid;
} catch (\Zend\Ldap\Exception\LdapException $e) {
throw new BadCredentialsException('Ldap authentication failed', 0, $e);
}
}
