/**
* Get the user from user provided for the given instance of Login object.
*
* @param Login $login Instance of Login object.
*
* @return AbstractUser
* @throws UserNotFoundException
*/
public function getUser(Login $login)
{
$user = new User();
$user->setParams($this->params);
$user->populate($login->getUsername(), $login->getPassword(), []);
return $user;
}
/**
* Get the user from user provided for the given instance of Login object.
*
* @param Login $login Instance of Login object.
*
* @return UserAbstract
* @throws UserNotFoundException
*/
public function getUser(Login $login)
{
if (self::$returnLoginObject) {
$user = new UserMock();
$user->populate($login->getUsername(), $login->getPassword(), ['ROLE_MOCK'], false);
return $user;
}
return false;
}
/**
* This method verifies the credentials of current user with the credentials provided from the Login object.
*
* @param Login $login
* @param Firewall $firewall
*
* @throws \Exception
* @return bool Return true if credentials are valid, otherwise return false.
*/
public function authenticate(Login $login, Firewall $firewall)
{
try {
$result = $firewall->verifyPasswordHash($login->getPassword(), $this->getPassword());
} catch (\Exception $e) {
throw new \Exception($e->getMessage());
}
return $result;
}
/**
* Get the user from user provided for the given instance of Login object.
* NOTE: The method gets the users based on his username only, password is not verified, this is part of
* the authentication process.
*
* @param Login $login Instance of Login object.
*
* @return UserAbstract
* @throws UserNotFoundException
*/
public function getUser(Login $login)
{
$username = $login->getUsername();
if (!isset($this->users[$username]) || !$this->isArray($this->users[$username])) {
throw new UserNotFoundException('User "' . $username . '" was not found.');
}
$userData = $this->users[$username];
$user = new User();
$user->populate($username, $userData['password'], $userData['roles'], false);
return $user;
}
/**
* This method verifies the credentials of current user with the credentials provided from the Login object.
*
* @param Login $login
* @param Firewall $firewall
*
* @return bool Return true if credentials are valid, otherwise return false.
*/
public function authenticate(Login $login, Firewall $firewall)
{
$user = call_user_func_array([$this->entity, 'findOne'], [[$this->username => $login->getUsername()]]);
if ($user) {
if ($firewall->verifyPasswordHash($login->getPassword(), $user[$this->password])) {
if (isset($user[$this->role])) {
$role = $user[$this->role];
} else {
$role = $this->role;
}
$role = new Role($role);
$this->setRoles([$role]);
return true;
}
}
return false;
}
/**
* This method verifies the credentials of current user with the credentials provided from the Login object.
*
* @param Login $login
* @param Firewall $firewall
*
* @return bool Return true if credentials are valid, otherwise return false.
*/
public function authenticate(Login $login, Firewall $firewall)
{
$entityInstance = new $this->entity();
$user = $entityInstance->find([$this->username => $login->getUsername()]);
if ($user && isset($user[0])) {
$user = $user[0];
if ($firewall->verifyPasswordHash($login->getPassword(), $user[$this->password])) {
if (isset($user[$this->role])) {
$role = $user[$this->role];
} else {
$role = $this->role;
}
$role = new Role($role);
$this->setRoles([$role]);
return true;
}
}
return false;
}
/**
* Get the user from user provided for the given instance of Login object.
*
* @param Login $login Instance of Login object.
*
* @return AbstractUser
* @throws UserNotFoundException
*/
public function getUser(Login $login)
{
// check if we have the tw_oauth_server attribute
if (!$login->getAttribute('tw_oauth_server')) {
throw new UserNotFoundException('User not found.');
}
// try to get the user from oauth
$connection = $login->getAttribute('tw_oauth_server');
try {
$twUserObj = $connection->getUserDetails();
$eventObj = new TwitterEvent($twUserObj, $connection);
$this->eventManager()->fire(TwitterEvent::TWITTER_AUTH_SUCCESS, $eventObj);
} catch (\Exception $e) {
throw new UserNotFoundException($e->getMessage());
}
// create the user object
$user = new User();
$user->populate($twUserObj->getUsername(), '', $login->getAttribute('tw_oauth_roles'), true);
return $user;
}
/**
* Get the user from user provided for the given instance of Login object.
*
* @param Login $login Instance of Login object.
*
* @return UserAbstract
* @throws UserNotFoundException
*/
public function getUser(Login $login)
{
// check if we have the oauth_server attribute
if (!$login->getAttribute('oauth2_server')) {
throw new UserNotFoundException('User not found.');
}
// try to get the user from oauth
$oauth2 = $login->getAttribute('oauth2_server');
try {
$oauth2User = $oauth2->request()->getUserDetails();
// fire the event
$eventClass = new OAuth2Event($oauth2User, $oauth2);
$this->eventManager()->fire(OAuth2Event::OAUTH2_AUTH_SUCCESS, $eventClass);
} catch (\Exception $e) {
$this->httpSession()->delete('oauth_token');
throw new UserNotFoundException($e->getMessage());
}
// create the user object
$user = new User();
$user->populate($oauth2User->email, '', $login->getAttribute('oauth2_roles'), true);
return $user;
}
/**
* This method is triggered on the login submit page where user credentials are submitted.
* On this page the provider should create a new Login object from those credentials, and return the object.
* This object will be then validated by user providers.
*
* @param ConfigObject $config Firewall config
*
* @throws TwitterOAuthException
* @return Login
*/
public function getLoginObject(ConfigObject $config)
{
try {
// step1 -> get access token
if (!$this->httpSession()->get('tw_oauth_token_secret', false)) {
$requestToken = $this->connection->getRequestToken();
// save the session for later
$this->httpSession()->save('tw_oauth_token', $requestToken['oauth_token']);
$this->httpSession()->save('tw_oauth_token_secret', $requestToken['oauth_token_secret']);
// check response code
$authUrl = $this->connection->getAuthorizeUrl($requestToken['oauth_token']);
header('Location: ' . $authUrl);
die('Redirect');
} else {
// request access tokens from twitter
if ($this->httpRequest()->query('oauth_verifier', false)) {
$access_token = $this->connection->requestAccessToken($this->httpSession()->get('tw_oauth_token'), $this->httpSession()->get('tw_oauth_token_secret'), $this->httpRequest()->query('oauth_token'), $this->httpRequest()->query('oauth_verifier'));
} else {
// remove no longer needed request tokens
$this->httpSession()->delete('tw_oauth_token');
$this->httpSession()->delete('tw_oauth_token_secret');
// redirect back to login
$this->httpRedirect($this->httpRequest()->getCurrentUrl());
}
// save the access tokens. Normally these would be saved in a database for future use.
$this->httpSession()->save('tw_access_token', $access_token);
// remove no longer needed request tokens
$this->httpSession()->delete('tw_oauth_token');
$this->httpSession()->delete('tw_oauth_token_secret');
}
} catch (\Exception $e) {
$this->httpSession()->delete('tw_oauth_token_secret');
throw new TwitterOAuthException($e->getMessage());
}
// step2 -> return the login object with auth token
$login = new Login('', '');
$login->setAttribute('tw_oauth_server', $this->connection);
$login->setAttribute('tw_oauth_roles', $this->oauthRoles);
return $login;
}
/**
* This method is triggered on the login submit page where user credentials are submitted.
* On this page the provider should create a new Login object from those credentials, and return the object.
* This object will be then validated by user providers.
*
* @param ConfigObject $config Firewall config
*
* @throws OAuth2Exception
* @return Login
*/
public function getLoginObject(ConfigObject $config)
{
// step1 -> get access token
$oauth2 = $this->getOAuth2Instance();
if (!$this->httpRequest()->query('code', false)) {
$this->httpSession()->delete('oauth_token');
// append state param to make the request more secured
$state = $this->createOAuth2State();
$this->httpSession()->save('oauth_state', $state);
$oauth2->setState($state);
$oauth2 = $this->getOAuth2Instance();
$authUrl = $oauth2->getAuthenticationUrl();
header('Location: ' . $authUrl);
$this->triggerExit('Redirecting');
} else {
if (!$this->httpSession()->get('oauth_token', false)) {
$accessToken = $oauth2->requestAccessToken();
$this->httpSession()->save('oauth_token', $accessToken);
} else {
$accessToken = $this->httpSession()->get('oauth_token', false);
}
}
// verify oauth state
$oauthState = $this->httpRequest()->query('state', '');
$state = $this->httpSession()->get('oauth_state', 'invalid');
if ($oauthState != $state) {
throw new OAuth2Exception('The state parameter from OAuth2 response doesn\'t match the users state parameter.');
}
$oauth2->setAccessToken($accessToken);
if ($this->isArray($accessToken) && isset($accessToken['result']['error'])) {
$this->httpSession()->delete('oauth_token');
return false;
}
// step2 -> return the login object with auth token
$login = new Login('', '');
$login->setAttribute('oauth2_server', $oauth2);
$login->setAttribute('oauth2_roles', $this->oauth2Roles);
return $login;
}
public function testGetAuthProviderName()
{
$login = new Login('username', 'password', true);
$login->setAuthProviderName('Facebook');
$this->assertSame('Facebook', $login->getAuthProviderName());
}
