/**
* Handles the authentication for user.
*
* @param GetResponseEvent $event The response event.
*
* @throws AuthenticationException When the request is not authenticated.
*
* @return void
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
return;
}
$token = new WsseUserToken($this->providerKey);
$token->setUser($matches[1]);
$token->setDigest($matches[2]);
$token->setNonce($matches[3]);
$token->setCreated($matches[4]);
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
$failedMessage = 'WSSE Login failed for ' . $token->getUsername() . '. Because: ' . $failed->getMessage();
$token = $this->securityContext->getToken();
if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) {
$this->securityContext->setToken(null);
}
// deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
return;
}
// by default deny authorization
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
}
/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserByUsername($token->getUsername());
if ($user instanceof UserInterface) {
if ("" === $token->getDigest()) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if ($this->validateDigest($user, $token)) {
$authenticatedToken = new WsseUserToken($user->getRoles());
$authenticatedToken->setUser($user);
return $authenticatedToken;
}
}
throw new AuthenticationException('The WSSE authentication failed.');
}