/**
* @Rest\RequestParam(name="username", requirements={@Assert\NotBlank})
* @Rest\RequestParam(name="password", requirements={@Assert\NotBlank})
*/
public function authenticateAction(Request $request)
{
$created = date('Y-m-d H:i:s');
$token = new BBUserToken();
$token->setUser($request->request->get('username'));
$token->setCreated($created);
$token->setNonce(md5(uniqid('', true)));
$token->setDigest(md5($token->getNonce() . $created . md5($request->request->get('password'))));
$tokenAuthenticated = $this->getApplication()->getSecurityContext()->getAuthenticationManager()->authenticate($token);
if (!$tokenAuthenticated->getUser()->getApiKeyEnabled()) {
throw new DisabledException('API access forbidden');
}
$this->getApplication()->getSecurityContext()->setToken($tokenAuthenticated);
return $this->createJsonResponse(null, 201, array('X-API-KEY' => $tokenAuthenticated->getUser()->getApiKeyPublic(), 'X-API-SIGNATURE' => $tokenAuthenticated->getNonce()));
}
protected function setUp()
{
$this->initAutoload();
$bbapp = $this->getBBApp();
$this->initDb($bbapp);
$this->initAcl();
$this->getBBApp()->setIsStarted(true);
// save user
$group = new Group();
$group->setName('groupName');
$bbapp->getEntityManager()->persist($group);
// valid user
$this->user = new User();
$this->user->addGroup($group);
$this->user->setLogin('user123');
$this->user->setEmail('*****@*****.**');
$this->user->setPassword('password123');
$this->user->setActivated(true);
$bbapp->getEntityManager()->persist($this->user);
// inactive user
$user = new User();
$user->addGroup($group);
$user->setLogin('user123inactive');
$user->setEmail('*****@*****.**');
$user->setPassword('password123');
$user->setActivated(false);
$bbapp->getEntityManager()->persist($user);
$bbapp->getEntityManager()->flush();
// login user
$created = date('Y-m-d H:i:s');
$token = new BBUserToken();
$token->setUser($this->user);
$token->setCreated($created);
$token->setNonce(md5(uniqid('', true)));
$token->setDigest(md5($token->getNonce() . $created . md5($this->user->getPassword())));
$this->getSecurityContext()->setToken($token);
// set up permissions
$aclManager = $this->getBBApp()->getContainer()->get('security.acl_manager');
$aclManager->insertOrUpdateClassAce(new ObjectIdentity('all', get_class($this->user)), UserSecurityIdentity::fromAccount($this->user), MaskBuilder::MASK_IDDQD);
}
public function checkIdentity($username, $password)
{
$created = date('Y-m-d H:i:s');
$token = new BBUserToken();
$token->setUser($request->request->get('username'));
$token->setCreated($created);
$token->setNonce(md5(uniqid('', true)));
$token->setDigest(md5($token->getNonce() . $created . md5($password)));
$tokenAuthenticated = $this->getApplication()->getSecurityContext()->getAuthenticationManager()->authenticate($token);
$this->getApplication()->getSecurityContext()->setToken($tokenAuthenticated);
}
/**
* Creates a user for the specified group, and authenticates a BBUserToken.
*
* @param string $groupId
*
* @return \BackBee\Security\Token\BBUserToken
*/
protected function createAuthUser($groupId, $roles = array('ROLE_API_USER'))
{
$token = new BBUserToken($roles);
$user = new User();
$user->setEmail('*****@*****.**')->setLogin('admin')->setPassword('pass')->setApiKeyPrivate(uniqid("PRIVATE", true))->setApiKeyPublic(uniqid("PUBLIC", true))->setApiKeyEnabled(true);
$group = $this->getBBApp()->getEntityManager()->getRepository('BackBee\\Security\\Group')->findOneBy(array('_name' => $groupId));
if (!$group) {
$group = new Group();
$group->setName($groupId);
$this->getBBApp()->getEntityManager()->persist($group);
$this->getBBApp()->getEntityManager()->flush($group);
}
$user->addGroup($group);
$token->setAuthenticated(true);
$token->setUser($user)->setCreated(new \DateTime())->setLifetime(300);
$this->getSecurityContext()->setToken($token);
return $user;
}
/**
* Attempts to authenticates a TokenInterface object.
*
* @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
*
* @return \BackBee\Security\Token\BBUserToken
*
* @throws \BackBee\Security\Exception\SecurityException
*/
public function authenticate(TokenInterface $token)
{
if (false === $this->supports($token)) {
throw new SecurityException('Invalid token provided', SecurityException::UNSUPPORTED_TOKEN);
}
try {
$user = $this->userProvider->loadUserByUsername($token->getUsername());
$secret = $user->getPassword();
if ($this->encoderFactory) {
try {
$encoder = $this->encoderFactory->getEncoder($user);
if ($encoder instanceof PlaintextPasswordEncoder) {
$secret = md5($secret);
} elseif ($encoder instanceof MessageDigestPasswordEncoder) {
// $secret is already md5 encoded
// NB: only md5 algo without salt is currently supported due to frontend dependency
} else {
// currently there is a dependency on md5 in frontend so all other encoders can't be supported
throw new \RuntimeException('Encoder is not supported: ' . get_class($encoder));
}
} catch (\RuntimeException $e) {
// no encoder defined
$secret = md5($secret);
}
} else {
// no encoder - still have to encode with md5
$secret = md5($secret);
}
$this->checkNonce($token, $secret);
} catch (\Exception $e) {
$this->clearNonce($token);
throw $e;
}
$validToken = new BBUserToken($user->getRoles());
$validToken->setUser($user)->setNonce($token->getNonce())->setCreated(new \DateTime())->setLifetime($this->lifetime);
$this->writeNonceValue($validToken);
return $validToken;
}
