public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserByUsername($token->getUsername());
if ($user && $this->validateDigest($token->getAttribute('digest'), $token->getAttribute('nonce'), $token->getAttribute('created'), $this->getSecret($user), $this->getSalt($user))) {
$authenticatedToken = new Token($user->getRoles());
$authenticatedToken->setUser($user);
$authenticatedToken->setAuthenticated(true);
return $authenticatedToken;
}
throw new AuthenticationException('WSSE authentication failed.');
}
/**
* @dataProvider userProvider
*
* @param UserInterface $user
* @param $secret
* @param string $salt
*/
public function testOverridesLogic(UserInterface $user, $secret, $salt = '')
{
$this->userProvider->expects($this->exactly(2))->method('loadUserByUsername')->will($this->returnValue($user));
$nonce = base64_encode(uniqid(self::TEST_NONCE));
$time = date('Y-m-d H:i:s');
$digest = $this->encoder->encodePassword(sprintf('%s%s%s', base64_decode($nonce), $time, $secret), $salt);
$token = new Token();
$token->setAttribute('digest', $digest);
$token->setAttribute('nonce', $nonce);
$token->setAttribute('created', $time);
$this->provider->authenticate($token);
}
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
//find out if the current request contains any information by which the user might be authenticated
if (!$request->headers->has('X-WSSE')) {
return;
}
$ae_message = null;
$this->wsseHeader = $request->headers->get('X-WSSE');
$wsseHeaderInfo = $this->parseHeader();
if ($wsseHeaderInfo !== false) {
$token = new Token();
$token->setUser($wsseHeaderInfo['Username']);
$token->setAttribute('digest', $wsseHeaderInfo['PasswordDigest']);
$token->setAttribute('nonce', $wsseHeaderInfo['Nonce']);
$token->setAttribute('created', $wsseHeaderInfo['Created']);
try {
$returnValue = $this->authenticationManager->authenticate($token);
if ($returnValue instanceof TokenInterface) {
return $this->securityContext->setToken($returnValue);
} else {
if ($returnValue instanceof Response) {
return $event->setResponse($returnValue);
}
}
} catch (AuthenticationException $ae) {
$event->setResponse($this->authenticationEntryPoint->start($request, $ae));
}
}
}
/**
* @test
*/
public function handleReturnResponse()
{
$token = new Token();
$token->setUser('admin');
$token->setAttribute('digest', 'admin');
$token->setAttribute('nonce', 'admin');
$token->setAttribute('created', '2010-12-12 20:00:00');
$response = new Response();
$this->authenticationManager->expects($this->once())->method('authenticate')->with($token)->will($this->returnValue($response));
$this->responseEvent->expects($this->once())->method('setResponse')->with($response);
$this->request->headers->add(array('X-WSSE' => 'UsernameToken Username="******", PasswordDigest="admin", Nonce="admin", Created="2010-12-12 20:00:00"'));
$listener = new Listener($this->securityContext, $this->authenticationManager, $this->authenticationEntryPoint);
$listener->handle($this->responseEvent);
}
/**
* @test
*/
public function getCredentials()
{
$token = new Token();
$this->assertEquals('', $token->getCredentials());
}
/**
* @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationException
*/
public function testGetSecret()
{
$noApiKeyUser = $this->getMock('Oro\\Bundle\\UserBundle\\Entity\\User');
$noApiKeyUser->expects(static::exactly(2))->method('getApiKeys')->will(static::returnValue(new ArrayCollection()));
$noApiKeyUser->expects(static::never())->method('getPassword');
$noApiKeyUser->expects(static::never())->method('getSalt');
$noApiKeyUser->expects(static::any())->method('getRoles')->will(static::returnValue([]));
$this->userProvider->expects(static::exactly(2))->method('loadUserByUsername')->will(static::returnValue($noApiKeyUser));
$nonce = base64_encode(uniqid(self::TEST_NONCE));
$time = date('Y-m-d H:i:s');
$digest = $this->encoder->encodePassword(sprintf('%s%s%s', base64_decode($nonce), $time, ''), '');
$token = new Token();
$token->setAttribute('digest', $digest);
$token->setAttribute('nonce', $nonce);
$token->setAttribute('created', $time);
$this->provider->authenticate($token);
}
/**
* @test
* @depends validateDigestWithNonceDirExpectedException
* @depends validateDigestWithNonceDir
* @depends validateDigestWithoutNonceDir
* @depends validateDigestExpireTime
*/
public function authenticate()
{
$this->user->expects($this->once())->method('getPassword')->will($this->returnValue('somesecret'));
$this->user->expects($this->once())->method('getSalt')->will($this->returnValue('somesalt'));
$this->user->expects($this->once())->method('getRoles')->will($this->returnValue(array()));
$this->userProvider->expects($this->once())->method('loadUserByUsername')->will($this->returnValue($this->user));
$expected = new Token();
$expected->setUser($this->user);
$expected->setAuthenticated(true);
$time = date(DATE_ISO8601);
$encoder = new MessageDigestPasswordEncoder('sha1', true, 1);
$digest = $encoder->encodePassword(sprintf('%s%s%s', 'somenonce', $time, 'somesecret'), 'somesalt');
$token = new Token();
$token->setAttribute('digest', $digest);
$token->setAttribute('nonce', base64_encode('somenonce'));
$token->setAttribute('created', $time);
$provider = new CustomProvider($this->userProvider, $this->encoder, $this->nonceCache);
$result = $provider->authenticate($token);
$this->assertEquals($expected, $result);
}