/** * {@inheritdoc} */ public function checkCredentials($credentials, UserInterface $user) { if ($user->getPassword() === $credentials['password']) { return true; } throw new CustomUserMessageAuthenticationException($this->failMessage); }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if ($user instanceof User) { $encoder = $this->encoderFactory->getEncoder($user); if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { throw new BadCredentialsException('The presented password is invalid.'); } } else { $ldap = new Ldap($this->params['host'], $this->params['port'], $this->params['version']); $bind = $ldap->bind($user->getUsername(), $presentedPassword); $this->logger->debug(sprintf('LDAP bind with username "%s" and password "%s" yielded: %s', $user->getUsername(), $presentedPassword, print_r($bind, true))); if (!$bind) { throw new BadCredentialsException('The presented password is invalid.'); } // There's likely more data in the LDAP result now after a successful bind $this->userProvider->refreshUser($user); } } }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } $client = $this->clientFactory->build('en'); $request = CustomerLoginRequest::ofEmailAndPassword($token->getUser(), $presentedPassword); $response = $request->executeWithClient($client); if ($response->isError()) { throw new BadCredentialsException('The presented password is invalid.'); } $result = $request->mapResponse($response); $customer = $result->getCustomer(); if ($currentUser !== $customer->getEmail()) { throw new BadCredentialsException('The presented password is invalid.'); } $this->session->set('customer.id', $customer->getId()); } }
public function checkCredentials($credentials, UserInterface $user) { if ($user->getPassword() === $this->passwordEncoder->encodePassword($user, $credentials['password'])) { return true; } throw new CustomUserMessageAuthenticationException("Password is incorrect."); }
public function isEqualTo(UserInterface $user) { if (!$user instanceof CorredorUser || $this->password !== $user->getPassword() || $this->salt !== $user->getSalt() || $this->username !== $user->getUsername()) { return false; } return true; }
/** * {@InheritDoc} * * @throws NonceExpiredException */ public function validateDigest(WsseUserToken $wsseToken, UserInterface $user) { $created = $wsseToken->created; $nonce = $wsseToken->nonce; $digest = $wsseToken->digest; $secret = $user->getPassword(); // Check created time is not too far in the future (leaves 5 minutes margin) if (strtotime($created) > time() + 300) { throw new WsseAuthenticationException(sprintf('Token created date cannot be in future (%d seconds in the future).', time() - strtotime($created))); } // Expire timestamp after 5 minutes if (strtotime($created) < time() - 300) { throw new WsseAuthenticationException(sprintf('Token created date has expired its 300 seconds of validity (%d seconds).', strtotime($created) - time())); } // Validate that the nonce is *not* used in the last 10 minutes // if it has, this could be a replay attack if (file_exists($this->cacheDir . '/' . $nonce) && file_get_contents($this->cacheDir . '/' . $nonce) + 600 > time()) { throw new NonceExpiredException('Previously used nonce detected.'); } // If cache directory does not exist we create it if (!is_dir($this->cacheDir)) { mkdir($this->cacheDir, 0777, true); } file_put_contents($this->cacheDir . '/' . $nonce, time()); // Validate Secret $expected = base64_encode(sha1(base64_decode($nonce) . $created . $secret, true)); if (!StringUtils::equals($expected, $digest)) { throw new WsseAuthenticationException('Token digest is not valid.'); } return true; }
/** * Create WordPress logged in cookie * * @param UserInterface $user * @param int $lifetime * @return Cookie */ public function createLoggedInCookie(UserInterface $user, $lifetime = 31536000) { $username = $user->getUsername(); $password = $user->getPassword(); $expiration = time() + $lifetime; $hmac = $this->generateHmac($username, $expiration, $password); return new Cookie($this->getLoggedInCookieName(), $this->encodeCookie(array($username, $expiration, $hmac)), $expiration, $this->configuration->getCookiePath(), $this->configuration->getCookieDomain()); }
public function isEqualTo(UserInterface $user) { if (!$user instanceof LdapUser) { return false; } if ($this->password !== $user->getPassword()) { return false; } if ($this->username !== $user->getUsername()) { return false; } return true; }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if ($user->getPassword()) { $encoder = $this->encoderFactory->getEncoder($user); $encodedPassword = $encoder->encodePassword($presentedPassword, $user->getSalt()); if ($encodedPassword != $user->getPassword()) { throw new BadCredentialsException('The presented password is invalid.'); } } elseif (!$this->galittProvider->checkAccount($user->getUsername(), $presentedPassword)) { throw new BadCredentialsException('The presented password is invalid.'); } } }
public function isEqualTo(UserInterface $user) { if (!$user instanceof UsuariosService) { return false; } if ($this->password !== $user->getPassword()) { return false; } if ($this->salt !== $user->getSalt()) { return false; } if ($this->username !== $user->getUsername()) { return false; } return true; }
public function equals(UserInterface $user) { if (!$user instanceof self) { return false; } if ($this->password !== $user->getPassword()) { return false; } if ($this->getSalt() !== $user->getSalt()) { return false; } if ($this->username !== $user->getUsername()) { return false; } return true; }
public function isEqualTo(UserInterface $user) { if (!$user instanceof RedisUser) { return false; } if ($this->password !== $user->getPassword()) { return false; } if ($this->salt !== $user->getSalt()) { return false; } if ($this->email !== $user->getUsername()) { return false; } return true; }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('Bad credentials'); } if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { throw new BadCredentialsException('Bad credentials'); } } }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { $this->userProvider->handleWrongPassword($user); throw new BadCredentialsException('The presented password is invalid.'); } else { $this->userProvider->handleGoodPassword($user); } if (!$user->isAccountNonLocked()) { throw new LockedException(strtr('User account is locked%until%.', array('%until%' => $user->getLockedUntil() ? sprintf(' until %s', $user->getLockedUntil()->format('Y-m-d H:i:s')) : '')), $user); } } }
/** *{@inheritdoc} */ public function isEqualTo(UserInterface $user) { if (!$user instanceof User) { // @codeCoverageIgnoreStart return false; // @codeCoverageIgnoreEnd } if ($this->password !== $user->getPassword()) { // @codeCoverageIgnoreStart return false; // @codeCoverageIgnoreEnd } if ($this->salt !== $user->getSalt()) { // @codeCoverageIgnoreStart return false; // @codeCoverageIgnoreEnd } if ($this->username !== $user->getUsername()) { // @codeCoverageIgnoreStart return false; // @codeCoverageIgnoreEnd } return true; }
/** * Implementation of SecurityUserInterface. * * @param \Symfony\Component\Security\Core\User\UserInterface $user * @return Boolean */ public function equals(SecurityUserInterface $user) { if (!$user instanceof User) { return false; } if ($this->getPassword() !== $user->getPassword()) { return false; } if ($this->getSalt() !== $user->getSalt()) { return false; } if ($this->getUsernameCanonical() !== $user->getUsernameCanonical()) { return false; } if ($this->isAccountNonExpired() !== $user->isAccountNonExpired()) { return false; } if ($this->isAccountNonLocked() !== $user->isAccountNonLocked()) { return false; } if ($this->isCredentialsNonExpired() !== $user->isCredentialsNonExpired()) { return false; } if ($this->isEnabled() !== $user->isEnabled()) { return false; } return true; }
public function isEqualTo(UserInterface $user) { if (!$user instanceof self) { return false; } if ($this->id !== $user->getId()) { return false; } if ($this->password !== $user->getPassword()) { return false; } if ($this->salt !== $user->getSalt()) { return false; } return true; }
/** * @inheritDoc */ public function isEqualTo(BaseUserInterface $user) { if ($this->getPassword() !== $user->getPassword()) { return false; } if ($this->getSalt() !== $user->getSalt()) { return false; } if ($this->getUsername() !== $user->getUsername()) { return false; } return true; }
private function changePasswordUser(\Symfony\Component\Security\Core\User\UserInterface $user) { $em = $this->get('doctrine.orm.entity_manager'); $request = $this->container->get('request'); $old_password = $user->getPassword(); $encoder = $this->get('security.encoder_factory')->getEncoder($user); $form = $this->get('form.factory')->create(new UserPassword(), $user); if ('POST' === $request->getMethod()) { $form->handleRequest($request); if ($form->isValid()) { // first we check if the old password is correct $proof_password = $form->get('old_password')->getData(); if ($old_password !== $encoder->encodePassword($proof_password, $user->getSalt())) { $this->get('session')->getFlashBag()->set('error', "L'ancien mot de passe est incorrect"); return $this->render('TrezLogicielTrezBundle:User:change_password.html.twig', array('form' => $form->createView(), 'user' => $user, 'cancel_link' => $this->generateUrl('_welcome'))); } // now changes $password = $encoder->encodePassword($user->getPassword(), $user->getSalt()); $user->setPassword($password); $em->flush(); $this->get('session')->getFlashBag()->set('info', 'Le mot de passe a bien été changé'); return new RedirectResponse($this->generateUrl('_welcome')); } } return $this->render('TrezLogicielTrezBundle:User:change_password.html.twig', array('form' => $form->createView(), 'user' => $user, 'cancel_link' => $this->generateUrl('_welcome'))); }
public function getPassword() { return $this->wrappedUser->getPassword(); }
protected function assertSameUser(User $user1, UserInterface $user2) { foreach ([$user1->getCredentials()->getUsername() => $user2->getUsername(), $user1->getCredentials()->getPassword()->getHash() => $user2->getPassword()] as $expected => $actual) { $this->assertSame($expected, $actual); } }
/** * @inheritDoc */ public function isEqualTo(UserInterface $user) { if (!$user instanceof WebserviceUser) { return false; } if ($this->getPassword() !== $user->getPassword()) { return false; } if ($this->getSalt() !== $user->getSalt()) { return false; } if ($this->getUsername() !== $user->getUsername()) { return false; } return true; }
public function isEqualTo(UserInterface $user) { return $user instanceof User && $this->getUsername() === $user->getUsername() && $this->getPassword() === $user->getPassword() && $this->getSalt() === $user->getSalt(); }
/** * It logs in the given user in the 'main' application firewall (or the * optionally given firewall name). * * @param UserInterface $user * @param string $firewallName * * @return UserInterface */ public function login(UserInterface $user, $firewallName = 'main') { $token = new UsernamePasswordToken($user, $user->getPassword(), $firewallName, $user->getRoles()); $token->setAuthenticated(true); $this->tokenStorage->setToken($token); $this->session->set('_security_' . $firewallName, serialize($token)); $this->session->save(); return $user; }
/** * Validates the password for wsse. * * @param UserInterface $user The provided user. * @param TokenInterface $token The created token. * * @return boolean * * @throws NonceExpiredException If the none is used again if the lifetime is expired. */ protected function validateDigest(UserInterface $user, TokenInterface $token) { $created = $token->getCreated(); $nonce = $token->getNonce(); // expired after the lifetime if (time() - strtotime($created) > $this->lifetime) { return false; } if ($this->filesystem->exists($this->cacheDir . '/' . $nonce) && file_get_contents($this->cacheDir . '/' . $nonce) + $this->lifetime > time()) { throw new NonceExpiredException('Previously used nonce detected'); } // if cache directory does not exist it will be created if ($this->filesystem->exists($this->cacheDir) === false) { $this->filesystem->mkdir($this->cacheDir, 0777); } $this->filesystem->dumpFile($this->cacheDir . '/' . $nonce, time()); $salt = base64_decode($nonce) . $created; if (!$this->encoder->isPasswordValid($token->getDigest(), $user->getPassword(), $salt)) { throw new BadCredentialsException('The presented password is invalid.'); } return true; }
/** * Authenticate a token according to the user provided without any password encoders. * * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token * @param \Symfony\Component\Security\Core\User\UserInterface $user * * @return boolean|\BackBee\Security\Token\UsernamePasswordToken */ private function authenticateWithoutEncoder(TokenInterface $token, UserInterface $user) { if (null !== $user->getSalt() && call_user_func($user->getSalt(), $token->getCredentials()) === $user->getPassword()) { return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles()); } elseif ($token->getCredentials() === $user->getPassword()) { return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles()); } else { return false; } }
/** * @param UserInterface $user * @param UsernamePasswordToken $token */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { // this happens if we were already logged in if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if ("" === ($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { throw new BadCredentialsException('The presented password is invalid.'); } } if ($token->hasAttribute('desired_user')) { $roles = $user->getRoles(); if (!in_array('ROLE_ALLOWED_TO_SWITCH', $roles)) { throw new BadCredentialsException('You are not allowed to login as other users.'); } } }
protected function getSecret(UserInterface $user) { return $user->getPassword(); }
/** * {@inheritdoc} */ public function isEqualTo(UserInterface $user) { if ($this->getPassword() !== $user->getPassword()) { return false; } $currentRoles = array_map('strval', $this->getRoles()); $passedRoles = array_map('strval', $user->getRoles()); sort($currentRoles); sort($passedRoles); if ($currentRoles !== $passedRoles) { return false; } return true; }
/** * @param UserInterface $user * @return string */ private function getSecret(UserInterface $user) { return $user->getPassword(); }