/**
* {@inheritdoc}
*/
public function checkCredentials($credentials, UserInterface $user)
{
if ($user->getPassword() === $credentials['password']) {
return true;
}
throw new CustomUserMessageAuthenticationException($this->failMessage);
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if ($user instanceof User) {
$encoder = $this->encoderFactory->getEncoder($user);
if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
throw new BadCredentialsException('The presented password is invalid.');
}
} else {
$ldap = new Ldap($this->params['host'], $this->params['port'], $this->params['version']);
$bind = $ldap->bind($user->getUsername(), $presentedPassword);
$this->logger->debug(sprintf('LDAP bind with username "%s" and password "%s" yielded: %s', $user->getUsername(), $presentedPassword, print_r($bind, true)));
if (!$bind) {
throw new BadCredentialsException('The presented password is invalid.');
}
// There's likely more data in the LDAP result now after a successful bind
$this->userProvider->refreshUser($user);
}
}
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
$client = $this->clientFactory->build('en');
$request = CustomerLoginRequest::ofEmailAndPassword($token->getUser(), $presentedPassword);
$response = $request->executeWithClient($client);
if ($response->isError()) {
throw new BadCredentialsException('The presented password is invalid.');
}
$result = $request->mapResponse($response);
$customer = $result->getCustomer();
if ($currentUser !== $customer->getEmail()) {
throw new BadCredentialsException('The presented password is invalid.');
}
$this->session->set('customer.id', $customer->getId());
}
}
public function checkCredentials($credentials, UserInterface $user)
{
if ($user->getPassword() === $this->passwordEncoder->encodePassword($user, $credentials['password'])) {
return true;
}
throw new CustomUserMessageAuthenticationException("Password is incorrect.");
}
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof CorredorUser || $this->password !== $user->getPassword() || $this->salt !== $user->getSalt() || $this->username !== $user->getUsername()) {
return false;
}
return true;
}
/**
* {@InheritDoc}
*
* @throws NonceExpiredException
*/
public function validateDigest(WsseUserToken $wsseToken, UserInterface $user)
{
$created = $wsseToken->created;
$nonce = $wsseToken->nonce;
$digest = $wsseToken->digest;
$secret = $user->getPassword();
// Check created time is not too far in the future (leaves 5 minutes margin)
if (strtotime($created) > time() + 300) {
throw new WsseAuthenticationException(sprintf('Token created date cannot be in future (%d seconds in the future).', time() - strtotime($created)));
}
// Expire timestamp after 5 minutes
if (strtotime($created) < time() - 300) {
throw new WsseAuthenticationException(sprintf('Token created date has expired its 300 seconds of validity (%d seconds).', strtotime($created) - time()));
}
// Validate that the nonce is *not* used in the last 10 minutes
// if it has, this could be a replay attack
if (file_exists($this->cacheDir . '/' . $nonce) && file_get_contents($this->cacheDir . '/' . $nonce) + 600 > time()) {
throw new NonceExpiredException('Previously used nonce detected.');
}
// If cache directory does not exist we create it
if (!is_dir($this->cacheDir)) {
mkdir($this->cacheDir, 0777, true);
}
file_put_contents($this->cacheDir . '/' . $nonce, time());
// Validate Secret
$expected = base64_encode(sha1(base64_decode($nonce) . $created . $secret, true));
if (!StringUtils::equals($expected, $digest)) {
throw new WsseAuthenticationException('Token digest is not valid.');
}
return true;
}
/**
* Create WordPress logged in cookie
*
* @param UserInterface $user
* @param int $lifetime
* @return Cookie
*/
public function createLoggedInCookie(UserInterface $user, $lifetime = 31536000)
{
$username = $user->getUsername();
$password = $user->getPassword();
$expiration = time() + $lifetime;
$hmac = $this->generateHmac($username, $expiration, $password);
return new Cookie($this->getLoggedInCookieName(), $this->encodeCookie(array($username, $expiration, $hmac)), $expiration, $this->configuration->getCookiePath(), $this->configuration->getCookieDomain());
}
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof LdapUser) {
return false;
}
if ($this->password !== $user->getPassword()) {
return false;
}
if ($this->username !== $user->getUsername()) {
return false;
}
return true;
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if ($user->getPassword()) {
$encoder = $this->encoderFactory->getEncoder($user);
$encodedPassword = $encoder->encodePassword($presentedPassword, $user->getSalt());
if ($encodedPassword != $user->getPassword()) {
throw new BadCredentialsException('The presented password is invalid.');
}
} elseif (!$this->galittProvider->checkAccount($user->getUsername(), $presentedPassword)) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
}
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof UsuariosService) {
return false;
}
if ($this->password !== $user->getPassword()) {
return false;
}
if ($this->salt !== $user->getSalt()) {
return false;
}
if ($this->username !== $user->getUsername()) {
return false;
}
return true;
}
public function equals(UserInterface $user)
{
if (!$user instanceof self) {
return false;
}
if ($this->password !== $user->getPassword()) {
return false;
}
if ($this->getSalt() !== $user->getSalt()) {
return false;
}
if ($this->username !== $user->getUsername()) {
return false;
}
return true;
}
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof RedisUser) {
return false;
}
if ($this->password !== $user->getPassword()) {
return false;
}
if ($this->salt !== $user->getSalt()) {
return false;
}
if ($this->email !== $user->getUsername()) {
return false;
}
return true;
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('Bad credentials');
}
if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
throw new BadCredentialsException('Bad credentials');
}
}
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
$this->userProvider->handleWrongPassword($user);
throw new BadCredentialsException('The presented password is invalid.');
} else {
$this->userProvider->handleGoodPassword($user);
}
if (!$user->isAccountNonLocked()) {
throw new LockedException(strtr('User account is locked%until%.', array('%until%' => $user->getLockedUntil() ? sprintf(' until %s', $user->getLockedUntil()->format('Y-m-d H:i:s')) : '')), $user);
}
}
}
/**
*{@inheritdoc}
*/
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof User) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
if ($this->password !== $user->getPassword()) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
if ($this->salt !== $user->getSalt()) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
if ($this->username !== $user->getUsername()) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return true;
}
/**
* Implementation of SecurityUserInterface.
*
* @param \Symfony\Component\Security\Core\User\UserInterface $user
* @return Boolean
*/
public function equals(SecurityUserInterface $user)
{
if (!$user instanceof User) {
return false;
}
if ($this->getPassword() !== $user->getPassword()) {
return false;
}
if ($this->getSalt() !== $user->getSalt()) {
return false;
}
if ($this->getUsernameCanonical() !== $user->getUsernameCanonical()) {
return false;
}
if ($this->isAccountNonExpired() !== $user->isAccountNonExpired()) {
return false;
}
if ($this->isAccountNonLocked() !== $user->isAccountNonLocked()) {
return false;
}
if ($this->isCredentialsNonExpired() !== $user->isCredentialsNonExpired()) {
return false;
}
if ($this->isEnabled() !== $user->isEnabled()) {
return false;
}
return true;
}
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof self) {
return false;
}
if ($this->id !== $user->getId()) {
return false;
}
if ($this->password !== $user->getPassword()) {
return false;
}
if ($this->salt !== $user->getSalt()) {
return false;
}
return true;
}
/**
* @inheritDoc
*/
public function isEqualTo(BaseUserInterface $user)
{
if ($this->getPassword() !== $user->getPassword()) {
return false;
}
if ($this->getSalt() !== $user->getSalt()) {
return false;
}
if ($this->getUsername() !== $user->getUsername()) {
return false;
}
return true;
}
private function changePasswordUser(\Symfony\Component\Security\Core\User\UserInterface $user)
{
$em = $this->get('doctrine.orm.entity_manager');
$request = $this->container->get('request');
$old_password = $user->getPassword();
$encoder = $this->get('security.encoder_factory')->getEncoder($user);
$form = $this->get('form.factory')->create(new UserPassword(), $user);
if ('POST' === $request->getMethod()) {
$form->handleRequest($request);
if ($form->isValid()) {
// first we check if the old password is correct
$proof_password = $form->get('old_password')->getData();
if ($old_password !== $encoder->encodePassword($proof_password, $user->getSalt())) {
$this->get('session')->getFlashBag()->set('error', "L'ancien mot de passe est incorrect");
return $this->render('TrezLogicielTrezBundle:User:change_password.html.twig', array('form' => $form->createView(), 'user' => $user, 'cancel_link' => $this->generateUrl('_welcome')));
}
// now changes
$password = $encoder->encodePassword($user->getPassword(), $user->getSalt());
$user->setPassword($password);
$em->flush();
$this->get('session')->getFlashBag()->set('info', 'Le mot de passe a bien été changé');
return new RedirectResponse($this->generateUrl('_welcome'));
}
}
return $this->render('TrezLogicielTrezBundle:User:change_password.html.twig', array('form' => $form->createView(), 'user' => $user, 'cancel_link' => $this->generateUrl('_welcome')));
}
public function getPassword()
{
return $this->wrappedUser->getPassword();
}
protected function assertSameUser(User $user1, UserInterface $user2)
{
foreach ([$user1->getCredentials()->getUsername() => $user2->getUsername(), $user1->getCredentials()->getPassword()->getHash() => $user2->getPassword()] as $expected => $actual) {
$this->assertSame($expected, $actual);
}
}
/**
* @inheritDoc
*/
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof WebserviceUser) {
return false;
}
if ($this->getPassword() !== $user->getPassword()) {
return false;
}
if ($this->getSalt() !== $user->getSalt()) {
return false;
}
if ($this->getUsername() !== $user->getUsername()) {
return false;
}
return true;
}
public function isEqualTo(UserInterface $user)
{
return $user instanceof User && $this->getUsername() === $user->getUsername() && $this->getPassword() === $user->getPassword() && $this->getSalt() === $user->getSalt();
}
/**
* It logs in the given user in the 'main' application firewall (or the
* optionally given firewall name).
*
* @param UserInterface $user
* @param string $firewallName
*
* @return UserInterface
*/
public function login(UserInterface $user, $firewallName = 'main')
{
$token = new UsernamePasswordToken($user, $user->getPassword(), $firewallName, $user->getRoles());
$token->setAuthenticated(true);
$this->tokenStorage->setToken($token);
$this->session->set('_security_' . $firewallName, serialize($token));
$this->session->save();
return $user;
}
/**
* Validates the password for wsse.
*
* @param UserInterface $user The provided user.
* @param TokenInterface $token The created token.
*
* @return boolean
*
* @throws NonceExpiredException If the none is used again if the lifetime is expired.
*/
protected function validateDigest(UserInterface $user, TokenInterface $token)
{
$created = $token->getCreated();
$nonce = $token->getNonce();
// expired after the lifetime
if (time() - strtotime($created) > $this->lifetime) {
return false;
}
if ($this->filesystem->exists($this->cacheDir . '/' . $nonce) && file_get_contents($this->cacheDir . '/' . $nonce) + $this->lifetime > time()) {
throw new NonceExpiredException('Previously used nonce detected');
}
// if cache directory does not exist it will be created
if ($this->filesystem->exists($this->cacheDir) === false) {
$this->filesystem->mkdir($this->cacheDir, 0777);
}
$this->filesystem->dumpFile($this->cacheDir . '/' . $nonce, time());
$salt = base64_decode($nonce) . $created;
if (!$this->encoder->isPasswordValid($token->getDigest(), $user->getPassword(), $salt)) {
throw new BadCredentialsException('The presented password is invalid.');
}
return true;
}
/**
* Authenticate a token according to the user provided without any password encoders.
*
* @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
* @param \Symfony\Component\Security\Core\User\UserInterface $user
*
* @return boolean|\BackBee\Security\Token\UsernamePasswordToken
*/
private function authenticateWithoutEncoder(TokenInterface $token, UserInterface $user)
{
if (null !== $user->getSalt() && call_user_func($user->getSalt(), $token->getCredentials()) === $user->getPassword()) {
return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles());
} elseif ($token->getCredentials() === $user->getPassword()) {
return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles());
} else {
return false;
}
}
/**
* @param UserInterface $user
* @param UsernamePasswordToken $token
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
// this happens if we were already logged in
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if ("" === ($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
if ($token->hasAttribute('desired_user')) {
$roles = $user->getRoles();
if (!in_array('ROLE_ALLOWED_TO_SWITCH', $roles)) {
throw new BadCredentialsException('You are not allowed to login as other users.');
}
}
}
protected function getSecret(UserInterface $user)
{
return $user->getPassword();
}
/**
* {@inheritdoc}
*/
public function isEqualTo(UserInterface $user)
{
if ($this->getPassword() !== $user->getPassword()) {
return false;
}
$currentRoles = array_map('strval', $this->getRoles());
$passedRoles = array_map('strval', $user->getRoles());
sort($currentRoles);
sort($passedRoles);
if ($currentRoles !== $passedRoles) {
return false;
}
return true;
}
/**
* @param UserInterface $user
* @return string
*/
private function getSecret(UserInterface $user)
{
return $user->getPassword();
}
