/** * * @param string $attribute * @param Club $club * @param UserInterface $user * @return boolean */ protected function isGranted($attribute, $club, $user = null) { switch ($attribute) { case self::VIEW: if (!$club->isPrivate()) { return true; } // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } if (in_array('ROLE_ADMIN', $user->getRoles())) { return true; } break; case self::EDIT: // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } foreach ($club->getAdministrators() as $administrator) { if ($administrator->getId() == $user->getId()) { return true; } } if (in_array('ROLE_ADMIN', $user->getRoles())) { return true; } return false; case self::CREATE: break; } return false; }
public function isEqualTo(UserInterface $user) { if ($user instanceof User) { // Check that the roles are the same, in any order $isEqual = count($this->getRoles()) == count($user->getRoles()); if ($isEqual) { foreach ($this->getRoles() as $role) { $isEqual = $isEqual && in_array($role, $user->getRoles()); } } return $isEqual; } return false; }
private function authenticateUser(UserInterface $user) { $providerKey = 'secured_area'; // your firewall name $token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles()); $this->getSecurityContext()->setToken($token); }
private function logUser(UserInterface $user, $password) { $token = new UsernamePasswordToken($user, $password, 'secured_area', $user->getRoles()); $request = $this->getRequest(); $session = $request->getSession(); $session->set('_security_secured_area', serialize($token)); }
public function isEqualTo(UserInterface $user) { if (!$user instanceof LdapUser || $user->getUsername() !== $this->username || $user->getEmail() !== $this->email || count(array_diff($user->getRoles(), $this->roles)) > 0 || $user->getDn() !== $this->dn) { return false; } return true; }
/** * @param array $record * * @return array */ public function processRecord(array $record) { if (is_null($this->user)) { /* @var TokenStorageInterface $securityTokenStorage */ $securityTokenStorage = $this->container->get('security.token_storage'); if ($securityTokenStorage !== null && $securityTokenStorage->getToken() !== null && $securityTokenStorage->getToken()->getUser() instanceof \Symfony\Component\Security\Core\User\AdvancedUserInterface) { $this->user = $securityTokenStorage->getToken()->getUser(); $this->record['extra']['user']['username'] = $this->user->getUsername(); $this->record['extra']['user']['roles'] = $this->user->getRoles(); $this->record['extra']['user']['is_account_non_expired'] = $this->user->isAccountNonExpired(); $this->record['extra']['user']['is_account_non_locked'] = $this->user->isAccountNonLocked(); $this->record['extra']['user']['is_credentials_non_expired'] = $this->user->isCredentialsNonExpired(); $this->record['extra']['user']['is_enabled'] = $this->user->isEnabled(); } } return array_merge($record, $this->record); }
/** * Check whether a user is granted a specific role, respecting the role hierarchy. * * @param UserInterface $user * @param $requiredRole * @return bool Whether this user is granted the $requiredRole */ public function check(UserInterface $user, $requiredRole) { $roles = array(); foreach ($user->getRoles() as $roleName) { $roles[] = new Role($roleName); } $token = new AnonymousToken('dummy', 'dummy', $roles); return static::ACCESS_GRANTED == $this->vote($token, null, array($requiredRole)); }
public function __construct(UserInterface $user, $providerKey) { parent::__construct($user->getRoles()); if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } $this->providerKey = $providerKey; $this->setUser($user); parent::setAuthenticated(true); }
public function __construct($providerKey, UserInterface $user = null) { if ($user) { parent::__construct($user->getRoles()); $this->setUser($user); } else { parent::__construct(); } $this->providerKey = $providerKey; }
/** * Returns true if $user is granted $requiredRole * @param $requiredRole * @param UserInterface $user * @return bool */ public function isGranted($requiredRole, UserInterface $user) { $requiredRole = new Role($requiredRole); foreach ($user->getRoles() as $role) { $hierarchy = $this->roleHierarchy->getReachableRoles([new Role($role)]); if (in_array($requiredRole, $hierarchy)) { return true; } } return false; }
/** * Get security role depending on the roles of the user * * @param \Symfony\Component\Security\Core\User\UserInterface $user * @return string */ protected function getSecurityRole(UserInterface $user) { $securityRole = 'ROLE_SYSTEM_ADMIN'; foreach ($user->getRoles() as $role) { if (in_array($role, $this->adminRoles)) { $securityRole = 'ROLE_ADMIN'; break; } } return $securityRole; }
/** * Retrieves roles from user and appends SwitchUserRole if original token contained one. * * @param UserInterface $user The user * @param TokenInterface $token The token * * @return array The user roles */ private function getRoles(UserInterface $user, TokenInterface $token) { $roles = $user->getRoles(); foreach ($token->getRoles() as $role) { if ($role instanceof SwitchUserRole) { $roles[] = $role; break; } } return $roles; }
/** * @param array $record * * @return array */ public function processRecord(array $record) { if (is_null($this->user)) { /* @var SecurityContextInterface $securityContext */ $securityContext = null; try { $this->container->get("security.context"); } catch (ServiceCircularReferenceException $e) { //since the securitycontext is deprecated getting the context from the container results in a log line which tries to use this method again.... } if ($securityContext !== null && $securityContext->getToken() !== null && $securityContext->getToken()->getUser() instanceof \Symfony\Component\Security\Core\User\AdvancedUserInterface) { $this->user = $securityContext->getToken()->getUser(); $this->record['extra']['user']['username'] = $this->user->getUsername(); $this->record['extra']['user']['roles'] = $this->user->getRoles(); $this->record['extra']['user']['is_account_non_expired'] = $this->user->isAccountNonExpired(); $this->record['extra']['user']['is_account_non_locked'] = $this->user->isAccountNonLocked(); $this->record['extra']['user']['is_credentials_non_expired'] = $this->user->isCredentialsNonExpired(); $this->record['extra']['user']['is_enabled'] = $this->user->isEnabled(); } } return array_merge($record, $this->record); }
/** * Creates an authenticated client against a firewall. * * @param Symfony\Component\Security\Core\User\UserInterface $user * @param string $firewall * @return Symfony\Bundle\FrameworkBundle\Client */ protected function authenticate(UserInterface $user, $firewall) { $securityKey = sprintf('_security_%s', $firewall); $client = $this->getClient(); $client->followRedirects(false); $session = $client->getContainer()->get('session'); $session->start(); $cookie = new Cookie($session->getName(), $session->getId()); $client->getCookieJar()->set($cookie); $token = new UsernamePasswordToken($user, null, $firewall, $user->getRoles()); $session->set($securityKey, serialize($token)); $session->save(); return $client; }
public function equals(UserInterface $user) { if (!$user instanceof LdapUser) { return false; } if ($user->getUsername() !== $this->username) { return false; } if ($user->getEmail() !== $this->email) { return false; } if ($user->getRoles() !== $this->roles) { return false; } if ($user->getDn() !== $this->dn) { return false; } return true; }
/** * * @param string $attribute * @param Post $post * @param UserInterface $user * @return boolean */ protected function isGranted($attribute, $post, $user = null) { switch ($attribute) { case self::VIEW: return true; case self::EDIT: // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } $role = 'ROLE_ADMIN'; if (in_array($role, $user->getRoles())) { return true; } return false; case self::CREATE: break; } return false; }
/** * {@inheritdoc} */ public function checkPreAuth(UserInterface $user) { if (!$user instanceof AppUser) { return; } if ($user->isDeleted()) { throw new AccountDeletedException('This user has been deleted.'); } if ($user->isDisabled()) { throw new AccountDisabledException('This user has been disabled.'); } $can_login = false; /** @var RoleInterface $role */ foreach ($user->getRoles() as $role) { if ($role->canLogin()) { $can_login = true; break; } } if ($can_login === false) { throw new AccountRoleNoLoginPermissionException('This user has no role with the login permission.'); } }
/** * {@inheritdoc} */ public function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $connector = new \EpitechAPI\Connector(); try { $connector->authenticate(\EpitechAPI\Connector::SIGN_IN_METHOD_CREDENTIALS, $user->getUsername(), $token->getCredentials()); } catch (\Exception $ex) { throw new \Exception("The Epitech's Intranet is not responding"); } if (!$connector->isSignedIn()) { throw new BadCredentialsException(); } $user->updateFromIntranet($connector->getUser()); $user->setLastConnectionDate(new \DateTime()); $roles = $user->getRoles(); foreach (array_keys($roles, 'ROLE_SUPER_ADMIN') as $key) { unset($roles[$key]); } if (in_array($user->getLogin(), $this->superAdminsLogin)) { $roles[] = 'ROLE_SUPER_ADMIN'; } $user->setRoles($roles); $this->entityManager->persist($user); $this->entityManager->flush(); }
/** * @param UserInterface $user * * @return UsernamePasswordToken */ protected function createToken(UserInterface $user) { $token = new UsernamePasswordToken($user, '', 'main', $user->getRoles()); return $token; }
/** * Create User Token. * * Factory method for creating a User Token object for the firewall based on * the user object provided. By default it will be a Username/Password * Token based on the user's credentials, but may be overridden for custom * tokens in your applications. * * @param UserInterface $user The user object to base the token off of * @param string $firewallName name of the firewall provider to use * * @return TokenInterface The token to be used in the security context */ protected function createUserToken(UserInterface $user, $firewallName) { return new UsernamePasswordToken($user, null, $firewallName, $user->getRoles()); }
public function isEqualTo(UserInterface $user) { if ($this->email !== $user->getUsername()) { return false; } if (array_diff($this->roles, $user->getRoles())) { return false; } if (array_diff($user->getRoles(), $this->roles)) { return false; } return true; }
/** * @param \Symfony\Component\Security\Core\User\UserInterface $user */ function it_should_create_an_authentication_token_with_the_domain_name($user) { $user->getUsername()->shouldBeCalled()->willReturn('foo'); $user->getRoles()->shouldBeCalled()->willReturn(['USER']); $this->connection->execute(new AuthenticationOperation('foo', 'bar'))->shouldBeCalled()->willReturn(new AuthenticationResponse(true)); $this->checkCredentials(['username' => 'foo', 'password' => 'bar', 'domain' => ''], $user); $this->createAuthenticatedToken($user, 'foo')->shouldReturnAnInstanceOf('Symfony\\Component\\Security\\Guard\\Token\\PostAuthenticationGuardToken'); $this->createAuthenticatedToken($user, 'foo')->getAttribute('ldap_domain')->shouldEqual('foo.bar'); }
/** * Get the role values (rather than the clumsy SfRole objects) for the * provided user object. * * @param SfSecurityUserInterface $user * @return array */ protected function getUserRoleValues(SfSecurityUserInterface $user) { $roles = []; foreach ($user->getRoles() as $role) { if ($role instanceof SfRole) { $role = $role->getRole(); } $roles[] = $role; } return $roles; }
/** * @param UserInterface $user * @param ContainerInterface $container */ private function authenticateUser(UserInterface $user, ContainerInterface $container) { $providerKey = 'thruway'; $token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles()); //Use the controller's container to set the token // This is deprecated in 2.6. we are leaving security.context for BC $container->get('security.context')->setToken($token); // This is what it should look like in 2.6+ //$container->get('security.token_storage')->setToken($token); }
/** * Shortcut to create a PostAuthenticationGuardToken for you, if you don't really * care about which authenticated token you're using. * * @param UserInterface $user * @param string $providerKey * * @return PostAuthenticationGuardToken */ public function createAuthenticatedToken(UserInterface $user, $providerKey) { return new PostAuthenticationGuardToken($user, $providerKey, $user->getRoles()); }
/** * @param UserInterface $user * @param string $providerKey * * @return UsernamePasswordToken */ public function createAuthenticatedToken(UserInterface $user, $providerKey) { return new UsernamePasswordToken($user, null, $providerKey, $user->getRoles()); }
/** * Returns an array with the roles of the given user turned into Role objects, * which are needed by methods such as getReachableRoles(). * * @param UserInterface $user * * @return RoleInterface[] */ private function getUserRolesAsObjects(UserInterface $user) { $userRoles = array(); foreach ($user->getRoles() as $userRole) { $userRoles[] = $userRole instanceof Role ? $userRole : new Role($userRole); } return $userRoles; }
/** * When the user signed up successfully * * @param UserInterface $user * * @return UserInterface */ public function postSignup(UserInterface $user) { // Set the user session $token = new UsernamePasswordToken($user, null, "main", $user->getRoles()); $this->container->get("security.context")->setToken($token); // Dispatch the login event $request = $this->container->get("request"); $event = new InteractiveLoginEvent($request, $token); $this->container->get("event_dispatcher")->dispatch("security.interactive_login", $event); return $user; }
/** * Authenticate a token according to the user provided without any password encoders. * * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token * @param \Symfony\Component\Security\Core\User\UserInterface $user * * @return boolean|\BackBee\Security\Token\UsernamePasswordToken */ private function authenticateWithoutEncoder(TokenInterface $token, UserInterface $user) { if (null !== $user->getSalt() && call_user_func($user->getSalt(), $token->getCredentials()) === $user->getPassword()) { return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles()); } elseif ($token->getCredentials() === $user->getPassword()) { return new UsernamePasswordToken($user, $user->getPassword(), $user->getRoles()); } else { return false; } }
/** * {@inheritdoc} */ public function isEqualTo(UserInterface $user) { if ($this->getPassword() !== $user->getPassword()) { return false; } $currentRoles = array_map('strval', $this->getRoles()); $passedRoles = array_map('strval', $user->getRoles()); sort($currentRoles); sort($passedRoles); if ($currentRoles !== $passedRoles) { return false; } return true; }