/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user instanceof UserInterface) { if ("" === $token->getDigest()) { throw new BadCredentialsException('The presented password cannot be empty.'); } if ($this->validateDigest($user, $token)) { $authenticatedToken = new WsseUserToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; } } throw new AuthenticationException('The WSSE authentication failed.'); }
/** * Handles the authentication for user. * * @param GetResponseEvent $event The response event. * * @throws AuthenticationException When the request is not authenticated. * * @return void */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { return; } $token = new WsseUserToken($this->providerKey); $token->setUser($matches[1]); $token->setDigest($matches[2]); $token->setNonce($matches[3]); $token->setCreated($matches[4]); try { $authToken = $this->authenticationManager->authenticate($token); $this->securityContext->setToken($authToken); return; } catch (AuthenticationException $failed) { $failedMessage = 'WSSE Login failed for ' . $token->getUsername() . '. Because: ' . $failed->getMessage(); $token = $this->securityContext->getToken(); if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) { $this->securityContext->setToken(null); } // deny authentication with a '403 Forbidden' HTTP response $response = new Response(); $response->setStatusCode(403); $event->setResponse($response); return; } // by default deny authorization $response = new Response(); $response->setStatusCode(403); $event->setResponse($response); }