/** * @param TokenInterface $token * * @return WsseUserToken */ public function authenticate(TokenInterface $token) { /** @var WsseUserToken $token */ $user = $this->userProvider->loadUserByUsername($token->getUsername()); $secret = $user->getApiKey() . '{' . $user->getSalt() . '}'; if ($this->validateDigest($token->digest, $token->nonce, $token->created, $secret)) { $authenticatedToken = new WsseUserToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; } throw new AuthenticationException('The WSSE authentication failed.'); }
public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { throw new AccessDeniedHttpException('Missing WSSE headers.'); $response = new Response(); $response->setStatusCode(Response::HTTP_FORBIDDEN); $response->setContent('Missing WSSE headers.'); $event->setResponse($response); return; } $token = new WsseUserToken(); $token->setUser($matches[1]); $token->digest = $matches[2]; $token->nonce = $matches[3]; $token->created = $matches[4]; try { $authToken = $this->authenticationManager->authenticate($token); $this->tokenStorage->setToken($authToken); return; } catch (AuthenticationException $failed) { throw new AccessDeniedHttpException('WSSE Login failed.'); // ... you might log something here $failedMessage = 'WSSE Login failed for ' . $token->getUsername() . '. Why ? ' . $failed->getMessage(); $this->logger->err($failedMessage); // To deny the authentication clear the token. This will redirect to the login page. // Make sure to only clear your token, not those of other authentication listeners. // $token = $this->tokenStorage->getToken(); // if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) { // $this->tokenStorage->setToken(null); // } // return; // Deny authentication with a '403 Forbidden' HTTP response $response = new Response(); $response->setStatusCode(Response::HTTP_FORBIDDEN); $response->setContent($failedMessage); $event->setResponse($response); return; } // By default deny authorization $response = new Response(); $response->setStatusCode(Response::HTTP_FORBIDDEN); $event->setResponse($response); }