/** * {@inheritDoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } $user = $token->getUser(); if (!$user instanceof UserInterface && null !== $this->dispatcher) { $event = new GetUserForTokenEvent($token); $event->setUserProvider($this->userProvider); $this->dispatcher->dispatch(OAuthEvents::USER, $event); $user = $event->getToken()->getUser(); } if (!$user instanceof UserInterface) { throw new BadCredentialsException('No user found for given credentials.'); } $this->userChecker->checkPostAuth($user); $authenticatedToken = new OAuthToken($this->providerKey, $user->getRoles()); $authenticatedToken->setAccessToken($token->getAccessToken()); $authenticatedToken->setService($token->getService()); $authenticatedToken->setUid($token->getUid()); $authenticatedToken->setAuthenticated(true); $authenticatedToken->setUser($user); return $authenticatedToken; }
/** * {@inheritDoc} */ protected function attemptAuthentication(Request $request) { $service = $request->attributes->get('service'); $oauthService = $this->registry->getService($service); // redirect to auth provider if initiating if ($this->httpUtils->checkRequestPath($request, $this->options['login_route'])) { if ($this->options['post_only'] && !$request->isMethod('post')) { if (null !== $this->logger) { $this->logger->debug(sprintf('Authentication method not supported: %s.', $request->getMethod())); } return null; } // CSRF checking only upon login if (null !== $this->csrfTokenManager) { $csrfToken = $request->get($this->options['csrf_parameter'], null, true); if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) { throw new InvalidCsrfTokenException('Invalid CSRF token.'); } } $authorizationParameters = array(); if ($oauthService instanceof OAuth1ServiceInterface) { $token = $oauthService->requestRequestToken(); $authorizationParameters = array('oauth_token' => $token->getRequestToken()); } $authorizationUri = $oauthService->getAuthorizationUri($authorizationParameters); return $this->httpUtils->createRedirectResponse($request, $authorizationUri->getAbsoluteUri()); } // request access token upon callback if ($this->httpUtils->checkRequestPath($request, $this->options['callback_route'])) { if ($request->query->has('error')) { throw new AuthenticationException($request->query->get('error_description', $request->query->get('error'))); } if ($oauthService instanceof OAuth1ServiceInterface) { try { $serviceName = OAuthServiceRegistry::getServiceName($oauthService); $token = $oauthService->getStorage()->retrieveAccessToken($serviceName); } catch (StorageException $exception) { throw new AuthenticationException('Could not retrieve access token.', null, $exception); } if (!$request->query->has('oauth_token') || !$request->query->has('oauth_verifier')) { throw new AuthenticationException('Token parameters missing.'); } $oauthService->requestAccessToken($request->query->get('oauth_token'), $request->query->get('oauth_verifier'), $token->getRequestTokenSecret()); } else { if (!$request->query->has('code')) { throw new AuthenticationException('Token parameters missing.'); } $oauthService->requestAccessToken($request->query->get('code')); } // the access token is now stored in the session, redirect back to check_path return $this->httpUtils->createRedirectResponse($request, $this->options['check_route']); } $authToken = new OAuthToken($this->providerKey); $authToken->setService($this->registry->mapServiceName($service)); if (null !== $this->dispatcher) { $this->dispatcher->dispatch(OAuthEvents::TOKEN, new FilterTokenEvent($authToken)); } return $this->authenticationManager->authenticate($authToken); }