/** * {@inheritDoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } /* @var OAuthToken $token */ $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName()); $userResponse = $resourceOwner->getUserInformation($token->getRawToken()); try { $user = $this->userProvider->loadUserByOAuthUserResponse($userResponse); } catch (OAuthAwareExceptionInterface $e) { $e->setToken($token); $e->setResourceOwnerName($token->getResourceOwnerName()); throw $e; } if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('loadUserByOAuthUserResponse() must return a UserInterface.'); } try { $this->userChecker->checkPreAuth($user); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $e); } throw $e; } $token = new OAuthToken($token->getRawToken(), $user->getRoles()); $token->setResourceOwnerName($resourceOwner->getName()); $token->setUser($user); $token->setAuthenticated(true); return $token; }
/** * {@inheritDoc} */ protected function attemptAuthentication(Request $request) { $this->handleOAuthError($request); /* @var ResourceOwnerInterface $resourceOwner */ list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request); if (!$resourceOwner) { throw new AuthenticationException('No resource owner match the request.'); } if (!$resourceOwner->handles($request)) { throw new AuthenticationException('No oauth code in the request.'); } // If resource owner supports only one url authentication, call redirect if ($request->query->has('authenticated') && $resourceOwner->getOption('auth_with_one_url')) { $request->attributes->set('service', $resourceOwner->getName()); return new RedirectResponse(sprintf('%s?code=%s&authenticated=true', $this->httpUtils->generateUri($request, 'hwi_oauth_connect_service'), $request->query->get('code'))); } $resourceOwner->isCsrfTokenValid($request->get('state')); try { $accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri()); } catch (HttpTransportException $e) { throw new AuthenticationException('Cannot retrieve access token.'); } $token = new OAuthToken($accessToken); $token->setResourceOwnerName($resourceOwner->getName()); return $this->authenticationManager->authenticate($token); }
/** * {@inheritDoc} */ protected function attemptAuthentication(Request $request) { list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request); $accessToken = $resourceOwner->getAccessToken($request->query->get('code'), $this->httpUtils->createRequest($request, $checkPath)->getUri()); $token = new OAuthToken($accessToken); $token->setResourceOwnerName($resourceOwner->getName()); return $this->authenticationManager->authenticate($token); }
/** * {@inheritDoc} */ protected function attemptAuthentication(Request $request) { $this->handleOAuthError($request); list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request); if (!$resourceOwner->handles($request)) { throw new AuthenticationException('No oauth code in the request.'); } $accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri()); $token = new OAuthToken($accessToken); $token->setResourceOwnerName($resourceOwner->getName()); return $this->authenticationManager->authenticate($token); }
/** * {@inheritDoc} */ protected function attemptAuthentication(Request $request) { list($resourceOwner, $checkPath) = $this->resourceOwnerMap->getResourceOwnerByRequest($request); if (!$resourceOwner->handles($request)) { // Can't use AuthenticationException below, as it leads to infinity loop throw new \RuntimeException('No oauth code in the request.'); } $accessToken = $resourceOwner->getAccessToken($request, $this->httpUtils->createRequest($request, $checkPath)->getUri()); $token = new OAuthToken($accessToken); $token->setResourceOwnerName($resourceOwner->getName()); return $this->authenticationManager->authenticate($token); }
/** * {@inheritDoc} */ public function authenticate(TokenInterface $token) { $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName()); $userResponse = $resourceOwner->getUserInformation($token->getCredentials()); try { $user = $this->userProvider->loadUserByOAuthUserResponse($userResponse); } catch (OAuthAwareExceptionInterface $e) { $e->setAccessToken($token->getCredentials()); $e->setResourceOwnerName($token->getResourceOwnerName()); throw $e; } $token = new OAuthToken($token->getCredentials(), $user->getRoles()); $token->setUser($user); $token->setAuthenticated(true); return $token; }
/** * @param string $name * * @return ResourceOwnerInterface * * @throws \RuntimeException */ protected function getResourceOwner($name) { $resourceOwner = $this->ownerMap->getResourceOwnerByName($name); if (!$resourceOwner instanceof ResourceOwnerInterface) { throw new \RuntimeException(sprintf("No resource owner with name '%s'.", $name)); } return $resourceOwner; }
/** * {@inheritDoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } /* @var OAuthToken $token */ $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName()); if ($token->getUser()) { $user = $this->userProvider->refreshUser($token->getUser()); } else { try { $userResponse = $resourceOwner->getUserInformation($token->getRawToken()); } catch (HttpTransportException $e) { $token = new AnonymousToken($token->getRawToken(), 'anon.'); $token->setAuthenticated(true); return $token; } catch (RequestException $e) { $token = new AnonymousToken($token->getRawToken(), 'anon.'); $token->setAuthenticated(true); return $token; } try { $user = $this->userProvider->loadUserByOAuthUserResponse($userResponse); } catch (OAuthAwareExceptionInterface $e) { $e->setToken($token); $e->setResourceOwnerName($token->getResourceOwnerName()); throw $e; } } if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('loadUserByOAuthUserResponse() must return a UserInterface.'); } try { $this->userChecker->checkPreAuth($user); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { throw $e; } $token = new OAuthToken($token->getRawToken(), $user->getRoles()); $token->setResourceOwnerName($resourceOwner->getName()); $token->setUser($user); $token->setAuthenticated(true); return $token; }
/** * Attempts to authenticate a TokenInterface object. * * @param OAuthToken $token The TokenInterface instance to authenticate * * @return TokenInterface An authenticated TokenInterface instance, never null * * @throws AuthenticationException if the authentication fails */ public function authenticate(TokenInterface $token) { $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName()); try { $userResponse = $resourceOwner->getUserInformation($token->getRawToken()); $user = $this->userProvider->loadUserByOAuthUserResponse($userResponse); } catch (OAuthAwareExceptionInterface $e) { $e->setToken($token); $e->setResourceOwnerName($token->getResourceOwnerName()); throw $e; } $organization = $this->guessOrganization($user, $token); $token = new OAuthToken($token->getRawToken(), $user->getRoles()); $token->setResourceOwnerName($resourceOwner->getName()); $token->setOrganizationContext($organization); $token->setUser($user); $token->setAuthenticated(true); $this->userChecker->checkPostAuth($user); return $token; }
public function testTokenShouldBeAuthenticated() { $this->oauthProvider->setTokenFactory($this->tokenFactory); $token = new OAuthToken('token'); $token->setResourceOwnerName('google'); $organization = new Organization(); $organization->setEnabled(true); $token->setOrganizationContext($organization); $userResponse = $this->getMock('HWI\\Bundle\\OAuthBundle\\OAuth\\Response\\UserResponseInterface'); $resourceOwner = $this->getMock('HWI\\Bundle\\OAuthBundle\\OAuth\\ResourceOwnerInterface'); $resourceOwner->expects($this->any())->method('getName')->will($this->returnValue('google')); $resourceOwner->expects($this->any())->method('getUserInformation')->will($this->returnValue($userResponse)); $this->resourceOwnerMap->expects($this->any())->method('getResourceOwnerByName')->will($this->returnValue($resourceOwner)); $user = new User(); $user->addOrganization($organization); $this->userProvider->expects($this->any())->method('loadUserByOAuthUserResponse')->with($userResponse)->will($this->returnValue($user)); $resultToken = $this->oauthProvider->authenticate($token); $this->assertInstanceOf('Oro\\Bundle\\SSOBundle\\Security\\OAuthToken', $resultToken); $this->assertSame($user, $resultToken->getUser()); $this->assertEquals('google', $resultToken->getResourceOwnerName()); $this->assertTrue($resultToken->isAuthenticated()); }
/** * @param string $accessToken * * @return PathUserResponse */ public function getUserInfo($accessToken) { $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName(self::RESOURCE_OWNER_GOOGLE); return $resourceOwner->getUserInformation(['access_token' => $accessToken]); }
/** * {@inheritDoc} */ public function supports(TokenInterface $token) { return $token instanceof OAuthToken && $this->resourceOwnerMap->hasResourceOwnerByName($token->getResourceOwnerName()); }