public function authenticate(TokenInterface $token) { if ($token->getUsername() == 'new_user_registration') { return $token; } else { $this->user = $this->userProvider->loadUserByUsername(array($token->getUsername())); if ($this->user) { $plainUserPassword = base64_decode($token->encryptedPass); if ($this->_hash_equals(crypt($plainUserPassword, $this->user->getSalt()), $this->user->getPassword())) { $authenticatedToken = new CustomAuthToken($this->user->getRoles()); $authenticatedToken->setUser($this->user); return $authenticatedToken; } } } throw new AuthenticationException('Authentication failed.'); }
public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $customRegex = '/AuthToken Username="******"]+)", Password="******"]+)"/'; if (!$request->headers->has('custom-auth') || 1 !== preg_match($customRegex, $request->headers->get('custom-auth'), $matches)) { return; } $token = new CustomAuthToken(); $token->setUser($matches[1]); $token->encryptedPass = $matches[2]; try { $authToken = $this->authenticationManager->authenticate($token); $this->tokenStorage->setToken($authToken); return; } catch (AuthenticationException $failed) { } // By default deny authorization $response = new Response(); $response->setStatusCode(Response::HTTP_FORBIDDEN); $event->setResponse($response); }