/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { if ($this->disablePassword) { return true; } parent::checkAuthentication($user, $token); }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { /** @var UsernamePasswordOrganizationToken $token */ $usernamePasswordToken = parent::authenticate($token); $this->checkUserOrganization($usernamePasswordToken->getUser(), $token->getOrganizationContext()); $authenticatedToken = new UsernamePasswordOrganizationToken($usernamePasswordToken->getUser(), $usernamePasswordToken->getCredentials(), $usernamePasswordToken->getProviderKey(), $token->getOrganizationContext(), $usernamePasswordToken->getRoles()); return $authenticatedToken; }
/** * Retrieve user with password token and use it to decrypt the cipher key in the user * The encryption manager will store it in the session for the following requests * {@inheritdoc} */ protected function retrieveUser($username, UsernamePasswordToken $token) { $user = parent::retrieveUser($username, $token); if ($user instanceof UserEncryptionProviderInterface && null !== $token->getCredentials()) { $this->encryptionManager->decryptCipherKey($user, $token->getCredentials()); } return $user; }
/** * Fetch username from POST. * * @param Request $request Incoming request object. * * @return string The supplied username. * * @throw InvalidRequestException If username or password in invalid format. * @throw InvalidGrantException If reported as bad credentials from authentication provider. */ private function checkUsername(Request $request) { // username must exist and in valid format. $username = $request->request->get('username'); $errors = $this->validator->validate($username, [new NotBlank(), new Username()]); if (count($errors) > 0) { throw new InvalidRequestException(['error_description' => 'The request includes an invalid parameter value.']); } // password must exist and in valid format. $password = $request->request->get('password'); $errors = $this->validator->validate($password, [new NotBlank(), new Password()]); if (count($errors) > 0) { throw new InvalidRequestException(['error_description' => 'The request includes an invalid parameter value.']); } // Validate credentials with authentication manager. try { $token = new UsernamePasswordToken($username, $password, 'oauth2'); $authenticationProvider = new DaoAuthenticationProvider($this->userProvider, $this->userChecker, 'oauth2', $this->encoderFactory); $authenticationProvider->authenticate($token); } catch (BadCredentialsException $e) { throw new InvalidGrantException(['error_description' => 'The provided resource owner credentials is invalid.']); } return $username; }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { $guesser = new UserOrganizationGuesser(); /** @var TokenInterface $token */ $authenticatedToken = parent::authenticate($token); /** @var User $user */ $user = $authenticatedToken->getUser(); $organization = $guesser->guess($user, $token); if (!$organization) { throw new BadCredentialsException("You don't have active organization assigned."); } elseif (!$user->getOrganizations(true)->contains($organization)) { throw new BadCredentialsException(sprintf("You don't have access to organization '%s'", $organization->getName())); } $authenticatedToken = new UsernamePasswordOrganizationToken($authenticatedToken->getUser(), $authenticatedToken->getCredentials(), $authenticatedToken->getProviderKey(), $organization, $authenticatedToken->getRoles()); return $authenticatedToken; }
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { if (!$user instanceof EzUserInterface) { return parent::checkAuthentication($user, $token); } // $currentUser can either be an instance of UserInterface or just the username (e.g. during form login). /** @var EzUserInterface|string $currentUser */ $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getAPIUser()->passwordHash !== $user->getAPIUser()->passwordHash) { throw new BadCredentialsException('The credentials were changed from another session.'); } $apiUser = $currentUser->getAPIUser(); } else { try { $apiUser = $this->repository->getUserService()->loadUserByCredentials($token->getUsername(), $token->getCredentials()); } catch (NotFoundException $e) { throw new BadCredentialsException('Invalid credentials', 0, $e); } } // Finally inject current user in the Repository $this->repository->setCurrentUser($apiUser); }
public function __construct(EntityManager $em, UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true) { parent::__construct($userProvider, $userChecker, $providerKey, $encoderFactory, $hideUserNotFoundExceptions); $this->em = $em; }
/** * Constructor. * * @param EntityManager $entityManager * @param UserProviderInterface $userProvider * @param UserCheckerInterface $userChecker * @param EncoderFactoryInterface $providerKey * @param EncoderFactoryInterface $encoderFactory * @param bool|true $hideUserNotFoundExceptions * @param array $superAdminsLogin */ public function __construct(EntityManager $entityManager, UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true, array $superAdminsLogin = array()) { parent::__construct($userProvider, $userChecker, $providerKey, $encoderFactory, $hideUserNotFoundExceptions); $this->entityManager = $entityManager; $this->superAdminsLogin = $superAdminsLogin; }