/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { /** @var UsernamePasswordOrganizationToken $token */ $usernamePasswordToken = parent::authenticate($token); $this->checkUserOrganization($usernamePasswordToken->getUser(), $token->getOrganizationContext()); $authenticatedToken = new UsernamePasswordOrganizationToken($usernamePasswordToken->getUser(), $usernamePasswordToken->getCredentials(), $usernamePasswordToken->getProviderKey(), $token->getOrganizationContext(), $usernamePasswordToken->getRoles()); return $authenticatedToken; }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { $guesser = new UserOrganizationGuesser(); /** @var TokenInterface $token */ $authenticatedToken = parent::authenticate($token); /** @var User $user */ $user = $authenticatedToken->getUser(); $organization = $guesser->guess($user, $token); if (!$organization) { throw new BadCredentialsException("You don't have active organization assigned."); } elseif (!$user->getOrganizations(true)->contains($organization)) { throw new BadCredentialsException(sprintf("You don't have access to organization '%s'", $organization->getName())); } $authenticatedToken = new UsernamePasswordOrganizationToken($authenticatedToken->getUser(), $authenticatedToken->getCredentials(), $authenticatedToken->getProviderKey(), $organization, $authenticatedToken->getRoles()); return $authenticatedToken; }
/** * Fetch username from POST. * * @param Request $request Incoming request object. * * @return string The supplied username. * * @throw InvalidRequestException If username or password in invalid format. * @throw InvalidGrantException If reported as bad credentials from authentication provider. */ private function checkUsername(Request $request) { // username must exist and in valid format. $username = $request->request->get('username'); $errors = $this->validator->validate($username, [new NotBlank(), new Username()]); if (count($errors) > 0) { throw new InvalidRequestException(['error_description' => 'The request includes an invalid parameter value.']); } // password must exist and in valid format. $password = $request->request->get('password'); $errors = $this->validator->validate($password, [new NotBlank(), new Password()]); if (count($errors) > 0) { throw new InvalidRequestException(['error_description' => 'The request includes an invalid parameter value.']); } // Validate credentials with authentication manager. try { $token = new UsernamePasswordToken($username, $password, 'oauth2'); $authenticationProvider = new DaoAuthenticationProvider($this->userProvider, $this->userChecker, 'oauth2', $this->encoderFactory); $authenticationProvider->authenticate($token); } catch (BadCredentialsException $e) { throw new InvalidGrantException(['error_description' => 'The provided resource owner credentials is invalid.']); } return $username; }