public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { if (!$userProvider instanceof EntityUserProvider) { throw new \InvalidArgumentException(sprintf('The user provider must be an instance of EntityUserProvider (%s was given).', get_class($userProvider))); } try { $jwt = $token->getCredentials(); $username = $this->jwtManager->getUserIdFromToken($jwt); $issuedAt = $this->jwtManager->getIssuedAtFromToken($jwt); } catch (\UnexpectedValueException $e) { throw new BadCredentialsException('Invalid JSON Web Token: ' . $e->getMessage()); } catch (\Exception $e) { throw new BadCredentialsException('Invalid JSON Web Token'); } $user = $userProvider->loadUserByUsername($username); $authentication = $user->getAuthentication(); if ($authentication) { $tokenNotValidBefore = $authentication->getInvalidateTokenIssuedBefore(); if ($tokenNotValidBefore) { if ($tokenNotValidBefore > $issuedAt) { throw new BadCredentialsException('Invalid JSON Web Token: Not issued before ' . $tokenNotValidBefore->format('c')); } } } $authenticatedToken = new PreAuthenticatedToken($user, $jwt, $providerKey); $authenticatedToken->setAuthenticated(true); return $authenticatedToken; }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } if (!($user = $token->getUser())) { throw new BadCredentialsException('No pre-authenticated principal found in request.'); } $user = $this->userProvider->loadUserByUsername($user); $this->userChecker->checkPostAuth($user); $authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; }
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { if (!$userProvider instanceof WebserviceUserProvider) { throw new \InvalidArgumentException(sprintf('The user provider must be an instance of ApiKeyUserProvider (%s was given).', get_class($userProvider))); } $apiKey = $token->getCredentials(); $user = $token->getUser(); if ($user instanceof User) { return new PreAuthenticatedToken($user, $apiKey, $providerKey, $user->getRoles()); } $user = $userProvider->loadUserByUsername($apiKey); $newToken = new PreAuthenticatedToken($user, $apiKey, $providerKey, $user->getRoles()); if (!is_null($user)) { $newToken->setAuthenticated(true); } return $newToken; }
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { if (!$userProvider instanceof ApiKeyUserProvider) { throw new \InvalidArgumentException(sprintf('ApiKeyUserProvider user provider required: %s was provided.', get_class($userProvider))); } $apiKey = $token->getCredentials(); $authToken = $userProvider->getAuthTokenForApiKey($apiKey); if (!$authToken) { throw new AccessDeniedHttpException(sprintf('API Key "%s" does not exist.', $apiKey)); } if ($authToken->getExpiresAt() < new DateTime()) { return null; } if (!$authToken->getUserLogin()->getIsActive()) { return null; } $login = $authToken->getUserLogin()->getEmail(); $user = $userProvider->loadUserByUsername($login); $token = new PreAuthenticatedToken($user, $apiKey, $providerKey, UserEntity::getTopRole($authToken->getIsManager())); $token->setAttribute("fullName", $authToken->getUserLogin()->getFullName()); return $token; }
public function it_supports_token(PreAuthenticatedToken $token, $providerKey) { $token->getProviderKey()->willReturn($providerKey); $this->supportsToken($token, $providerKey)->shouldBe(true); }
public function testEraseCredentials() { $token = new PreAuthenticatedToken('foo', 'bar', 'key'); $token->eraseCredentials(); $this->assertEquals('', $token->getCredentials()); }
/** * @param array|RoleInterface[] $token * @param string $providerKey * @param array $roles */ public function __construct($token, $providerKey, array $roles = []) { parent::__construct($token, $token, $providerKey, $roles); $this->token = $token; }
/** * Update users to the new password encoding when they login * @param AuthenticationEntityInterface $authEntity * @param string $password */ protected function updateLegacyPassword(AuthenticationEntityInterface $authEntity, $password) { if ($authEntity->isLegacyAccount()) { //we have to have a valid token to update the user because the audit log requires it $authenticatedToken = new PreAuthenticatedToken($authEntity->getUser(), 'fakekey', 'fakeProvider'); $authenticatedToken->setAuthenticated(true); $this->tokenStorage->setToken($authenticatedToken); $authEntity->setPasswordSha256(null); $encodedPassword = $this->encoder->encodePassword($authEntity->getUser(), $password); $authEntity->setPasswordBcrypt($encodedPassword); $this->authManager->updateAuthentication($authEntity); } }
public function __construct(UserInterface $consoleUser, $providerKey = 'fos_userbundle') { parent::__construct($consoleUser, '', $providerKey, $consoleUser->getRoles()); }
/** * @param array|\Symfony\Component\Security\Core\Role\RoleInterface[] $user * @param $credentials * @param $providerKey * @param array $roles */ public function __construct($user, $credentials, $providerKey, array $roles = array()) { parent::__construct($user, $credentials, $providerKey, $roles); }