/** * @inheritdoc */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { /* @var PreAuthenticatedToken $token */ $authToken = $token->getToken(); if (empty($authToken)) { $authToken = 'NONE_PROVIDED'; } $tokenEntity = $this->tokenManager->findById($authToken); if (!$tokenEntity) { throw new BadCredentialsException('Bad token'); } if (true === $this->tokenManager->isExpired($tokenEntity)) { throw new TokenExpiredException('Token expired'); } $user = $this->retrieveUser($userProvider, $tokenEntity); if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.'); } try { $this->userChecker->checkPreAuth($user); $this->checkAuthentication($user, $tokenEntity, $token); $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { throw new BadCredentialsException('Bad credentials', 0, $e); } $authenticatedToken = new PreAuthenticatedToken($token->getToken(), $providerKey, $user->getRoles()); $authenticatedToken->setUser($user); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; }
/** * {@inheritdoc} */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $session = $request->getSession(); if ($session->has('wls_response')) { // There's a Raven response to process $token = RavenUserToken::factory($session->get('wls_response')); $session->remove('wls_response'); if (null !== $this->logger) { $this->logger->debug('Found WLS response', array('CRSid' => $token->getUsername())); } if (rawurldecode($token->getAttribute('url')) !== $request->getUri()) { throw new RavenException('URL mismatch'); } switch ($token->getAttribute('status')) { case 200: // Successful authentication break; case 410: throw new AuthenticationCancelledException(); break; default: switch ($token->getAttribute('status')) { case 510: $message = 'No mutually acceptable authentication types available'; break; case 520: $message = 'Unsupported protocol version'; break; case 530: $message = 'General request parameter error'; break; case 540: $message = 'Interaction would be required'; break; case 560: $message = 'WAA not authorised'; break; case 570: $message = 'Authentication declined'; break; default: $message = null; break; } throw new RavenException($message, $token->getAttribute('status')); break; } $token = $this->authenticationManager->authenticate($token); $this->tokens->setToken($token); $this->dispatcher->dispatch(RavenEvents::LOGIN, new InteractiveLoginEvent($request, $token)); } elseif ($this->tokens->getToken() != null && $this->tokens->getToken()->getUser() instanceof UserInterface) { // The user is already logged in } else { $this->requestAuthentication($event, $request->getUri()); } }
/** * @param TokenInterface $token * * @return OAuthToken|TokenInterface * @throws \Symfony\Component\Security\Core\Exception\AuthenticationException */ public function authenticate(TokenInterface $token) { try { $tokenString = $token->getToken(); $user = $this->userProvider->loadUserByToken($tokenString); $token = new OAuthToken($user->getRoles()); $token->setToken($tokenString); $token->setUser($user); $token->setAuthenticated(true); return $token; } catch (\Exception $e) { if ($this->logger) { $this->logger->alert('Can not authenticate user', array('message' => $e->getMessage())); } } throw new AuthenticationException('The OAuth authentication failed.'); }
private function logAccessToken(ActionLog $log, TokenInterface $token) { if (!$token instanceof OAuthToken) { return; } $accessTokenRepo = $this->em->getRepository('LoginCidadaoOAuthBundle:AccessToken'); $accessToken = $accessTokenRepo->findOneBy(array('token' => $token->getToken())); $log->setAccessToken($token->getToken()); $log->setClientId($accessToken->getClient()->getId()); $log->setUserId($accessToken->getUser()->getId()); }