/** * {@inheritdoc} */ protected function retrieveUser($username, UsernamePasswordToken $token) { $user = $token->getUser(); if ($user instanceof UserInterface) { return $user; } try { if ($this->getAuthService()->hasPartnerAuth()) { try { $user = $this->userProvider->loadUserByUsername($username); $bind = $this->getUserService()->getUserBindByTypeAndUserId($this->getAuthService()->getPartnerName(), $user['id']); if ($bind) { $partnerUser = $this->getAuthService()->checkPartnerLoginById($bind['fromId'], $token->getCredentials()); if ($partnerUser) { $user = $this->syncEmailAndPassword($user, $partnerUser, $token); } } } catch (UsernameNotFoundException $notFound) { if (filter_var($username, FILTER_VALIDATE_EMAIL)) { $partnerUser = $this->getAuthService()->checkPartnerLoginByEmail($username, $token->getCredentials()); } else { $partnerUser = $this->getAuthService()->checkPartnerLoginByNickname($username, $token->getCredentials()); } if (empty($partnerUser)) { throw $notFound; } $bind = $this->getUserService()->getUserBindByTypeAndFromId($this->getAuthService()->getPartnerName(), $partnerUser['id']); if ($bind) { $user = $this->getUserService()->getUser($bind['toId']); $user = $this->syncEmailAndPassword($user, $partnerUser, $token); } else { $setting = $this->getSettingService()->get('user_partner', array()); $email_filter = explode("\n", $setting['email_filter']); if (in_array($partnerUser['email'], $email_filter)) { $partnerUser['email'] = $partnerUser['id'] . '_dz_' . $this->getRandomString(5) . '@edusoho.net'; } $registration = array(); $registration['nickname'] = $partnerUser['nickname']; $registration['email'] = $partnerUser['email']; $registration['password'] = $token->getCredentials(); $registration['createdIp'] = $partnerUser['createdIp']; $registration['token'] = array('userId' => $partnerUser['id']); $this->getUserService()->register($registration, $this->getAuthService()->getPartnerName()); $user = $this->userProvider->loadUserByUsername($username); } } } else { $user = $this->userProvider->loadUserByUsername($username); } if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('The user provider must return a UserInterface object.'); } return $user; } catch (UsernameNotFoundException $notFound) { $notFound->setUsername($username); throw $notFound; } catch (\Exception $repositoryProblem) { $ex = new AuthenticationServiceException($repositoryProblem->getMessage(), 0, $repositoryProblem); $ex->setToken($token); throw $ex; } }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if ($user instanceof User) { $encoder = $this->encoderFactory->getEncoder($user); if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { throw new BadCredentialsException('The presented password is invalid.'); } } else { $ldap = new Ldap($this->params['host'], $this->params['port'], $this->params['version']); $bind = $ldap->bind($user->getUsername(), $presentedPassword); $this->logger->debug(sprintf('LDAP bind with username "%s" and password "%s" yielded: %s', $user->getUsername(), $presentedPassword, print_r($bind, true))); if (!$bind) { throw new BadCredentialsException('The presented password is invalid.'); } // There's likely more data in the LDAP result now after a successful bind $this->userProvider->refreshUser($user); } } }
public function authUserFromRedmine(UsernamePasswordToken $token) { $pass = $token->getCredentials(); $username = $token->getUser(); try { $response = $this->client->redmineLogin($username, $pass); $q = json_decode($response); $em = $this->em; $user = $em->getRepository("RedmineAppBundle:RedmineUser")->findOneBy(['redmineToken' => $q->user->api_key, 'redmineUserID' => $q->user->id]); if ($user) { return $user->getUsername(); } else { $user = new RedmineUser(); $user->setUsername($q->user->login)->setEmail($q->user->mail)->setPassword($this->encoder->encodePassword($user, md5(uniqid())))->setName($q->user->firstname)->setSurname($q->user->lastname)->setRedmineUserID($q->user->id)->setRedmineToken($q->user->api_key); $settings = new Settings(); $settings->setSms(false)->setPush(false)->setCheckFirst(Carbon::createFromTime(17, 45))->setCheckSecond(Carbon::createFromTime(20, 0))->setCheckThird(Carbon::createFromTime(9, 30))->setUser($user); $this->em->persist($user); $this->em->persist($settings); $this->em->flush(); return $user->getUsername(); } } catch (\Exception $e) { return null; } }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } $client = $this->clientFactory->build('en'); $request = CustomerLoginRequest::ofEmailAndPassword($token->getUser(), $presentedPassword); $response = $request->executeWithClient($client); if ($response->isError()) { throw new BadCredentialsException('The presented password is invalid.'); } $result = $request->mapResponse($response); $customer = $result->getCustomer(); if ($currentUser !== $customer->getEmail()) { throw new BadCredentialsException('The presented password is invalid.'); } $this->session->set('customer.id', $customer->getId()); } }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $password = $token->getCredentials(); if ($password === null || $password === '') { throw new BadCredentialsException('The presented password is invalid.'); } return parent::checkAuthentication($user, $token); }
public function authenticate(TokenInterface $token) { if ($this->code != $token->getCredentials()) { throw new AuthenticationException("Authentication code does not match"); } $user = $token->getUser(); // TODO: Provide a mechanism to get the real user object, and set user roles in token $token = new UsernamePasswordToken($user, $token->getCredentials(), $this->name, ['ROLE_USER']); return $token; }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $password = $token->getCredentials(); try { $username = $user->getUsername(); $this->ldap->bind($username, $password); } catch (ConnectionException $e) { throw new BadCredentialsException('The presented password is invalid.'); } }
/** * {@inheritdoc} */ protected function retrieveUser($username, UsernamePasswordToken $token) { $repository = $this->getRepository(); try { $apiUser = $repository->getUserService()->loadUserByCredentials($username, $token->getCredentials()); $repository->setCurrentUser($apiUser); return new User($apiUser); } catch (NotFoundException $e) { throw new AuthenticationException('Authentication to eZ Publish failed', $e->getCode(), $e); } }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $username = $token->getUsername(); $password = $token->getCredentials(); try { $username = $this->ldap->escape($username, '', LDAP_ESCAPE_DN); $dn = str_replace('{username}', $username, $this->dnString); $this->ldap->bind($dn, $password); } catch (ConnectionException $e) { throw new BadCredentialsException('The presented password is invalid.'); } }
public function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $connector = new Connector($user->getUsername(), $token->getCredentials()); if (!$connector->isSignedIn()) { throw new BadCredentialsException(); } $student = $connector->getStudent(); $user->fromStudent($student); $user->setLastConnectionAt(new \DateTime()); if ($user->getId() == null || $user->getAccount() == null) { $user->setAccount(new Account()); } $this->em->persist($user); $this->em->flush(); }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if ('' === ($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { throw new BadCredentialsException('The presented password is invalid.'); } } }
/** * {@inheritdoc} */ protected function retrieveUser($username, UsernamePasswordToken $token) { $user = $token->getUser(); if ($user instanceof UserInterface) { return $user; } try { $user = $this->userProvider->loadUserByUsernameAndPassword($username, $token->getCredentials()); if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('The user provider must return a UserInterface object.'); } return $user; } catch (UsernameNotFoundException $notFound) { throw $notFound; } }
/** * {@inheritdoc} */ protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token) { $user = $token->getUser(); if ($user instanceof AccountInterface) { if ($account->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = (string) $token->getCredentials())) { throw new BadCredentialsException('Bad credentials'); } if (!$this->encoderFactory->getEncoder($account)->isPasswordValid($account->getPassword(), $presentedPassword, $account->getSalt())) { throw new BadCredentialsException('Bad credentials'); } } }
/** * {@inheritdoc} */ public function handle(Request $request, ClientInterface $client) { $username = $request->request->get('username'); $password = $request->request->get('password'); $scope = $request->request->get('scope'); if (empty($username)) { throw new OAuthInvalidRequestException('Missing username parameter.'); } if (empty($password)) { throw new OAuthInvalidRequestException('Missing password parameter.'); } $user = $this->userProvider->loadUserByUsername($username); $token = new UsernamePasswordToken($username, $password, $this->providerKey); if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $token->getCredentials(), $user->getSalt())) { throw new OAuthInvalidRequestException('Bad credentials.'); } $accessToken = $this->accessTokenProvider->create($user, $client, $scope); $data = ['access_token' => $accessToken->getId(), 'token_type' => 'bearer', 'expires_in' => $accessToken->getExpires()]; return new Response(json_encode($data), 200, ['Content-Type' => 'application/json;charset=UTF-8', 'Cache-Control' => 'no-store', 'Pragma' => 'no-cache']); }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); $presentedPassword = $token->getCredentials(); if ($currentUser instanceof UserInterface) { if ('' === $presentedPassword) { throw new BadCredentialsException('The password in the token is empty. You may forgive turn off `erase_credentials` in your `security.yml`'); } if (!$this->ldapManager->bind($currentUser, $presentedPassword)) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if ('' === $presentedPassword) { throw new BadCredentialsException('The presented password cannot be empty.'); } if (!$this->ldapManager->bind($user, $presentedPassword)) { throw new BadCredentialsException('The presented password is invalid.'); } } }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { $this->userProvider->handleWrongPassword($user); throw new BadCredentialsException('The presented password is invalid.'); } else { $this->userProvider->handleGoodPassword($user); } if (!$user->isAccountNonLocked()) { throw new LockedException(strtr('User account is locked%until%.', array('%until%' => $user->getLockedUntil() ? sprintf(' until %s', $user->getLockedUntil()->format('Y-m-d H:i:s')) : '')), $user); } } }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof LdapUserInterface) { if (!$this->ldapManager->bind($currentUser, $currentUser->getPassword())) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!$user->getDn()) { $userLdap = $this->ldapManager->findUserByUsername($user->getUsername()); if (!$userLdap) { throw new BadCredentialsException(sprintf('User "%s" not found', $user->getUsername())); } $user->setDn($userLdap->getDn()); } if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if (!$this->ldapManager->bind($user, $presentedPassword)) { throw new BadCredentialsException('The presented password is invalid.'); } } }
/** * {@inheritdoc} */ public function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $connector = new \EpitechAPI\Connector(); try { $connector->authenticate(\EpitechAPI\Connector::SIGN_IN_METHOD_CREDENTIALS, $user->getUsername(), $token->getCredentials()); } catch (\Exception $ex) { throw new \Exception("The Epitech's Intranet is not responding"); } if (!$connector->isSignedIn()) { throw new BadCredentialsException(); } $user->updateFromIntranet($connector->getUser()); $user->setLastConnectionDate(new \DateTime()); $roles = $user->getRoles(); foreach (array_keys($roles, 'ROLE_SUPER_ADMIN') as $key) { unset($roles[$key]); } if (in_array($user->getLogin(), $this->superAdminsLogin)) { $roles[] = 'ROLE_SUPER_ADMIN'; } $user->setRoles($roles); $this->entityManager->persist($user); $this->entityManager->flush(); }
/** * @param UserInterface $user * @param UsernamePasswordToken $token */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { // this happens if we were already logged in if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if ("" === ($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { throw new BadCredentialsException('The presented password is invalid.'); } } if ($token->hasAttribute('desired_user')) { $roles = $user->getRoles(); if (!in_array('ROLE_ALLOWED_TO_SWITCH', $roles)) { throw new BadCredentialsException('You are not allowed to login as other users.'); } } }
public function testEraseCredentials() { $token = new UsernamePasswordToken('foo', 'bar', 'key'); $token->eraseCredentials(); $this->assertEquals('', $token->getCredentials()); }
/** * {@inheritdoc} */ protected function retrieveUser($username, UsernamePasswordToken $token) { $user = $token->getUser(); if ($user instanceof UserInterface) { return $user; } try { $user = $this->userProvider->loadUserByUsername($username, $token->getAsn(), $token->getCredentials()); if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('The user provider must return a UserInterface object.'); } return $user; } catch (UsernameNotFoundException $notFound) { $notFound->setUsername($username); throw $notFound; } catch (\Exception $repositoryProblem) { $ex = new AuthenticationServiceException($repositoryProblem->getMessage(), 0, $repositoryProblem); $ex->setToken($token); throw $ex; } }
/** * Authenticates the user via ldap * * @param \Symfony\Component\Security\Core\User\UserInterface $user * @param \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken $token * @return boolean $passwordValid * @throws BadCredentialsException */ protected function checkAuthenticationLdap(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); // Due to ldap restrinctions we expect a user authenticated once the token // contains a user object if ($currentUser instanceof UserInterface) { return true; } try { $this->ldapManager->bind($token->getUsername(), $token->getCredentials()); $passwordValid = (bool) $this->ldapManager->getBoundUser(); if (null !== $this->logger && !$token->isAuthenticated()) { $this->logger->info("[LdapAuthenticator] Ldap authentication successful.", array('user' => $this->ldapManager->getBoundUser())); } return $passwordValid; } catch (\Zend\Ldap\Exception\LdapException $e) { throw new BadCredentialsException('Ldap authentication failed', 0, $e); } }