/**
* {@inheritdoc}
*/
public function loadUserByOAuthUserResponse(UserResponseInterface $response)
{
$userId = $response->getUsername();
$user = $this->userManager->findUserBy(array($this->getProperty($response) => $userId));
$email = $response->getEmail();
$username = $response->getNickname() ?: $response->getRealName();
if (null === $user) {
$user = $this->userManager->findUserByUsernameAndEmail($username, $email);
if (null === $user || !$user instanceof UserInterface) {
$user = $this->userManager->createUser();
$username = str_replace(' ', '', $username);
$user->setUsername($username);
$user->setEmail($email);
$user->setPassword('');
$user->setEnabled(true);
$user->setOAuthService($response->getResourceOwner()->getName());
$user->setOAuthId($userId);
$user->setOAuthAccessToken($response->getAccessToken());
$this->userManager->updateUser($user);
} else {
throw new AuthenticationException('Username or email has been already used.');
}
} else {
$checker = new UserChecker();
$checker->checkPreAuth($user);
}
return $user;
}
/**
* {@inheritdoc}
*/
public function loadUserByOAuthUserResponse(UserResponseInterface $response)
{
$socialID = $response->getUsername();
$user = $this->userManager->findUserBy(array($this->getProperty($response) => $socialID));
$email = $response->getEmail();
//check if the user already has the corresponding social account
if (null === $user) {
//check if the user has a normal account
$user = $this->userManager->findUserByEmail($email);
if (null === $user || !$user instanceof UserInterface) {
//if the user does not have a normal account, set it up:
$user = $this->userManager->createUser();
$user->setEmail($email);
$user->setPlainPassword(md5(uniqid()));
$user->setEnabled(true);
}
//then set its corresponding social id
$service = $response->getResourceOwner()->getName();
switch ($service) {
case 'google':
$user->setGoogleID($socialID);
break;
case 'facebook':
$user->setFacebookID($socialID);
break;
}
$this->userManager->updateUser($user);
} else {
//and then login the user
$checker = new UserChecker();
$checker->checkPreAuth($user);
}
return $user;
}
/**
* @expectedException \Symfony\Component\Security\Core\Exception\AccountExpiredException
*/
public function testCheckPostAuthAccountExpired()
{
$checker = new UserChecker();
$account = $this->getMock('Symfony\\Component\\Security\\Core\\User\\AdvancedUserInterface');
$account->expects($this->once())->method('isAccountNonLocked')->will($this->returnValue(true));
$account->expects($this->once())->method('isEnabled')->will($this->returnValue(true));
$account->expects($this->once())->method('isAccountNonExpired')->will($this->returnValue(false));
$checker->checkPostAuth($account);
}
/**
* Attempts to authenticate a TokenInterface object.
*
* @param TokenInterface $token The TokenInterface instance to authenticate
*
* @return TokenInterface An authenticated TokenInterface instance, never null
*
* @throws AuthenticationException if the authentication fails
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return null;
}
$user = $token->getUser();
/** @var ApiToken $token */
if ($this->key !== $token->getKey()) {
throw new BadCredentialsException('The presented key does not match.');
}
$this->userChecker->checkPostAuth($user);
$authenticatedToken = new ApiToken($user->getRoles(), $this->providerId, $this->key);
$authenticatedToken->setUser($user);
$authenticatedToken->setAttributes($token->getAttributes());
$authenticatedToken->setAuthenticated(true);
return $authenticatedToken;
}
/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return null;
}
try {
$tokenString = $token->getToken();
if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) {
$scope = $accessToken->getScope();
$user = $accessToken->getUser();
if (null !== $user) {
try {
$this->userChecker->checkPreAuth($user);
} catch (AccountStatusException $e) {
throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage());
}
$token->setUser($user);
}
$roles = null !== $user ? $user->getRoles() : array();
if (!empty($scope)) {
foreach (explode(' ', $scope) as $role) {
$roles[] = 'ROLE_' . strtoupper($role);
}
}
$token = new OAuthToken($roles);
$token->setAuthenticated(true);
$token->setToken($tokenString);
if (null !== $user) {
try {
$this->userChecker->checkPostAuth($user);
} catch (AccountStatusException $e) {
throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage());
}
$token->setUser($user);
}
return $token;
}
} catch (OAuth2ServerException $e) {
if (!method_exists('Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException', 'setToken')) {
// Symfony 2.1
throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e);
}
throw new AuthenticationException('OAuth2 authentication failed', 0, $e);
}
throw new AuthenticationException('OAuth2 authentication failed');
}
/**
* {@inheritdoc}
*/
public function checkPreAuth(UserInterface $user)
{
parent::checkPreAuth($user);
if ($user instanceof User && null !== $this->securityContextLink->getService()->getToken() && null !== $user->getPasswordChangedAt() && null !== $user->getLastLogin() && $user->getPasswordChangedAt() > $user->getLastLogin()) {
$this->flashBag->add('error', $this->translator->trans('oro.user.security.password_changed.message'));
$exception = new PasswordChangedException('Invalid password.');
$exception->setUser($user);
throw $exception;
}
}
/**
* {@inheritdoc}
*/
public function loadUserByOAuthUserResponse(UserResponseInterface $response)
{
$userId = $response->getUsername();
$user = $this->userManager->findUserBy(array($this->getProperty($response) => $userId));
if (null === $user || !$user instanceof UserInterface) {
// register user in FOSUserBundle
$user = $this->userManager->createUser();
$user->setEmail($response->getEmail());
$user->setFullName($response->getRealName());
$user->setPassword('');
$user->setEnabled(true);
$user->setFacebookId($userId);
$user->setFacebookAccessToken($response->getAccessToken());
$this->userManager->updateUser($user);
} else {
$checker = new UserChecker();
$checker->checkPreAuth($user);
}
return $user;
}
/**
* Authenticate with access token
*
* @param TokenInterface $token
* @return OAuth2AccessToken
*/
protected function authenticateAccessToken(TokenInterface $token)
{
$accessToken = $this->accessTokenProvider->get($token->getAccessToken());
$this->checkAccessToken($accessToken);
$client = $this->clientProvider->get($accessToken->getClient());
$this->checkClient($client);
$this->checkSignature($token, $client);
// check scope
$user = $this->userProvider->loadUserByUsername($accessToken->getUsername());
try {
$this->userChecker->checkPreAuth($user);
} catch (AccountStatusException $e) {
throw new OAuthAccessTokenNotFoundException($e->getMessage(), 401, $e, $this->realmName);
}
$retval = new OAuth2AccessToken($user->getRoles());
$retval->setAuthenticated(true);
$retval->setAccessToken($accessToken->getId());
$retval->setUser($user);
$retval->setClient($client);
$retval->setSignature($token->getSignature());
return $retval;
}
public function loadUserByOAuthUserResponse(UserResponseInterface $response)
{
// $accessToken = $this->container->get('security.context')->getToken()->getAccessToken();
$userId = $response->getUsername();
/*var_dump($response->getAccessToken());
die();*/
$user = $this->userManager->findUserBy(array($this->getProperty($response) => $userId));
/* var_dump($user);
die();*/
// var_dump($user);
// var_dump($response->getResourceOwner()->getName());
// die();
$email = $response->getEmail();
$username = $response->getNickname() ?: $response->getRealName();
if (null === $user) {
$user = $this->userManager->findUserByUsernameAndEmail($username, $email);
/*var_dump($response);
die();*/
if (null === $user || !$user instanceof UserInterface) {
$user = $this->userManager->createUser();
$username = str_replace(' ', '', $username . rand(20, 50000));
$user->setUsername($username);
if ($email == null) {
$user->setEmail($userId);
} else {
$user->setEmail($email);
}
$user->addRole('ROLE_NORMAL_USER');
$user->setPassword('');
$user->setEnabled(true);
$user->setRegistrationStatus('incomplete');
$user->setFullName($response->getRealName());
//$user->setOAuthService($response->getResourceOwner()->getName());
if ($response->getResourceOwner()->getName() == "google") {
$user->setGoogleEmail($response->getEmail());
$user->setGoogleId($userId);
$user->setGoogleToken($response->getAccessToken());
}
if ($response->getResourceOwner()->getName() == "facebook") {
if ($email != null) {
$user->setFacebookEmail($response->getEmail());
}
$user->setFacebookId($userId);
$user->setFacebookToken($response->getAccessToken());
}
//$user->setConfirmationToken($response->getAccessToken());
$this->userManager->updateUser($user);
} else {
/*var_dump($user);
die();*/
if ($response->getResourceOwner()->getName() == "google") {
$user->setGoogleId($userId);
$user->setGoogleToken($response->getAccessToken());
$user->setGoogleEmail($response->getEmail());
}
if ($response->getResourceOwner()->getName() == "facebook") {
if ($email != null) {
$user->setFacebookEmail($response->getEmail());
}
$user->setFacebookId($userId);
$user->setFacebookToken($response->getAccessToken());
}
$this->userManager->updateUser($user);
// throw new AuthenticationException('Username or email has been already used.');
}
} else {
$checker = new UserChecker();
$checker->checkPreAuth($user);
}
return $user;
}
