/** * {@inheritdoc} */ public function loadUserByOAuthUserResponse(UserResponseInterface $response) { $userId = $response->getUsername(); $user = $this->userManager->findUserBy(array($this->getProperty($response) => $userId)); $email = $response->getEmail(); $username = $response->getNickname() ?: $response->getRealName(); if (null === $user) { $user = $this->userManager->findUserByUsernameAndEmail($username, $email); if (null === $user || !$user instanceof UserInterface) { $user = $this->userManager->createUser(); $username = str_replace(' ', '', $username); $user->setUsername($username); $user->setEmail($email); $user->setPassword(''); $user->setEnabled(true); $user->setOAuthService($response->getResourceOwner()->getName()); $user->setOAuthId($userId); $user->setOAuthAccessToken($response->getAccessToken()); $this->userManager->updateUser($user); } else { throw new AuthenticationException('Username or email has been already used.'); } } else { $checker = new UserChecker(); $checker->checkPreAuth($user); } return $user; }
/** * @expectedException \Symfony\Component\Security\Core\Exception\CredentialsExpiredException */ public function testCheckPreAuthCredentialsExpired() { $checker = new UserChecker(); $account = $this->getMock('Symfony\\Component\\Security\\Core\\User\\AdvancedUserInterface'); $account->expects($this->once())->method('isCredentialsNonExpired')->will($this->returnValue(false)); $checker->checkPreAuth($account); }
/** * {@inheritdoc} */ public function loadUserByOAuthUserResponse(UserResponseInterface $response) { $socialID = $response->getUsername(); $user = $this->userManager->findUserBy(array($this->getProperty($response) => $socialID)); $email = $response->getEmail(); //check if the user already has the corresponding social account if (null === $user) { //check if the user has a normal account $user = $this->userManager->findUserByEmail($email); if (null === $user || !$user instanceof UserInterface) { //if the user does not have a normal account, set it up: $user = $this->userManager->createUser(); $user->setEmail($email); $user->setPlainPassword(md5(uniqid())); $user->setEnabled(true); } //then set its corresponding social id $service = $response->getResourceOwner()->getName(); switch ($service) { case 'google': $user->setGoogleID($socialID); break; case 'facebook': $user->setFacebookID($socialID); break; } $this->userManager->updateUser($user); } else { //and then login the user $checker = new UserChecker(); $checker->checkPreAuth($user); } return $user; }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } try { $tokenString = $token->getToken(); if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) { $scope = $accessToken->getScope(); $user = $accessToken->getUser(); if (null !== $user) { try { $this->userChecker->checkPreAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } $roles = null !== $user ? $user->getRoles() : array(); if (!empty($scope)) { foreach (explode(' ', $scope) as $role) { $roles[] = 'ROLE_' . strtoupper($role); } } $token = new OAuthToken($roles); $token->setAuthenticated(true); $token->setToken($tokenString); if (null !== $user) { try { $this->userChecker->checkPostAuth($user); } catch (AccountStatusException $e) { throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage()); } $token->setUser($user); } return $token; } } catch (OAuth2ServerException $e) { if (!method_exists('Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException', 'setToken')) { // Symfony 2.1 throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e); } throw new AuthenticationException('OAuth2 authentication failed', 0, $e); } throw new AuthenticationException('OAuth2 authentication failed'); }
/** * {@inheritdoc} */ public function checkPreAuth(UserInterface $user) { parent::checkPreAuth($user); if ($user instanceof User && null !== $this->securityContextLink->getService()->getToken() && null !== $user->getPasswordChangedAt() && null !== $user->getLastLogin() && $user->getPasswordChangedAt() > $user->getLastLogin()) { $this->flashBag->add('error', $this->translator->trans('oro.user.security.password_changed.message')); $exception = new PasswordChangedException('Invalid password.'); $exception->setUser($user); throw $exception; } }
/** * {@inheritdoc} */ public function loadUserByOAuthUserResponse(UserResponseInterface $response) { $userId = $response->getUsername(); $user = $this->userManager->findUserBy(array($this->getProperty($response) => $userId)); if (null === $user || !$user instanceof UserInterface) { // register user in FOSUserBundle $user = $this->userManager->createUser(); $user->setEmail($response->getEmail()); $user->setFullName($response->getRealName()); $user->setPassword(''); $user->setEnabled(true); $user->setFacebookId($userId); $user->setFacebookAccessToken($response->getAccessToken()); $this->userManager->updateUser($user); } else { $checker = new UserChecker(); $checker->checkPreAuth($user); } return $user; }
/** * Authenticate with access token * * @param TokenInterface $token * @return OAuth2AccessToken */ protected function authenticateAccessToken(TokenInterface $token) { $accessToken = $this->accessTokenProvider->get($token->getAccessToken()); $this->checkAccessToken($accessToken); $client = $this->clientProvider->get($accessToken->getClient()); $this->checkClient($client); $this->checkSignature($token, $client); // check scope $user = $this->userProvider->loadUserByUsername($accessToken->getUsername()); try { $this->userChecker->checkPreAuth($user); } catch (AccountStatusException $e) { throw new OAuthAccessTokenNotFoundException($e->getMessage(), 401, $e, $this->realmName); } $retval = new OAuth2AccessToken($user->getRoles()); $retval->setAuthenticated(true); $retval->setAccessToken($accessToken->getId()); $retval->setUser($user); $retval->setClient($client); $retval->setSignature($token->getSignature()); return $retval; }
public function loadUserByOAuthUserResponse(UserResponseInterface $response) { // $accessToken = $this->container->get('security.context')->getToken()->getAccessToken(); $userId = $response->getUsername(); /*var_dump($response->getAccessToken()); die();*/ $user = $this->userManager->findUserBy(array($this->getProperty($response) => $userId)); /* var_dump($user); die();*/ // var_dump($user); // var_dump($response->getResourceOwner()->getName()); // die(); $email = $response->getEmail(); $username = $response->getNickname() ?: $response->getRealName(); if (null === $user) { $user = $this->userManager->findUserByUsernameAndEmail($username, $email); /*var_dump($response); die();*/ if (null === $user || !$user instanceof UserInterface) { $user = $this->userManager->createUser(); $username = str_replace(' ', '', $username . rand(20, 50000)); $user->setUsername($username); if ($email == null) { $user->setEmail($userId); } else { $user->setEmail($email); } $user->addRole('ROLE_NORMAL_USER'); $user->setPassword(''); $user->setEnabled(true); $user->setRegistrationStatus('incomplete'); $user->setFullName($response->getRealName()); //$user->setOAuthService($response->getResourceOwner()->getName()); if ($response->getResourceOwner()->getName() == "google") { $user->setGoogleEmail($response->getEmail()); $user->setGoogleId($userId); $user->setGoogleToken($response->getAccessToken()); } if ($response->getResourceOwner()->getName() == "facebook") { if ($email != null) { $user->setFacebookEmail($response->getEmail()); } $user->setFacebookId($userId); $user->setFacebookToken($response->getAccessToken()); } //$user->setConfirmationToken($response->getAccessToken()); $this->userManager->updateUser($user); } else { /*var_dump($user); die();*/ if ($response->getResourceOwner()->getName() == "google") { $user->setGoogleId($userId); $user->setGoogleToken($response->getAccessToken()); $user->setGoogleEmail($response->getEmail()); } if ($response->getResourceOwner()->getName() == "facebook") { if ($email != null) { $user->setFacebookEmail($response->getEmail()); } $user->setFacebookId($userId); $user->setFacebookToken($response->getAccessToken()); } $this->userManager->updateUser($user); // throw new AuthenticationException('Username or email has been already used.'); } } else { $checker = new UserChecker(); $checker->checkPreAuth($user); } return $user; }