public function isEqualTo(UserInterface $user) { if ($this->username == $user->getUsername()) { return true; } return false; }
private function logUser(UserInterface $user, $password) { $token = new UsernamePasswordToken($user, $password, 'secured_area', $user->getRoles()); $request = $this->getRequest(); $session = $request->getSession(); $session->set('_security_secured_area', serialize($token)); }
/** * {@inheritdoc} */ protected function getSecret(UserInterface $user) { if ($user instanceof AdvancedApiUserInterface) { return $user->getApiKeys(); } return parent::getSecret($user); }
/** * Update the users last login. * * @param UserInterface $user */ protected function updateLastLogin($user) { if ($user instanceof BaseUser) { $user->setLastLogin(new \DateTime()); $this->entityManager->flush(); } }
private function authenticateUser(UserInterface $user) { $providerKey = 'secured_area'; // your firewall name $token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles()); $this->getSecurityContext()->setToken($token); }
public function isEqualTo(UserInterface $user) { if (!$user instanceof CorredorUser || $this->password !== $user->getPassword() || $this->salt !== $user->getSalt() || $this->username !== $user->getUsername()) { return false; } return true; }
/** * {@inheritdoc} */ public function configureOptions(OptionsResolver $resolver) { $resolver->setDefaults(['data_class' => RequestRememberPasswordCommand::class, 'empty_data' => function (FormInterface $form) { $email = null === $this->currentUser ? $form->get('email')->getData() : $this->currentUser->getUsername(); return new RequestRememberPasswordCommand($email); }]); }
/** * {@inheritDoc} */ public function isEqualTo(UserInterface $user) { if ($user instanceof FacebookUser && $user->getId() === $this->getId()) { return true; } return false; }
/** * {@InheritDoc} * * @throws NonceExpiredException */ public function validateDigest(WsseUserToken $wsseToken, UserInterface $user) { $created = $wsseToken->created; $nonce = $wsseToken->nonce; $digest = $wsseToken->digest; $secret = $user->getPassword(); // Check created time is not too far in the future (leaves 5 minutes margin) if (strtotime($created) > time() + 300) { throw new WsseAuthenticationException(sprintf('Token created date cannot be in future (%d seconds in the future).', time() - strtotime($created))); } // Expire timestamp after 5 minutes if (strtotime($created) < time() - 300) { throw new WsseAuthenticationException(sprintf('Token created date has expired its 300 seconds of validity (%d seconds).', strtotime($created) - time())); } // Validate that the nonce is *not* used in the last 10 minutes // if it has, this could be a replay attack if (file_exists($this->cacheDir . '/' . $nonce) && file_get_contents($this->cacheDir . '/' . $nonce) + 600 > time()) { throw new NonceExpiredException('Previously used nonce detected.'); } // If cache directory does not exist we create it if (!is_dir($this->cacheDir)) { mkdir($this->cacheDir, 0777, true); } file_put_contents($this->cacheDir . '/' . $nonce, time()); // Validate Secret $expected = base64_encode(sha1(base64_decode($nonce) . $created . $secret, true)); if (!StringUtils::equals($expected, $digest)) { throw new WsseAuthenticationException('Token digest is not valid.'); } return true; }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } $client = $this->clientFactory->build('en'); $request = CustomerLoginRequest::ofEmailAndPassword($token->getUser(), $presentedPassword); $response = $request->executeWithClient($client); if ($response->isError()) { throw new BadCredentialsException('The presented password is invalid.'); } $result = $request->mapResponse($response); $customer = $result->getCustomer(); if ($currentUser !== $customer->getEmail()) { throw new BadCredentialsException('The presented password is invalid.'); } $this->session->set('customer.id', $customer->getId()); } }
public function refreshUser(UserInterface $user) { if (!$user instanceof User) { throw new UnsupportedUserException("Instances of {get_class({$user})} are not supported"); } return $this->loadUserByUsername($user->getUsername()); }
public function getAuthorEmail() { if (null === $this->author) { return $this->author_email; } return $this->author->getEmail(); }
/** * {@inheritDoc} */ public function refreshUser(UserInterface $user) { if (null === ($refreshedUser = $this->repository->findOneByUsername($user->getUsername()))) { throw new UsernameNotFoundException(sprintf('User with id %s not found', json_encode($user->getId()))); } return $refreshedUser; }
/** * * @param string $attribute * @param Club $club * @param UserInterface $user * @return boolean */ protected function isGranted($attribute, $club, $user = null) { switch ($attribute) { case self::VIEW: if (!$club->isPrivate()) { return true; } // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } if (in_array('ROLE_ADMIN', $user->getRoles())) { return true; } break; case self::EDIT: // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } foreach ($club->getAdministrators() as $administrator) { if ($administrator->getId() == $user->getId()) { return true; } } if (in_array('ROLE_ADMIN', $user->getRoles())) { return true; } return false; case self::CREATE: break; } return false; }
public function isEqualTo(UserInterface $user) { if (!$user instanceof LdapUser || $user->getUsername() !== $this->username || $user->getEmail() !== $this->email || count(array_diff($user->getRoles(), $this->roles)) > 0 || $user->getDn() !== $this->dn) { return false; } return true; }
public function login(UserInterface $user) { $user->setLastLogin(new \DateTime()); $this->userManager->updateUser($user); $this->loginManager->loginUser($this->providerKey, $user); return $user; }
public function equals(UserInterface $account) { if ($this->getUsername() == $account->getUsername()) { return true; } return false; }
/** * {@inheritDoc} */ public function connect(UserInterface $user, UserResponseInterface $response) { $property = $this->getProperty($response); $username = $response->getUsername(); //on connect - get the access token and the user ID $service = $response->getResourceOwner()->getName(); if ($service == "google") { $service = "gplus"; } $setter = 'set' . ucfirst($service); $setter_id = $setter . 'Uid'; $setter_token = $setter . 'Name'; //we "disconnect" previously connected users if (null !== ($previousUser = $this->userManager->findUserBy(array($property => $username)))) { $previousUser->{$setter_id}(null); $previousUser->{$setter_token}(null); $this->userManager->updateUser($previousUser); } //we connect current user $user->{$setter_id}($username); $user->{$setter_token}($response->getAccessToken()); //save customfield $user->setProfilePicture($response->getProfilePicture()); //TODO: Save locale, $user->setLocale($response->getLocale()); $this->userManager->updateUser($user); }
public function checkPostAuth(UserInterface $user) { if (!$user instanceof AdvancedUserInterface) { return; } if (!$user->isAccountNonLocked()) { $ex = new LockedException('User account is locked.'); $ex->setUser($user); throw $ex; } if (!$user->isEnabled() and $user->getStatus() == User::STATUS_BAD_EMAIL) { $ex = new DisabledException('BAD_EMAIL'); $ex->setUser($user); throw $ex; } if (!$user->isEnabled()) { $ex = new DisabledException('DISABLED'); if ($user instanceof User && $user->getConfirmationToken()) { $ex = new DisabledException('DISABLED:' . Strings::base64EncodeUrl($user->getEmail())); } $ex->setUser($user); throw $ex; } if (!$user->isAccountNonExpired()) { $ex = new AccountExpiredException('User account has expired.'); $ex->setUser($user); throw $ex; } }
public function refreshUser(UserInterface $user) { if ($user instanceof User) { return $this->loadUserByUsername($user->getUsername()); } throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user))); }
/** * Hydrates an user entity with ldap attributes. * * @param UserInterface $user user to hydrate * @param array $entry ldap result * * @return UserInterface */ protected function hydrate(UserInterface $user, array $entry) { $user->setPassword(''); if ($user instanceof AdvancedUserInterface) { $user->setEnabled(true); } foreach ($this->params['attributes'] as $attr) { if (!array_key_exists($attr['ldap_attr'], $entry)) { continue; } $ldapValue = $entry[$attr['ldap_attr']]; $value = null; if (!array_key_exists('count', $ldapValue) || $ldapValue['count'] == 1) { $value = $ldapValue[0]; } else { $value = array_slice($ldapValue, 1); } call_user_func(array($user, $attr['user_method']), $value); } if ($user instanceof LdapUserInterface) { $user->setDn($entry['dn']); } if ($user instanceof LdapUserRoleInterface && count($this->params['role'])) { $this->addRoles($user, $entry); } }
public function checkCredentials($credentials, UserInterface $user) { if ($user->getPassword() === $this->passwordEncoder->encodePassword($user, $credentials['password'])) { return true; } throw new CustomUserMessageAuthenticationException("Password is incorrect."); }
public function equals(UserInterface $user) { if ($user instanceof MagentoUser) { return $user->getId() === $user->id; } return $user->getUsername() === $this->email; }
/** * {@inheritDoc} */ public function connect(UserInterface $user, UserResponseInterface $response) { $providerName = $response->getResourceOwner()->getName(); $uniqueId = $response->getUsername(); $user->addOAuthAccount($providerName, $uniqueId); $this->userManager->updateUser($user); }
/** * @inheritdoc */ public function equals(UserInterface $user) { if (!$user instanceof User) { return false; } return $user->getUsername() === $this->username; }
/** * Adds a new User to the provider. * * @param UserInterface $user A UserInterface instance * * @throws \LogicException */ public function createUser(UserInterface $user) { if (isset($this->users[strtolower($user->getUsername())])) { throw new \LogicException('Another user with the same username already exists.'); } $this->users[strtolower($user->getUsername())] = $user; }
/** * {@inheritDoc} * * @uses connect() * * @throws LdapDriverException */ public function bind(UserInterface $user, $password) { if ($user instanceof LdapUserInterface && $user->getDn()) { $bind_rdn = $user->getDn(); } elseif (isset($this->params['bindRequiresDn']) && $this->params['bindRequiresDn']) { if (!isset($this->params['baseDn']) || !isset($this->params['accountFilterFormat'])) { throw new LdapDriverException('Param baseDn and accountFilterFormat is required if bindRequiresDn is true'); } $bind_rdn = $this->search($this->params['baseDn'], sprintf($this->params['accountFilterFormat'], $user->getUsername())); if (1 == $bind_rdn['count']) { $bind_rdn = $bind_rdn[0]['dn']; } else { return false; } } else { $bind_rdn = $user->getUsername(); } if (null === $this->ldap_res) { $this->connect(); } $this->logDebug(sprintf('ldap_bind(%s, ****)', $bind_rdn)); ErrorHandler::start(E_WARNING); $bind = ldap_bind($this->ldap_res, $bind_rdn, $password); ErrorHandler::stop(); return $bind; }
/** * {@inheritdoc} */ public function checkCredentials($credentials, UserInterface $user) { if ($user->getPassword() === $credentials['password']) { return true; } throw new CustomUserMessageAuthenticationException($this->failMessage); }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof UserInterface) { if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if ($user instanceof User) { $encoder = $this->encoderFactory->getEncoder($user); if (!$encoder->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { throw new BadCredentialsException('The presented password is invalid.'); } } else { $ldap = new Ldap($this->params['host'], $this->params['port'], $this->params['version']); $bind = $ldap->bind($user->getUsername(), $presentedPassword); $this->logger->debug(sprintf('LDAP bind with username "%s" and password "%s" yielded: %s', $user->getUsername(), $presentedPassword, print_r($bind, true))); if (!$bind) { throw new BadCredentialsException('The presented password is invalid.'); } // There's likely more data in the LDAP result now after a successful bind $this->userProvider->refreshUser($user); } } }
/** * Refreshes the user for the account interface. * * It is up to the implementation to decide if the user data should be * totally reloaded (e.g. from the database), or if the UserInterface * object can just be merged into some internal array of users / identity * map. * * @param UserInterface $user * * @return UserInterface * * @throws UnsupportedUserException if the account is not supported */ public function refreshUser(UserInterface $user) { try { return $this->loadUserByUsername($user->getUsername()); } catch (UsernameNotFoundException $ex) { throw new UnsupportedUserException($ex->getMessage()); } }