/** * Authenticate a token according to the user provider. * * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token * * @return \Symfony\Component\Security\Core\User\UserProviderInterface * * @throws SecurityException Occures on invalid connection */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return; } $username = $token->getUsername(); if (empty($username)) { $username = '******'; } $user = $this->_userProvider->loadUserByUsername($username); if (false === is_array($user)) { $user = array($user); } $authenticatedToken = false; while (false === $authenticatedToken) { if (null !== ($provider = array_pop($user))) { $authenticatedToken = $this->authenticateUser($token, $provider); } else { break; } } if (false === $authenticatedToken) { throw new SecurityException('Invalid authentication informations', SecurityException::INVALID_CREDENTIALS); } return $authenticatedToken; }
/** * Whether this provider supports the given user class. * * @param string $class * * @return bool */ public function supportsClass($class) { if ($this->provider) { return $this->provider->supportsClass($class); } return false; }
/** * Load user from payload, using username by default. * Override this to load by another property. * * @param array $payload * * @return \Symfony\Component\Security\Core\User\UserInterface */ protected function getUserFromPayload(array $payload) { if (!isset($payload[$this->userIdentityField])) { throw new AuthenticationException('Invalid JWT Token'); } return $this->userProvider->loadUserByUsername($payload[$this->userIdentityField]); }
/** * @param TokenInterface $token * @return BlockCypherUserToken */ public function authenticate(TokenInterface $token) { // if (!$userProvider instanceof ApiKeyUserProvider) { // throw new \InvalidArgumentException( // sprintf( // 'The user provider must be an instance of ApiKeyUserProvider (%s was given).', // get_class($userProvider) // ) // ); // } //$blockCypherToken = null; $blockCypherToken = $token->getCredentials(); $username = $blockCypherToken; // DEBUG //var_dump($blockCypherToken); //die(); /** @var User $user */ $user = $this->userProvider->loadUserByUsername($username); // DEBUG //var_dump($user); //die(); if ($user) { $blockCypherToken = $user->getBlockCypherToken(); } if ($user && $this->validateBlockCypherToken($blockCypherToken)) { $authenticatedToken = new BlockCypherUserToken($user, $blockCypherToken, 'blockcypher', $user->getRoles()); //$authenticatedToken->setUser($user); return $authenticatedToken; } throw new AuthenticationException('BlockCypher token empty or invalid.'); }
/** * @inheritdoc */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { try { $user = $userProvider->loadUserByUsername($token->getUsername()); } catch (UsernameNotFoundException $e) { throw new CustomUserMessageAuthenticationException('Invalid username or password'); } $username = $token->getUsername(); $password = $token->getCredentials(); $sessionCreationResult = null; try { $sessionCreationResult = $this->userSessionRepository->createSessionIdByCredentials($username, $password); } catch (\InvalidArgumentException $e) { throw new CustomUserMessageAuthenticationException('Invalid username or password'); } catch (RepositoryInfrastructureException $e) { throw new CustomUserMessageAuthenticationException('Cannot connect to Revive service'); } $passwordValid = $sessionCreationResult !== null && UserSessionCreationAuthenticationResult::isSuccess($sessionCreationResult->getSessionCreationAuthenticationResult()); if ($passwordValid) { $sessionId = $sessionCreationResult->getSessionId(); $roles = []; $roles[] = 'USER'; if (UserSessionCreationAuthorizationSessionCreationResult::isSuccess($sessionCreationResult->getSessionCreationAuthorizationSessionCreation())) { $roles[] = 'ADMIN'; } $token = new ReviveAuthenticationToken($user, $sessionId, $providerKey, $roles); return $token; } throw new CustomUserMessageAuthenticationException('Invalid username or password'); }
/** * Function used for user authentication based on token object * * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token * @param \Symfony\Component\Security\Core\User\UserProviderInterface $userProvider * @param string $providerKey * @return \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken * @throws BadCredentialsException */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { $passwordValid = false; // Load user object try { $user = $userProvider->loadUserByUsername($token->getUsername()); } catch (UsernameNotFoundException $e) { throw new BadCredentialsException('Invalid username or password', 0, $e); } try { $this->userChecker->checkPreAuth($user); // Call the correct authentication method if (null !== $this->ldapManager && $user->isLdapEnabled()) { $passwordValid = $this->checkAuthenticationLdap($user, $token); } else { $passwordValid = $this->checkAuthentication($user, $token); } $this->userChecker->checkPostAuth($user); } catch (BadCredentialsException $e) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Invalid username or password', 0, $e); } throw $e; } // Set the authenticated token if ($passwordValid) { return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles()); } throw new BadCredentialsException('Invalid username or password'); }
function it_gets_user(UserProviderInterface $userProvider, UserCommandBus $commandBus, LogInUserCommand $credentials, User $user) { $commandBus->handle($credentials)->shouldBeCalled(); $credentials->email()->shouldBeCalled()->willReturn('*****@*****.**'); $userProvider->loadUserByUsername('*****@*****.**')->shouldBeCalled()->willReturn($user); $this->getUser($credentials, $userProvider)->shouldReturn($user); }
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { $secret = $token->getCredentials(); $userData = $this->session->getFlashBag()->get('arcanys_sso_auth.user_data'); if ($userData) { // TODO create mapping config in the future $username = reset($userData['uid']); $email = reset($userData['email']); $firstname = reset($userData['firstname']); $lastname = reset($userData['lastname']); $token = reset($userData['token']); $roles = $userData['rights']; if (!$roles) { $roles = ['ROLE_USER']; } } else { $this->saml2->login(); exit; } if (!$username) { throw new AuthenticationException("Failed to authenticate from SSO"); } $user = $userProvider->loadUserByUsername(['username' => $username, 'email' => $email, 'firstname' => $firstname, 'lastname' => $lastname, 'token' => $token, 'roles' => $roles]); return new PreAuthenticatedToken($user, $secret, $providerKey, $user->getRoles($roles)); }
/** * Attempt to authenticate the provided token using the provided user provider. * @param TokenInterface $token * @param UserProviderInterface $userProvider * @param string $providerKey * @return UsernamePasswordToken * @throws BadCredentialsException */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { if (($user = $userProvider->loadUserByUsername($token->getUsername())) && $user->getPassword() == $token->getCredentials()) { return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles()); } throw new BadCredentialsException('The presented password is invalid.'); }
/** * Validates WordPress authentication cookie * * @param UserProviderInterface $userProvider * @param Cookie $cookie * @return UserInterface UserInterface if valid. * @throws RuntimeException * @throws AuthenticationException */ public function validateCookie(UserProviderInterface $userProvider, $cookie) { $cookieParts = $this->decodeCookie($cookie); switch (count($cookieParts)) { case 3: list($username, $expiration, $hmac) = $cookieParts; $token = null; break; case 4: list($username, $expiration, $token, $hmac) = $cookieParts; break; default: throw new AuthenticationException('Invalid WordPress cookie.'); } if ($expiration < time()) { throw new AuthenticationException('The WordPress cookie has expired.'); } try { $user = $userProvider->loadUserByUsername($username); } catch (Exception $exception) { if (!$exception instanceof AuthenticationException) { $exception = new AuthenticationException($exception->getMessage(), $exception->getCode(), $exception); } throw $exception; } if (!$user instanceof UserInterface) { throw new RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user))); } if ($token && $hmac !== $this->generateHmacWithToken($username, $expiration, $token, $user->getPassword()) || !$token && $hmac !== $this->generateHmac($username, $expiration, $user->getPassword())) { throw new AuthenticationException('The WordPress cookie\'s hash is invalid. Your logged in key and salt settings could be wrong.'); } return $user; }
/** * Calls the UserProvider providing a valid User * @param array $credentials * @param UserProviderInterface $userProvider * @return bool */ public function getUser($credentials, UserProviderInterface $userProvider) { if (isset($credentials[$this->username_attribute])) { return $userProvider->loadUserByUsername($credentials[$this->username_attribute]); } else { return null; } }
/** * {@inheritdoc} */ public function getUser($credentials, UserProviderInterface $userProvider) { try { return $userProvider->loadUserByUsername($credentials['username']); } catch (UsernameNotFoundException $e) { throw new CustomUserMessageAuthenticationException($this->translator->trans($this->failMessage)); } }
/** * @param string $username * @param UsernamePasswordToken $token * @return null|UserInterface */ public function retrieveUser($username, UsernamePasswordToken $token) { try { return $this->userProvider->loadUserByUsername($username); } catch (NoResultException $e) { return null; } }
function it_does_not_get_user_because_user_is_inactive(JWTEncoderInterface $jwtEncoder, UserProviderInterface $userProvider, User $user) { $jwtEncoder->decode('bearer-token')->shouldBeCalled()->willReturn(['email' => '*****@*****.**']); $userProvider->loadUserByUsername('*****@*****.**')->shouldBeCalled()->willReturn($user); $user->confirmationToken = 'confirmation-token'; $user->invitationToken = null; $this->shouldThrow(new CustomUserMessageAuthenticationException('The user does not exist'))->duringGetUser('bearer-token', $userProvider); }
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { $user = $userProvider->loadUserByUsername($token->getUsername()); if (!$user) { throw new AuthenticationException('User not found'); } return new PreAuthenticatedToken($user, $token->getUsername(), $providerKey, $user->getRoles()); }
/** * {@inheritDoc} */ public function authenticate(TokenInterface $token) { $username = $this->oauthProvider->getUsername($token->getCredentials()); $user = $this->userProvider->loadUserByUsername($username); $token = new OAuthToken($token->getCredentials(), $user->getRoles()); $token->setUser($user); $token->setAuthenticated(true); return $token; }
public function getUser($credentials, UserProviderInterface $userProvider) { try { $user = $userProvider->loadUserByUsername($credentials['username']); return $user; } catch (\Exception $ex) { throw new CustomUserMessageAuthenticationException("User was not found."); } }
public function testRetrieveUserReturnsUserFromTokenOnReauthentication() { $method = $this->setMethodAccessible('retrieveUser'); $this->userProvider->expects($this->never())->method('loadUserByUsername'); $user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $token = new UsernamePasswordToken($user, '', 'provider_key', array()); $result = $method->invoke($this->ldapAuthenticationProvider, null, $token); $this->assertSame($user, $result); }
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { try { $user = $userProvider->loadUserByUsername($token->getUsername()); return $this->authenticate($user, $token, $providerKey); } catch (UsernameNotFoundException $e) { return $this->getFromProviders($token, $providerKey); } }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { $authenticatedToken = new WsseToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; } throw new AuthenticationException('The WSSE authentication failed.'); }
function it_throws_authentication_exception_when_user_could_not_be_loaded(ResourceServer $resourceServer, UserProviderInterface $userProvider, EmitterInterface $emitter) { $providerKey = 'default'; $userIdentifier = '*****@*****.**'; $token = new PreAuthenticatedToken('anon.', 'DDSHs55zpG51Mtxnt6H8vwn5fVJ230dF', $providerKey); $resourceServer->isValidRequest(true)->shouldBeCalled(); $this->resourceServerWillReturnOwnerId($resourceServer, $emitter, $userIdentifier); $userProvider->loadUserByUsername($userIdentifier)->willThrow(UsernameNotFoundException::class); $this->shouldThrow(AuthenticationException::class)->during('authenticateToken', [$token, $userProvider, $providerKey]); }
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { $user = $userProvider->loadUserByUsername($token->getUsername()); $this->userChecker->checkPreAuth($user); if (!$this->encoder->isPasswordValid($user, $token->getCredentials())) { throw new BadCredentialsException('The presented password is invalid.'); } $this->userChecker->checkPostAuth($user); return new UsernamePasswordToken($user, $token->getCredentials(), $providerKey, $user->getRoles()); }
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { $webToken = $token->getWebToken(); $user = $userProvider->loadUserByUsername($webToken->getSubject()); $this->userChecker->checkPreAuth($user); $this->userChecker->checkPostAuth($user); $token = new WebTokenToken($providerKey, $webToken, $user->getRoles()); $token->setUser($user)->setAuthenticated(true); return $token; }
public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user && ($token->isAuthenticated() || $this->crowd->isauthenticationvalid($token->getUsername(), $token->getCredentials()))) { $authenticatedToken = new CrowdToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; } throw new AuthenticationException('The Crowd authentication failed.'); }
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { $username = $token->getUsername(); $user = $userProvider->loadUserByUsername($username); if ($user instanceof SamlUserInterface) { $user->setSamlAttributes($token->getAttributes()); } $authenticatedToken = new SamlToken($user, $user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; }
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { $accessToken = $token->getCredentials(); try { $user = $userProvider->loadUserByUsername($accessToken); } catch (UsernameNotFoundException $e) { throw new UnauthorizedApiException($e->getMessage()); } $token->setUser($user); return $token; }
/** * {@inheritdoc} */ public function getUser($credentials, UserProviderInterface $userProvider) { if (!$userProvider instanceof InMemoryUserProvider) { return; } try { return $userProvider->loadUserByUsername($credentials['username']); } catch (UsernameNotFoundException $e) { throw new CustomUserMessageAuthenticationException($this->failMessage); } }
/** * Return a UserInterface object based on the credentials returned by getCredentials() * if null, authentication will fail * if a User object, checkCredentials() is called */ public function getUser($credentials, UserProviderInterface $userProvider) { if (isset($credentials['token'])) { return $this->em->getRepository('AppBundle:User')->findOneBy(array('apiToken' => $credentials['token'])); } else { if (isset($credentials['username']) && isset($credentials['plainPassword'])) { return $userProvider->loadUserByUsername($credentials['username']); } } return null; }
/** * {@inheritDocs} */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { list($uid, $timestamp, $hashedPassword) = $token->getCredentials(); /** @var $userProvider \Bangpound\Bundle\DrupalBundle\Security\User\UserProvider */ $username = $userProvider->getUsernameForHashedPassword($uid, $timestamp, $hashedPassword); if (!$username) { throw new AuthenticationException(sprintf(' "%s" does not exist.', serialize($token->getCredentials()))); } $user = $userProvider->loadUserByUsername($username); return new PreAuthenticatedToken($user, $token->getCredentials(), $providerKey, $user->getRoles()); }
/** * @param TokenInterface $token * @param UserProviderInterface $userProvider * @param $providerKey * @throw AuthenticationException * @thorw BadCredentialsException * @return UsernamePasswordToken */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { try { $user = $userProvider->loadUserByUsername($token->getUsername()); } catch (UsernameNotFoundException $e) { throw new AuthenticationException(sprintf('Can\'t find user by "%s" username', $token->getUsername())); } if (true === $this->pamAuth($token->getUsername(), $token->getCredentials())) { return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, in_array($user->getUsername(), $this->rootUsers) ? ['ROLE_USER', 'ROLE_ADMIN'] : ['ROLE_USER']); } throw new BadCredentialsException('Bad credentials', 403); }