/**
* This interface must be implemented by firewall listeners.
*
* @param GetResponseEvent $event
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$authorizationHeader = $request->headers->get('Authorization');
if (strpos($authorizationHeader, 'Hawk') !== 0) {
return;
}
$attributes = $this->hawkHeaderParser->parseFieldValue($authorizationHeader);
$unauthenticatedToken = new HawkToken();
$unauthenticatedToken->setId($attributes['id'])->setTimestamp($attributes['ts'])->setNonce($attributes['nonce'])->setMac($attributes['mac'])->setMethod($request->getMethod())->setHost($request->getHost())->setPort($request->getPort())->setUri($request->getRequestUri())->setContentType($request->headers->get('Content-Type'))->setPayload($request->getContent() ?: null)->setAuthorizationHeader($authorizationHeader);
$authenticatedToken = $this->authenticationManager->authenticate($unauthenticatedToken);
$this->securityContext->setToken($authenticatedToken);
}
/**
* Attempts to authenticate a TokenInterface object.
*
* @param TokenInterface $token The TokenInterface instance to authenticate
*
* @return TokenInterface An authenticated TokenInterface instance, never null
*
* @throws AuthenticationException if the authentication fails
*/
public function authenticate(TokenInterface $token)
{
if (!$token instanceof HawkToken) {
throw new \InvalidArgumentException('Provided token is not HawkToken');
}
try {
$user = $this->userProvider->loadUserByUsername($token->getId());
$this->userChecker->checkPreAuth($user);
$this->hawkServer->authenticate($token->getMethod(), $token->getHost(), $token->getPort(), $token->getUri(), $token->getContentType(), $token->getPayload(), $token->getAuthorizationHeader());
$this->userChecker->checkPostAuth($user);
$authenticatedToken = new HawkToken($user->getRoles());
$authenticatedToken->copy($token);
$authenticatedToken->setAuthenticated(true);
$authenticatedToken->setUser($user);
return $authenticatedToken;
} catch (UnauthorizedException $exception) {
throw new AuthenticationException('Invalid Hawk authentication data');
}
}
public function copy(HawkToken $token)
{
$this->setId($token->getId())->setTimestamp($token->getTimestamp())->setNonce($token->getNonce())->setMac($token->getMac())->setMethod($token->getMethod())->setHost($token->getHost())->setPort($token->getPort())->setUri($token->getUri())->setContentType($token->getContentType())->setPayload($token->getPayload())->setAuthorizationHeader($token->getAuthorizationHeader());
$this->setAttributes($token->getAttributes());
}