public function __invoke(MvcAuthEvent $mvcAuthEvent) { $identity = parent::__invoke($mvcAuthEvent); $authIdentity = array(); if ($identity instanceof AuthenticatedIdentity) { //get user details $authIdentity = $identity->getAuthenticationIdentity(); if (isset($authIdentity['user_id'])) { $user = $this->userService->findUserByUsername($authIdentity['user_id']); $user->addHydratorFilter("details", new MethodMatchFilter("getDetails"), FilterComposite::CONDITION_AND); $userArray = $this->userHydrator->extract($user); $authIdentity['user_data'] = $userArray; } //get oauth client details if (isset($authIdentity['client_id'])) { $client = $this->oauthClientMapper->fetchEntity($authIdentity['client_id']); if ($client) { $authIdentity['client_data'] = $this->oauthClientMapper->getHydrator()->extract($client); } } $identity = new AuthenticatedIdentity($authIdentity); $identity->setName($authIdentity['user_data']['roleId']); } return $identity; }
/** * Attempt to authenticate the current request. * * @param Request $request * @param Response $response * @param MvcAuthEvent $mvcAuthEvent * @return false|IdentityInterface False on failure, IdentityInterface * otherwise */ public function authenticate(Request $request, Response $response, MvcAuthEvent $mvcAuthEvent) { $this->httpAuth->setRequest($request); $this->httpAuth->setResponse($response); $result = $this->authenticationService->authenticate($this->httpAuth); $mvcAuthEvent->setAuthenticationResult($result); if (! $result->isValid()) { return false; } $resultIdentity = $result->getIdentity(); // Pass fully discovered identity to AuthenticatedIdentity instance $identity = new Identity\AuthenticatedIdentity($resultIdentity); // But determine the name separately $name = $resultIdentity; if (is_array($resultIdentity)) { $name = isset($resultIdentity['username']) ? $resultIdentity['username'] : (string) array_shift($resultIdentity); } $identity->setName($name); return $identity; }
/** * Attempt to authenticate the current request. * * @param Request $request * @param Response $response * @param MvcAuthEvent $mvcAuthEvent * @return false|IdentityInterface False on failure, IdentityInterface * otherwise */ public function authenticate(Request $request, Response $response, MvcAuthEvent $mvcAuthEvent) { $content = $request->getContent(); $oauth2request = new OAuth2Request( $_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER, $content, $request->getHeaders()->toArray() ); if (! $this->oauth2Server->verifyResourceRequest($oauth2request)) { return false; } $token = $this->oauth2Server->getAccessTokenData($oauth2request); $identity = new Identity\AuthenticatedIdentity($token); $identity->setName($token['user_id']); return $identity; }
/** * Attempt to authenticate the current request. * * @param Request $request * @param Response $response * @param MvcAuthEvent $mvcAuthEvent * @return false|Identity\IdentityInterface False on failure, IdentityInterface * otherwise */ public function authenticate(Request $request, Response $response, MvcAuthEvent $mvcAuthEvent) { $oauth2request = new OAuth2Request($request->getQuery()->toArray(), $request->getPost()->toArray(), [], $request->getCookie() ? $request->getCookie()->getArrayCopy() : [], $request->getFiles() ? $request->getFiles()->toArray() : [], method_exists($request, 'getServer') ? $request->getServer()->toArray() : $_SERVER, $request->getContent(), $request->getHeaders()->toArray()); // Failure to validate if (!$this->oauth2Server->verifyResourceRequest($oauth2request)) { $oauth2Response = $this->oauth2Server->getResponse(); $status = $oauth2Response->getStatusCode(); // 401 or 403 mean invalid credentials or unauthorized scopes; report those. if (in_array($status, [401, 403], true) && null !== $oauth2Response->getParameter('error')) { return $this->mergeOAuth2Response($status, $response, $oauth2Response); } // Merge in any headers; typically sets a WWW-Authenticate header. $this->mergeOAuth2ResponseHeaders($response, $oauth2Response->getHttpHeaders()); // Otherwise, no credentials were present at all, so we just return a guest identity. return new Identity\GuestIdentity(); } $token = $this->oauth2Server->getAccessTokenData($oauth2request); $identity = new Identity\AuthenticatedIdentity($token); $identity->setName($token['user_id']); return $identity; }
/** * Listen to authentication events * * @param MvcAuthEvent $mvcAuthEvent * @return mixed */ public function __invoke(MvcAuthEvent $mvcAuthEvent) { $mvcEvent = $mvcAuthEvent->getMvcEvent(); $request = $mvcEvent->getRequest(); $response = $mvcEvent->getResponse(); //Skip authentication for console requests or OPTIONS requests if (!$request instanceof HttpRequest || $request->isOptions()) { return null; } //Skip authentication if the requested URI is on the whitelist $relPath = $this->_getRelativePath($request); foreach ($this->getUriWhitelist() as $pattern) { $regex = '/' . str_replace('/', '\\/', $pattern) . '/'; if (preg_match($regex, $relPath)) { return null; } } //Provide our auth adapter with the request and response objects if it needs them if (is_callable(array($this->adapter, 'setRequest'))) { $this->adapter->setRequest($request); } if (is_callable(array($this->adapter, 'setResponse'))) { $this->adapter->setResponse($response); } //Ask the adapter to authenticate $authService = $mvcAuthEvent->getAuthenticationService(); $authResult = $authService->authenticate($this->adapter); $mvcAuthEvent->setAuthenticationResult($authResult); //Create the identity object if ($authResult->isValid()) { //Create MvcAuth identity $resultIdentity = $authResult->getIdentity(); $identity = new AuthenticatedIdentity($resultIdentity); $identity->setName((string) $resultIdentity); } else { $identity = new GuestIdentity(); } $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; }
/** * @param MvcAuthEvent $mvcAuthEvent * * @return null|Identity\IdentityInterface */ public function __invoke(MvcAuthEvent $mvcAuthEvent) { $mvcEvent = $mvcAuthEvent->getMvcEvent(); $request = $mvcEvent->getRequest(); if (!$request instanceof HttpRequest) { return; } if (in_array($request->getMethod(), $this->methodsWithoutHash)) { return; } $response = $mvcEvent->getResponse(); $adapter = $this->getAdapter(); // configure tokenServer $tokenServer = $this->getTokenServer(); $tokenServer->setAdapter($adapter); $tokenServer->setRequest($request); $tokenServer->setResponse($response); try { if ($tokenServer->authenticate()) { // Use given identity $user = $tokenServer->getUserId(); if ($user instanceof Identity\IdentityInterface) { return $user; } // Create identity $identity = new Identity\AuthenticatedIdentity($user); $identity->setName($user); return $identity; } } catch (TokenException $e) { // let's make it a guest } return new Identity\GuestIdentity(); }
/** * Listen to the authentication event * * @param MvcAuthEvent $mvcAuthEvent * @return mixed */ public function __invoke(MvcAuthEvent $mvcAuthEvent) { $mvcEvent = $mvcAuthEvent->getMvcEvent(); $request = $mvcEvent->getRequest(); $response = $mvcEvent->getResponse(); if (!$request instanceof HttpRequest || $request->isOptions()) { return; } $type = false; if ($this->httpAdapter instanceof HttpAuth) { $this->httpAdapter->setRequest($request); $this->httpAdapter->setResponse($response); } $authHeader = $request->getHeader('Authorization'); if ($authHeader) { $headerContent = trim($authHeader->getFieldValue()); // we only support headers in the format: Authorization: xxx yyyyy if (strpos($headerContent, ' ') === false) { $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } list($type, $credential) = preg_split('# #', $headerContent, 2); } if (!$type && !in_array($request->getMethod(), $this->requestsWithoutBodies) && $request->getHeaders()->has('Content-Type') && $request->getHeaders()->get('Content-Type')->match('application/x-www-form-urlencoded') && $request->getPost('access_token')) { $type = 'oauth2'; } if (!$type && null !== $request->getQuery('access_token')) { $type = 'oauth2'; } if (!$type) { if ($this->httpAdapter instanceof HttpAuth) { $this->httpAdapter->challengeClient(); } $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } switch (strtolower($type)) { case 'basic': case 'digest': if (!$this->httpAdapter instanceof HttpAuth) { $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } $auth = $mvcAuthEvent->getAuthenticationService(); $result = $auth->authenticate($this->httpAdapter); $mvcAuthEvent->setAuthenticationResult($result); if ($result->isValid()) { $resultIdentity = $result->getIdentity(); // Pass full discovered identity to AuthenticatedIdentity object $identity = new Identity\AuthenticatedIdentity($resultIdentity); // But determine name separately $name = $resultIdentity; if (is_array($resultIdentity)) { $name = isset($resultIdentity['username']) ? $resultIdentity['username'] : (string) $resultIdentity; } $identity->setName($name); // Set in MvcEvent $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; case 'oauth2': case 'bearer': if (!$this->oauth2Server instanceof OAuth2Server) { $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } $content = $request->getContent(); $oauth2request = new OAuth2Request($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER, $content); if ($this->oauth2Server->verifyResourceRequest($oauth2request)) { $token = $this->oauth2Server->getAccessTokenData($oauth2request); $identity = new Identity\AuthenticatedIdentity($token); $identity->setName($token['user_id']); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; } $identity = new Identity\GuestIdentity(); $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity); return $identity; case 'token': throw new \Exception('zf-mvc-auth has not yet implemented a "token" authentication adapter'); } }