]>
Commit | Line | Data |
---|---|---|
c3235553 NL |
1 | <?php |
2 | ||
769e19dc | 3 | namespace Wallabag\ApiBundle\Security\Firewall; |
c3235553 NL |
4 | |
5 | use Symfony\Component\HttpFoundation\Response; | |
6 | use Symfony\Component\HttpKernel\Event\GetResponseEvent; | |
7 | use Symfony\Component\Security\Http\Firewall\ListenerInterface; | |
8 | use Symfony\Component\Security\Core\Exception\AuthenticationException; | |
9 | use Symfony\Component\Security\Core\SecurityContextInterface; | |
10 | use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; | |
769e19dc | 11 | use Wallabag\ApiBundle\Security\Authentication\Token\WsseUserToken; |
5078e836 | 12 | use Psr\Log\LoggerInterface; |
c3235553 NL |
13 | |
14 | class WsseListener implements ListenerInterface | |
15 | { | |
16 | protected $securityContext; | |
17 | protected $authenticationManager; | |
2a94b1d1 | 18 | protected $logger; |
c3235553 | 19 | |
2a94b1d1 | 20 | public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger) |
c3235553 NL |
21 | { |
22 | $this->securityContext = $securityContext; | |
23 | $this->authenticationManager = $authenticationManager; | |
2a94b1d1 | 24 | $this->logger = $logger; |
c3235553 NL |
25 | } |
26 | ||
27 | public function handle(GetResponseEvent $event) | |
28 | { | |
29 | $request = $event->getRequest(); | |
30 | ||
31 | $wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; | |
32 | if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { | |
33 | return; | |
34 | } | |
35 | ||
36 | $token = new WsseUserToken(); | |
37 | $token->setUser($matches[1]); | |
38 | ||
39 | $token->digest = $matches[2]; | |
40 | $token->nonce = $matches[3]; | |
41 | $token->created = $matches[4]; | |
42 | ||
43 | try { | |
44 | $authToken = $this->authenticationManager->authenticate($token); | |
45 | ||
46 | $this->securityContext->setToken($authToken); | |
d29bfaf1 NL |
47 | |
48 | return; | |
c3235553 | 49 | } catch (AuthenticationException $failed) { |
2a94b1d1 NL |
50 | $failedMessage = 'WSSE Login failed for '.$token->getUsername().'. Why ? '.$failed->getMessage(); |
51 | $this->logger->err($failedMessage); | |
c3235553 NL |
52 | |
53 | // Deny authentication with a '403 Forbidden' HTTP response | |
54 | $response = new Response(); | |
55 | $response->setStatusCode(403); | |
2a94b1d1 | 56 | $response->setContent($failedMessage); |
c3235553 | 57 | $event->setResponse($response); |
2a94b1d1 NL |
58 | |
59 | return; | |
c3235553 NL |
60 | } |
61 | } | |
7df80cb3 | 62 | } |