]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | namespace Wallabag\CoreBundle\Security\Authentication\Provider; | |
3 | ||
4 | use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; | |
5 | use Symfony\Component\Security\Core\User\UserProviderInterface; | |
6 | use Symfony\Component\Security\Core\Exception\AuthenticationException; | |
7 | use Symfony\Component\Security\Core\Exception\NonceExpiredException; | |
8 | use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | |
9 | use Wallabag\CoreBundle\Security\Authentication\Token\WsseUserToken; | |
10 | ||
11 | class WsseProvider implements AuthenticationProviderInterface | |
12 | { | |
13 | private $userProvider; | |
14 | private $cacheDir; | |
15 | ||
16 | public function __construct(UserProviderInterface $userProvider, $cacheDir) | |
17 | { | |
18 | $this->userProvider = $userProvider; | |
19 | $this->cacheDir = $cacheDir; | |
20 | } | |
21 | ||
22 | public function authenticate(TokenInterface $token) | |
23 | { | |
24 | $user = $this->userProvider->loadUserByUsername($token->getUsername()); | |
25 | ||
26 | if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { | |
27 | $authenticatedToken = new WsseUserToken($user->getRoles()); | |
28 | $authenticatedToken->setUser($user); | |
29 | ||
30 | return $authenticatedToken; | |
31 | } | |
32 | ||
33 | throw new AuthenticationException('The WSSE authentication failed.'); | |
34 | } | |
35 | ||
36 | protected function validateDigest($digest, $nonce, $created, $secret) | |
37 | { | |
38 | // Expire le timestamp après 5 minutes | |
39 | if (time() - strtotime($created) > 300) { | |
40 | return false; | |
41 | } | |
42 | ||
43 | // Valide que le nonce est unique dans les 5 minutes | |
44 | if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) { | |
45 | throw new NonceExpiredException('Previously used nonce detected'); | |
46 | } | |
47 | file_put_contents($this->cacheDir.'/'.$nonce, time()); | |
48 | ||
49 | // Valide le Secret | |
50 | $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); | |
51 | ||
52 | return $digest === $expected; | |
53 | } | |
54 | ||
55 | public function supports(TokenInterface $token) | |
56 | { | |
57 | return $token instanceof WsseUserToken; | |
58 | } | |
59 | } |