]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | ||
3 | namespace Wallabag\CoreBundle\Security\Firewall; | |
4 | ||
5 | use Symfony\Component\HttpFoundation\Response; | |
6 | use Symfony\Component\HttpKernel\Event\GetResponseEvent; | |
7 | use Symfony\Component\Security\Http\Firewall\ListenerInterface; | |
8 | use Symfony\Component\Security\Core\Exception\AuthenticationException; | |
9 | use Symfony\Component\Security\Core\SecurityContextInterface; | |
10 | use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; | |
11 | use Wallabag\CoreBundle\Security\Authentication\Token\WsseUserToken; | |
12 | ||
13 | class WsseListener implements ListenerInterface | |
14 | { | |
15 | protected $securityContext; | |
16 | protected $authenticationManager; | |
17 | ||
18 | public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager) | |
19 | { | |
20 | $this->securityContext = $securityContext; | |
21 | $this->authenticationManager = $authenticationManager; | |
22 | } | |
23 | ||
24 | public function handle(GetResponseEvent $event) | |
25 | { | |
26 | $request = $event->getRequest(); | |
27 | ||
28 | $wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; | |
29 | if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { | |
30 | return; | |
31 | } | |
32 | ||
33 | $token = new WsseUserToken(); | |
34 | $token->setUser($matches[1]); | |
35 | ||
36 | $token->digest = $matches[2]; | |
37 | $token->nonce = $matches[3]; | |
38 | $token->created = $matches[4]; | |
39 | ||
40 | try { | |
41 | $authToken = $this->authenticationManager->authenticate($token); | |
42 | ||
43 | $this->securityContext->setToken($authToken); | |
44 | } catch (AuthenticationException $failed) { | |
45 | // ... you might log something here | |
46 | ||
47 | // To deny the authentication clear the token. This will redirect to the login page. | |
48 | // $this->securityContext->setToken(null); | |
49 | // return; | |
50 | ||
51 | // Deny authentication with a '403 Forbidden' HTTP response | |
52 | $response = new Response(); | |
53 | $response->setStatusCode(403); | |
54 | $event->setResponse($response); | |
55 | } | |
56 | } | |
57 | } |