src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php

   1 <?php
   2
   3 namespace Wallabag\CoreBundle\Security\Firewall;
   4
   5 use Symfony\Component\HttpFoundation\Response;
   6 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
   7 use Symfony\Component\Security\Http\Firewall\ListenerInterface;
   8 use Symfony\Component\Security\Core\Exception\AuthenticationException;
   9 use Symfony\Component\Security\Core\SecurityContextInterface;
  10 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  11 use Wallabag\CoreBundle\Security\Authentication\Token\WsseUserToken;
  12 use Symfony\Component\HttpKernel\Log\LoggerInterface;
  13
  14 class WsseListener implements ListenerInterface
  15 {
  16     protected $securityContext;
  17     protected $authenticationManager;
  18     protected $logger;
  19
  20     public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger)
  21     {
  22         $this->securityContext = $securityContext;
  23         $this->authenticationManager = $authenticationManager;
  24         $this->logger = $logger;
  25     }
  26
  27     public function handle(GetResponseEvent $event)
  28     {
  29         $request = $event->getRequest();
  30
  31         $wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
  32         if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
  33             return;
  34         }
  35
  36         $token = new WsseUserToken();
  37         $token->setUser($matches[1]);
  38
  39         $token->digest   = $matches[2];
  40         $token->nonce    = $matches[3];
  41         $token->created  = $matches[4];
  42
  43         try {
  44             $authToken = $this->authenticationManager->authenticate($token);
  45
  46             $this->securityContext->setToken($authToken);
  47         } catch (AuthenticationException $failed) {
  48             $failedMessage = 'WSSE Login failed for '.$token->getUsername().'. Why ? '.$failed->getMessage();
  49             $this->logger->err($failedMessage);
  50
  51             // Deny authentication with a '403 Forbidden' HTTP response
  52             $response = new Response();
  53             $response->setStatusCode(403);
  54             $response->setContent($failedMessage);
  55             $event->setResponse($response);
  56
  57             return;
  58         }
  59
  60         // By default deny authorization
  61         $response = new Response();
  62         $response->setStatusCode(403);
  63         $event->setResponse($response);
  64     }
  65 }