authentication on API

diff --git a/app/config/security.yml b/app/config/security.yml
index e161c3b53b911f70f77443f51c30609fa52263ff..4a798e56fb16be9dfaeb27e4bf500bb4d5f8a343 100644 (file)
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -16,9 +16,11 @@ security:
     # the main part of the security, where you can set up firewalls
     # for specific sections of your app
     firewalls:
-        #wsse_secured:
-        #    pattern:   /api/.*
-        #    wsse:      true
+        wsse_secured:
+            pattern:      /api/.*
+            wsse:         true
+            stateless:    true
+            anonymous:    true
         login_firewall:
             pattern:    ^/login$
             anonymous:  ~

diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php
index 5499f4007d411323f37c2af41e3b0a2fa77ac5ba..eaad9c6335b03d1b7d1fa9330e1352fc789b13f9 100644 (file)
--- a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php
+++ b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php
@@ -44,6 +44,12 @@ class WsseProvider implements AuthenticationProviderInterface
         if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) {
             throw new NonceExpiredException('Previously used nonce detected');
         }
+
+        // If cache directory does not exist we create it
+        if (!is_dir($this->cacheDir)) {
+            mkdir($this->cacheDir, 0777, true);
+        }
+
         file_put_contents($this->cacheDir.'/'.$nonce, time());
 
         // Valide le Secret