From 0ac38198ab1c00dfb290d5631fa7c1cf5ac2a48a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Nicolas=20L=C5=93uillet?= Date: Mon, 9 Feb 2015 13:59:48 +0100 Subject: [PATCH] authentication on API --- app/config/security.yml | 8 +++++--- .../Security/Authentication/Provider/WsseProvider.php | 6 ++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/app/config/security.yml b/app/config/security.yml index e161c3b5..4a798e56 100644 --- a/app/config/security.yml +++ b/app/config/security.yml @@ -16,9 +16,11 @@ security: # the main part of the security, where you can set up firewalls # for specific sections of your app firewalls: - #wsse_secured: - # pattern: /api/.* - # wsse: true + wsse_secured: + pattern: /api/.* + wsse: true + stateless: true + anonymous: true login_firewall: pattern: ^/login$ anonymous: ~ diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php index 5499f400..eaad9c63 100644 --- a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php +++ b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php @@ -44,6 +44,12 @@ class WsseProvider implements AuthenticationProviderInterface if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) { throw new NonceExpiredException('Previously used nonce detected'); } + + // If cache directory does not exist we create it + if (!is_dir($this->cacheDir)) { + mkdir($this->cacheDir, 0777, true); + } + file_put_contents($this->cacheDir.'/'.$nonce, time()); // Valide le Secret -- 2.41.0