authentication on API

2 files changed, 11 insertions, 3 deletions

diff --git a/app/config/security.yml b/app/config/security.yml
index e161c3b5..4a798e56 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -16,9 +16,11 @@ security:
     # the main part of the security, where you can set up firewalls
     # for specific sections of your app
     firewalls:
-        #wsse_secured:
-        #    pattern:   /api/.*
-        #    wsse:      true
+        wsse_secured:
+            pattern:      /api/.*
+            wsse:         true
+            stateless:    true
+            anonymous:    true
         login_firewall:
             pattern:    ^/login$
             anonymous:  ~
diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php
index 5499f400..eaad9c63 100644
--- a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php
+++ b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php
@@ -44,6 +44,12 @@ class WsseProvider implements AuthenticationProviderInterface
         if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) {
             throw new NonceExpiredException('Previously used nonce detected');
         }
+
+        // If cache directory does not exist we create it
+        if (!is_dir($this->cacheDir)) {
+            mkdir($this->cacheDir, 0777, true);
+        }
+
         file_put_contents($this->cacheDir.'/'.$nonce, time());
 
         // Valide le Secret