diff options
author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2015-05-30 13:52:26 +0200 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2015-05-30 13:59:33 +0200 |
commit | 4346a86068781f4acdeb574d7e2af08b77b58ea7 (patch) | |
tree | 5c392314913f7cbcd2658893432ff5f9db318465 /src/Wallabag/ApiBundle/Security/Authentication | |
parent | 399bd777d7900f532bfcfa367da88767739391bc (diff) | |
download | wallabag-4346a86068781f4acdeb574d7e2af08b77b58ea7.tar.gz wallabag-4346a86068781f4acdeb574d7e2af08b77b58ea7.tar.zst wallabag-4346a86068781f4acdeb574d7e2af08b77b58ea7.zip |
CS
Diffstat (limited to 'src/Wallabag/ApiBundle/Security/Authentication')
-rw-r--r-- | src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php | 9 | ||||
-rw-r--r-- | src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php | 1 |
2 files changed, 6 insertions, 4 deletions
diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php index 8e49167a..db73ae2a 100644 --- a/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php +++ b/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php | |||
@@ -1,4 +1,5 @@ | |||
1 | <?php | 1 | <?php |
2 | |||
2 | namespace Wallabag\ApiBundle\Security\Authentication\Provider; | 3 | namespace Wallabag\ApiBundle\Security\Authentication\Provider; |
3 | 4 | ||
4 | use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; | 5 | use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; |
@@ -29,7 +30,7 @@ class WsseProvider implements AuthenticationProviderInterface | |||
29 | $user = $this->userProvider->loadUserByUsername($token->getUsername()); | 30 | $user = $this->userProvider->loadUserByUsername($token->getUsername()); |
30 | 31 | ||
31 | if (!$user) { | 32 | if (!$user) { |
32 | throw new AuthenticationException("Bad credentials. Did you forgot your username?"); | 33 | throw new AuthenticationException('Bad credentials. Did you forgot your username?'); |
33 | } | 34 | } |
34 | 35 | ||
35 | if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { | 36 | if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { |
@@ -46,12 +47,12 @@ class WsseProvider implements AuthenticationProviderInterface | |||
46 | { | 47 | { |
47 | // Check created time is not in the future | 48 | // Check created time is not in the future |
48 | if (strtotime($created) > time()) { | 49 | if (strtotime($created) > time()) { |
49 | throw new AuthenticationException("Back to the future..."); | 50 | throw new AuthenticationException('Back to the future...'); |
50 | } | 51 | } |
51 | 52 | ||
52 | // Expire timestamp after 5 minutes | 53 | // Expire timestamp after 5 minutes |
53 | if (time() - strtotime($created) > 300) { | 54 | if (time() - strtotime($created) > 300) { |
54 | throw new AuthenticationException("Too late for this timestamp... Watch your watch."); | 55 | throw new AuthenticationException('Too late for this timestamp... Watch your watch.'); |
55 | } | 56 | } |
56 | 57 | ||
57 | // Validate nonce is unique within 5 minutes | 58 | // Validate nonce is unique within 5 minutes |
@@ -65,7 +66,7 @@ class WsseProvider implements AuthenticationProviderInterface | |||
65 | $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); | 66 | $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); |
66 | 67 | ||
67 | if ($digest !== $expected) { | 68 | if ($digest !== $expected) { |
68 | throw new AuthenticationException("Bad credentials ! Digest is not as expected."); | 69 | throw new AuthenticationException('Bad credentials ! Digest is not as expected.'); |
69 | } | 70 | } |
70 | 71 | ||
71 | return $digest === $expected; | 72 | return $digest === $expected; |
diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php b/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php index aa68dbdc..e6d30224 100644 --- a/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php +++ b/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php | |||
@@ -1,4 +1,5 @@ | |||
1 | <?php | 1 | <?php |
2 | |||
2 | namespace Wallabag\ApiBundle\Security\Authentication\Token; | 3 | namespace Wallabag\ApiBundle\Security\Authentication\Token; |
3 | 4 | ||
4 | use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; | 5 | use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; |