diff options
author | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2015-06-01 15:49:49 +0200 |
---|---|---|
committer | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2015-06-01 15:49:49 +0200 |
commit | 2878416f8b4d94fb5e64c2fa61861526a7654d3d (patch) | |
tree | cbdf2d95ecdb651e2003747a28572c35b6c9da64 /src/Wallabag/CoreBundle/Security/Authentication/Provider | |
parent | 98510a4189186c8dcc3f1bf38843d935ed3d1859 (diff) | |
parent | 4346a86068781f4acdeb574d7e2af08b77b58ea7 (diff) | |
download | wallabag-2878416f8b4d94fb5e64c2fa61861526a7654d3d.tar.gz wallabag-2878416f8b4d94fb5e64c2fa61861526a7654d3d.tar.zst wallabag-2878416f8b4d94fb5e64c2fa61861526a7654d3d.zip |
Merge pull request #1167 from wallabag/v2-api-bundle
Move API stuff in ApiBundle
Diffstat (limited to 'src/Wallabag/CoreBundle/Security/Authentication/Provider')
-rw-r--r-- | src/Wallabag/CoreBundle/Security/Authentication/Provider/WallabagAuthenticationProvider.php | 2 | ||||
-rw-r--r-- | src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php | 78 |
2 files changed, 1 insertions, 79 deletions
diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WallabagAuthenticationProvider.php b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WallabagAuthenticationProvider.php index 1c7c5fae..cf3cb051 100644 --- a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WallabagAuthenticationProvider.php +++ b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WallabagAuthenticationProvider.php | |||
@@ -45,7 +45,7 @@ class WallabagAuthenticationProvider extends UserAuthenticationProvider | |||
45 | throw new BadCredentialsException('The credentials were changed from another session.'); | 45 | throw new BadCredentialsException('The credentials were changed from another session.'); |
46 | } | 46 | } |
47 | } else { | 47 | } else { |
48 | if ("" === ($presentedPassword = $token->getCredentials())) { | 48 | if ('' === ($presentedPassword = $token->getCredentials())) { |
49 | throw new BadCredentialsException('The presented password cannot be empty.'); | 49 | throw new BadCredentialsException('The presented password cannot be empty.'); |
50 | } | 50 | } |
51 | 51 | ||
diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php deleted file mode 100644 index 7e6a5dfb..00000000 --- a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | <?php | ||
2 | namespace Wallabag\CoreBundle\Security\Authentication\Provider; | ||
3 | |||
4 | use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; | ||
5 | use Symfony\Component\Security\Core\User\UserProviderInterface; | ||
6 | use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
7 | use Symfony\Component\Security\Core\Exception\NonceExpiredException; | ||
8 | use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | ||
9 | use Wallabag\CoreBundle\Security\Authentication\Token\WsseUserToken; | ||
10 | |||
11 | class WsseProvider implements AuthenticationProviderInterface | ||
12 | { | ||
13 | private $userProvider; | ||
14 | private $cacheDir; | ||
15 | |||
16 | public function __construct(UserProviderInterface $userProvider, $cacheDir) | ||
17 | { | ||
18 | $this->userProvider = $userProvider; | ||
19 | $this->cacheDir = $cacheDir; | ||
20 | |||
21 | // If cache directory does not exist we create it | ||
22 | if (!is_dir($this->cacheDir)) { | ||
23 | mkdir($this->cacheDir, 0777, true); | ||
24 | } | ||
25 | } | ||
26 | |||
27 | public function authenticate(TokenInterface $token) | ||
28 | { | ||
29 | $user = $this->userProvider->loadUserByUsername($token->getUsername()); | ||
30 | |||
31 | if (!$user) { | ||
32 | throw new AuthenticationException("Bad credentials. Did you forgot your username?"); | ||
33 | } | ||
34 | |||
35 | if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { | ||
36 | $authenticatedToken = new WsseUserToken($user->getRoles()); | ||
37 | $authenticatedToken->setUser($user); | ||
38 | |||
39 | return $authenticatedToken; | ||
40 | } | ||
41 | |||
42 | throw new AuthenticationException('The WSSE authentication failed.'); | ||
43 | } | ||
44 | |||
45 | protected function validateDigest($digest, $nonce, $created, $secret) | ||
46 | { | ||
47 | // Check created time is not in the future | ||
48 | if (strtotime($created) > time()) { | ||
49 | throw new AuthenticationException("Back to the future..."); | ||
50 | } | ||
51 | |||
52 | // Expire timestamp after 5 minutes | ||
53 | if (time() - strtotime($created) > 300) { | ||
54 | throw new AuthenticationException("Too late for this timestamp... Watch your watch."); | ||
55 | } | ||
56 | |||
57 | // Validate nonce is unique within 5 minutes | ||
58 | if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) { | ||
59 | throw new NonceExpiredException('Previously used nonce detected'); | ||
60 | } | ||
61 | |||
62 | file_put_contents($this->cacheDir.'/'.$nonce, time()); | ||
63 | |||
64 | // Validate Secret | ||
65 | $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); | ||
66 | |||
67 | if ($digest !== $expected) { | ||
68 | throw new AuthenticationException("Bad credentials ! Digest is not as expected."); | ||
69 | } | ||
70 | |||
71 | return $digest === $expected; | ||
72 | } | ||
73 | |||
74 | public function supports(TokenInterface $token) | ||
75 | { | ||
76 | return $token instanceof WsseUserToken; | ||
77 | } | ||
78 | } | ||