diff options
author | Jeremy <j0k3r@users.noreply.github.com> | 2015-02-10 13:49:57 +0100 |
---|---|---|
committer | Jeremy <j0k3r@users.noreply.github.com> | 2015-02-10 13:49:57 +0100 |
commit | 2c0ffcf3972e2f58267b805a26835f452e016761 (patch) | |
tree | b1146d6a9b98bb2ce238fff10fed4a1bf872c4b4 /src/Wallabag/CoreBundle/Security/Authentication/Provider | |
parent | cbce162b407024882d8c37a7e3298c85175d2651 (diff) | |
parent | 92504e0dd489c0d11abc87bee42ffca717db0480 (diff) | |
download | wallabag-2c0ffcf3972e2f58267b805a26835f452e016761.tar.gz wallabag-2c0ffcf3972e2f58267b805a26835f452e016761.tar.zst wallabag-2c0ffcf3972e2f58267b805a26835f452e016761.zip |
Merge pull request #1068 from wallabag/v2-api-authentication
V2 api authentication
Diffstat (limited to 'src/Wallabag/CoreBundle/Security/Authentication/Provider')
-rw-r--r-- | src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php index 5499f400..7e6a5dfb 100644 --- a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php +++ b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php | |||
@@ -17,12 +17,21 @@ class WsseProvider implements AuthenticationProviderInterface | |||
17 | { | 17 | { |
18 | $this->userProvider = $userProvider; | 18 | $this->userProvider = $userProvider; |
19 | $this->cacheDir = $cacheDir; | 19 | $this->cacheDir = $cacheDir; |
20 | |||
21 | // If cache directory does not exist we create it | ||
22 | if (!is_dir($this->cacheDir)) { | ||
23 | mkdir($this->cacheDir, 0777, true); | ||
24 | } | ||
20 | } | 25 | } |
21 | 26 | ||
22 | public function authenticate(TokenInterface $token) | 27 | public function authenticate(TokenInterface $token) |
23 | { | 28 | { |
24 | $user = $this->userProvider->loadUserByUsername($token->getUsername()); | 29 | $user = $this->userProvider->loadUserByUsername($token->getUsername()); |
25 | 30 | ||
31 | if (!$user) { | ||
32 | throw new AuthenticationException("Bad credentials. Did you forgot your username?"); | ||
33 | } | ||
34 | |||
26 | if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { | 35 | if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { |
27 | $authenticatedToken = new WsseUserToken($user->getRoles()); | 36 | $authenticatedToken = new WsseUserToken($user->getRoles()); |
28 | $authenticatedToken->setUser($user); | 37 | $authenticatedToken->setUser($user); |
@@ -35,20 +44,30 @@ class WsseProvider implements AuthenticationProviderInterface | |||
35 | 44 | ||
36 | protected function validateDigest($digest, $nonce, $created, $secret) | 45 | protected function validateDigest($digest, $nonce, $created, $secret) |
37 | { | 46 | { |
38 | // Expire le timestamp après 5 minutes | 47 | // Check created time is not in the future |
48 | if (strtotime($created) > time()) { | ||
49 | throw new AuthenticationException("Back to the future..."); | ||
50 | } | ||
51 | |||
52 | // Expire timestamp after 5 minutes | ||
39 | if (time() - strtotime($created) > 300) { | 53 | if (time() - strtotime($created) > 300) { |
40 | return false; | 54 | throw new AuthenticationException("Too late for this timestamp... Watch your watch."); |
41 | } | 55 | } |
42 | 56 | ||
43 | // Valide que le nonce est unique dans les 5 minutes | 57 | // Validate nonce is unique within 5 minutes |
44 | if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) { | 58 | if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) { |
45 | throw new NonceExpiredException('Previously used nonce detected'); | 59 | throw new NonceExpiredException('Previously used nonce detected'); |
46 | } | 60 | } |
61 | |||
47 | file_put_contents($this->cacheDir.'/'.$nonce, time()); | 62 | file_put_contents($this->cacheDir.'/'.$nonce, time()); |
48 | 63 | ||
49 | // Valide le Secret | 64 | // Validate Secret |
50 | $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); | 65 | $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); |
51 | 66 | ||
67 | if ($digest !== $expected) { | ||
68 | throw new AuthenticationException("Bad credentials ! Digest is not as expected."); | ||
69 | } | ||
70 | |||
52 | return $digest === $expected; | 71 | return $digest === $expected; |
53 | } | 72 | } |
54 | 73 | ||