diff options
author | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2015-01-31 15:14:10 +0100 |
---|---|---|
committer | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2015-01-31 15:14:10 +0100 |
commit | c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf (patch) | |
tree | 271305a039d31059c7af8be220da08b9331baeec /src/Wallabag/CoreBundle/Security/Firewall | |
parent | 71691fe44a7b2a80f3b9d96d54720cce7994ad08 (diff) | |
download | wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.tar.gz wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.tar.zst wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.zip |
first implementation of security
Diffstat (limited to 'src/Wallabag/CoreBundle/Security/Firewall')
-rw-r--r-- | src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php b/src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php new file mode 100644 index 00000000..b2474785 --- /dev/null +++ b/src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php | |||
@@ -0,0 +1,58 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\CoreBundle\Security\Firewall; | ||
4 | |||
5 | use Symfony\Component\HttpFoundation\Response; | ||
6 | use Symfony\Component\HttpKernel\Event\GetResponseEvent; | ||
7 | use Symfony\Component\Security\Http\Firewall\ListenerInterface; | ||
8 | use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
9 | use Symfony\Component\Security\Core\SecurityContextInterface; | ||
10 | use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; | ||
11 | use Wallabag\CoreBundle\Security\Authentication\Token\WsseUserToken; | ||
12 | |||
13 | class WsseListener implements ListenerInterface | ||
14 | { | ||
15 | protected $securityContext; | ||
16 | protected $authenticationManager; | ||
17 | |||
18 | public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager) | ||
19 | { | ||
20 | $this->securityContext = $securityContext; | ||
21 | $this->authenticationManager = $authenticationManager; | ||
22 | } | ||
23 | |||
24 | public function handle(GetResponseEvent $event) | ||
25 | { | ||
26 | $request = $event->getRequest(); | ||
27 | |||
28 | $wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; | ||
29 | if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { | ||
30 | return; | ||
31 | } | ||
32 | |||
33 | $token = new WsseUserToken(); | ||
34 | $token->setUser($matches[1]); | ||
35 | |||
36 | $token->digest = $matches[2]; | ||
37 | $token->nonce = $matches[3]; | ||
38 | $token->created = $matches[4]; | ||
39 | |||
40 | try { | ||
41 | $authToken = $this->authenticationManager->authenticate($token); | ||
42 | |||
43 | $this->securityContext->setToken($authToken); | ||
44 | } catch (AuthenticationException $failed) { | ||
45 | // ... you might log something here | ||
46 | |||
47 | // To deny the authentication clear the token. This will redirect to the login page. | ||
48 | // $this->securityContext->setToken(null); | ||
49 | // return; | ||
50 | |||
51 | // Deny authentication with a '403 Forbidden' HTTP response | ||
52 | $response = new Response(); | ||
53 | $response->setStatusCode(403); | ||
54 | $event->setResponse($response); | ||
55 | |||
56 | } | ||
57 | } | ||
58 | } \ No newline at end of file | ||