aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/Wallabag/ApiBundle/Security
diff options
context:
space:
mode:
Diffstat (limited to 'src/Wallabag/ApiBundle/Security')
-rw-r--r--src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php9
-rw-r--r--src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php1
2 files changed, 6 insertions, 4 deletions
diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php
index 8e49167a..db73ae2a 100644
--- a/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php
+++ b/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php
@@ -1,4 +1,5 @@
1<?php 1<?php
2
2namespace Wallabag\ApiBundle\Security\Authentication\Provider; 3namespace Wallabag\ApiBundle\Security\Authentication\Provider;
3 4
4use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; 5use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
@@ -29,7 +30,7 @@ class WsseProvider implements AuthenticationProviderInterface
29 $user = $this->userProvider->loadUserByUsername($token->getUsername()); 30 $user = $this->userProvider->loadUserByUsername($token->getUsername());
30 31
31 if (!$user) { 32 if (!$user) {
32 throw new AuthenticationException("Bad credentials. Did you forgot your username?"); 33 throw new AuthenticationException('Bad credentials. Did you forgot your username?');
33 } 34 }
34 35
35 if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { 36 if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) {
@@ -46,12 +47,12 @@ class WsseProvider implements AuthenticationProviderInterface
46 { 47 {
47 // Check created time is not in the future 48 // Check created time is not in the future
48 if (strtotime($created) > time()) { 49 if (strtotime($created) > time()) {
49 throw new AuthenticationException("Back to the future..."); 50 throw new AuthenticationException('Back to the future...');
50 } 51 }
51 52
52 // Expire timestamp after 5 minutes 53 // Expire timestamp after 5 minutes
53 if (time() - strtotime($created) > 300) { 54 if (time() - strtotime($created) > 300) {
54 throw new AuthenticationException("Too late for this timestamp... Watch your watch."); 55 throw new AuthenticationException('Too late for this timestamp... Watch your watch.');
55 } 56 }
56 57
57 // Validate nonce is unique within 5 minutes 58 // Validate nonce is unique within 5 minutes
@@ -65,7 +66,7 @@ class WsseProvider implements AuthenticationProviderInterface
65 $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); 66 $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true));
66 67
67 if ($digest !== $expected) { 68 if ($digest !== $expected) {
68 throw new AuthenticationException("Bad credentials ! Digest is not as expected."); 69 throw new AuthenticationException('Bad credentials ! Digest is not as expected.');
69 } 70 }
70 71
71 return $digest === $expected; 72 return $digest === $expected;
diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php b/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php
index aa68dbdc..e6d30224 100644
--- a/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php
+++ b/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php
@@ -1,4 +1,5 @@
1<?php 1<?php
2
2namespace Wallabag\ApiBundle\Security\Authentication\Token; 3namespace Wallabag\ApiBundle\Security\Authentication\Token;
3 4
4use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; 5use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;