diff options
Diffstat (limited to 'src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php')
| -rw-r--r-- | src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php index eaad9c63..c9b9b692 100644 --- a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php +++ b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php | |||
| @@ -23,6 +23,10 @@ class WsseProvider implements AuthenticationProviderInterface | |||
| 23 | { | 23 | { |
| 24 | $user = $this->userProvider->loadUserByUsername($token->getUsername()); | 24 | $user = $this->userProvider->loadUserByUsername($token->getUsername()); |
| 25 | 25 | ||
| 26 | if (!$user) { | ||
| 27 | throw new AuthenticationException("Bad credentials. Did you forgot your username?"); | ||
| 28 | } | ||
| 29 | |||
| 26 | if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { | 30 | if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { |
| 27 | $authenticatedToken = new WsseUserToken($user->getRoles()); | 31 | $authenticatedToken = new WsseUserToken($user->getRoles()); |
| 28 | $authenticatedToken->setUser($user); | 32 | $authenticatedToken->setUser($user); |
| @@ -35,12 +39,17 @@ class WsseProvider implements AuthenticationProviderInterface | |||
| 35 | 39 | ||
| 36 | protected function validateDigest($digest, $nonce, $created, $secret) | 40 | protected function validateDigest($digest, $nonce, $created, $secret) |
| 37 | { | 41 | { |
| 38 | // Expire le timestamp après 5 minutes | 42 | // Check created time is not in the future |
| 43 | if (strtotime($created) > time()) { | ||
| 44 | throw new AuthenticationException("Back to the future..."); | ||
| 45 | } | ||
| 46 | |||
| 47 | // Expire timestamp after 5 minutes | ||
| 39 | if (time() - strtotime($created) > 300) { | 48 | if (time() - strtotime($created) > 300) { |
| 40 | return false; | 49 | throw new AuthenticationException("Too late for this timestamp... Watch your watch."); |
| 41 | } | 50 | } |
| 42 | 51 | ||
| 43 | // Valide que le nonce est unique dans les 5 minutes | 52 | // Validate nonce is unique within 5 minutes |
| 44 | if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) { | 53 | if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) { |
| 45 | throw new NonceExpiredException('Previously used nonce detected'); | 54 | throw new NonceExpiredException('Previously used nonce detected'); |
| 46 | } | 55 | } |
| @@ -52,9 +61,13 @@ class WsseProvider implements AuthenticationProviderInterface | |||
| 52 | 61 | ||
| 53 | file_put_contents($this->cacheDir.'/'.$nonce, time()); | 62 | file_put_contents($this->cacheDir.'/'.$nonce, time()); |
| 54 | 63 | ||
| 55 | // Valide le Secret | 64 | // Validate Secret |
| 56 | $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); | 65 | $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); |
| 57 | 66 | ||
| 67 | if ($digest !== $expected) { | ||
| 68 | throw new AuthenticationException("Bad credentials ! Digest is not as expected."); | ||
| 69 | } | ||
| 70 | |||
| 58 | return $digest === $expected; | 71 | return $digest === $expected; |
| 59 | } | 72 | } |
| 60 | 73 | ||