diff options
Diffstat (limited to 'src/Wallabag/CoreBundle/Security/Authentication')
-rw-r--r-- | src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php | 59 | ||||
-rw-r--r-- | src/Wallabag/CoreBundle/Security/Authentication/Token/WsseUserToken.php | 23 |
2 files changed, 82 insertions, 0 deletions
diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php new file mode 100644 index 00000000..ac57e27d --- /dev/null +++ b/src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php | |||
@@ -0,0 +1,59 @@ | |||
1 | <?php | ||
2 | namespace Wallabag\CoreBundle\Security\Authentication\Provider; | ||
3 | |||
4 | use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; | ||
5 | use Symfony\Component\Security\Core\User\UserProviderInterface; | ||
6 | use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
7 | use Symfony\Component\Security\Core\Exception\NonceExpiredException; | ||
8 | use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | ||
9 | use Wallabag\CoreBundle\Security\Authentication\Token\WsseUserToken; | ||
10 | |||
11 | class WsseProvider implements AuthenticationProviderInterface | ||
12 | { | ||
13 | private $userProvider; | ||
14 | private $cacheDir; | ||
15 | |||
16 | public function __construct(UserProviderInterface $userProvider, $cacheDir) | ||
17 | { | ||
18 | $this->userProvider = $userProvider; | ||
19 | $this->cacheDir = $cacheDir; | ||
20 | } | ||
21 | |||
22 | public function authenticate(TokenInterface $token) | ||
23 | { | ||
24 | $user = $this->userProvider->loadUserByUsername($token->getUsername()); | ||
25 | |||
26 | if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { | ||
27 | $authenticatedToken = new WsseUserToken($user->getRoles()); | ||
28 | $authenticatedToken->setUser($user); | ||
29 | |||
30 | return $authenticatedToken; | ||
31 | } | ||
32 | |||
33 | throw new AuthenticationException('The WSSE authentication failed.'); | ||
34 | } | ||
35 | |||
36 | protected function validateDigest($digest, $nonce, $created, $secret) | ||
37 | { | ||
38 | // Expire le timestamp après 5 minutes | ||
39 | if (time() - strtotime($created) > 300) { | ||
40 | return false; | ||
41 | } | ||
42 | |||
43 | // Valide que le nonce est unique dans les 5 minutes | ||
44 | if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) { | ||
45 | throw new NonceExpiredException('Previously used nonce detected'); | ||
46 | } | ||
47 | file_put_contents($this->cacheDir.'/'.$nonce, time()); | ||
48 | |||
49 | // Valide le Secret | ||
50 | $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); | ||
51 | |||
52 | return $digest === $expected; | ||
53 | } | ||
54 | |||
55 | public function supports(TokenInterface $token) | ||
56 | { | ||
57 | return $token instanceof WsseUserToken; | ||
58 | } | ||
59 | } \ No newline at end of file | ||
diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Token/WsseUserToken.php b/src/Wallabag/CoreBundle/Security/Authentication/Token/WsseUserToken.php new file mode 100644 index 00000000..b189e22a --- /dev/null +++ b/src/Wallabag/CoreBundle/Security/Authentication/Token/WsseUserToken.php | |||
@@ -0,0 +1,23 @@ | |||
1 | <?php | ||
2 | namespace Wallabag\CoreBundle\Security\Authentication\Token; | ||
3 | |||
4 | use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; | ||
5 | |||
6 | class WsseUserToken extends AbstractToken | ||
7 | { | ||
8 | public $created; | ||
9 | public $digest; | ||
10 | public $nonce; | ||
11 | |||
12 | public function __construct(array $roles = array()) | ||
13 | { | ||
14 | parent::__construct($roles); | ||
15 | |||
16 | $this->setAuthenticated(count($roles) > 0); | ||
17 | } | ||
18 | |||
19 | public function getCredentials() | ||
20 | { | ||
21 | return ''; | ||
22 | } | ||
23 | } \ No newline at end of file | ||