aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/Wallabag/CoreBundle/Security
diff options
context:
space:
mode:
Diffstat (limited to 'src/Wallabag/CoreBundle/Security')
-rw-r--r--src/Wallabag/CoreBundle/Security/Authentication/Encoder/WallabagPasswordEncoder.php8
-rw-r--r--src/Wallabag/CoreBundle/Security/Validator/WallabagUserPasswordValidator.php48
2 files changed, 52 insertions, 4 deletions
diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Encoder/WallabagPasswordEncoder.php b/src/Wallabag/CoreBundle/Security/Authentication/Encoder/WallabagPasswordEncoder.php
index 56f1affe..fcfe418b 100644
--- a/src/Wallabag/CoreBundle/Security/Authentication/Encoder/WallabagPasswordEncoder.php
+++ b/src/Wallabag/CoreBundle/Security/Authentication/Encoder/WallabagPasswordEncoder.php
@@ -41,10 +41,6 @@ class WallabagPasswordEncoder extends BasePasswordEncoder
41 */ 41 */
42 public function encodePassword($raw, $salt) 42 public function encodePassword($raw, $salt)
43 { 43 {
44 if (null === $this->username) {
45 throw new \LogicException('We can not check the password without a username.');
46 }
47
48 if ($this->isPasswordTooLong($raw)) { 44 if ($this->isPasswordTooLong($raw)) {
49 throw new BadCredentialsException('Invalid password.'); 45 throw new BadCredentialsException('Invalid password.');
50 } 46 }
@@ -71,6 +67,10 @@ class WallabagPasswordEncoder extends BasePasswordEncoder
71 */ 67 */
72 protected function mergePasswordAndSalt($password, $salt) 68 protected function mergePasswordAndSalt($password, $salt)
73 { 69 {
70 if (null === $this->username) {
71 throw new \LogicException('We can not check the password without a username.');
72 }
73
74 if (empty($salt)) { 74 if (empty($salt)) {
75 return $password; 75 return $password;
76 } 76 }
diff --git a/src/Wallabag/CoreBundle/Security/Validator/WallabagUserPasswordValidator.php b/src/Wallabag/CoreBundle/Security/Validator/WallabagUserPasswordValidator.php
new file mode 100644
index 00000000..5586f976
--- /dev/null
+++ b/src/Wallabag/CoreBundle/Security/Validator/WallabagUserPasswordValidator.php
@@ -0,0 +1,48 @@
1<?php
2
3namespace Wallabag\CoreBundle\Security\Validator;
4
5use Symfony\Component\Security\Core\User\UserInterface;
6use Symfony\Component\Security\Core\SecurityContextInterface;
7use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
8use Symfony\Component\Validator\Constraint;
9use Symfony\Component\Validator\ConstraintValidator;
10use Symfony\Component\Validator\Exception\ConstraintDefinitionException;
11use Symfony\Component\Validator\Exception\UnexpectedTypeException;
12use Symfony\Component\Security\Core\Validator\Constraints\UserPassword;
13
14class WallabagUserPasswordValidator extends ConstraintValidator
15{
16 private $securityContext;
17 private $encoderFactory;
18
19 public function __construct(SecurityContextInterface $securityContext, EncoderFactoryInterface $encoderFactory)
20 {
21 $this->securityContext = $securityContext;
22 $this->encoderFactory = $encoderFactory;
23 }
24
25 /**
26 * {@inheritdoc}
27 */
28 public function validate($password, Constraint $constraint)
29 {
30 if (!$constraint instanceof UserPassword) {
31 throw new UnexpectedTypeException($constraint, __NAMESPACE__.'\UserPassword');
32 }
33
34 $user = $this->securityContext->getToken()->getUser();
35
36 if (!$user instanceof UserInterface) {
37 throw new ConstraintDefinitionException('The User object must implement the UserInterface interface.');
38 }
39
40 // give username, it's used to hash the password
41 $encoder = $this->encoderFactory->getEncoder($user);
42 $encoder->setUsername($user->getUsername());
43
44 if (!$encoder->isPasswordValid($user->getPassword(), $password, $user->getSalt())) {
45 $this->context->addViolation($constraint->message);
46 }
47 }
48}