From 2a94b1d1b74b4e776e76a522621b67b45d115fe7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas@loeuillet.org>
Date: Mon, 9 Feb 2015 22:07:39 +0100
Subject: log for authentication on API

---
 .../CoreBundle/Security/Firewall/WsseListener.php    | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

(limited to 'src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php')

diff --git a/src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php b/src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php
index 4d4f2145..d815d536 100644
--- a/src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php
+++ b/src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php
@@ -9,16 +9,19 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\SecurityContextInterface;
 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
 use Wallabag\CoreBundle\Security\Authentication\Token\WsseUserToken;
+use Symfony\Component\HttpKernel\Log\LoggerInterface;
 
 class WsseListener implements ListenerInterface
 {
     protected $securityContext;
     protected $authenticationManager;
+    protected $logger;
 
-    public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager)
+    public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger)
     {
         $this->securityContext = $securityContext;
         $this->authenticationManager = $authenticationManager;
+        $this->logger = $logger;
     }
 
     public function handle(GetResponseEvent $event)
@@ -42,16 +45,21 @@ class WsseListener implements ListenerInterface
 
             $this->securityContext->setToken($authToken);
         } catch (AuthenticationException $failed) {
-            // ... you might log something here
-
-            // To deny the authentication clear the token. This will redirect to the login page.
-            // $this->securityContext->setToken(null);
-            // return;
+            $failedMessage = 'WSSE Login failed for '.$token->getUsername().'. Why ? '.$failed->getMessage();
+            $this->logger->err($failedMessage);
 
             // Deny authentication with a '403 Forbidden' HTTP response
             $response = new Response();
             $response->setStatusCode(403);
+            $response->setContent($failedMessage);
             $event->setResponse($response);
+
+            return;
         }
+
+        // By default deny authorization
+        $response = new Response();
+        $response->setStatusCode(403);
+        $event->setResponse($response);
     }
 }
-- 
cgit v1.2.3