-
Notifications
You must be signed in to change notification settings - Fork 59
/
Provider.php
67 lines (52 loc) · 2.14 KB
/
Provider.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php
namespace Escape\WSSEAuthenticationBundle\Security\Authentication\Provider;
use Escape\WSSEAuthenticationBundle\Security\Authentication\Token\Token;
use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\NonceExpiredException;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
class Provider implements AuthenticationProviderInterface
{
private $userProvider;
private $nonceDir;
private $lifetime;
public function __construct(UserProviderInterface $userProvider, $nonceDir=null, $lifetime=300)
{
$this->userProvider = $userProvider;
$this->nonceDir = $nonceDir;
$this->lifetime = $lifetime;
}
public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserByUsername($token->getUsername());
if($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword()))
{
$authenticatedToken = new Token($user->getRoles());
$authenticatedToken->setUser($user);
$authenticatedToken->setAuthenticated(true);
return $authenticatedToken;
}
throw new AuthenticationException('WSSE authentication failed.');
}
protected function validateDigest($digest, $nonce, $created, $secret)
{
//expire timestamp after specified lifetime
if(time() - strtotime($created) > $this->lifetime)
return false;
if($this->nonceDir)
{
//validate nonce is unique within specified lifetime
if(file_exists($this->nonceDir.'/'.$nonce) && file_get_contents($this->nonceDir.'/'.$nonce) + $this->lifetime < time())
throw new NonceExpiredException('Previously used nonce detected');
file_put_contents($this->nonceDir.'/'.$nonce, time());
}
//validate secret
$expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true));
return $digest === $expected;
}
public function supports(TokenInterface $token)
{
return $token instanceof Token;
}
}