Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Added configurable lifetime.

  • Loading branch information...
commit 5f324698db04df8f1098d6d542eae01729355cb2 1 parent f51fc20
@richsage authored
View
9 DependencyInjection/Security/Factory/WsseFactory.php
@@ -15,6 +15,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
$container
->setDefinition($providerId, new DefinitionDecorator('wsse.security.authentication.provider'))
->replaceArgument(0, new Reference($userProvider))
+ ->replaceArgument(2, $config['lifetime'])
;
$listenerId = 'security.authentication.listener.wsse.'.$id;
@@ -34,5 +35,11 @@ public function getKey()
}
public function addConfiguration(NodeDefinition $node)
- {}
+ {
+ $node
+ ->children()
+ ->scalarNode('lifetime')->defaultValue(300)
+ ->end()
+ ;
+ }
}
View
1  Resources/config/services.xml
@@ -9,6 +9,7 @@
class="MJH\WsseBundle\Security\Authentication\Provider\WsseProvider" public="false">
<argument></argument> <!-- User Provider -->
<argument type="service" id="doctrine.orm.entity_manager" />
+ <argument></argument> <!-- Lifetime -->
<!--<argument type="service" id="monolog.logger" />-->
</service>
View
21 Security/Authentication/Provider/WsseProvider.php
@@ -14,11 +14,13 @@ class WsseProvider extends ContainerAware implements AuthenticationProviderInter
{
private $userProvider;
private $em;
+ private $lifetime;
- public function __construct( UserProviderInterface $userProvider, EntityManager $em )
+ public function __construct( UserProviderInterface $userProvider, EntityManager $em, $lifetime )
{
$this->userProvider = $userProvider;
$this->em = $em;
+ $this->setLifetime($lifetime);
}
public function authenticate( TokenInterface $token )
@@ -59,16 +61,16 @@ public function validateDigest( $digest, $username, $nonce, $created, $secret )
($diff->i * 60) +
($diff->s);
- // Validate timestamp is recent within 5 minutes
- if ( $seconds > 300 )
+ // Validate timestamp is recent within supplied expiry time
+ if ( $seconds > $this->lifetime )
{
throw new \Exception('Expired timestamp. Seconds: ' . $seconds);
}
- // Validate nonce is unique within 5 minutes
+ // Validate nonce is unique within supplied expiry time
$rep = $this->em->getRepository( 'MjhWsseBundle:Nonce' );
- if ( !$rep->verifyAndPersistNonce( $nonce, $username, 300 ) )
+ if ( !$rep->verifyAndPersistNonce( $nonce, $username, $this->lifetime) )
{
throw new NonceExpiredException('Previously used nonce detected');
}
@@ -84,4 +86,13 @@ public function supports( TokenInterface $token )
{
return $token instanceof WsseUserToken;
}
+
+ protected function setLifetime( $lifetime )
+ {
+ if (!is_numeric($lifetime) || $lifetime <= 0)
+ {
+ throw new \InvalidArgumentException("Nonce lifetime must be greater than 0");
+ }
+ $this->lifetime = $lifetime;
+ }
}

0 comments on commit 5f32469

Please sign in to comment.
Something went wrong with that request. Please try again.