mirror of
https://github.com/wallabag/wallabag.git
synced 2024-06-12 10:19:29 +00:00
8ce32af612
We shouldn't forget to run `php-cs-fixer` time to time
63 lines
2.2 KiB
PHP
63 lines
2.2 KiB
PHP
<?php
|
|
|
|
namespace Wallabag\ApiBundle\Security\Firewall;
|
|
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
|
|
use Symfony\Component\Security\Http\Firewall\ListenerInterface;
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|
use Symfony\Component\Security\Core\SecurityContextInterface;
|
|
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
|
|
use Wallabag\ApiBundle\Security\Authentication\Token\WsseUserToken;
|
|
use Psr\Log\LoggerInterface;
|
|
|
|
class WsseListener implements ListenerInterface
|
|
{
|
|
protected $securityContext;
|
|
protected $authenticationManager;
|
|
protected $logger;
|
|
|
|
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger)
|
|
{
|
|
$this->securityContext = $securityContext;
|
|
$this->authenticationManager = $authenticationManager;
|
|
$this->logger = $logger;
|
|
}
|
|
|
|
public function handle(GetResponseEvent $event)
|
|
{
|
|
$request = $event->getRequest();
|
|
|
|
$wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
|
|
if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
|
|
return;
|
|
}
|
|
|
|
$token = new WsseUserToken();
|
|
$token->setUser($matches[1]);
|
|
|
|
$token->digest = $matches[2];
|
|
$token->nonce = $matches[3];
|
|
$token->created = $matches[4];
|
|
|
|
try {
|
|
$authToken = $this->authenticationManager->authenticate($token);
|
|
|
|
$this->securityContext->setToken($authToken);
|
|
|
|
return;
|
|
} catch (AuthenticationException $failed) {
|
|
$failedMessage = 'WSSE Login failed for '.$token->getUsername().'. Why ? '.$failed->getMessage();
|
|
$this->logger->err($failedMessage);
|
|
|
|
// Deny authentication with a '403 Forbidden' HTTP response
|
|
$response = new Response();
|
|
$response->setStatusCode(403);
|
|
$response->setContent($failedMessage);
|
|
$event->setResponse($response);
|
|
|
|
return;
|
|
}
|
|
}
|
|
}
|