f26c062c00
* 2.3: [2.3] CS And DocBlock Fixes [2.3] CS Fixes Conflicts: src/Symfony/Bridge/Doctrine/Security/RememberMe/DoctrineTokenProvider.php src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php src/Symfony/Bundle/FrameworkBundle/Command/RouterDebugCommand.php src/Symfony/Bundle/FrameworkBundle/EventListener/TestSessionListener.php src/Symfony/Component/Config/Definition/ReferenceDumper.php src/Symfony/Component/Console/Application.php src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php src/Symfony/Component/Filesystem/Tests/FilesystemTest.php src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php src/Symfony/Component/Form/FormError.php src/Symfony/Component/HttpFoundation/Request.php src/Symfony/Component/HttpFoundation/Response.php src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php src/Symfony/Component/Process/ProcessUtils.php src/Symfony/Component/PropertyAccess/PropertyAccessor.php src/Symfony/Component/PropertyAccess/PropertyAccessorInterface.php src/Symfony/Component/Serializer/Encoder/XmlEncoder.php src/Symfony/Component/Validator/Constraints/CardSchemeValidator.php src/Symfony/Component/Validator/Constraints/GroupSequence.php src/Symfony/Component/Validator/Mapping/ClassMetadata.php src/Symfony/Component/Validator/Mapping/ClassMetadataFactory.php src/Symfony/Component/Validator/Mapping/MemberMetadata.php src/Symfony/Component/Validator/Tests/Fixtures/StubGlobalExecutionContext.php
129 lines
4.3 KiB
PHP
129 lines
4.3 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of the Symfony package.
|
|
*
|
|
* (c) Fabien Potencier <fabien@symfony.com>
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Symfony\Component\Security\Http\RememberMe;
|
|
|
|
use Symfony\Component\HttpFoundation\Cookie;
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|
use Symfony\Component\Security\Core\User\UserInterface;
|
|
use Symfony\Component\Security\Core\Util\StringUtils;
|
|
|
|
/**
|
|
* Concrete implementation of the RememberMeServicesInterface providing
|
|
* remember-me capabilities without requiring a TokenProvider.
|
|
*
|
|
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
|
*/
|
|
class TokenBasedRememberMeServices extends AbstractRememberMeServices
|
|
{
|
|
/**
|
|
* {@inheritdoc}
|
|
*/
|
|
protected function processAutoLoginCookie(array $cookieParts, Request $request)
|
|
{
|
|
if (count($cookieParts) !== 4) {
|
|
throw new AuthenticationException('The cookie is invalid.');
|
|
}
|
|
|
|
list($class, $username, $expires, $hash) = $cookieParts;
|
|
if (false === $username = base64_decode($username, true)) {
|
|
throw new AuthenticationException('$username contains a character from outside the base64 alphabet.');
|
|
}
|
|
try {
|
|
$user = $this->getUserProvider($class)->loadUserByUsername($username);
|
|
} catch (\Exception $ex) {
|
|
if (!$ex instanceof AuthenticationException) {
|
|
$ex = new AuthenticationException($ex->getMessage(), $ex->getCode(), $ex);
|
|
}
|
|
|
|
throw $ex;
|
|
}
|
|
|
|
if (!$user instanceof UserInterface) {
|
|
throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
|
|
}
|
|
|
|
if (true !== StringUtils::equals($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
|
|
throw new AuthenticationException('The cookie\'s hash is invalid.');
|
|
}
|
|
|
|
if ($expires < time()) {
|
|
throw new AuthenticationException('The cookie has expired.');
|
|
}
|
|
|
|
return $user;
|
|
}
|
|
|
|
/**
|
|
* {@inheritdoc}
|
|
*/
|
|
protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token)
|
|
{
|
|
$user = $token->getUser();
|
|
$expires = time() + $this->options['lifetime'];
|
|
$value = $this->generateCookieValue(get_class($user), $user->getUsername(), $expires, $user->getPassword());
|
|
|
|
$response->headers->setCookie(
|
|
new Cookie(
|
|
$this->options['name'],
|
|
$value,
|
|
$expires,
|
|
$this->options['path'],
|
|
$this->options['domain'],
|
|
$this->options['secure'],
|
|
$this->options['httponly']
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Generates the cookie value.
|
|
*
|
|
* @param string $class
|
|
* @param string $username The username
|
|
* @param int $expires The Unix timestamp when the cookie expires
|
|
* @param string $password The encoded password
|
|
*
|
|
* @throws \RuntimeException if username contains invalid chars
|
|
*
|
|
* @return string
|
|
*/
|
|
protected function generateCookieValue($class, $username, $expires, $password)
|
|
{
|
|
return $this->encodeCookie(array(
|
|
$class,
|
|
base64_encode($username),
|
|
$expires,
|
|
$this->generateCookieHash($class, $username, $expires, $password),
|
|
));
|
|
}
|
|
|
|
/**
|
|
* Generates a hash for the cookie to ensure it is not being tempered with.
|
|
*
|
|
* @param string $class
|
|
* @param string $username The username
|
|
* @param int $expires The Unix timestamp when the cookie expires
|
|
* @param string $password The encoded password
|
|
*
|
|
* @throws \RuntimeException when the private key is empty
|
|
*
|
|
* @return string
|
|
*/
|
|
protected function generateCookieHash($class, $username, $expires, $password)
|
|
{
|
|
return hash_hmac('sha256', $class.$username.$expires.$password, $this->getKey());
|
|
}
|
|
}
|