hdabo_sf: vendor/symfony/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php@7f95f8617b0b (annotated)

0 7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	1	<?php
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	2
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	3	namespace Symfony\Component\Security\Http\RememberMe;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	4
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	5	use Symfony\Component\Security\Core\Authentication\RememberMe\TokenProviderInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	6	use Symfony\Component\HttpFoundation\Cookie;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	7	use Symfony\Component\HttpFoundation\Response;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	8	use Symfony\Component\HttpFoundation\Request;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	9	use Symfony\Component\Security\Core\Exception\AuthenticationException;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	10	use Symfony\Component\Security\Core\Exception\CookieTheftException;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	11	use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	12	use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	13	use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	14
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	15	/*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	16	* This file is part of the Symfony package.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	17	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	18	* (c) Fabien Potencier <fabien@symfony.com>
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	19	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	20	* For the full copyright and license information, please view the LICENSE
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	21	* file that was distributed with this source code.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	22	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	23
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	24	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	25	* Concrete implementation of the RememberMeServicesInterface which needs
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	26	* an implementation of TokenProviderInterface for providing remember-me
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	27	* capabilities.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	28	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	29	* @author Johannes M. Schmitt <schmittjoh@gmail.com>
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	30	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	31	class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	32	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	33	private $tokenProvider;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	34
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	35	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	36	* Sets the token provider
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	37	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	38	* @param TokenProviderInterface $tokenProvider
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	39	* @return void
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	40	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	41	public function setTokenProvider(TokenProviderInterface $tokenProvider)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	42	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	43	$this->tokenProvider = $tokenProvider;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	44	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	45
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	46	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	47	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	48	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	49	public function logout(Request $request, Response $response, TokenInterface $token)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	50	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	51	parent::logout($request, $response, $token);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	52
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	53	if (null !== ($cookie = $request->cookies->get($this->options['name']))
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	54	&& count($parts = $this->decodeCookie($cookie)) === 2
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	55	) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	56	list($series, $tokenValue) = $parts;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	57	$this->tokenProvider->deleteTokenBySeries($series);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	58	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	59	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	60
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	61	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	62	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	63	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	64	protected function processAutoLoginCookie(array $cookieParts, Request $request)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	65	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	66	if (count($cookieParts) !== 2) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	67	throw new AuthenticationException('The cookie is invalid.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	68	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	69
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	70	list($series, $tokenValue) = $cookieParts;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	71	$persistentToken = $this->tokenProvider->loadTokenBySeries($series);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	72
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	73	if ($persistentToken->getTokenValue() !== $tokenValue) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	74	$this->tokenProvider->deleteTokenBySeries($series);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	75
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	76	throw new CookieTheftException('This token was already used. The account is possibly compromised.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	77	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	78
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	79	if ($persistentToken->getLastUsed()->getTimestamp() + $this->options['lifetime'] < time()) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	80	throw new AuthenticationException('The cookie has expired.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	81	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	82
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	83	$series = $persistentToken->getSeries();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	84	$tokenValue = $this->generateRandomValue();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	85	$this->tokenProvider->updateToken($series, $tokenValue, new \DateTime());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	86	$request->attributes->set(self::COOKIE_ATTR_NAME,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	87	new Cookie(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	88	$this->options['name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	89	$this->encodeCookie(array($series, $tokenValue)),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	90	time() + $this->options['lifetime'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	91	$this->options['path'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	92	$this->options['domain'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	93	$this->options['secure'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	94	$this->options['httponly']
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	95	)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	96	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	97
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	98	return $this->getUserProvider($persistentToken->getClass())->loadUserByUsername($persistentToken->getUsername());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	99	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	100
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	101	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	102	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	103	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	104	protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	105	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	106	$series = $this->generateRandomValue();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	107	$tokenValue = $this->generateRandomValue();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	108
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	109	$this->tokenProvider->createNewToken(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	110	new PersistentToken(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	111	get_class($user = $token->getUser()),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	112	$user->getUsername(),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	113	$series,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	114	$tokenValue,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	115	new \DateTime()
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	116	)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	117	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	118
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	119	$response->headers->setCookie(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	120	new Cookie(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	121	$this->options['name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	122	$this->encodeCookie(array($series, $tokenValue)),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	123	time() + $this->options['lifetime'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	124	$this->options['path'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	125	$this->options['domain'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	126	$this->options['secure'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	127	$this->options['httponly']
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	128	)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	129	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	130	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	131
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	132	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	133	* Generates a cryptographically strong random value
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	134	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	135	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	136	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	137	protected function generateRandomValue()
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	138	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	139	if (function_exists('openssl_random_pseudo_bytes')) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	140	$bytes = openssl_random_pseudo_bytes(64, $strong);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	141
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	142	if (true === $strong && false !== $bytes) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	143	return base64_encode($bytes);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	144	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	145	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	146
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	147	if (null !== $this->logger) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	148	$this->logger->warn('Could not produce a cryptographically strong random value. Please install/update the OpenSSL extension.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	149	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	150
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	151	return base64_encode(hash('sha512', uniqid(mt_rand(), true), true));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	152	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	153	}

author	ymh <ymh.work@gmail.com>
	Sat, 24 Sep 2011 15:40:41 +0200
changeset 0	7f95f8617b0b
permissions	-rwxr-xr-x