hdabo_sf: vendor/symfony/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php@d672f7dd74dc (annotated)

0 7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	1	<?php
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	2
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	3	namespace Symfony\Component\Security\Http\RememberMe;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	4
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	5	use Symfony\Component\HttpFoundation\Cookie;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	6	use Symfony\Component\HttpFoundation\Request;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	7	use Symfony\Component\HttpFoundation\Response;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	8	use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	9	use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	10	use Symfony\Component\Security\Core\Exception\AuthenticationException;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	11	use Symfony\Component\Security\Core\User\UserInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	12
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	13	/*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	14	* This file is part of the Symfony package.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	15	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	16	* (c) Fabien Potencier <fabien@symfony.com>
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	17	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	18	* For the full copyright and license information, please view the LICENSE
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	19	* file that was distributed with this source code.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	20	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	21
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	22	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	23	* Concrete implementation of the RememberMeServicesInterface providing
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	24	* remember-me capabilities without requiring a TokenProvider.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	25	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	26	* @author Johannes M. Schmitt <schmittjoh@gmail.com>
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	27	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	28	class TokenBasedRememberMeServices extends AbstractRememberMeServices
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	29	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	30	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	31	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	32	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	33	protected function processAutoLoginCookie(array $cookieParts, Request $request)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	34	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	35	if (count($cookieParts) !== 4) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	36	throw new AuthenticationException('The cookie is invalid.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	37	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	38
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	39	list($class, $username, $expires, $hash) = $cookieParts;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	40	if (false === $username = base64_decode($username, true)) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	41	throw new AuthenticationException('$username contains a character from outside the base64 alphabet.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	42	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	43	try {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	44	$user = $this->getUserProvider($class)->loadUserByUsername($username);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	45	} catch (\Exception $ex) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	46	if (!$ex instanceof AuthenticationException) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	47	$ex = new AuthenticationException($ex->getMessage(), null, $ex->getCode(), $ex);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	48	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	49
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	50	throw $ex;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	51	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	52
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	53	if (!$user instanceof UserInterface) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	54	throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	55	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	56
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	57	if (true !== $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	58	throw new AuthenticationException('The cookie\'s hash is invalid.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	59	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	60
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	61	if ($expires < time()) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	62	throw new AuthenticationException('The cookie has expired.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	63	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	64
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	65	return $user;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	66	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	67
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	68	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	69	* Compares two hashes using a constant-time algorithm to avoid (remote)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	70	* timing attacks.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	71	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	72	* This is the same implementation as used in the BasePasswordEncoder.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	73	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	74	* @param string $hash1 The first hash
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	75	* @param string $hash2 The second hash
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	76	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	77	* @return Boolean true if the two hashes are the same, false otherwise
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	78	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	79	private function compareHashes($hash1, $hash2)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	80	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	81	if (strlen($hash1) !== $c = strlen($hash2)) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	82	return false;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	83	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	84
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	85	$result = 0;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	86	for ($i = 0; $i < $c; $i++) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	87	$result \|= ord($hash1[$i]) ^ ord($hash2[$i]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	88	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	89
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	90	return 0 === $result;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	91	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	92
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	93	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	94	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	95	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	96	protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	97	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	98	$user = $token->getUser();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	99	$expires = time() + $this->options['lifetime'];
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	100	$value = $this->generateCookieValue(get_class($user), $user->getUsername(), $expires, $user->getPassword());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	101
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	102	$response->headers->setCookie(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	103	new Cookie(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	104	$this->options['name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	105	$value,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	106	$expires,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	107	$this->options['path'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	108	$this->options['domain'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	109	$this->options['secure'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	110	$this->options['httponly']
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	111	)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	112	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	113	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	114
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	115	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	116	* Generates the cookie value.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	117	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	118	* @param string $class
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	119	* @param string $username The username
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	120	* @param integer $expires The unixtime when the cookie expires
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	121	* @param string $password The encoded password
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	122	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	123	* @throws \RuntimeException if username contains invalid chars
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	124	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	125	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	126	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	127	protected function generateCookieValue($class, $username, $expires, $password)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	128	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	129	return $this->encodeCookie(array(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	130	$class,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	131	base64_encode($username),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	132	$expires,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	133	$this->generateCookieHash($class, $username, $expires, $password)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	134	));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	135	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	136
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	137	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	138	* Generates a hash for the cookie to ensure it is not being tempered with
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	139	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	140	* @param string $class
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	141	* @param string $username The username
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	142	* @param integer $expires The unixtime when the cookie expires
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	143	* @param string $password The encoded password
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	144	* @throws \RuntimeException when the private key is empty
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	145	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	146	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	147	protected function generateCookieHash($class, $username, $expires, $password)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	148	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	149	return hash('sha256', $class.$username.$expires.$password.$this->getKey());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	150	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	151	}

author	cavaliet
	Mon, 07 Jul 2014 17:23:47 +0200
changeset 122	d672f7dd74dc
parent 0	7f95f8617b0b
permissions	-rwxr-xr-x