Mercurial Mercurial > hdabo_sf / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
vendor/symfony/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
changeset 0 7f95f8617b0b 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/vendor/symfony/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php	Sat Sep 24 15:40:41 2011 +0200
@@ -0,0 +1,151 @@
+<?php
+
+namespace Symfony\Component\Security\Http\RememberMe;
+
+use Symfony\Component\HttpFoundation\Cookie;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+/**
+ * Concrete implementation of the RememberMeServicesInterface providing
+ * remember-me capabilities without requiring a TokenProvider.
+ *
+ * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ */
+class TokenBasedRememberMeServices extends AbstractRememberMeServices
+{
+    /**
+     * {@inheritDoc}
+     */
+    protected function processAutoLoginCookie(array $cookieParts, Request $request)
+    {
+        if (count($cookieParts) !== 4) {
+            throw new AuthenticationException('The cookie is invalid.');
+        }
+
+        list($class, $username, $expires, $hash) = $cookieParts;
+        if (false === $username = base64_decode($username, true)) {
+            throw new AuthenticationException('$username contains a character from outside the base64 alphabet.');
+        }
+        try {
+            $user = $this->getUserProvider($class)->loadUserByUsername($username);
+        } catch (\Exception $ex) {
+            if (!$ex instanceof AuthenticationException) {
+                $ex = new AuthenticationException($ex->getMessage(), null, $ex->getCode(), $ex);
+            }
+
+            throw $ex;
+        }
+
+        if (!$user instanceof UserInterface) {
+            throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
+        }
+
+        if (true !== $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
+            throw new AuthenticationException('The cookie\'s hash is invalid.');
+        }
+
+        if ($expires < time()) {
+            throw new AuthenticationException('The cookie has expired.');
+        }
+
+        return $user;
+    }
+
+    /**
+     * Compares two hashes using a constant-time algorithm to avoid (remote)
+     * timing attacks.
+     *
+     * This is the same implementation as used in the BasePasswordEncoder.
+     *
+     * @param string $hash1 The first hash
+     * @param string $hash2 The second hash
+     *
+     * @return Boolean true if the two hashes are the same, false otherwise
+     */
+    private function compareHashes($hash1, $hash2)
+    {
+        if (strlen($hash1) !== $c = strlen($hash2)) {
+            return false;
+        }
+
+        $result = 0;
+        for ($i = 0; $i < $c; $i++) {
+            $result |= ord($hash1[$i]) ^ ord($hash2[$i]);
+        }
+
+        return 0 === $result;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token)
+    {
+        $user = $token->getUser();
+        $expires = time() + $this->options['lifetime'];
+        $value = $this->generateCookieValue(get_class($user), $user->getUsername(), $expires, $user->getPassword());
+
+        $response->headers->setCookie(
+            new Cookie(
+                $this->options['name'],
+                $value,
+                $expires,
+                $this->options['path'],
+                $this->options['domain'],
+                $this->options['secure'],
+                $this->options['httponly']
+            )
+        );
+    }
+
+    /**
+     * Generates the cookie value.
+     *
+     * @param string  $class
+     * @param string  $username The username
+     * @param integer $expires  The unixtime when the cookie expires
+     * @param string  $password The encoded password
+     *
+     * @throws \RuntimeException if username contains invalid chars
+     *
+     * @return string
+     */
+    protected function generateCookieValue($class, $username, $expires, $password)
+    {
+        return $this->encodeCookie(array(
+            $class,
+            base64_encode($username),
+            $expires,
+            $this->generateCookieHash($class, $username, $expires, $password)
+        ));
+    }
+
+    /**
+     * Generates a hash for the cookie to ensure it is not being tempered with
+     *
+     * @param string $class
+     * @param string $username The username
+     * @param integer $expires The unixtime when the cookie expires
+     * @param string $password The encoded password
+     * @throws \RuntimeException when the private key is empty
+     * @return string
+     */
+    protected function generateCookieHash($class, $username, $expires, $password)
+    {
+        return hash('sha256', $class.$username.$expires.$password.$this->getKey());
+    }
+}
hdabo_sf