|
1
|
|
|
<?php |
|
2
|
|
|
namespace AppBundle\Security; |
|
3
|
|
|
|
|
4
|
|
|
use Symfony\Component\HttpFoundation\Request; |
|
5
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken; |
|
6
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
|
7
|
|
|
|
|
8
|
|
|
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException; |
|
9
|
|
|
use Symfony\Component\Security\Core\Exception\BadCredentialsException; |
|
10
|
|
|
use Symfony\Component\Security\Core\User\UserProviderInterface; |
|
11
|
|
|
use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface; |
|
12
|
|
|
|
|
13
|
|
|
|
|
14
|
|
|
use Doctrine\Common\Persistence\ManagerRegistry; |
|
15
|
|
|
|
|
16
|
|
|
|
|
17
|
|
|
class ApiKeyAuthenticator implements SimplePreAuthenticatorInterface |
|
18
|
|
|
{ |
|
19
|
|
|
private $registry; |
|
20
|
|
|
|
|
21
|
|
|
public function __construct(ManagerRegistry $registry) |
|
22
|
|
|
{ |
|
23
|
|
|
$this->registry = $registry; |
|
24
|
|
|
} |
|
25
|
|
|
|
|
26
|
|
|
public function createToken(Request $request, $providerKey) |
|
27
|
|
|
{ |
|
28
|
|
|
// look for an apikey query parameter |
|
29
|
|
|
//$apiKey = $request->query->get('apikey'); |
|
|
|
|
|
|
30
|
|
|
|
|
31
|
|
|
// or if you want to use an "apikey" header, then do something like this: |
|
32
|
|
|
$apiKey = $request->headers->get('apikey'); |
|
33
|
|
|
|
|
34
|
|
|
/* if (!$apiKey) { |
|
|
|
|
|
|
35
|
|
|
throw new BadCredentialsException(); |
|
36
|
|
|
|
|
37
|
|
|
}*/ |
|
38
|
|
|
|
|
39
|
|
|
if (!$apiKey){ |
|
40
|
|
|
|
|
41
|
|
|
throw new BadCredentialsException(); |
|
42
|
|
|
|
|
43
|
|
|
|
|
44
|
|
|
|
|
45
|
|
|
|
|
46
|
|
|
|
|
47
|
|
|
} |
|
48
|
|
|
|
|
49
|
|
|
return new PreAuthenticatedToken( |
|
50
|
|
|
'anon.', |
|
51
|
|
|
$apiKey, |
|
52
|
|
|
$providerKey |
|
53
|
|
|
|
|
54
|
|
|
); |
|
55
|
|
|
|
|
56
|
|
|
|
|
57
|
|
|
} |
|
58
|
|
|
|
|
59
|
|
|
public function supportsToken(TokenInterface $token, $providerKey) |
|
60
|
|
|
{ |
|
61
|
|
|
return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey; |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) |
|
65
|
|
|
{ |
|
66
|
|
|
if (!$userProvider instanceof ApiKeyUserProvider) { |
|
67
|
|
|
throw new \InvalidArgumentException( |
|
68
|
|
|
sprintf( |
|
69
|
|
|
'The user provider must be an instance of ApiKeyUserProvider (%s was given).', |
|
70
|
|
|
get_class($userProvider) |
|
71
|
|
|
) |
|
72
|
|
|
); |
|
73
|
|
|
} |
|
74
|
|
|
|
|
75
|
|
|
$apiKey = $token->getCredentials(); |
|
76
|
|
|
$username = $userProvider->getUsernameForApiKey($apiKey); |
|
77
|
|
|
|
|
78
|
|
|
if (!$username) { |
|
79
|
|
|
// CAUTION: this message will be returned to the client |
|
80
|
|
|
// (so don't put any un-trusted messages / error strings here) |
|
81
|
|
|
throw new CustomUserMessageAuthenticationException( |
|
82
|
|
|
sprintf('API Key "%s" does not exist.', $apiKey) |
|
83
|
|
|
); |
|
84
|
|
|
} |
|
85
|
|
|
|
|
86
|
|
|
$user = $userProvider->loadUserByUsername($username); |
|
87
|
|
|
|
|
88
|
|
|
return new PreAuthenticatedToken( |
|
89
|
|
|
$user, |
|
90
|
|
|
$apiKey, |
|
91
|
|
|
$providerKey, |
|
92
|
|
|
$user->getRoles() |
|
93
|
|
|
); |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
|
|
97
|
|
|
|
|
98
|
|
|
|
|
99
|
|
|
} |
|
100
|
|
|
|
geekhub-php /
CheTheatre
Loading history...
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.