devol/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2024-12-15 09:57:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

log for authentication on API

Browse Source
This commit is contained in:
Nicolas Lœuillet 2015-02-09 22:07:39 +01:00
parent 0ac38198ab
commit 2a94b1d1b7
7 changed files with 45 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/config/config_prod.yml
View File

@ -17,6 +17,11 @@ monolog:
type: fingers_crossed type: fingers_crossed
action_level: error action_level: error
handler: nested handler: nested
wsse:
type: stream
path: %kernel.logs_dir%/%kernel.environment%.wsse.log
level: error
channels: [wsse]
nested: nested:
type: stream type: stream
path: "%kernel.logs_dir%/%kernel.environment%.log" path: "%kernel.logs_dir%/%kernel.environment%.log"

1
src/Wallabag/CoreBundle/Controller/EntryController.php
View File

@ -6,7 +6,6 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Wallabag\CoreBundle\Entity\Entry; use Wallabag\CoreBundle\Entity\Entry;
use Wallabag\CoreBundle\Repository;
use Wallabag\CoreBundle\Service\Extractor; use Wallabag\CoreBundle\Service\Extractor;
use Wallabag\CoreBundle\Helper\Url; use Wallabag\CoreBundle\Helper\Url;

12
src/Wallabag/CoreBundle/Repository/EntryRepository.php
View File

@ -91,12 +91,12 @@ class EntryRepository extends EntityRepository
/** /**
* Find Entries * Find Entries
* *
* @param int $userId * @param int $userId
* @param bool $isArchived * @param bool $isArchived
* @param bool $isStarred * @param bool $isStarred
* @param bool $isDeleted * @param bool $isDeleted
* @param string $sort * @param string $sort
* @param string $order * @param string $order
* *
* @return ArrayCollection * @return ArrayCollection
*/ */

2
src/Wallabag/CoreBundle/Resources/config/services.xml
View File

@ -21,6 +21,8 @@
class="Wallabag\CoreBundle\Security\Firewall\WsseListener" public="false"> class="Wallabag\CoreBundle\Security\Firewall\WsseListener" public="false">
<argument type="service" id="security.context"/> <argument type="service" id="security.context"/>
<argument type="service" id="security.authentication.manager" /> <argument type="service" id="security.authentication.manager" />
<argument type="service" id="logger" />
<tag name="monolog.logger" channel="wsse" />
</service> </service>
</services> </services>

23
src/Wallabag/CoreBundle/Security/Authentication/Provider/WsseProvider.php
View File

@ -23,6 +23,10 @@ class WsseProvider implements AuthenticationProviderInterface
{ {
$user = $this->userProvider->loadUserByUsername($token->getUsername()); $user = $this->userProvider->loadUserByUsername($token->getUsername());
if (!$user) {
throw new AuthenticationException("Bad credentials. Did you forgot your username?");
}
if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) {
$authenticatedToken = new WsseUserToken($user->getRoles()); $authenticatedToken = new WsseUserToken($user->getRoles());
$authenticatedToken->setUser($user); $authenticatedToken->setUser($user);
@ -35,12 +39,17 @@ class WsseProvider implements AuthenticationProviderInterface
protected function validateDigest($digest, $nonce, $created, $secret) protected function validateDigest($digest, $nonce, $created, $secret)
{ {
// Expire le timestamp après 5 minutes // Check created time is not in the future
if (time() - strtotime($created) > 300) { if (strtotime($created) > time()) {
return false; throw new AuthenticationException("Back to the future...");
} }
// Valide que le nonce est unique dans les 5 minutes // Expire timestamp after 5 minutes
if (time() - strtotime($created) > 300) {
throw new AuthenticationException("Too late for this timestamp... Watch your watch.");
}
// Validate nonce is unique within 5 minutes
if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) { if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) {
throw new NonceExpiredException('Previously used nonce detected'); throw new NonceExpiredException('Previously used nonce detected');
} }
@ -52,9 +61,13 @@ class WsseProvider implements AuthenticationProviderInterface
file_put_contents($this->cacheDir.'/'.$nonce, time()); file_put_contents($this->cacheDir.'/'.$nonce, time());
// Valide le Secret // Validate Secret
$expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true));
if ($digest !== $expected) {
throw new AuthenticationException("Bad credentials ! Digest is not as expected.");
}
return $digest === $expected; return $digest === $expected;
} }

20
src/Wallabag/CoreBundle/Security/Firewall/WsseListener.php
View File

@ -9,16 +9,19 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
use Wallabag\CoreBundle\Security\Authentication\Token\WsseUserToken; use Wallabag\CoreBundle\Security\Authentication\Token\WsseUserToken;
use Symfony\Component\HttpKernel\Log\LoggerInterface;
class WsseListener implements ListenerInterface class WsseListener implements ListenerInterface
{ {
protected $securityContext; protected $securityContext;
protected $authenticationManager; protected $authenticationManager;
protected $logger;
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager) public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger)
{ {
$this->securityContext = $securityContext; $this->securityContext = $securityContext;
$this->authenticationManager = $authenticationManager; $this->authenticationManager = $authenticationManager;
$this->logger = $logger;
} }
public function handle(GetResponseEvent $event) public function handle(GetResponseEvent $event)
@ -42,16 +45,21 @@ class WsseListener implements ListenerInterface
$this->securityContext->setToken($authToken); $this->securityContext->setToken($authToken);
} catch (AuthenticationException $failed) { } catch (AuthenticationException $failed) {
// ... you might log something here $failedMessage = 'WSSE Login failed for '.$token->getUsername().'. Why ? '.$failed->getMessage();
$this->logger->err($failedMessage);
// To deny the authentication clear the token. This will redirect to the login page.
// $this->securityContext->setToken(null);
// return;
// Deny authentication with a '403 Forbidden' HTTP response // Deny authentication with a '403 Forbidden' HTTP response
$response = new Response(); $response = new Response();
$response->setStatusCode(403); $response->setStatusCode(403);
$response->setContent($failedMessage);
$event->setResponse($response); $event->setResponse($response);
return;
} }
// By default deny authorization
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
} }
} }

2
src/Wallabag/CoreBundle/Tests/WallabagTestCase.php
View File

@ -3,8 +3,6 @@
namespace Wallabag\CoreBundle\Tests; namespace Wallabag\CoreBundle\Tests;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase; use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\BrowserKit\Cookie;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
class WallabagTestCase extends WebTestCase class WallabagTestCase extends WebTestCase
{ {