Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
lib
unicaen
auth
Commits
1dc67d84
Commit
1dc67d84
authored
Feb 20, 2013
by
Bertrand Gauthier
Browse files
Simplification méthode authenticate (appel au parent).
parent
2803eb8f
Changes
1
Hide whitespace changes
Inline
Side-by-side
src/UnicaenAuth/Authentication/Adapter/Db.php
View file @
1dc67d84
<?php
namespace
UnicaenAuth\Authentication\Adapter
;
use
UnicaenApp\Exception
;
use
UnicaenAuth\Authentication\Adapter\Db
;
use
UnicaenAuth\Options\AuthenticationOptionsInterface
;
use
Zend\Authentication\Result
as
AuthenticationResult
;
use
Zend\Crypt\Password\Bcrypt
;
use
ZfcUser\Authentication\Adapter\AdapterChainEvent
;
use
ZfcUser\Authentication\Adapter\AdapterChainEvent
as
AuthEvent
;
use
\
UnicaenAuth\Options\AuthenticationOptions
Interface
;
use
ZfcUser\Entity\User
Interface
;
/**
* Db authentication adpater with sesame password check.
...
...
@@ -20,25 +23,51 @@ class Db extends \ZfcUser\Authentication\Adapter\Db
protected
$unicaenUserOptions
;
/**
* Authentification.
*
* @param AdapterChainEvent $e
* @return boolean
*/
public
function
authenticate
(
AuthEvent
$e
)
{
if
(
$this
->
isSatisfied
())
{
$storage
=
$this
->
getStorage
()
->
read
();
$e
->
setIdentity
(
$storage
[
'identity'
])
->
setCode
(
AuthenticationResult
::
SUCCESS
)
->
setMessages
(
array
(
'Authentication successful.'
));
return
;
$result
=
parent
::
authenticate
(
$e
);
// Failure, try sesame
if
(
false
===
$result
)
{
$identity
=
$e
->
getRequest
()
->
getPost
()
->
get
(
'identity'
);
if
(
!
(
$userObject
=
$this
->
findUser
(
$identity
)))
{
return
false
;
}
$credential
=
$e
->
getRequest
()
->
getPost
()
->
get
(
'credential'
);
//$credential = $this->preProcessCredential($credential);
$bcrypt
=
new
Bcrypt
();
$bcrypt
->
setCost
(
$this
->
getOptions
()
->
getPasswordCost
());
if
((
$sesame
=
$this
->
getUnicaenAuthOptions
()
->
getSesamePassword
())
&&
$bcrypt
->
verify
(
$credential
,
$sesame
))
{
// Success!
$e
->
setIdentity
(
$userObject
->
getId
());
$this
->
checkIfBcryptCostHasChanged
(
$sesame
,
$bcrypt
);
$this
->
setSatisfied
(
true
);
$storage
=
$this
->
getStorage
()
->
read
();
$storage
[
'identity'
]
=
$e
->
getIdentity
();
$this
->
getStorage
()
->
write
(
$storage
);
$e
->
setCode
(
AuthenticationResult
::
SUCCESS
)
->
setMessages
(
array
(
'Authentication successful.'
));
}
}
return
$result
;
}
$identity
=
$e
->
getRequest
()
->
getPost
()
->
get
(
'identity'
);
$credential
=
$e
->
getRequest
()
->
getPost
()
->
get
(
'credential'
);
$credential
=
$this
->
preProcessCredential
(
$credential
);
/**
* Recherche dans la base de données l'utilisateur correspondant à l'identité.
*
* @param string $identity
* @return UserInterface
*/
protected
function
findUser
(
$identity
)
{
$userObject
=
NULL
;
// Cycle through the configured identity sources and test each
$fields
=
$this
->
getOptions
()
->
getAuthIdentityFields
();
while
(
!
is_object
(
$userObject
)
&&
count
(
$fields
)
>
0
)
{
...
...
@@ -52,39 +81,30 @@ class Db extends \ZfcUser\Authentication\Adapter\Db
break
;
}
}
return
$userObject
;
}
if
(
!
$userObject
)
{
$e
->
setCode
(
AuthenticationResult
::
FAILURE_IDENTITY_NOT_FOUND
)
->
setMessages
(
array
(
'A record with the supplied identity could not be found.'
));
$this
->
setSatisfied
(
false
);
return
false
;
}
$bcrypt
=
new
Bcrypt
();
$bcrypt
->
setCost
(
$this
->
getOptions
()
->
getPasswordCost
());
if
(
!
$bcrypt
->
verify
(
$credential
,
$userObject
->
getPassword
()))
{
// Password does not match, try sesame
if
(
!
(
$sesame
=
$this
->
getUnicaenAuthOptions
()
->
getSesamePassword
())
||
!
$bcrypt
->
verify
(
$credential
,
$sesame
))
{
$e
->
setCode
(
AuthenticationResult
::
FAILURE_CREDENTIAL_INVALID
)
->
setMessages
(
array
(
'Supplied credential is invalid.'
));
$this
->
setSatisfied
(
false
);
return
false
;
}
/**
* Teste si la valeur du paramètre 'cost' de l'algo Bcrypt depuis le chiffrage
* du mot de passe spécifié.
*
* @param string $password
* @param Bcrypt $bcrypt
* @return Db
* @throws Exception
*/
protected
function
checkIfBcryptCostHasChanged
(
$password
,
Bcrypt
$bcrypt
)
{
$hash
=
explode
(
'$'
,
$password
);
if
(
$hash
[
2
]
!==
$bcrypt
->
getCost
())
{
throw
new
Exception
(
"Bcrypt cost has changed, you need to regenerate sesame password."
);
}
// Success!
$e
->
setIdentity
(
$userObject
->
getId
());
// Update user's password hash if the cost parameter has changed
$this
->
updateUserPasswordHash
(
$userObject
,
$credential
,
$bcrypt
);
$this
->
setSatisfied
(
true
);
$storage
=
$this
->
getStorage
()
->
read
();
$storage
[
'identity'
]
=
$e
->
getIdentity
();
$this
->
getStorage
()
->
write
(
$storage
);
$e
->
setCode
(
AuthenticationResult
::
SUCCESS
)
->
setMessages
(
array
(
'Authentication successful.'
));
return
$this
;
}
/**
* Spécifie les options de config de ce module.
*
* @param AuthenticationOptionsInterface $options
*/
public
function
setUnicaenAuthOptions
(
AuthenticationOptionsInterface
$options
)
...
...
@@ -93,6 +113,8 @@ class Db extends \ZfcUser\Authentication\Adapter\Db
}
/**
* Retourne les options de config de ce module.
*
* @return AuthenticationOptionsInterface
*/
public
function
getUnicaenAuthOptions
()
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment