Skip to content
Snippets Groups Projects
Commit 1dc67d84 authored by Bertrand Gauthier's avatar Bertrand Gauthier
Browse files

Simplification méthode authenticate (appel au parent).

parent 2803eb8f
No related branches found
No related tags found
No related merge requests found
<?php
namespace UnicaenAuth\Authentication\Adapter;
use UnicaenApp\Exception;
use UnicaenAuth\Authentication\Adapter\Db;
use UnicaenAuth\Options\AuthenticationOptionsInterface;
use Zend\Authentication\Result as AuthenticationResult;
use Zend\Crypt\Password\Bcrypt;
use ZfcUser\Authentication\Adapter\AdapterChainEvent;
use ZfcUser\Authentication\Adapter\AdapterChainEvent as AuthEvent;
use \UnicaenAuth\Options\AuthenticationOptionsInterface;
use ZfcUser\Entity\UserInterface;
/**
* Db authentication adpater with sesame password check.
......@@ -20,25 +23,51 @@ class Db extends \ZfcUser\Authentication\Adapter\Db
protected $unicaenUserOptions;
/**
* Authentification.
*
* @param AdapterChainEvent $e
* @return boolean
*/
public function authenticate(AuthEvent $e)
{
if ($this->isSatisfied()) {
$result = parent::authenticate($e);
// Failure, try sesame
if (false === $result) {
$identity = $e->getRequest()->getPost()->get('identity');
if (!($userObject = $this->findUser($identity))) {
return false;
}
$credential = $e->getRequest()->getPost()->get('credential');
//$credential = $this->preProcessCredential($credential);
$bcrypt = new Bcrypt();
$bcrypt->setCost($this->getOptions()->getPasswordCost());
if (($sesame = $this->getUnicaenAuthOptions()->getSesamePassword()) && $bcrypt->verify($credential, $sesame)) {
// Success!
$e->setIdentity($userObject->getId());
$this->checkIfBcryptCostHasChanged($sesame, $bcrypt);
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])
->setCode(AuthenticationResult::SUCCESS)
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)
->setMessages(array('Authentication successful.'));
return;
}
}
$identity = $e->getRequest()->getPost()->get('identity');
$credential = $e->getRequest()->getPost()->get('credential');
$credential = $this->preProcessCredential($credential);
$userObject = NULL;
return $result;
}
/**
* Recherche dans la base de données l'utilisateur correspondant à l'identité.
*
* @param string $identity
* @return UserInterface
*/
protected function findUser($identity)
{
$userObject = NULL;
// Cycle through the configured identity sources and test each
$fields = $this->getOptions()->getAuthIdentityFields();
while ( !is_object($userObject) && count($fields) > 0 ) {
......@@ -52,39 +81,30 @@ class Db extends \ZfcUser\Authentication\Adapter\Db
break;
}
}
if (!$userObject) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)
->setMessages(array('A record with the supplied identity could not be found.'));
$this->setSatisfied(false);
return false;
return $userObject;
}
$bcrypt = new Bcrypt();
$bcrypt->setCost($this->getOptions()->getPasswordCost());
if (!$bcrypt->verify($credential,$userObject->getPassword())) {
// Password does not match, try sesame
if (!($sesame = $this->getUnicaenAuthOptions()->getSesamePassword()) || !$bcrypt->verify($credential, $sesame)) {
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)
->setMessages(array('Supplied credential is invalid.'));
$this->setSatisfied(false);
return false;
}
/**
* Teste si la valeur du paramètre 'cost' de l'algo Bcrypt depuis le chiffrage
* du mot de passe spécifié.
*
* @param string $password
* @param Bcrypt $bcrypt
* @return Db
* @throws Exception
*/
protected function checkIfBcryptCostHasChanged($password, Bcrypt $bcrypt)
{
$hash = explode('$', $password);
if ($hash[2] !== $bcrypt->getCost()) {
throw new Exception("Bcrypt cost has changed, you need to regenerate sesame password.");
}
// Success!
$e->setIdentity($userObject->getId());
// Update user's password hash if the cost parameter has changed
$this->updateUserPasswordHash($userObject, $credential, $bcrypt);
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)
->setMessages(array('Authentication successful.'));
return $this;
}
/**
* Spécifie les options de config de ce module.
*
* @param AuthenticationOptionsInterface $options
*/
public function setUnicaenAuthOptions(AuthenticationOptionsInterface $options)
......@@ -93,6 +113,8 @@ class Db extends \ZfcUser\Authentication\Adapter\Db
}
/**
* Retourne les options de config de ce module.
*
* @return AuthenticationOptionsInterface
*/
public function getUnicaenAuthOptions()
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment