Commit 1dc67d84 authored by Bertrand Gauthier's avatar Bertrand Gauthier
Browse files

Simplification méthode authenticate (appel au parent).

parent 2803eb8f
<?php <?php
namespace UnicaenAuth\Authentication\Adapter; namespace UnicaenAuth\Authentication\Adapter;
use UnicaenApp\Exception;
use UnicaenAuth\Authentication\Adapter\Db;
use UnicaenAuth\Options\AuthenticationOptionsInterface;
use Zend\Authentication\Result as AuthenticationResult; use Zend\Authentication\Result as AuthenticationResult;
use Zend\Crypt\Password\Bcrypt; use Zend\Crypt\Password\Bcrypt;
use ZfcUser\Authentication\Adapter\AdapterChainEvent; use ZfcUser\Authentication\Adapter\AdapterChainEvent;
use ZfcUser\Authentication\Adapter\AdapterChainEvent as AuthEvent; use ZfcUser\Authentication\Adapter\AdapterChainEvent as AuthEvent;
use \UnicaenAuth\Options\AuthenticationOptionsInterface; use ZfcUser\Entity\UserInterface;
/** /**
* Db authentication adpater with sesame password check. * Db authentication adpater with sesame password check.
...@@ -20,25 +23,51 @@ class Db extends \ZfcUser\Authentication\Adapter\Db ...@@ -20,25 +23,51 @@ class Db extends \ZfcUser\Authentication\Adapter\Db
protected $unicaenUserOptions; protected $unicaenUserOptions;
/** /**
* Authentification.
* *
* @param AdapterChainEvent $e * @param AdapterChainEvent $e
* @return boolean * @return boolean
*/ */
public function authenticate(AuthEvent $e) public function authenticate(AuthEvent $e)
{ {
if ($this->isSatisfied()) { $result = parent::authenticate($e);
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity']) // Failure, try sesame
->setCode(AuthenticationResult::SUCCESS) if (false === $result) {
->setMessages(array('Authentication successful.')); $identity = $e->getRequest()->getPost()->get('identity');
return; if (!($userObject = $this->findUser($identity))) {
return false;
}
$credential = $e->getRequest()->getPost()->get('credential');
//$credential = $this->preProcessCredential($credential);
$bcrypt = new Bcrypt();
$bcrypt->setCost($this->getOptions()->getPasswordCost());
if (($sesame = $this->getUnicaenAuthOptions()->getSesamePassword()) && $bcrypt->verify($credential, $sesame)) {
// Success!
$e->setIdentity($userObject->getId());
$this->checkIfBcryptCostHasChanged($sesame, $bcrypt);
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)
->setMessages(array('Authentication successful.'));
}
} }
return $result;
}
$identity = $e->getRequest()->getPost()->get('identity'); /**
$credential = $e->getRequest()->getPost()->get('credential'); * Recherche dans la base de données l'utilisateur correspondant à l'identité.
$credential = $this->preProcessCredential($credential); *
* @param string $identity
* @return UserInterface
*/
protected function findUser($identity)
{
$userObject = NULL; $userObject = NULL;
// Cycle through the configured identity sources and test each // Cycle through the configured identity sources and test each
$fields = $this->getOptions()->getAuthIdentityFields(); $fields = $this->getOptions()->getAuthIdentityFields();
while ( !is_object($userObject) && count($fields) > 0 ) { while ( !is_object($userObject) && count($fields) > 0 ) {
...@@ -52,39 +81,30 @@ class Db extends \ZfcUser\Authentication\Adapter\Db ...@@ -52,39 +81,30 @@ class Db extends \ZfcUser\Authentication\Adapter\Db
break; break;
} }
} }
return $userObject;
}
if (!$userObject) { /**
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND) * Teste si la valeur du paramètre 'cost' de l'algo Bcrypt depuis le chiffrage
->setMessages(array('A record with the supplied identity could not be found.')); * du mot de passe spécifié.
$this->setSatisfied(false); *
return false; * @param string $password
} * @param Bcrypt $bcrypt
* @return Db
$bcrypt = new Bcrypt(); * @throws Exception
$bcrypt->setCost($this->getOptions()->getPasswordCost()); */
if (!$bcrypt->verify($credential,$userObject->getPassword())) { protected function checkIfBcryptCostHasChanged($password, Bcrypt $bcrypt)
// Password does not match, try sesame {
if (!($sesame = $this->getUnicaenAuthOptions()->getSesamePassword()) || !$bcrypt->verify($credential, $sesame)) { $hash = explode('$', $password);
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID) if ($hash[2] !== $bcrypt->getCost()) {
->setMessages(array('Supplied credential is invalid.')); throw new Exception("Bcrypt cost has changed, you need to regenerate sesame password.");
$this->setSatisfied(false);
return false;
}
} }
return $this;
// Success!
$e->setIdentity($userObject->getId());
// Update user's password hash if the cost parameter has changed
$this->updateUserPasswordHash($userObject, $credential, $bcrypt);
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)
->setMessages(array('Authentication successful.'));
} }
/** /**
* Spécifie les options de config de ce module.
*
* @param AuthenticationOptionsInterface $options * @param AuthenticationOptionsInterface $options
*/ */
public function setUnicaenAuthOptions(AuthenticationOptionsInterface $options) public function setUnicaenAuthOptions(AuthenticationOptionsInterface $options)
...@@ -93,6 +113,8 @@ class Db extends \ZfcUser\Authentication\Adapter\Db ...@@ -93,6 +113,8 @@ class Db extends \ZfcUser\Authentication\Adapter\Db
} }
/** /**
* Retourne les options de config de ce module.
*
* @return AuthenticationOptionsInterface * @return AuthenticationOptionsInterface
*/ */
public function getUnicaenAuthOptions() public function getUnicaenAuthOptions()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment