API tools faq
paste
Guest User

Untitled

a guest
Feb 8th, 2018
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.26 KB | None | 0 0
raw download clone embed print report
  1. class ApiKeyAuthenticator implements SimplePreAuthenticatorInterface
  2. {
  3. public function createToken(Request $request, $providerKey)
  4. {
  5. $apiKey = $request->query->get('apiKey');
  6.  
  7. return new PreAuthenticatedToken(
  8. 'anon.',
  9. $apiKey,
  10. $providerKey
  11. );
  12. }
  13.  
  14. public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
  15. {
  16. $apiKey = $token->getCredentials();
  17. $username = $userProvider->getUsernameForApiKey($apiKey);
  18.  
  19. // The part where we try and keep the user in the session!
  20. $user = $token->getUser();
  21. if ($user instanceof ApiKeyUser) {
  22. return new PreAuthenticatedToken(
  23. $user,
  24. $apiKey,
  25. $providerKey,
  26. $user->getRoles()
  27. );
  28. }
  29.  
  30.  
  31. $user = $userProvider->loadUserByUsername($username);
  32.  
  33. return new PreAuthenticatedToken(
  34. $user,
  35. $apiKey,
  36. $providerKey,
  37. $user->getRoles()
  38. );
  39. }
  40.  
  41. public function supportsToken(TokenInterface $token, $providerKey)
  42. {
  43. return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
  44. }
  45. }
  46.  
  47. class ApiKeyUserProvider implements UserProviderInterface
  48. {
  49. protected $repo;
  50.  
  51. // I'm injecting the Repo here (docs don't help with this)
  52. public function __construct(UserRepository $repo)
  53. {
  54. $this->repo = $repo;
  55. }
  56.  
  57. public function getUsernameForApiKey($apiKey)
  58. {
  59. $data = $this->repo->findUsernameByApiKey($apiKey);
  60.  
  61. $username = (!is_null($data)) ? $data->getUsername() : null;
  62.  
  63. return $username;
  64. }
  65.  
  66. public function loadUserByUsername($username)
  67. {
  68. return $this->repo->findOneBy(['username' => $username]);
  69. }
  70.  
  71. public function refreshUser(UserInterface $user)
  72. {
  73. // docs state to return here if we don't want stateless
  74. return $user;
  75. }
  76.  
  77. public function supportsClass($class)
  78. {
  79. return 'SymfonyComponentSecurityCoreUserUser' === $class;
  80. }
  81. }
  82.  
  83. class ApiKeyUser implements UserInterface
  84. {
  85. private $id;
  86. private $username;
  87. private $password;
  88. private $email;
  89. private $salt;
  90. private $apiKey;
  91. private $isActive;
  92.  
  93. public function __construct($username, $password, $salt, $apiKey, $isActive = true)
  94. {
  95. $this->username = $username;
  96. $this->password = $password;
  97. $this->salt = $salt;
  98. $this->apiKey = $apiKey;
  99. $this->isActive = $isActive;
  100. }
  101.  
  102. //-- SNIP getters --//
  103. }
  104.  
  105. # Here is my custom user provider class from above
  106. providers:
  107. api_key_user_provider:
  108. id: api_key_user_provider
  109.  
  110. firewalls:
  111. # Authentication disabled for dev (default settings)
  112. dev:
  113. pattern: ^/(_(profiler|wdt)|css|images|js)/
  114. security: false
  115. # My new settings, with stateless set to false
  116. secured_area:
  117. pattern: ^/
  118. stateless: false
  119. simple_preauth:
  120. authenticator: apikey_authenticator
  121. provider:
  122. api_key_user_provider
  123.  
  124. api_key_user_repository:
  125. class: DoctrineORMEntityRepository
  126. factory: ["@doctrine.orm.entity_manager", getRepository]
  127. arguments: [AppBundleSecurityApiKeyUser]
  128.  
  129. api_key_user_provider:
  130. class: AppBundleSecurityApiKeyUserProvider
  131. factory_service: doctrine.orm.default_entity_manager
  132. factory_method: getRepository
  133. arguments: ["@api_key_user_repository"]
  134.  
  135. apikey_authenticator:
  136. class: AppBundleSecurityApiKeyAuthenticator
  137. public: false
  138.  
  139. /**
  140. * Returns the user.
  141. *
  142. * @return string|null
  143. */
  144. public function getUser()
  145. {
  146. return $this->headers->get('PHP_AUTH_USER');
  147. }
  148.  
  149. $this->get('security.token_storage')->getToken()->getUser();
  150.  
  151. $this->getUser();
  152.  
  153. protected function getUser()
  154. {
  155. if (!$this->container->has('security.token_storage')) {
  156. throw new LogicException('The SecurityBundle is not registered in your application. Try running "composer require symfony/security-bundle".');
  157. }
  158.  
  159. if (null === $token = $this->container->get('security.token_storage')->getToken()) {
  160. return;
  161. }
  162.  
  163. if (!is_object($user = $token->getUser())) {
  164. // e.g. anonymous authentication
  165. return;
  166. }
  167.  
  168. return $user;
  169. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!