Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /**
- * Create a Token from the submitted data.<br/>
- *
- * @ApiDoc(
- * resource = true,
- * description = "Creates a new token from the submitted data.",
- * statusCodes = {
- * 200 = "Returned when successful",
- * 400 = "Returned when the form has errors"
- * }
- * )
- *
- * @param ParamFetcher $paramFetcher Paramfetcher
- *
- * @RequestParam(name="username", nullable=false, strict=true, description="username.")
- * @RequestParam(name="password", nullable=false, strict=true, description="password.")
- * @RequestParam(name="salt", nullable=false, strict=true, description="salt.")
- *
- * @return View
- */
- public function postTokenAction(ParamFetcher $paramFetcher)
- {
- $view = View::create();
- $userManager = $this->get('fos_user.user_manager');
- $user = $userManager->findUserByUsername($paramFetcher->get('username'));
- if (!$user instanceof User) {
- $view->setStatusCode(404)->setData("Data received succesfully but with errors.");
- return $view;
- }
- $factory = $this->get('security.encoder_factory');
- $encoder = $factory->getEncoder($user);
- $password = $encoder->encodePassword($paramFetcher->get('password'), $paramFetcher->get('salt'));
- $header = $this->generateToken($paramFetcher->get('username'), $password);
- $data = array('X-WSSE' => $header);
- $view->setHeader("Authorization", 'WSSE profile="UsernameToken"');
- $view->setHeader("X-WSSE", $header);
- $view->setStatusCode(200)->setData($data);
- return $view;
- }
- /**
- * Generate token for username given
- *
- * @param string $username username
- * @param string $password password with salt included
- * @return string
- */
- private function generateToken($username, $password)
- {
- $created = date('c');
- $nonce = substr(md5(uniqid('nonce_', true)), 0, 16);
- $nonceSixtyFour = base64_encode($nonce);
- $passwordDigest = base64_encode(sha1($nonce . $created . $password, true));
- $token = sprintf(
- 'UsernameToken Username="%s", PasswordDigest="%s", Nonce="%s", Created="%s"',
- $username,
- $passwordDigest,
- $nonceSixtyFour,
- $created
- );
- return $token;
- }
- .controller('SignInCtrl', function ($rootScope, $scope, $http, $cookies, Salt, Digest, envService) {
- var apiUrl = envService.read('apiUrl');
- $scope.username = null;
- $scope.password = null;
- $scope.getSalt = function (username, password) {
- var data = {
- username: $scope.username,
- password: $scope.password
- };
- $http({
- method: 'GET',
- url: apiUrl + 'v1/users/' + username + '/salt.json',
- data: JSON.stringify(data),
- headers: {
- 'Content-Type': 'application/json'
- }
- }).then(function (response) {
- if (response.data) {
- var salt = response.data;
- $scope.salt = salt;
- // Encrypt password accordingly to generate secret
- Digest.cipher(password, salt).then(function(secret){
- // Display salt and secret for this example
- $scope.salt = salt;
- $scope.secret = secret;
- // Store auth informations in cookies for page refresh
- $cookies.username = $scope.username;
- $cookies.secret = secret;
- $cookies.salt = $scope.salt;
- // Store auth informations in rootScope for multi views access
- $rootScope.userAuth = {username: $scope.username, secret : $scope.secret, salt : $scope.salt };
- var dataToken = {
- username: $scope.username,
- password: $scope.password,
- salt: $scope.salt
- };
- $http({
- method: 'POST',
- url: apiUrl + 'v1/tokens.json',
- dataToken: JSON.stringify(data),
- headers: {
- 'Content-Type': 'application/json'
- }
- }).then(function (response) {
- if (response.dataToken) {
- console.log("Token found");
- $window.sessionStorage.token = reponse.dataToken;
- }
- })
- }, function(err){
- console.log(err);
- });
- }
- },
- function (response) {
- delete $window.sessionStorage.token;
- $scope.msg = "Service not Exists";
- $scope.statusval = response.status;
- $scope.statustext = response.statusText;
- $scope.headers = response.headers();
- }
- );
- };
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement