public authenticate ( Neos\Flow\Security\Authentication\TokenInterface $authenticationToken ) : void | ||
$authenticationToken | Neos\Flow\Security\Authentication\TokenInterface | The token to be authenticated |
return | void |
public function authenticate(TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof UsernamePassword) {
throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
}
/** @var $account Account */
$account = null;
$credentials = $authenticationToken->getCredentials();
if ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) {
$authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN);
}
if (!is_array($credentials) || !isset($credentials['username']) || !isset($credentials['password'])) {
return;
}
$providerName = $this->name;
$accountRepository = $this->accountRepository;
$this->securityContext->withoutAuthorizationChecks(function () use($credentials, $providerName, $accountRepository, &$account) {
$account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $providerName);
});
$authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
if ($account === null) {
$this->hashService->validatePassword($credentials['password'], 'bcrypt=>$2a$14$DummySaltToPreventTim,.ingAttacksOnThisProvider');
return;
}
if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) {
$account->authenticationAttempted(TokenInterface::AUTHENTICATION_SUCCESSFUL);
$authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
$authenticationToken->setAccount($account);
} else {
$account->authenticationAttempted(TokenInterface::WRONG_CREDENTIALS);
}
$this->accountRepository->update($account);
$this->persistenceManager->whitelistObject($account);
}
/** * @test */ public function authenticationWithCorrectCredentialsResetsFailedAuthenticationCount() { $this->authenticationToken->_set('credentials', ['username' => 'username', 'password' => 'wrongPW']); $this->persistedUsernamePasswordProvider->authenticate($this->authenticationToken); $account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName('username', 'myTestProvider'); $this->assertEquals(1, $account->getFailedAuthenticationCount()); $this->authenticationToken->_set('credentials', ['username' => 'username', 'password' => 'password']); $this->persistedUsernamePasswordProvider->authenticate($this->authenticationToken); $account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName('username', 'myTestProvider'); $this->assertEquals((new \DateTime())->format(\DateTime::W3C), $account->getLastSuccessfulAuthenticationDate()->format(\DateTime::W3C)); $this->assertEquals(0, $account->getFailedAuthenticationCount()); }