ヤミRoot VoidGate
User / IP
:
216.73.216.143
Host / Server
:
146.88.233.70 / dev.loger.cm
System
:
Linux hybrid1120.fr.ns.planethoster.net 3.10.0-957.21.2.el7.x86_64 #1 SMP Wed Jun 5 14:26:44 UTC 2019 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
itrave
/
api
/
src
/
AppBundle
/
Security
/
Authenticator
/
Viewing: UserTokenAuthenticator.php
<?php namespace AppBundle\Security\Authenticator; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface; use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface; use Symfony\Component\Security\Http\HttpUtils; class UserTokenAuthenticator implements SimplePreAuthenticatorInterface, AuthenticationFailureHandlerInterface { protected $httpUtils; protected $token_ttl; public function __construct(HttpUtils $httpUtils, $token_ttl) { $this->httpUtils = $httpUtils; $this->token_ttl = $token_ttl; } public function createToken(Request $request, $providerKey) { $targetUrl = '/api-tokens'; // Si la requête est une création de token, aucune vérification n'est effectuée if ($request->getMethod() === "POST" && $this->httpUtils->checkRequestPath($request, $targetUrl)) { return; } $authTokenHeader = $request->headers->get('X-Auth-Token'); if (!$authTokenHeader) { // throw new BadCredentialsException('X-Auth-Token header is required'); // throw new BadRequestHttpException('X-Auth-Token header is required'); return null; } return new PreAuthenticatedToken( 'anon.', $authTokenHeader, $providerKey ); } public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { if (!$userProvider instanceof \AppBundle\Security\Provider\UserTokenProvider ) { throw new \InvalidArgumentException( sprintf( 'The user provider must be an instance of \AppBundle\Security\Provider\UserTokenProvider (%s was given).', get_class($userProvider) ) ); } $tokenHeader = $token->getCredentials(); $userToken = $userProvider->getUserToken($tokenHeader); if (!$userToken || !$this->isTokenValid($userToken)) { // throw new BadRequestHttpException('Invalid authentication token'); throw new BadRequestHttpException('Invalid authentication token'); } $user = $userToken->getUser(); $pre = new PreAuthenticatedToken( $user, $tokenHeader, $providerKey, $user->getRoles() ); // Nos utilisateurs n'ont pas de role particulier, on doit donc forcer l'authentification du token $pre->setAuthenticated(true); return $pre; } public function supportsToken(TokenInterface $token, $providerKey) { return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey; } /** * Vérifie la validité du token */ private function isTokenValid($userToken) { return (time() - $userToken->getCreatedAt()->getTimestamp()) < $this->token_ttl; } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { // Si les données d'identification ne sont pas correctes, une exception est levée throw $exception; } }
Coded With 💗 by
0x6ick