diff --git a/UPGRADE-3.4.md b/UPGRADE-3.4.md index 5f44e9785d03b..61cd356096d41 100644 --- a/UPGRADE-3.4.md +++ b/UPGRADE-3.4.md @@ -270,6 +270,13 @@ Profiler * The `profiler.matcher` option has been deprecated. +Security +-------- + + * Deprecated the HTTP digest authentication: `NonceExpiredException`, + `DigestAuthenticationListener` and `DigestAuthenticationEntryPoint` will be + removed in 4.0. Use another authentication system like `http_basic` instead. + SecurityBundle -------------- @@ -290,6 +297,9 @@ SecurityBundle * Added `logout_on_user_change` to the firewall options. This config item will trigger a logout when the user has changed. Should be set to true to avoid deprecations in the configuration. + + * Deprecated the HTTP digest authentication: `HttpDigestFactory` will be removed in 4.0. + Use another authentication system like `http_basic` instead. Translation ----------- diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md index 4e567ed50fd11..b416ffb6a75e6 100644 --- a/UPGRADE-4.0.md +++ b/UPGRADE-4.0.md @@ -652,6 +652,10 @@ Security * Calling `ContextListener::setLogoutOnUserChange(false)` won't have any effect anymore. + * Removed the HTTP digest authentication system. The `NonceExpiredException`, + `DigestAuthenticationListener` and `DigestAuthenticationEntryPoint` classes + have been removed. Use another authentication system like `http_basic` instead. + SecurityBundle -------------- @@ -672,6 +676,9 @@ SecurityBundle * The firewall option `logout_on_user_change` is now always true, which will trigger a logout if the user changes between requests. + + * Removed the HTTP digest authentication system. The `HttpDigestFactory` class + has been removed. Use another authentication system like `http_basic` instead. Serializer ---------- diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md index 6e7961d30a294..685560664d88e 100644 --- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md @@ -9,6 +9,7 @@ CHANGELOG * made the first `UserPasswordEncoderCommand::_construct()` argument mandatory * `UserPasswordEncoderCommand` does not extend `ContainerAwareCommand` anymore * removed support for voters that don't implement the `VoterInterface` + * removed HTTP digest authentication 3.4.0 ----- @@ -25,6 +26,7 @@ CHANGELOG * Added `logout_on_user_change` to the firewall options. This config item will trigger a logout when the user has changed. Should be set to true to avoid deprecations in the configuration. + * deprecated HTTP digest authentication 3.3.0 ----- diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php deleted file mode 100644 index bedc87864c235..0000000000000 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php +++ /dev/null @@ -1,85 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory; - -use Symfony\Component\Config\Definition\Builder\NodeDefinition; -use Symfony\Component\DependencyInjection\ChildDefinition; -use Symfony\Component\DependencyInjection\ContainerBuilder; -use Symfony\Component\DependencyInjection\Reference; - -/** - * HttpDigestFactory creates services for HTTP digest authentication. - * - * @author Fabien Potencier - */ -class HttpDigestFactory implements SecurityFactoryInterface -{ - public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint) - { - $provider = 'security.authentication.provider.dao.'.$id; - $container - ->setDefinition($provider, new ChildDefinition('security.authentication.provider.dao')) - ->replaceArgument(0, new Reference($userProvider)) - ->replaceArgument(1, new Reference('security.user_checker.'.$id)) - ->replaceArgument(2, $id) - ; - - // entry point - $entryPointId = $this->createEntryPoint($container, $id, $config, $defaultEntryPoint); - - // listener - $listenerId = 'security.authentication.listener.digest.'.$id; - $listener = $container->setDefinition($listenerId, new ChildDefinition('security.authentication.listener.digest')); - $listener->replaceArgument(1, new Reference($userProvider)); - $listener->replaceArgument(2, $id); - $listener->replaceArgument(3, new Reference($entryPointId)); - - return array($provider, $listenerId, $entryPointId); - } - - public function getPosition() - { - return 'http'; - } - - public function getKey() - { - return 'http-digest'; - } - - public function addConfiguration(NodeDefinition $node) - { - $node - ->children() - ->scalarNode('provider')->end() - ->scalarNode('realm')->defaultValue('Secured Area')->end() - ->scalarNode('secret')->isRequired()->cannotBeEmpty()->end() - ->end() - ; - } - - protected function createEntryPoint($container, $id, $config, $defaultEntryPoint) - { - if (null !== $defaultEntryPoint) { - return $defaultEntryPoint; - } - - $entryPointId = 'security.authentication.digest_entry_point.'.$id; - $container - ->setDefinition($entryPointId, new ChildDefinition('security.authentication.digest_entry_point')) - ->addArgument($config['realm']) - ->addArgument($config['secret']) - ; - - return $entryPointId; - } -} diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml index ab9a587ad7d18..829524c2197d4 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml @@ -26,8 +26,6 @@ - - @@ -180,15 +178,6 @@ - - - - - - - - - diff --git a/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php b/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php index 3b8f6dda85580..3fad75f6263ef 100644 --- a/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php +++ b/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php @@ -20,7 +20,6 @@ use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\FormLoginLdapFactory; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\HttpBasicFactory; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\HttpBasicLdapFactory; -use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\HttpDigestFactory; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RememberMeFactory; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\X509Factory; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RemoteUserFactory; @@ -47,7 +46,6 @@ public function build(ContainerBuilder $container) $extension->addSecurityListenerFactory(new JsonLoginFactory()); $extension->addSecurityListenerFactory(new HttpBasicFactory()); $extension->addSecurityListenerFactory(new HttpBasicLdapFactory()); - $extension->addSecurityListenerFactory(new HttpDigestFactory()); $extension->addSecurityListenerFactory(new RememberMeFactory()); $extension->addSecurityListenerFactory(new X509Factory()); $extension->addSecurityListenerFactory(new RemoteUserFactory()); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php index c7451496d48c2..b567cb197462d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php @@ -111,7 +111,6 @@ public function testFirewalls() 'remote_user', 'form_login', 'http_basic', - 'http_digest', 'remember_me', 'anonymous', ), @@ -165,7 +164,6 @@ public function testFirewalls() 'security.authentication.listener.remote_user.secure', 'security.authentication.listener.form.secure', 'security.authentication.listener.basic.secure', - 'security.authentication.listener.digest.secure', 'security.authentication.listener.rememberme.secure', 'security.authentication.listener.anonymous.secure', 'security.authentication.switchuser_listener.secure', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php index 581407fcc05a5..3748f05012b87 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php @@ -64,7 +64,6 @@ 'simple' => array('pattern' => '/login', 'security' => false), 'secure' => array('stateless' => true, 'http_basic' => true, - 'http_digest' => array('secret' => 'TheSecret'), 'form_login' => true, 'anonymous' => true, 'switch_user' => true, diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php index 91c475418b450..3889752f8f928 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php @@ -15,7 +15,6 @@ 'secure' => array( 'stateless' => true, 'http_basic' => true, - 'http_digest' => array('secret' => 'TheSecret'), 'form_login' => true, 'anonymous' => true, 'switch_user' => true, diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml index e5049f2033e51..05c31e1854c93 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml @@ -49,7 +49,6 @@ - diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml index 7d648ae1baec2..b97d39adb5a78 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml @@ -15,7 +15,6 @@ - diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml index a2b57201bfbd2..b016adb851e98 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml @@ -46,8 +46,6 @@ security: secure: stateless: true http_basic: true - http_digest: - secret: TheSecret form_login: true anonymous: true switch_user: true diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml index 23afa8cd9b3c5..6a196597c51e7 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml @@ -10,8 +10,6 @@ security: secure: stateless: true http_basic: true - http_digest: - secret: TheSecret form_login: true anonymous: true switch_user: true diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md index 69eeb1d9fd395..abfa98bfad65b 100644 --- a/src/Symfony/Component/Security/CHANGELOG.md +++ b/src/Symfony/Component/Security/CHANGELOG.md @@ -10,6 +10,7 @@ CHANGELOG * removed the `RoleInterface` * removed support for voters that don't implement the `VoterInterface` * added a sixth `string $context` argument to `LogoutUrlGenerator::registerListener()` + * removed HTTP digest authentication 3.4.0 ----- @@ -20,6 +21,7 @@ CHANGELOG property will trigger a deprecation when the user has changed. As of 4.0 the user will always be logged out when the user has changed between requests. + * deprecated HTTP digest authentication 3.3.0 ----- diff --git a/src/Symfony/Component/Security/Core/Exception/NonceExpiredException.php b/src/Symfony/Component/Security/Core/Exception/NonceExpiredException.php deleted file mode 100644 index 998e987e403de..0000000000000 --- a/src/Symfony/Component/Security/Core/Exception/NonceExpiredException.php +++ /dev/null @@ -1,30 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Core\Exception; - -/** - * NonceExpiredException is thrown when an authentication is rejected because - * the digest nonce has expired. - * - * @author Fabien Potencier - * @author Alexander - */ -class NonceExpiredException extends AuthenticationException -{ - /** - * {@inheritdoc} - */ - public function getMessageKey() - { - return 'Digest nonce has expired.'; - } -} diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.ar.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.ar.xlf index fd18ee6ad9faf..49381ba347f6f 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.ar.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.ar.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. رمز الموقع غير صحيح. - - Digest nonce has expired. - انتهت صلاحية(digest nonce). - No authentication provider found to support the authentication token. لا يوجد معرف للدخول يدعم الرمز المستخدم للدخول. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.az.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.az.xlf index a974ed0f024c8..d9d5425cefb9c 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.az.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.az.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Yanlış CSRF nişanı. - - Digest nonce has expired. - Dərləmə istifadə müddəti bitib. - No authentication provider found to support the authentication token. Doğrulama nişanını dəstəkləyəcək provayder tapılmadı. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.bg.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.bg.xlf index 06692ea66a843..28c1360eb946e 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.bg.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.bg.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Невалиден CSRF токен. - - Digest nonce has expired. - Digest nonce е изтекъл. - No authentication provider found to support the authentication token. Не е открит провайдър, който да поддържа този токен за автентикация. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.ca.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.ca.xlf index 7ece2603ae477..b009c6205c362 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.ca.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.ca.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Token CSRF no vàlid. - - Digest nonce has expired. - El vector d'inicialització (digest nonce) ha expirat. - No authentication provider found to support the authentication token. No s'ha trobat un proveïdor d'autenticació que suporti el token d'autenticació. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.cs.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.cs.xlf index bd146c68049cb..b455779cb6f20 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.cs.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.cs.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Neplatný CSRF token. - - Digest nonce has expired. - Platnost inicializačního vektoru (digest nonce) vypršela. - No authentication provider found to support the authentication token. Poskytovatel pro ověřovací token nebyl nalezen. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.da.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.da.xlf index 2ac41502d2c7f..102c8f1179521 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.da.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.da.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Ugyldigt CSRF token. - - Digest nonce has expired. - Digest nonce er udløbet. - No authentication provider found to support the authentication token. Ingen godkendelsesudbyder er fundet til understøttelsen af godkendelsestoken. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.de.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.de.xlf index e5946ed4aa42d..093d92d2d1fa9 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.de.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.de.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Ungültiges CSRF-Token. - - Digest nonce has expired. - Digest nonce ist abgelaufen. - No authentication provider found to support the authentication token. Es wurde kein Authentifizierungs-Provider gefunden, der das Authentifizierungs-Token unterstützt. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.el.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.el.xlf index 07eabe7ed29e2..02393d0805252 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.el.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.el.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Μη έγκυρο CSRF token. - - Digest nonce has expired. - Το digest nonce έχει λήξει. - No authentication provider found to support the authentication token. Δε βρέθηκε κάποιος πάροχος πιστοποίησης που να υποστηρίζει το token πιστοποίησης. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.en.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.en.xlf index 3640698ce9fb3..3c89e44f9380e 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.en.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.en.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Invalid CSRF token. - - Digest nonce has expired. - Digest nonce has expired. - No authentication provider found to support the authentication token. No authentication provider found to support the authentication token. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.es.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.es.xlf index 00cefbb2dad67..369f11b9b41d4 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.es.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.es.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Token CSRF no válido. - - Digest nonce has expired. - El vector de inicialización (digest nonce) ha expirado. - No authentication provider found to support the authentication token. No se encontró un proveedor de autenticación que soporte el token de autenticación. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.fa.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.fa.xlf index 0b7629078063c..1b3246feb3d5a 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.fa.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.fa.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. توکن CSRF معتبر نیست. - - Digest nonce has expired. - Digest nonce منقضی شده است. - No authentication provider found to support the authentication token. هیچ ارایه کننده تعیین اعتباری برای ساپورت توکن تعیین اعتبار پیدا نشد. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.fr.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.fr.xlf index 5a77c6e9ff795..d67dcaefc5029 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.fr.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.fr.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Jeton CSRF invalide. - - Digest nonce has expired. - Le digest nonce a expiré. - No authentication provider found to support the authentication token. Aucun fournisseur d'authentification n'a été trouvé pour supporter le jeton d'authentification. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.gl.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.gl.xlf index ed6491f7ef97a..ddc838e66af8b 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.gl.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.gl.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Token CSRF non válido. - - Digest nonce has expired. - O vector de inicialización (digest nonce) expirou. - No authentication provider found to support the authentication token. Non se atopou un provedor de autenticación que soporte o token de autenticación. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.he.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.he.xlf index 3640698ce9fb3..3c89e44f9380e 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.he.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.he.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Invalid CSRF token. - - Digest nonce has expired. - Digest nonce has expired. - No authentication provider found to support the authentication token. No authentication provider found to support the authentication token. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.hr.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.hr.xlf index 147b6e311a22f..411a48572a097 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.hr.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.hr.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Neispravan CSRF token. - - Digest nonce has expired. - Digest nonce je isteko. - No authentication provider found to support the authentication token. Nije pronađen autentifikacijski provider koji bi podržao autentifikacijski token. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.hu.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.hu.xlf index 724397038cb66..f3a163904d367 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.hu.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.hu.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Érvénytelen CSRF token. - - Digest nonce has expired. - A kivonat bélyege (nonce) lejárt. - No authentication provider found to support the authentication token. Nem található a hitelesítési tokent támogató hitelesítési szolgáltatás. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.id.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.id.xlf index ab1153b8a27ff..6289481d03265 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.id.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.id.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Token CSRF salah. - - Digest nonce has expired. - Digest nonce telah berakhir. - No authentication provider found to support the authentication token. Tidak ditemukan penyedia otentikasi untuk mendukung token otentikasi. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.it.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.it.xlf index 75d81cc8d9312..f2cb0fa48fab5 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.it.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.it.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. CSRF token non valido. - - Digest nonce has expired. - Il numero di autenticazione è scaduto. - No authentication provider found to support the authentication token. Non è stato trovato un valido fornitore di autenticazione per supportare il token. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.ja.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.ja.xlf index 6a6b062d946c3..2dad8dee6a927 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.ja.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.ja.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. CSRF トークンが無効です。 - - Digest nonce has expired. - Digest の nonce 値が期限切れです。 - No authentication provider found to support the authentication token. 認証トークンをサポートする認証プロバイダーが見つかりません。 diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.lb.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.lb.xlf index 3dc76d5486883..0a7096caea526 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.lb.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.lb.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Ongëltegen CSRF-Token. - - Digest nonce has expired. - Den eemolege Schlëssel ass ofgelaf. - No authentication provider found to support the authentication token. Et gouf keen Authentifizéierungs-Provider fonnt deen den Authentifizéierungs-Token ënnerstëtzt. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.lt.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.lt.xlf index da6c332b43829..0b426dcc01f6e 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.lt.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.lt.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Neteisingas CSRF raktas. - - Digest nonce has expired. - Prieigos kodas yra pasibaigęs. - No authentication provider found to support the authentication token. Nerastas autentifikacijos tiekėjas, kuris palaikytų autentifikacijos raktą. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.lv.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.lv.xlf index 33c48c617461c..0ad9125e711e9 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.lv.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.lv.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Nederīgs CSRF talons. - - Digest nonce has expired. - Vienreiz lietojamās atslēgas darbības laiks ir beidzies. - No authentication provider found to support the authentication token. Nav atrasts, autentifikācijas talonu atbalstošs, autentifikācijas sniedzējs. @@ -68,4 +64,4 @@ - \ No newline at end of file + diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.nl.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.nl.xlf index 8969e9ef8ca69..5160143ab7380 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.nl.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.nl.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. CSRF-code is ongeldig. - - Digest nonce has expired. - Serverauthenticatiesleutel (digest nonce) is verlopen. - No authentication provider found to support the authentication token. Geen authenticatieprovider gevonden die de authenticatietoken ondersteunt. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.no.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.no.xlf index 3635916971476..c5ab83efc5906 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.no.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.no.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Ugyldig CSRF token. - - Digest nonce has expired. - Digest nonce er utløpt. - No authentication provider found to support the authentication token. Ingen autentiserings tilbyder funnet som støtter gitt autentiserings token. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.pl.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.pl.xlf index 8d563d21206a9..9940d2940003d 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.pl.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.pl.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Nieprawidłowy token CSRF. - - Digest nonce has expired. - Kod dostępu wygasł. - No authentication provider found to support the authentication token. Nie znaleziono mechanizmu uwierzytelniania zdolnego do obsługi przesłanego tokenu. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.pt_BR.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.pt_BR.xlf index 61685d9f052ea..5981976f167ea 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.pt_BR.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.pt_BR.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Token CSRF inválido. - - Digest nonce has expired. - Digest nonce expirado. - No authentication provider found to support the authentication token. Nenhum provedor de autenticação encontrado para suportar o token de autenticação. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.pt_PT.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.pt_PT.xlf index f2af13ea3d082..b1a4af5154faa 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.pt_PT.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.pt_PT.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Token CSRF inválido. - - Digest nonce has expired. - Digest nonce expirado. - No authentication provider found to support the authentication token. Nenhum fornecedor de autenticação encontrado para suportar o token de autenticação. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.ro.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.ro.xlf index 440f11036770d..f35a2bb815878 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.ro.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.ro.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Tokenul CSRF este invalid. - - Digest nonce has expired. - Tokenul temporar a expirat. - No authentication provider found to support the authentication token. Nu a fost găsit nici un agent de autentificare pentru tokenul specificat. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.ru.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.ru.xlf index 1964f95e09a64..3f2690b2d3d7c 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.ru.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.ru.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Недействительный токен CSRF. - - Digest nonce has expired. - Время действия одноразового ключа дайджеста истекло. - No authentication provider found to support the authentication token. Не найден провайдер аутентификации, поддерживающий токен аутентификации. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.sk.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.sk.xlf index e6552a6a0914e..1447b4ef5a3c8 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.sk.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.sk.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Neplatný CSRF token. - - Digest nonce has expired. - Platnosť inicializačného vektoru (digest nonce) skončila. - No authentication provider found to support the authentication token. Poskytovateľ pre overovací token nebol nájdený. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.sl.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.sl.xlf index ee70c9aaa4af0..bc171812f8de3 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.sl.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.sl.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Neveljaven CSRF žeton. - - Digest nonce has expired. - Začasni žeton je potekel. - No authentication provider found to support the authentication token. Ponudnika avtentikacije za podporo prijavnega žetona ni bilo mogoče najti. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.sr_Cyrl.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.sr_Cyrl.xlf index 35e4ddf29b28c..f677254cce202 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.sr_Cyrl.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.sr_Cyrl.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Невалидан CSRF токен. - - Digest nonce has expired. - Време криптографског кључа је истекло. - No authentication provider found to support the authentication token. Аутентификациони провајдер за подршку токена није пронађен. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.sr_Latn.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.sr_Latn.xlf index ddc48076a2a6e..a38c75a9f810f 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.sr_Latn.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.sr_Latn.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Nevalidan CSRF token. - - Digest nonce has expired. - Vreme kriptografskog ključa je isteklo. - No authentication provider found to support the authentication token. Autentifikacioni provajder za podršku tokena nije pronađen. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.sv.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.sv.xlf index b5f62092365fa..ec3616f58620f 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.sv.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.sv.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Ogiltig CSRF-token. - - Digest nonce has expired. - Förfallen digest nonce. - No authentication provider found to support the authentication token. Ingen leverantör för autentisering hittades för angiven autentiseringstoken. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.th.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.th.xlf index a8cb8d5ce7e3b..84ae66769c611 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.th.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.th.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. CSRF token ไม่ถูกต้อง - - Digest nonce has expired. - Digest nonce หมดอายุ - No authentication provider found to support the authentication token. ไม่พบ authentication provider ที่รองรับสำหรับ authentication token diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.tr.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.tr.xlf index 68c44213d18c3..1ffa76e4d4457 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.tr.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.tr.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Geçersiz CSRF fişi. - - Digest nonce has expired. - Derleme zaman aşımına uğradı. - No authentication provider found to support the authentication token. Yetkilendirme fişini destekleyecek yetkilendirme sağlayıcısı bulunamadı. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.ua.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.ua.xlf index 79721212068db..f60a9c18eb711 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.ua.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.ua.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Невірний токен CSRF. - - Digest nonce has expired. - Закінчився термін дії одноразового ключа дайджесту. - No authentication provider found to support the authentication token. Не знайдено провайдера автентифікації, що підтримує токен автентифікаціії. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.vi.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.vi.xlf index b85a43995fc0a..87e20252183f0 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.vi.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.vi.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. Mã CSRF không hợp lệ. - - Digest nonce has expired. - Mã dùng một lần đã hết hạn. - No authentication provider found to support the authentication token. Không tìm thấy nhà cung cấp dịch vụ xác thực nào cho mã xác thực mà bạn sử dụng. diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.zh_CN.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.zh_CN.xlf index 2d6affecec2cc..460c0ac68bf48 100644 --- a/src/Symfony/Component/Security/Core/Resources/translations/security.zh_CN.xlf +++ b/src/Symfony/Component/Security/Core/Resources/translations/security.zh_CN.xlf @@ -30,10 +30,6 @@ Invalid CSRF token. 无效的 CSRF token 。 - - Digest nonce has expired. - 摘要随机串(digest nonce)已过期。 - No authentication provider found to support the authentication token. 没有找到支持此 token 的身份验证服务提供方。 diff --git a/src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php b/src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php deleted file mode 100644 index 9dfd5929459fb..0000000000000 --- a/src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php +++ /dev/null @@ -1,82 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Http\EntryPoint; - -use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Core\Exception\NonceExpiredException; -use Symfony\Component\HttpFoundation\Response; -use Symfony\Component\HttpFoundation\Request; -use Psr\Log\LoggerInterface; - -/** - * DigestAuthenticationEntryPoint starts an HTTP Digest authentication. - * - * @author Fabien Potencier - */ -class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterface -{ - private $secret; - private $realmName; - private $nonceValiditySeconds; - private $logger; - - public function __construct($realmName, $secret, $nonceValiditySeconds = 300, LoggerInterface $logger = null) - { - $this->realmName = $realmName; - $this->secret = $secret; - $this->nonceValiditySeconds = $nonceValiditySeconds; - $this->logger = $logger; - } - - /** - * {@inheritdoc} - */ - public function start(Request $request, AuthenticationException $authException = null) - { - $expiryTime = microtime(true) + $this->nonceValiditySeconds * 1000; - $signatureValue = md5($expiryTime.':'.$this->secret); - $nonceValue = $expiryTime.':'.$signatureValue; - $nonceValueBase64 = base64_encode($nonceValue); - - $authenticateHeader = sprintf('Digest realm="%s", qop="auth", nonce="%s"', $this->realmName, $nonceValueBase64); - - if ($authException instanceof NonceExpiredException) { - $authenticateHeader .= ', stale="true"'; - } - - if (null !== $this->logger) { - $this->logger->debug('WWW-Authenticate header sent.', array('header' => $authenticateHeader)); - } - - $response = new Response(); - $response->headers->set('WWW-Authenticate', $authenticateHeader); - $response->setStatusCode(401); - - return $response; - } - - /** - * @return string - */ - public function getSecret() - { - return $this->secret; - } - - /** - * @return string - */ - public function getRealmName() - { - return $this->realmName; - } -} diff --git a/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php deleted file mode 100644 index 4479a5cae9dc1..0000000000000 --- a/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php +++ /dev/null @@ -1,219 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Http\Firewall; - -use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint; -use Psr\Log\LoggerInterface; -use Symfony\Component\HttpKernel\Event\GetResponseEvent; -use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; -use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; -use Symfony\Component\Security\Core\Exception\BadCredentialsException; -use Symfony\Component\Security\Core\Exception\AuthenticationServiceException; -use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; -use Symfony\Component\Security\Core\Exception\NonceExpiredException; -use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\Security\Core\Exception\AuthenticationException; - -/** - * DigestAuthenticationListener implements Digest HTTP authentication. - * - * @author Fabien Potencier - */ -class DigestAuthenticationListener implements ListenerInterface -{ - private $tokenStorage; - private $provider; - private $providerKey; - private $authenticationEntryPoint; - private $logger; - - public function __construct(TokenStorageInterface $tokenStorage, UserProviderInterface $provider, $providerKey, DigestAuthenticationEntryPoint $authenticationEntryPoint, LoggerInterface $logger = null) - { - if (empty($providerKey)) { - throw new \InvalidArgumentException('$providerKey must not be empty.'); - } - - $this->tokenStorage = $tokenStorage; - $this->provider = $provider; - $this->providerKey = $providerKey; - $this->authenticationEntryPoint = $authenticationEntryPoint; - $this->logger = $logger; - } - - /** - * Handles digest authentication. - * - * @param GetResponseEvent $event A GetResponseEvent instance - * - * @throws AuthenticationServiceException - */ - public function handle(GetResponseEvent $event) - { - $request = $event->getRequest(); - - if (!$header = $request->server->get('PHP_AUTH_DIGEST')) { - return; - } - - $digestAuth = new DigestData($header); - - if (null !== $token = $this->tokenStorage->getToken()) { - if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $digestAuth->getUsername()) { - return; - } - } - - if (null !== $this->logger) { - $this->logger->debug('Digest Authorization header received from user agent.', array('header' => $header)); - } - - try { - $digestAuth->validateAndDecode($this->authenticationEntryPoint->getSecret(), $this->authenticationEntryPoint->getRealmName()); - } catch (BadCredentialsException $e) { - $this->fail($event, $request, $e); - - return; - } - - try { - $user = $this->provider->loadUserByUsername($digestAuth->getUsername()); - - if (null === $user) { - throw new AuthenticationServiceException('Digest User provider returned null, which is an interface contract violation'); - } - - $serverDigestMd5 = $digestAuth->calculateServerDigest($user->getPassword(), $request->getMethod()); - } catch (UsernameNotFoundException $e) { - $this->fail($event, $request, new BadCredentialsException(sprintf('Username %s not found.', $digestAuth->getUsername()))); - - return; - } - - if (!hash_equals($serverDigestMd5, $digestAuth->getResponse())) { - if (null !== $this->logger) { - $this->logger->debug('Unexpected response from the DigestAuth received; is the header returning a clear text passwords?', array('expected' => $serverDigestMd5, 'received' => $digestAuth->getResponse())); - } - - $this->fail($event, $request, new BadCredentialsException('Incorrect response')); - - return; - } - - if ($digestAuth->isNonceExpired()) { - $this->fail($event, $request, new NonceExpiredException('Nonce has expired/timed out.')); - - return; - } - - if (null !== $this->logger) { - $this->logger->info('Digest authentication successful.', array('username' => $digestAuth->getUsername(), 'received' => $digestAuth->getResponse())); - } - - $this->tokenStorage->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey)); - } - - private function fail(GetResponseEvent $event, Request $request, AuthenticationException $authException) - { - $token = $this->tokenStorage->getToken(); - if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) { - $this->tokenStorage->setToken(null); - } - - if (null !== $this->logger) { - $this->logger->info('Digest authentication failed.', array('exception' => $authException)); - } - - $event->setResponse($this->authenticationEntryPoint->start($request, $authException)); - } -} - -class DigestData -{ - private $elements = array(); - private $header; - private $nonceExpiryTime; - - public function __construct($header) - { - $this->header = $header; - preg_match_all('/(\w+)=("((?:[^"\\\\]|\\\\.)+)"|([^\s,$]+))/', $header, $matches, PREG_SET_ORDER); - foreach ($matches as $match) { - if (isset($match[1]) && isset($match[3])) { - $this->elements[$match[1]] = isset($match[4]) ? $match[4] : $match[3]; - } - } - } - - public function getResponse() - { - return $this->elements['response']; - } - - public function getUsername() - { - return strtr($this->elements['username'], array('\\"' => '"', '\\\\' => '\\')); - } - - public function validateAndDecode($entryPointKey, $expectedRealm) - { - if ($keys = array_diff(array('username', 'realm', 'nonce', 'uri', 'response'), array_keys($this->elements))) { - throw new BadCredentialsException(sprintf('Missing mandatory digest value; received header "%s" (%s)', $this->header, implode(', ', $keys))); - } - - if ('auth' === $this->elements['qop'] && !isset($this->elements['nc'], $this->elements['cnonce'])) { - throw new BadCredentialsException(sprintf('Missing mandatory digest value; received header "%s"', $this->header)); - } - - if ($expectedRealm !== $this->elements['realm']) { - throw new BadCredentialsException(sprintf('Response realm name "%s" does not match system realm name of "%s".', $this->elements['realm'], $expectedRealm)); - } - - if (false === $nonceAsPlainText = base64_decode($this->elements['nonce'])) { - throw new BadCredentialsException(sprintf('Nonce is not encoded in Base64; received nonce "%s".', $this->elements['nonce'])); - } - - $nonceTokens = explode(':', $nonceAsPlainText); - - if (2 !== count($nonceTokens)) { - throw new BadCredentialsException(sprintf('Nonce should have yielded two tokens but was "%s".', $nonceAsPlainText)); - } - - $this->nonceExpiryTime = $nonceTokens[0]; - - if (md5($this->nonceExpiryTime.':'.$entryPointKey) !== $nonceTokens[1]) { - throw new BadCredentialsException(sprintf('Nonce token compromised "%s".', $nonceAsPlainText)); - } - } - - public function calculateServerDigest($password, $httpMethod) - { - $a2Md5 = md5(strtoupper($httpMethod).':'.$this->elements['uri']); - $a1Md5 = md5($this->elements['username'].':'.$this->elements['realm'].':'.$password); - - $digest = $a1Md5.':'.$this->elements['nonce']; - if (!isset($this->elements['qop'])) { - } elseif ('auth' === $this->elements['qop']) { - $digest .= ':'.$this->elements['nc'].':'.$this->elements['cnonce'].':'.$this->elements['qop']; - } else { - throw new \InvalidArgumentException(sprintf('This method does not support a qop: "%s".', $this->elements['qop'])); - } - $digest .= ':'.$a2Md5; - - return md5($digest); - } - - public function isNonceExpired() - { - return $this->nonceExpiryTime < microtime(true); - } -} diff --git a/src/Symfony/Component/Security/Http/Tests/EntryPoint/DigestAuthenticationEntryPointTest.php b/src/Symfony/Component/Security/Http/Tests/EntryPoint/DigestAuthenticationEntryPointTest.php deleted file mode 100644 index e08570dbbd9fc..0000000000000 --- a/src/Symfony/Component/Security/Http/Tests/EntryPoint/DigestAuthenticationEntryPointTest.php +++ /dev/null @@ -1,57 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Http\Tests\EntryPoint; - -use PHPUnit\Framework\TestCase; -use Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint; -use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Core\Exception\NonceExpiredException; - -class DigestAuthenticationEntryPointTest extends TestCase -{ - public function testStart() - { - $request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock(); - - $authenticationException = new AuthenticationException('TheAuthenticationExceptionMessage'); - - $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheSecret'); - $response = $entryPoint->start($request, $authenticationException); - - $this->assertEquals(401, $response->getStatusCode()); - $this->assertRegExp('/^Digest realm="TheRealmName", qop="auth", nonce="[a-zA-Z0-9\/+]+={0,2}"$/', $response->headers->get('WWW-Authenticate')); - } - - public function testStartWithNoException() - { - $request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock(); - - $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheSecret'); - $response = $entryPoint->start($request); - - $this->assertEquals(401, $response->getStatusCode()); - $this->assertRegExp('/^Digest realm="TheRealmName", qop="auth", nonce="[a-zA-Z0-9\/+]+={0,2}"$/', $response->headers->get('WWW-Authenticate')); - } - - public function testStartWithNonceExpiredException() - { - $request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock(); - - $nonceExpiredException = new NonceExpiredException('TheNonceExpiredExceptionMessage'); - - $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheSecret'); - $response = $entryPoint->start($request, $nonceExpiredException); - - $this->assertEquals(401, $response->getStatusCode()); - $this->assertRegExp('/^Digest realm="TheRealmName", qop="auth", nonce="[a-zA-Z0-9\/+]+={0,2}", stale="true"$/', $response->headers->get('WWW-Authenticate')); - } -} diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php deleted file mode 100644 index 495dae4262162..0000000000000 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php +++ /dev/null @@ -1,80 +0,0 @@ -calculateServerDigest($username, $realm, $password, $nc, $nonce, $cnonce, $qop, 'GET', $uri); - - $digestData = - 'username="'.$username.'", realm="'.$realm.'", nonce="'.$nonce.'", '. - 'uri="'.$uri.'", cnonce="'.$cnonce.'", nc='.$nc.', qop="'.$qop.'", '. - 'response="'.$serverDigest.'"' - ; - - $request = new Request(array(), array(), array(), array(), array(), array('PHP_AUTH_DIGEST' => $digestData)); - - $entryPoint = new DigestAuthenticationEntryPoint($realm, $secret); - - $user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); - $user->method('getPassword')->willReturn($password); - - $providerKey = 'TheProviderKey'; - - $tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock(); - $tokenStorage - ->expects($this->once()) - ->method('getToken') - ->will($this->returnValue(null)) - ; - $tokenStorage - ->expects($this->once()) - ->method('setToken') - ->with($this->equalTo(new UsernamePasswordToken($user, $password, $providerKey))) - ; - - $userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock(); - $userProvider->method('loadUserByUsername')->willReturn($user); - - $listener = new DigestAuthenticationListener($tokenStorage, $userProvider, $providerKey, $entryPoint); - - $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\GetResponseEvent')->disableOriginalConstructor()->getMock(); - $event - ->expects($this->any()) - ->method('getRequest') - ->will($this->returnValue($request)) - ; - - $listener->handle($event); - } - - private function calculateServerDigest($username, $realm, $password, $nc, $nonce, $cnonce, $qop, $method, $uri) - { - $response = md5( - md5($username.':'.$realm.':'.$password).':'.$nonce.':'.$nc.':'.$cnonce.':'.$qop.':'.md5($method.':'.$uri) - ); - - return sprintf('username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=%s, qop="%s", response="%s"', - $username, $realm, $nonce, $uri, $cnonce, $nc, $qop, $response - ); - } -} diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/DigestDataTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/DigestDataTest.php deleted file mode 100644 index 7317e2f83c7cc..0000000000000 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/DigestDataTest.php +++ /dev/null @@ -1,185 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Http\Tests\Firewall; - -use PHPUnit\Framework\TestCase; -use Symfony\Component\Security\Http\Firewall\DigestData; - -class DigestDataTest extends TestCase -{ - public function testGetResponse() - { - $digestAuth = new DigestData( - 'username="user", realm="Welcome, robot!", '. - 'nonce="MTM0NzMyMTgyMy42NzkzOmRlZjM4NmIzOGNjMjE0OWJiNDU0MDAxNzJmYmM1MmZl", '. - 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", '. - 'response="b52938fc9e6d7c01be7702ece9031b42"' - ); - - $this->assertEquals('b52938fc9e6d7c01be7702ece9031b42', $digestAuth->getResponse()); - } - - public function testGetUsername() - { - $digestAuth = new DigestData( - 'username="user", realm="Welcome, robot!", '. - 'nonce="MTM0NzMyMTgyMy42NzkzOmRlZjM4NmIzOGNjMjE0OWJiNDU0MDAxNzJmYmM1MmZl", '. - 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", '. - 'response="b52938fc9e6d7c01be7702ece9031b42"' - ); - - $this->assertEquals('user', $digestAuth->getUsername()); - } - - public function testGetUsernameWithQuote() - { - $digestAuth = new DigestData( - 'username="\"user\"", realm="Welcome, robot!", '. - 'nonce="MTM0NzMyMTgyMy42NzkzOmRlZjM4NmIzOGNjMjE0OWJiNDU0MDAxNzJmYmM1MmZl", '. - 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", '. - 'response="b52938fc9e6d7c01be7702ece9031b42"' - ); - - $this->assertEquals('"user"', $digestAuth->getUsername()); - } - - public function testGetUsernameWithQuoteAndEscape() - { - $digestAuth = new DigestData( - 'username="\"u\\\\\"ser\"", realm="Welcome, robot!", '. - 'nonce="MTM0NzMyMTgyMy42NzkzOmRlZjM4NmIzOGNjMjE0OWJiNDU0MDAxNzJmYmM1MmZl", '. - 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", '. - 'response="b52938fc9e6d7c01be7702ece9031b42"' - ); - - $this->assertEquals('"u\\"ser"', $digestAuth->getUsername()); - } - - public function testGetUsernameWithSingleQuote() - { - $digestAuth = new DigestData( - 'username="\"u\'ser\"", realm="Welcome, robot!", '. - 'nonce="MTM0NzMyMTgyMy42NzkzOmRlZjM4NmIzOGNjMjE0OWJiNDU0MDAxNzJmYmM1MmZl", '. - 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", '. - 'response="b52938fc9e6d7c01be7702ece9031b42"' - ); - - $this->assertEquals('"u\'ser"', $digestAuth->getUsername()); - } - - public function testGetUsernameWithSingleQuoteAndEscape() - { - $digestAuth = new DigestData( - 'username="\"u\\\'ser\"", realm="Welcome, robot!", '. - 'nonce="MTM0NzMyMTgyMy42NzkzOmRlZjM4NmIzOGNjMjE0OWJiNDU0MDAxNzJmYmM1MmZl", '. - 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", '. - 'response="b52938fc9e6d7c01be7702ece9031b42"' - ); - - $this->assertEquals('"u\\\'ser"', $digestAuth->getUsername()); - } - - public function testGetUsernameWithEscape() - { - $digestAuth = new DigestData( - 'username="\"u\\ser\"", realm="Welcome, robot!", '. - 'nonce="MTM0NzMyMTgyMy42NzkzOmRlZjM4NmIzOGNjMjE0OWJiNDU0MDAxNzJmYmM1MmZl", '. - 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", '. - 'response="b52938fc9e6d7c01be7702ece9031b42"' - ); - - $this->assertEquals('"u\\ser"', $digestAuth->getUsername()); - } - - /** - * @group time-sensitive - */ - public function testValidateAndDecode() - { - $time = microtime(true); - $key = 'ThisIsAKey'; - $nonce = base64_encode($time.':'.md5($time.':'.$key)); - - $digestAuth = new DigestData( - 'username="user", realm="Welcome, robot!", nonce="'.$nonce.'", '. - 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", '. - 'response="b52938fc9e6d7c01be7702ece9031b42"' - ); - - $digestAuth->validateAndDecode($key, 'Welcome, robot!'); - - sleep(1); - - $this->assertTrue($digestAuth->isNonceExpired()); - } - - public function testCalculateServerDigest() - { - $this->calculateServerDigest('user', 'Welcome, robot!', 'pass,word=password', 'ThisIsAKey', '00000001', 'MDIwODkz', 'auth', 'GET', '/path/info?p1=5&p2=5'); - } - - public function testCalculateServerDigestWithQuote() - { - $this->calculateServerDigest('\"user\"', 'Welcome, \"robot\"!', 'pass,word=password', 'ThisIsAKey', '00000001', 'MDIwODkz', 'auth', 'GET', '/path/info?p1=5&p2=5'); - } - - public function testCalculateServerDigestWithQuoteAndEscape() - { - $this->calculateServerDigest('\"u\\\\\"ser\"', 'Welcome, \"robot\"!', 'pass,word=password', 'ThisIsAKey', '00000001', 'MDIwODkz', 'auth', 'GET', '/path/info?p1=5&p2=5'); - } - - public function testCalculateServerDigestEscape() - { - $this->calculateServerDigest('\"u\\ser\"', 'Welcome, \"robot\"!', 'pass,word=password', 'ThisIsAKey', '00000001', 'MDIwODkz', 'auth', 'GET', '/path/info?p1=5&p2=5'); - $this->calculateServerDigest('\"u\\ser\\\\\"', 'Welcome, \"robot\"!', 'pass,word=password', 'ThisIsAKey', '00000001', 'MDIwODkz', 'auth', 'GET', '/path/info?p1=5&p2=5'); - } - - public function testIsNonceExpired() - { - $time = microtime(true) + 10; - $key = 'ThisIsAKey'; - $nonce = base64_encode($time.':'.md5($time.':'.$key)); - - $digestAuth = new DigestData( - 'username="user", realm="Welcome, robot!", nonce="'.$nonce.'", '. - 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", '. - 'response="b52938fc9e6d7c01be7702ece9031b42"' - ); - - $digestAuth->validateAndDecode($key, 'Welcome, robot!'); - - $this->assertFalse($digestAuth->isNonceExpired()); - } - - protected function setUp() - { - class_exists('Symfony\Component\Security\Http\Firewall\DigestAuthenticationListener', true); - } - - private function calculateServerDigest($username, $realm, $password, $key, $nc, $cnonce, $qop, $method, $uri) - { - $time = microtime(true); - $nonce = base64_encode($time.':'.md5($time.':'.$key)); - - $response = md5( - md5($username.':'.$realm.':'.$password).':'.$nonce.':'.$nc.':'.$cnonce.':'.$qop.':'.md5($method.':'.$uri) - ); - - $digest = sprintf('username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=%s, qop="%s", response="%s"', - $username, $realm, $nonce, $uri, $cnonce, $nc, $qop, $response - ); - - $digestAuth = new DigestData($digest); - - $this->assertEquals($digestAuth->getResponse(), $digestAuth->calculateServerDigest($password, $method)); - } -} pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy