本文整理汇总了PHP中Symfony\Component\Security\Core\Authentication\Token\TokenInterface类的典型用法代码示例。如果您正苦于以下问题:PHP TokenInterface类的具体用法?PHP TokenInterface怎么用?PHP TokenInterface使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了TokenInterface类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: authenticateToken
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
$secret = $token->getCredentials();
$userData = $this->session->getFlashBag()->get('arcanys_sso_auth.user_data');
if ($userData) {
// TODO create mapping config in the future
$username = reset($userData['uid']);
$email = reset($userData['email']);
$firstname = reset($userData['firstname']);
$lastname = reset($userData['lastname']);
$token = reset($userData['token']);
$roles = $userData['rights'];
if (!$roles) {
$roles = ['ROLE_USER'];
}
} else {
$this->saml2->login();
exit;
}
if (!$username) {
throw new AuthenticationException("Failed to authenticate from SSO");
}
$user = $userProvider->loadUserByUsername(['username' => $username, 'email' => $email, 'firstname' => $firstname, 'lastname' => $lastname, 'token' => $token, 'roles' => $roles]);
return new PreAuthenticatedToken($user, $secret, $providerKey, $user->getRoles($roles));
}示例2: vote
/**
* @var Ecedi\Donate\CoreBundle\Entity\User
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
// check if the voter is used correct, only allow one attribute
// this isn't a requirement, it's just one easy way for you to
// design your voter
if (1 !== count($attributes)) {
throw new \InvalidArgumentException('Only one attribute is allowed for VIEW, EDIT or DELETE');
}
// set the attribute to check against
$attribute = $attributes[0];
// check if the given attribute is covered by this voter
if (!$this->supportsAttribute($attribute)) {
return VoterInterface::ACCESS_ABSTAIN;
}
// get current logged in user
$currentUser = $token->getUser();
// make sure there is a user object (i.e. that the user is logged in)
if (!$currentUser instanceof UserInterface) {
return VoterInterface::ACCESS_DENIED;
}
switch ($attribute) {
case self::LIST_USERS:
if ($currentUser->hasRole('ROLE_ADMIN')) {
return VoterInterface::ACCESS_GRANTED;
}
//others cannot view others
break;
case self::CREATE_USERS:
if ($currentUser->hasRole('ROLE_ADMIN')) {
return VoterInterface::ACCESS_GRANTED;
}
break;
}
return VoterInterface::ACCESS_DENIED;
}示例3: onLoginSuccess
/**
* {@inheritdoc}
*/
protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token)
{
$user = $token->getUser();
$expires = time() + $this->options['lifetime'];
$value = $this->generateCookieValue(get_class($user), $user->getUsername(), $expires, $user->getPassword());
$response->headers->setCookie(new Cookie($this->options['name'], $value, $expires, $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly']));
}示例4:
function it_returns_locale_of_currently_logged_admin_user(TokenStorageInterface $tokenStorage, TokenInterface $token, AdminUserInterface $admin)
{
$admin->getLocaleCode()->willReturn('en_US');
$token->getUser()->willreturn($admin);
$tokenStorage->getToken()->willReturn($token);
$this->getLocaleCode()->shouldReturn('en_US');
}示例5: vote
public function vote(TokenInterface $token, $object, array $attributes)
{
// check if the voter is used correct, only allow one attribute
// this isn't a requirement, it's just one easy way for you to
// design your voter
if (1 !== count($attributes)) {
throw new \InvalidArgumentException('Only one attribute is allowed for TicketVoter');
}
// set the attribute to check against
$attribute = $attributes[0];
// check if the given attribute is covered by this voter
if (!$this->supportsAttribute($attribute)) {
return VoterInterface::ACCESS_ABSTAIN;
}
// get current logged in user
$user = $token->getUser();
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof Netizen) {
return VoterInterface::ACCESS_DENIED;
}
if ($this->freeAccess || $this->hasFreeAccess($user)) {
return VoterInterface::ACCESS_GRANTED;
}
if ($user->hasValidTicket()) {
return VoterInterface::ACCESS_GRANTED;
}
// if everything else fails:
return VoterInterface::ACCESS_DENIED;
}示例6: onAuthenticationSuccess
/**
* {@inheritDoc}
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
$session = $request->getSession();
$user = $token->getUser();
$session->registerAccount($user, $request, $this);
return parent::onAuthenticationSuccess($request, $token);
}示例7: vote
/**
* Returns the vote for the given parameters.
*
* This method must return one of the following constants:
* ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
*
* @param TokenInterface $token A TokenInterface instance
* @param object|null $object The object to secure
* @param array $attributes An array of attributes associated with the method being invoked
*
* @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
$class = get_class($object);
if (!$this->supportsClass($class)) {
return self::ACCESS_ABSTAIN;
}
$user = $token->getUser();
if ($user === 'anon.') {
return self::ACCESS_ABSTAIN;
} else {
if (in_array('ADMINISTRATE_BLOG', $attributes) || in_array('SWITCH_ARTICLE_AUTHOR', $attributes)) {
if ($user->hasRole('ROLE_BLOG_ADMIN')) {
return self::ACCESS_GRANTED;
} else {
return self::ACCESS_DENIED;
}
} elseif (in_array('ADMINISTRATE_COMMENTS', $attributes)) {
if ($user->hasRole('ROLE_BLOG_ADMIN') || $user->hasRole('ROLE_BLOG_EDITOR')) {
return self::ACCESS_GRANTED;
} else {
return self::ACCESS_DENIED;
}
}
return self::ACCESS_ABSTAIN;
}
}示例8: vote
/**
* {@inheritDoc}
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
if (!$object || !is_object($object)) {
return self::ACCESS_ABSTAIN;
}
$objectClass = ClassUtils::getClass($object);
if (!$this->supportsClass($objectClass)) {
return self::ACCESS_ABSTAIN;
}
foreach ($attributes as $attribute) {
if (!$this->supportsAttribute($attribute)) {
return self::ACCESS_ABSTAIN;
}
}
$object = $this->convertToSupportedObject($object, $objectClass);
/** @var EmailUser[] $emailUsers */
$emailUsers = $object->getEmailUsers();
foreach ($attributes as $attribute) {
foreach ($emailUsers as $emailUser) {
if ($this->container->get('oro_security.security_facade')->isGranted($attribute, $emailUser)) {
return self::ACCESS_GRANTED;
}
if ($mailbox = $emailUser->getMailboxOwner() !== null && $token instanceof UsernamePasswordOrganizationToken) {
$repo = $this->container->get('doctrine')->getRepository('OroEmailBundle:Mailbox');
$mailboxes = $repo->findAvailableMailboxes($token->getUser(), $token->getOrganizationContext());
if (in_array($mailbox, $mailboxes)) {
return self::ACCESS_GRANTED;
}
}
}
}
return self::ACCESS_DENIED;
}示例9: vote
public function vote(TokenInterface $token, $transition, array $attributes)
{
if (in_array('WORKFLOW_TRANSITION', $attributes)) {
//check if the current user is allowed to use the transition
$user = $token->getUser();
$userGroupsCol = $user->getGroups();
//make array of collection
$userGroups = array();
foreach ($userGroupsCol as $userGroup) {
$userGroups[] = $userGroup;
}
$transitionGroupsCol = $transition->getGroups();
//make array of collection
$transitionGroups = array();
foreach ($transitionGroupsCol as $transitionGroup) {
$transitionGroups[] = $transitionGroup;
}
foreach ($userGroups as $userGroup) {
if (in_array($userGroup, $transitionGroups)) {
return self::ACCESS_GRANTED;
}
}
return self::ACCESS_DENIED;
}
return self::ACCESS_ABSTAIN;
}示例10: voteOnAttribute
/**
* @param string $attribute
* @param CourseLearningMaterialInterface $material
* @param TokenInterface $token
* @return bool
*/
protected function voteOnAttribute($attribute, $material, TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return false;
}
$course = $material->getCourse();
if (!$course) {
return false;
}
switch ($attribute) {
case self::VIEW:
$granted = $this->isViewGranted($course->getId(), $course->getSchool()->getId(), $user);
// prevent access if associated LM is in draft, and the current user has no elevated privileges.
if ($granted) {
$granted = $this->userHasRole($token->getUser(), ['Faculty', 'Course Director', 'Developer']) || LearningMaterialStatusInterface::IN_DRAFT !== $material->getLearningMaterial()->getStatus()->getId();
}
return $granted;
break;
case self::CREATE:
case self::EDIT:
case self::DELETE:
// prevent any sort of write operation (create/edit/delete) if the parent course is locked or archived.
if ($course->isLocked() || $course->isArchived()) {
return false;
}
return $this->isWriteGranted($course->getId(), $course->getSchool()->getId(), $user);
break;
}
return false;
}示例11: getValidUserApi
/**
* Get valid UserApi for given token
*
* @param TokenInterface $token
* @param PersistentCollection $secrets
* @param User $user
*
* @return bool|UserApi
*/
protected function getValidUserApi(TokenInterface $token, PersistentCollection $secrets, User $user)
{
$currentIteration = 0;
$nonce = $token->getAttribute('nonce');
$secretsCount = $secrets->count();
/** @var UserApi $userApi */
foreach ($secrets as $userApi) {
$currentIteration++;
$isSecretValid = $this->validateDigest($token->getAttribute('digest'), $nonce, $token->getAttribute('created'), $userApi->getApiKey(), $this->getSalt($user));
if ($isSecretValid && !$userApi->getUser()->getOrganizations()->contains($userApi->getOrganization())) {
throw new BadCredentialsException('Wrong API key.');
}
if ($isSecretValid && !$userApi->getOrganization()->isEnabled()) {
throw new BadCredentialsException('Organization is not active.');
}
// delete nonce from cache because user have another api keys
if (!$isSecretValid && $secretsCount !== $currentIteration) {
$this->getNonceCache()->delete($nonce);
}
if ($isSecretValid) {
return $userApi;
}
}
return false;
}示例12: vote
function vote(TokenInterface $token, $node, array $attributes)
{
if (!$node instanceof Node) {
return self::ACCESS_ABSTAIN;
}
if (!in_array($attributes[0], array_keys($this->roles))) {
return self::ACCESS_ABSTAIN;
}
$user = $token->getUser();
$parent = $node->getParent();
if (!is_null($parent) && !$this->container->get('security.authorization_checker')->isGranted($attributes, $parent)) {
return self::ACCESS_DENIED;
}
if (method_exists($node, 'getInherit') && $node->getInherit()) {
return self::ACCESS_GRANTED;
}
if ($node->getOwner() == $user) {
return self::ACCESS_GRANTED;
}
foreach ($node->getUsers() as $nodeUser) {
if ($nodeUser->getUser() == $user && $this->roles[$nodeUser->getRole()] >= $this->roles[$attributes[0]]) {
return self::ACCESS_GRANTED;
}
}
foreach ($user->getAssocTeams() as $team) {
foreach ($node->getTeams() as $nodeTeam) {
if ($nodeTeam->getTeam() == $team->getTeam() && $this->roles[$nodeTeam->getRole()] >= $this->roles[$attributes[0]]) {
return self::ACCESS_GRANTED;
}
}
}
return self::ACCESS_DENIED;
}示例13: voteOnAttribute
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$user = $token->getUser();
/** @var Estate */
$estate = $subject;
if (!$user instanceof UserInterface) {
return false;
}
switch ($attribute) {
case self::VIEW:
if ($this->decisionManager->decide($token, array('ROLE_ADMIN', 'ROLE_MANAGER'))) {
return true;
}
break;
case self::CREATE:
if ($this->decisionManager->decide($token, array('ROLE_ADMIN', 'ROLE_MANAGER'))) {
return true;
}
break;
case self::EDIT:
if ($user->getUsername() === $estate->getCreatedBy() || $this->decisionManager->decide($token, array('ROLE_ADMIN'))) {
return true;
}
break;
case self::REMOVE:
if ($user->getUsername() === $estate->getCreatedBy() || $this->decisionManager->decide($token, array('ROLE_ADMIN'))) {
return true;
}
break;
}
return false;
}示例14: voteOnAttribute
/**
* @param string $attribute
* @param ObjectiveInterface $objective
* @param TokenInterface $token
* @return bool
*/
protected function voteOnAttribute($attribute, $objective, TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return false;
}
switch ($attribute) {
case self::VIEW:
// Any authenticated user can see all objectives.
return true;
break;
case self::CREATE:
case self::EDIT:
case self::DELETE:
// Well...poop.
// The rules for granting access hinge on the ownership context of the given objective.
// Is this a course objective? or a program year object? perhaps a session objective?
// No easy way of telling.
// So really, this is three voters in one.
// TODO: Clean this mess up. [ST 2015/08/05]
if (!$objective->getCourses()->isEmpty()) {
// got courses? if so, it's a course objective.
return $this->isCreateEditDeleteGrantedForCourseObjective($objective, $user);
} elseif (!$objective->getSessions()->isEmpty()) {
// and so on..
return $this->isCreateEditDeleteGrantedForSessionObjective($objective, $user);
} elseif (!$objective->getProgramYears()->isEmpty()) {
// and so on ..
return $this->isCreateEditDeleteGrantedForProgramYearObjective($objective, $user);
}
break;
}
return false;
}示例15: vote
/**
* @param TokenInterface $post
* @param mixed $post
* @param array $attributes
* @return integer
*/
public function vote(TokenInterface $token, $post, array $attributes)
{
if (!$this->supportsClass(get_class($post))) {
return VoterInterface::ACCESS_ABSTAIN;
}
if (1 !== count($attributes)) {
throw new \InvalidArgumentException('Only one attribute is allowed for VIEW or EDIT');
}
$attribute = $attributes[0];
if (!$this->supportsAttribute($attribute)) {
return VoterInterface::ACCESS_ABSTAIN;
}
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return VoterInterface::ACCESS_DENIED;
}
switch ($attribute) {
case self::VIEW:
return VoterInterface::ACCESS_GRANTED;
break;
case self::EDIT:
case self::DELETE:
if ($user->getId() === $post->getOwner()->getId()) {
return VoterInterface::ACCESS_GRANTED;
}
break;
}
return VoterInterface::ACCESS_DENIED;
}