alcalyn/silex-wsse

WSSE implementation based on Silex examples in documentation.

Maintainers

Details

github.com/alcalyn/silex-wsse

Homepage

Source

Issues

Installs: 113

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 2

Forks: 0

Open Issues: 0

1.1.0 2017-09-26 15:37 UTC

Requires

MIT 92e7253d0b676061196f3e0f3a22507301f36e09

  • Julien Maulny <doubjulien.woop@hotmail.fr>

silexsymfonyuserwsse

This package is not auto-updated.

Last update: 2024-04-13 16:18:08 UTC

README

Latest Stable Version License

Provides a Silex provider in order to implement a WSSE authentication.

Installation

Via Composer

{
    "require": {
        "alcalyn/silex-wsse": "~1.0.0"
    }
}

Usage

// Register Silex security
$app->register(new Silex\Provider\SecurityServiceProvider(), array(
    'security.firewalls' => array(
        'api' => array(
            'pattern' => '^/api',
            'wsse' => true,
            'stateless' => true,
            'users' => $myUserProvider,
        ),
    ),
));

// SilexWsse needs a token validator service with a path where to store Wsse tokens
$app['security.wsse.token_validator'] = function () {
    $wsseCacheDir = 'var/cache/wsse-tokens';

    return new PasswordDigestValidator($wsseCacheDir);
};

// Register Wsse provider
$app->register(new WsseServiceProvider('api'));

Then you can retrieve your authenticated user in controller like that:

$app->get('api/auth', function () use ($app) {
    $authenticatedUser = $app['user'];

    return 'Hello '.$app->escape($authenticatedUser->getUsername());
});

Full example

Using a plain password encoder, and an user toto with password pass:

use Symfony\Component\Security\Core\User\InMemoryUserProvider;
use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder;
use Alcalyn\Wsse\Security\Authentication\Provider\PasswordDigestValidator;
use Alcalyn\SilexWsse\Provider\WsseServiceProvider;

$app = new Silex\Application();

$myUserProvider = function () {
    return new InMemoryUserProvider(array(
        'toto' => ['password' => 'pass'],
    ));
};

$app['security.default_encoder'] = function () {
    return new PlaintextPasswordEncoder();
};

// Register Silex security
$app->register(new Silex\Provider\SecurityServiceProvider(), array(
    'security.firewalls' => array(
        'api' => array(
            'pattern' => '^/api',
            'wsse' => true,
            'stateless' => true,
            'users' => $myUserProvider,
        ),
    ),
));

// SilexWsse needs a token validator service with a path where to store Wsse tokens
$app['security.wsse.token_validator'] = function () {
    $wsseCacheDir = 'var/cache/wsse-tokens';

    return new PasswordDigestValidator($wsseCacheDir);
};

// Register Wsse provider
$app->register(new WsseServiceProvider('api'));

$app->get('api/auth', function () use ($app) {
    $authenticatedUser = $app['user'];

    return 'Hello '.$app->escape($authenticatedUser->getUsername());
});

$app->run();

Then making the following http request with the X-WSSE header (generated here):

GET http://localhost/my-app/index.php/api/auth
X-WSSE: UsernameToken Username="toto", PasswordDigest="ieIS4sijyAW2ZrnvhvDOqBH+aSQ=", Nonce="NDlhNWE2M2YxNWQ2ZDk1NA==", Created="2016-07-31T12:46:16Z"

Returns the response:

200 OK
Date:  Sun, 31 Jul 2016 12:46:25 GMT

Hello toto

Debugging

While implementing Wsse authentication, you should experience some authentication fail with your Wsse token (date expired, already used nonce...).

To display the fail reason, you can display symfony authentication exception like that:

use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;

$app->on('security.authentication.failure', function(AuthenticationFailureEvent $event) {
    echo $event->getAuthenticationException()->getMessage();
});

See Symfony documentation about authentication events.

License

This project is under MIT License.