diff --git a/cookbook/security/custom_authentication_provider.rst b/cookbook/security/custom_authentication_provider.rst index 220d8cdc5ac..0410519eae5 100644 --- a/cookbook/security/custom_authentication_provider.rst +++ b/cookbook/security/custom_authentication_provider.rst @@ -208,6 +208,7 @@ the ``PasswordDigest`` header value matches with the user's password. // src/AppBundle/Security/Authentication/Provider/WsseProvider.php namespace AppBundle\Security\Authentication\Provider; + use Psr\Cache\CacheItemPoolInterface; use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; @@ -218,12 +219,12 @@ the ``PasswordDigest`` header value matches with the user's password. class WsseProvider implements AuthenticationProviderInterface { private $userProvider; - private $cacheDir; + private $cachePool; - public function __construct(UserProviderInterface $userProvider, $cacheDir) + public function __construct(UserProviderInterface $userProvider, CacheItemPoolInterface $cachePool) { $this->userProvider = $userProvider; - $this->cacheDir = $cacheDir; + $this->cachePool = $cachePool; } public function authenticate(TokenInterface $token) @@ -258,19 +259,18 @@ the ``PasswordDigest`` header value matches with the user's password. return false; } - // Validate that the nonce is *not* used in the last 5 minutes - // if it has, this could be a replay attack - if ( - file_exists($this->cacheDir.'/'.md5($nonce)) - && file_get_contents($this->cacheDir.'/'.md5($nonce)) + 300 > time() - ) { + // Try to fetch the cache item from pool + $cacheItem = $this->cachePool->getItem(md5($nonce)); + + // Validate that the nonce is *not* in cache + // if it is, this could be a replay attack + if ($cacheItem->isHit()) { throw new NonceExpiredException('Previously used nonce detected'); } - // If cache directory does not exist we create it - if (!is_dir($this->cacheDir)) { - mkdir($this->cacheDir, 0777, true); - } - file_put_contents($this->cacheDir.'/'.md5($nonce), time()); + + // Store the item in cache for 5 minutes + $cacheItem->set(null)->expiresAfter(300); + $this->cachePool->save($cacheItem); // Validate Secret $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); @@ -411,7 +411,7 @@ to service ids that do not exist yet: ``wsse.security.authentication.provider`` class: AppBundle\Security\Authentication\Provider\WsseProvider arguments: - '' # User Provider - - '%kernel.cache_dir%/security/nonces' + - '@cache.app' public: false wsse.security.authentication.listener: @@ -433,7 +433,7 @@ to service ids that do not exist yet: ``wsse.security.authentication.provider`` public="false" > - %kernel.cache_dir%/security/nonces + setPublic(false);