alcalyn/silex-wsse

WSSE implementation based on Silex examples in documentation.

Silex WSSE

, _(*1)

Provides a Silex provider in order to implement a WSSE authentication., _(*2)

Installation

Via Composer, _(*3)

``` js { "require": { "alcalyn/silex-wsse": "~1.0.0" } }, <sub>(*4)</sub>

## Usage

``` php
// Register Silex security
$app->register(new Silex\Provider\SecurityServiceProvider(), array(
    'security.firewalls' => array(
        'api' => array(
            'pattern' => '^/api',
            'wsse' => true,
            'stateless' => true,
            'users' => $myUserProvider,
        ),
    ),
));

// SilexWsse needs a token validator service with a path where to store Wsse tokens
$app['security.wsse.token_validator'] = function () {
    $wsseCacheDir = 'var/cache/wsse-tokens';

    return new PasswordDigestValidator($wsseCacheDir);
};

// Register Wsse provider
$app->register(new WsseServiceProvider('api'));

Then you can retrieve your authenticated user in controller like that:, <sub>(*5)</sub>

``` php $app->get('api/auth', function () use ($app) { $authenticatedUser = $app['user'];, <sub>(*6)</sub>

return 'Hello '.$app->escape($authenticatedUser->getUsername());

});, <sub>(*7)</sub>

### Full example

Using a plain password encoder, and an user `toto` with password `pass`:

``` php
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder;
use Alcalyn\Wsse\Security\Authentication\Provider\PasswordDigestValidator;
use Alcalyn\SilexWsse\Provider\WsseServiceProvider;

$app = new Silex\Application();

$myUserProvider = function () {
    return new InMemoryUserProvider(array(
        'toto' => ['password' => 'pass'],
    ));
};

$app['security.default_encoder'] = function () {
    return new PlaintextPasswordEncoder();
};

// Register Silex security
$app->register(new Silex\Provider\SecurityServiceProvider(), array(
    'security.firewalls' => array(
        'api' => array(
            'pattern' => '^/api',
            'wsse' => true,
            'stateless' => true,
            'users' => $myUserProvider,
        ),
    ),
));

// SilexWsse needs a token validator service with a path where to store Wsse tokens
$app['security.wsse.token_validator'] = function () {
    $wsseCacheDir = 'var/cache/wsse-tokens';

    return new PasswordDigestValidator($wsseCacheDir);
};

// Register Wsse provider
$app->register(new WsseServiceProvider('api'));

$app->get('api/auth', function () use ($app) {
    $authenticatedUser = $app['user'];

    return 'Hello '.$app->escape($authenticatedUser->getUsername());
});

$app->run();

Then making the following http request with the X-WSSE header (generated here):, <sub>(*8)</sub>

GET http://localhost/my-app/index.php/api/auth
X-WSSE: UsernameToken Username="toto", PasswordDigest="ieIS4sijyAW2ZrnvhvDOqBH+aSQ=", Nonce="NDlhNWE2M2YxNWQ2ZDk1NA==", Created="2016-07-31T12:46:16Z"

Returns the response:, <sub>(*9)</sub>

200 OK
Date:  Sun, 31 Jul 2016 12:46:25 GMT

Hello toto

Debugging

While implementing Wsse authentication, you should experience some authentication fail with your Wsse token (date expired, already used nonce...)., <sub>(*10)</sub>

To display the fail reason, you can display symfony authentication exception like that:, <sub>(*11)</sub>

``` php use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;, <sub>(*12)</sub>

$app->on('security.authentication.failure', function(AuthenticationFailureEvent $event) { echo $event->getAuthenticationException()->getMessage(); }); ```, <sub>(*13)</sub>

See Symfony documentation about authentication events., <sub>(*14)</sub>

License

This project is under MIT License., <sub>(*15)</sub>