Symfony 2 - WSSE - FOSUserBundle - FOSRestBundle - Javascript

0
votes

I try to incorporate WSSE Authentification. I have a symfony in back, and an app Ionic - AngularJS in front. I followed the cookbook about WSSE, and theses tutorials :

http://obtao.com/blog/2013/05/create-rest-api-in-a-symfony-application/

http://obtao.com/blog/2013/06/configure-wsse-on-symfony-with-fosrestbundle/

And

http://obtao.com/blog/2013/09/how-to-use-wsse-in-android-app/

I install WSSE well, i can hash my password in my app with this code: 

authentication.hashPassword = function(salt, clearPassword) {
  var digest = "";
  console.log('==== STARTING HASHING PASSWORD ====');
  var salted = null;
  if (!salt || salt == "") {
    salted = clearPassword;
  } else {
    salted = clearPassword + "{" + salt + "}";
  }
  digest = CryptoJS.SHA512(salted);
  for (var i=1; i<5000; i++) {
    digest = CryptoJS.SHA512(digest.toString(CryptoJS.enc.Latin1)+salted);
  }
  digest = digest.toString(CryptoJS.enc.Base64);
  console.log('==== ENDING HASHING PASSWORD ====');
  console.log(digest);
  return digest;
};

but i would like to generate header with my hash password ( the last tutorial is coded in java, and i'm a noob in Java)

Is it Possible to compare two hash password if i post my hash password ?

have you any idea to create a header ( or Token ) ?

Thank you for your answer

1
angularjssymfonyionic-frameworkfosrestbundlewsse
Maybe this bundle can help you github.com/escapestudios/EscapeWSSEAuthenticationBundlechalasr

1 Answers

1
votes

Your application seems to be based on Ionic Framework. After the "Android application" mentioned in tutorial, we have also tested ionic.

See https://github.com/wallabag/ionic-app (crypto is "handmade", but it will help you for the header part with ionic/angularjs)

In app.js : 

$http.defaults.headers.common['x-wsse'] = function() {
    return wsse.getHeaderValue(username, encryptedPassword);
};
$http.defaults.headers.common.Authorization = 'profile=UsernameToken';