/**
* Handles unauthenticated access attempt. First the `unauthenticated()` method
* of the last authenticator in the chain will be called. The authenticator can
* handle sending response or redirection as appropriate and return `true` to
* indicate no further action is necessary. If authenticator returns null this
* method redirects user to login action. If it's an AJAX request and config
* `ajaxLogin` is specified that element is rendered else a 403 HTTP status code
* is returned.
*
* @param \Cake\Controller\Controller $controller A reference to the controller object.
* @return \Cake\Network\Response|null Null if current action is login action
* else response object returned by authenticate object or Controller::redirect().
*/
protected function _unauthenticated(Controller $controller)
{
if (empty($this->_authenticateObjects)) {
$this->constructAuthenticate();
}
$auth = end($this->_authenticateObjects);
$result = $auth->unauthenticated($this->request, $this->response);
if ($result !== null) {
return $result;
}
if (!$this->storage()->redirectUrl()) {
$this->storage()->redirectUrl($this->request->here(false));
}
if (!$controller->request->is('ajax')) {
$this->flash($this->_config['authError']);
$this->storage()->redirectUrl($controller->request->here(false));
return $controller->redirect($this->_config['loginAction']);
}
if (!empty($this->_config['ajaxLogin'])) {
$controller->viewBuilder()->templatePath('Element');
$response = $controller->render($this->_config['ajaxLogin'], $this->RequestHandler->ajaxLayout);
$response->statusCode(403);
return $response;
}
$this->response->statusCode(403);
return $this->response;
}
/**
* Enriches all of the passed audit logs to add the request
* info metadata.
*
* @param Event The AuditStash.beforeLog event
* @param array $logs The audit log event objects
* @return void
*/
public function beforeLog(Event $event, array $logs)
{
$meta = ['ip' => $this->request->clientIp(), 'url' => $this->request->here(), 'user' => $this->user];
foreach ($logs as $log) {
$log->setMetaInfo($log->getMetaInfo() + $meta);
}
}
/**
* {@inheritDoc}
*/
public function getUser(Request $request)
{
$auth = $request->header('Authorization');
if (empty($auth) && function_exists('apache_request_headers')) {
$headers = apache_request_headers();
$auth = empty($headers['Authorization']) ? null : $headers['Authorization'];
}
if (empty($auth)) {
return false;
}
if (strpos($auth, ' ') === false) {
return false;
}
list($authType, $authString) = explode(' ', $auth, 2);
$authParams = explode(',', $authString);
if (count($authParams) < 3) {
return false;
}
switch (strtolower($authType)) {
case 'url-encoded-api-key':
$postFields = ['messageDigest' => $authParams[1], 'timestamp' => $authParams[2], 'message' => Router::fullBaseUrl() . $request->here()];
break;
case 'nonce-encoded-api-key':
case 'nonce-encoded-wssession-key':
$postFields = ['nonceKey' => $authParams[1], 'messageDigest' => $authParams[2]];
break;
default:
//unknown auth type
return false;
}
$postFields['wsId'] = $authParams[0];
$result = $this->client()->post("https://ws.byu.edu/authentication/services/rest/v1/provider/{$authType}/validate", $postFields);
if (!$result || !$result->isOk()) {
return false;
}
$response = json_decode($result->body(), true);
if (empty($response['netId'])) {
return false;
}
$response['username'] = $response['netId'];
return $response;
}
/**
* Test the here() with space in URL
*
* @return void
*/
public function testHereWithSpaceInUrl()
{
Configure::write('App.base', '');
$_GET = ['/admin/settings/settings/prefix/Access_Control' => ''];
$request = new Request('/admin/settings/settings/prefix/Access%20Control');
$result = $request->here();
$this->assertEquals('/admin/settings/settings/prefix/Access%20Control', $result);
}
/**
* Test the here() method
*
* @return void
*/
public function testHere()
{
Configure::write('App.base', '/base_path');
$q = array('test' => 'value');
$request = new Request(array('query' => $q, 'url' => '/posts/add/1/value', 'base' => '/base_path'));
$result = $request->here();
$this->assertEquals('/base_path/posts/add/1/value?test=value', $result);
$result = $request->here(false);
$this->assertEquals('/posts/add/1/value?test=value', $result);
$request = new Request(array('url' => '/posts/base_path/1/value', 'query' => array('test' => 'value'), 'base' => '/base_path'));
$result = $request->here();
$this->assertEquals('/base_path/posts/base_path/1/value?test=value', $result);
$result = $request->here(false);
$this->assertEquals('/posts/base_path/1/value?test=value', $result);
}
/**
* Get the request context for an error/exception trace.
*
* @param \Cake\Network\Request $request The request to read from.
* @return string
*/
protected function _requestContext($request)
{
$message = "\nRequest URL: " . $request->here();
$referer = $request->env('HTTP_REFERER');
if ($referer) {
$message .= "\nReferer URL: " . $referer;
}
$clientIp = $request->clientIp();
if ($clientIp && $clientIp !== '::1') {
$message .= "\nClient IP: " . $clientIp;
}
return $message;
}
