public function interceptRequest(HttpRequest $request)
{
if ($this->secure && !$request->isSecure()) {
$response = new HttpResponse(Http::REDIRECT_IDENTICAL);
$response->setHeader('Location', $request->getUri()->setScheme('https'));
return $response;
}
if (!$this->secure && $request->isSecure()) {
$response = new HttpResponse(Http::REDIRECT_IDENTICAL);
$response->setHeader('Location', $request->getUri()->setScheme('http'));
return $response;
}
}
/**
* {@inheritdoc}
*/
public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response)
{
if (!$token instanceof FormAuthToken) {
throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this)));
}
$loginUri = new Uri($this->auth->getLoginUri());
$path = trim($request->getUri()->getPath(false), '/');
$loginPath = trim($loginUri->getPath(false), '/');
$session = $this->securityContext->getSession();
$data = (array) $session->get($this->auth->getKey(), NULL);
// Save the current URI when it is not the login URI.
if ($path !== $loginPath && !array_key_exists(FormAuthenticationProvider::SESSION_URI, $data)) {
$data[FormAuthenticationProvider::SESSION_URI] = (string) $request->getUri();
}
$session->set($this->auth->getKey(), $data);
$response->setStatus(Http::REDIRECT_TEMPORARY);
$response->setReason(Http::getReason(Http::REDIRECT_TEMPORARY));
$response->setHeader('Location', $loginUri);
}
protected function sendRequestLine(StreamInterface $stream, HttpRequest $request)
{
$uri = $request->getUri();
$buffer = $uri->getPath();
if ($buffer === '' || substr($buffer, 0, 1) != '/') {
$buffer = '/' . $buffer;
}
if ('' !== ($query = $buffer->getQueryString())) {
$buffer .= '?' . $query;
}
$stream->write(sprintf("%s %s %s\r\n", $request->getMethod(false), $buffer, $request->getProtocol()));
}
/**
* Dispatch the given request and return the generated HTTP response.
*
* HINT: This method will transform the response entity into a StringEntity populated with the contents of
* the original entity, HTTP headers of the original entity will be preserved.
*
* NOTE: If you do not specify a host in the URL it will be set to test.me!
*
* @param HttpRequest $request
* @return HttpResponse
*
* @throws \RuntimeException When the dispatcher did not return an HTTP response and no other exception was thrown.
*/
public function dispatch(HttpRequest $request)
{
$uri = $request->getUri();
if (NULL === $uri->getHost()) {
$request->setUri($uri->setHost('test.me')->setPort(Http::PORT));
}
$dispatcher = $this->container->get(DispatcherInterface::class);
$chain = $this->container->get(MiddlewareChain::class);
$response = $dispatcher->handleRequest($request, $chain, true);
if (!$response instanceof HttpResponse) {
$type = is_object($response) ? get_class($response) : gettype($response);
throw new \RuntimeException(sprintf('Expecting an HttpResponse object, given %s', $type));
}
return $response;
}
/**
* {@inheritdoc}
*/
public function updateCredentials(HttpRequest $request)
{
$this->setStatus(self::AUTHENTICATION_NEEDED);
$path = trim($request->getUri()->getPath(false), '/');
$logoutPath = trim((new Uri($this->auth->getLogoutUri()))->getPath(false), '/');
if ($path === $logoutPath) {
return;
}
$session = $this->securityContext->getSession();
if ($session->isInitialized()) {
$data = (array) $session->get($this->auth->getKey(), NULL);
$identity = NULL;
if (isset($data[FormAuthenticationProvider::SESSION_IDENTITY])) {
$identity = (string) $data[FormAuthenticationProvider::SESSION_IDENTITY];
}
if ($identity !== NULL) {
$principal = $this->auth->getPrincipalProvider()->findPrincipal($identity);
if ($principal !== NULL) {
$this->setPrincipal($principal);
return $this->setStatus(self::AUTHENTICATION_SUCCESSFUL);
}
}
}
if ($request->isPost(false) && $request->getMediaType()->is(Http::FORM_ENCODED)) {
$fields = $request->getEntity()->getFields();
$data = isset($fields['auth']) ? (array) $fields['auth'] : [];
$data = isset($data[$this->auth->getKey()]) ? (array) $data[$this->auth->getKey()] : [];
if (array_key_exists(FormAuthenticationProvider::FIELD_USERNAME, $data)) {
$this->username = (string) $data[FormAuthenticationProvider::FIELD_USERNAME];
}
if (array_key_exists(FormAuthenticationProvider::FIELD_PASSWORD, $data)) {
$this->password = (string) $data[FormAuthenticationProvider::FIELD_PASSWORD];
}
if (array_key_exists(FormAuthenticationProvider::FIELD_GUARD, $data)) {
$guard = (string) $data[FormAuthenticationProvider::FIELD_GUARD];
$data = (array) $session->get($this->auth->getKey(), NULL);
if (array_key_exists(FormAuthenticationProvider::SESSION_GUARD, $data)) {
if ((string) $data[FormAuthenticationProvider::SESSION_GUARD] == $guard) {
$this->guarded = true;
}
}
}
return $this->setStatus(self::AUTHENTICATION_NEEDED);
}
}
protected function refreshLock(ResourceInterface $resource, Uri $baseUri, HttpRequest $request, LockStorageInterface $storage)
{
if (!$resource instanceof LockableResourceInterface || !$resource->isLockSupported()) {
throw new MethodNotAllowedException();
}
if (!$resource->isLocked()) {
throw new LockTokenMatchesRequestUriException(WebDav::CODE_PRECONDITION_FAILED);
}
$if = trim($request->getHeader('If', ''));
$m = NULL;
if (!preg_match("'^\\(\\s*<urn:webdav:lock:([a-f0-9\\-]{36})>\\s*\\)\$'i", $if, $m)) {
throw new BadRequestException();
}
try {
$token = new UUID($m[1]);
} catch (\InvalidArgumentException $e) {
throw new BadRequestException($e);
}
if ($token != $resource->getLockInfo()->getToken()) {
throw new NoConflictingLockException([$request->getUri()]);
}
$storage->beginTransaction();
try {
$lock = $storage->refreshLock($resource, $token, $this->computeExpires($request));
} catch (\Exception $e) {
$storage->rollBack();
throw new LockTokenMatchesRequestUriException(WebDav::CODE_PRECONDITION_FAILED, $e);
}
$storage->commit();
return $this->createLockResponse(WebDav::CODE_OK, $lock, $baseUri, false);
}
protected function buildProppatchResponse(ProppatchRequest $proppatch, HttpRequest $request, StorageInterface $storage)
{
$builder = new PatchResponseBuilder($request->getUri(), $proppatch);
return $builder->buildResponse(WebDav::CODE_MULTI_STATUS);
}
/**
* {@inheritdoc}
*/
public function authenticate(SecurityContextInterface $context, TokenInterface $token, HttpRequest $request)
{
if (!$token instanceof FormAuthToken) {
throw new SecurityException(sprintf('Token %s not supported by provider %s', get_class($token), get_class($this)));
}
$this->failedLogin = false;
$this->username = $token->getUsername();
$this->guard = bin2hex(random_bytes($this->guardByteCount));
$path = trim($request->getUri()->getPath(false), '/');
$loginPath = trim((new Uri($this->getLoginUri()))->getPath(false), '/');
$logoutPath = trim((new Uri($this->getLogoutUri()))->getPath(false), '/');
$isLogin = $path === $loginPath;
$isLogout = $path === $logoutPath;
$session = $context->getSession();
if ($isLogout) {
$session->remove($this->getKey());
$token->setPrincipal(new AnonymousPrincipal());
$token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
return;
}
if ($isLogin) {
try {
if ($request->isPost(false)) {
$identity = $token->getUsername();
$password = $token->getPassword();
// Fetch user independent of guard in order to prevent leakage of timing information.
$principal = $this->getPrincipalProvider()->findPrincipalUsingPassword($identity, $password);
// Invalidate when guard fails.
if (!$token->isGuarded()) {
$principal = NULL;
}
if ($principal !== NULL) {
$session = $context->getSession();
$data = (array) $session->get($this->getKey(), NULL);
$data[self::SESSION_IDENTITY] = (string) $principal->getIdentity();
$session->set($this->getKey(), $data);
if (array_key_exists(self::SESSION_URI, $data)) {
$uri = $data[self::SESSION_URI];
unset($data[self::SESSION_URI]);
$session->set($this->getKey(), $data);
$response = new HttpResponse(Http::REDIRECT_TEMPORARY);
$response->setHeader('Location', $uri);
return $response;
}
$token->setPrincipal($principal);
$token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
return;
}
$this->failedLogin = true;
}
$token->setPrincipal(new AnonymousPrincipal());
$token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
return;
} finally {
$data = (array) $session->get($this->getKey(), []);
$data[self::SESSION_GUARD] = $this->guard;
$session->set($this->getKey(), $data);
}
}
}
