/**
  * @return void
  */
 public function setUp()
 {
     $this->viewHelperVariableContainer = $this->getMock('TYPO3\\Fluid\\Core\\ViewHelper\\ViewHelperVariableContainer');
     $this->viewHelperVariableContainer->expects($this->any())->method('exists')->will($this->returnCallback(array($this, 'viewHelperVariableContainerExistsCallback')));
     $this->viewHelperVariableContainer->expects($this->any())->method('get')->will($this->returnCallback(array($this, 'viewHelperVariableContainerGetCallback')));
     $this->templateVariableContainer = $this->getMock('TYPO3\\Fluid\\Core\\ViewHelper\\TemplateVariableContainer');
     $this->uriBuilder = $this->getMock('TYPO3\\Flow\\Mvc\\Routing\\UriBuilder');
     $this->uriBuilder->expects($this->any())->method('reset')->will($this->returnValue($this->uriBuilder));
     $this->uriBuilder->expects($this->any())->method('setArguments')->will($this->returnValue($this->uriBuilder));
     $this->uriBuilder->expects($this->any())->method('setSection')->will($this->returnValue($this->uriBuilder));
     $this->uriBuilder->expects($this->any())->method('setFormat')->will($this->returnValue($this->uriBuilder));
     $this->uriBuilder->expects($this->any())->method('setCreateAbsoluteUri')->will($this->returnValue($this->uriBuilder));
     $this->uriBuilder->expects($this->any())->method('setAddQueryString')->will($this->returnValue($this->uriBuilder));
     $this->uriBuilder->expects($this->any())->method('setArgumentsToBeExcludedFromQueryString')->will($this->returnValue($this->uriBuilder));
     // BACKPORTER TOKEN #1
     $httpRequest = \TYPO3\Flow\Http\Request::create(new \TYPO3\Flow\Http\Uri('http://localhost/foo'));
     $this->request = $this->getMock('TYPO3\\Flow\\Mvc\\ActionRequest', array(), array($httpRequest));
     $this->request->expects($this->any())->method('isMainRequest')->will($this->returnValue(TRUE));
     $this->controllerContext = $this->getMock('TYPO3\\Flow\\Mvc\\Controller\\ControllerContext', array(), array(), '', FALSE);
     $this->controllerContext->expects($this->any())->method('getUriBuilder')->will($this->returnValue($this->uriBuilder));
     $this->controllerContext->expects($this->any())->method('getRequest')->will($this->returnValue($this->request));
     $this->tagBuilder = $this->getMock('TYPO3\\Fluid\\Core\\ViewHelper\\TagBuilder');
     $this->arguments = array();
     $this->renderingContext = new \TYPO3\Fluid\Core\Rendering\RenderingContext();
     $this->renderingContext->injectTemplateVariableContainer($this->templateVariableContainer);
     $this->renderingContext->injectViewHelperVariableContainer($this->viewHelperVariableContainer);
     $this->renderingContext->setControllerContext($this->controllerContext);
 }
Beispiel #2
0
 /**
  * Returns an Response object containing the OPAuth data
  *
  * @return Response
  */
 public function getResponse()
 {
     if ($this->actionRequest instanceof \TYPO3\Flow\Mvc\ActionRequest && $this->actionRequest->hasArgument('opauth')) {
         $data = $this->actionRequest->getArgument('opauth');
         $response = unserialize(base64_decode($data));
         $this->response = new Response($response);
     }
     return $this->response;
 }
Beispiel #3
0
 /**
  * @param Request $httpRequest
  * @param array $matchResults
  * @return ActionRequest
  */
 protected function createActionRequest(Request $httpRequest, array $matchResults = NULL)
 {
     $actionRequest = new ActionRequest($httpRequest);
     if ($matchResults !== NULL) {
         $requestArguments = $actionRequest->getArguments();
         $mergedArguments = Arrays::arrayMergeRecursiveOverrule($requestArguments, $matchResults);
         $actionRequest->setArguments($mergedArguments);
     }
     return $actionRequest;
 }
Beispiel #4
0
 /**
  * Updates the authentication credentials, the authentication manager needs to authenticate this token.
  * This could be a username/password from a login controller.
  * This method is called while initializing the security context. By returning TRUE you
  * make sure that the authentication manager will (re-)authenticate the tokens with the current credentials.
  * Note: You should not persist the credentials!
  *
  * @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current request instance
  *
  * @return bool TRUE if this token needs to be (re-)authenticated
  */
 public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
 {
     $httpRequest = $actionRequest->getHttpRequest();
     if ($httpRequest->getMethod() !== 'GET') {
         return;
     }
     if ($actionRequest->getInternalArgument('__casAuthenticationProviderName') === $this->authenticationProviderName) {
         $this->authenticationStatus = self::AUTHENTICATION_NEEDED;
     }
 }
 /**
  * @test
  */
 public function actionRequestStripsParentHttpRequest()
 {
     $httpRequest = Request::create(new Uri('http://typo3.org'));
     $actionRequest = new ActionRequest($httpRequest);
     $actionRequest->setControllerActionName('foo');
     $serializedActionRequest = serialize($actionRequest);
     /* @var $unserializedActionRequest ActionRequest */
     $unserializedActionRequest = unserialize($serializedActionRequest);
     $this->assertNull($unserializedActionRequest->getParentRequest(), 'Parent HTTP request should be NULL after deserialization');
     $this->assertSame('foo', $unserializedActionRequest->getControllerActionName());
 }
 /**
  * Updates the identifier credential from the GET/POST vars, if the GET/POST parameters
  * are available. Sets the authentication status to AUTHENTICATION_NEEDED, if credentials have been sent.
  *
  * Note: You need to send the password in this parameter:
  *       __authentication[_OurBrand_][Quiz][Security][IdentifierToken][identifier]
  *
  * @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current action request
  * @return void
  */
 public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
 {
     $postArguments = $actionRequest->getInternalArguments();
     $username = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($postArguments, '__authentication._OurBrand_.Quiz.Security.IdentifierToken.username');
     $password = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($postArguments, '__authentication._OurBrand_.Quiz.Security.IdentifierToken.password');
     if (!empty($username) && !empty($password)) {
         $this->credentials['username'] = $username;
         $this->credentials['password'] = $password;
         $this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
     }
 }
Beispiel #7
0
 /**
  * Is called if authentication was successful.
  *
  * See the implementation in the AbstractAuthenticationController for details!
  *
  * @param \TYPO3\Flow\Mvc\ActionRequest $originalRequest The request that was intercepted by the security framework, NULL if there was none
  * @return string
  */
 protected function onAuthenticationSuccess(\TYPO3\Flow\Mvc\ActionRequest $originalRequest = NULL)
 {
     // if the login attempt is authenticated, add a success flash message
     $this->addFlashMessage($this->translate('status_login_success', 'Login'));
     // basically redirect to the intercepted requiest if there's one - but never redirect
     // to the login form after successful login as this seems to make no sense.
     if ($originalRequest !== NULL && $originalRequest->getControllerActionName() != 'login') {
         $this->redirectToRequest($originalRequest);
     } else {
         $this->redirect('dashboard', 'Standard');
     }
 }
 /**
  * Updates the password credential from the POST vars, if the POST parameters
  * are available. Sets the authentication status to AUTHENTICATION_NEEDED, if credentials have been sent.
  *
  * Note: You need to send the password in this POST parameter:
  *       __authentication[TYPO3][Flow][Security][Authentication][Token][PasswordToken][password]
  *
  * @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current action request
  * @return void
  */
 public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
 {
     if ($actionRequest->getHttpRequest()->getMethod() !== 'POST') {
         return;
     }
     $postArguments = $actionRequest->getInternalArguments();
     $password = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($postArguments, '__authentication.TYPO3.Flow.Security.Authentication.Token.PasswordToken.password');
     if (!empty($password)) {
         $this->credentials['password'] = $password;
         $this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
     }
 }
 /**
  * Updates the username and password credentials from the HTTP authorization header.
  * Sets the authentication status to AUTHENTICATION_NEEDED, if the header has been
  * sent, to NO_CREDENTIALS_GIVEN if no authorization header was there.
  *
  * @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current action request instance
  * @return void
  */
 public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
 {
     $authorizationHeader = $actionRequest->getHttpRequest()->getHeaders()->get('Authorization');
     if (substr($authorizationHeader, 0, 5) === 'Basic') {
         $credentials = base64_decode(substr($authorizationHeader, 6));
         $this->credentials['username'] = substr($credentials, 0, strpos($credentials, ':'));
         $this->credentials['password'] = substr($credentials, strpos($credentials, ':') + 1);
         $this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
     } else {
         $this->credentials = array('username' => null, 'password' => null);
         $this->authenticationStatus = self::NO_CREDENTIALS_GIVEN;
     }
 }
 /**
  * Updates the username and password credentials from the POST vars, if the POST parameters
  * are available. Sets the authentication status to REAUTHENTICATION_NEEDED, if credentials have been sent.
  *
  * @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current action request instance
  * @return void
  */
 public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
 {
     $getArguments = $actionRequest->getArguments();
     if (!empty($getArguments['user']) && !empty($getArguments['signature']) && !empty($getArguments['expires']) && !empty($getArguments['version']) && !empty($getArguments['tpa_id']) && !empty($getArguments['action']) && !empty($getArguments['flags']) && !empty($getArguments['userdata'])) {
         $this->credentials['username'] = $getArguments['user'];
         $this->credentials['signature'] = \TYPO3\Flow\Utility\TypeHandling::hex2bin($getArguments['signature']);
         $this->credentials['expires'] = $getArguments['expires'];
         $this->credentials['version'] = $getArguments['version'];
         $this->credentials['tpaId'] = $getArguments['tpa_id'];
         $this->credentials['action'] = $getArguments['action'];
         $this->credentials['flags'] = $getArguments['flags'];
         $this->credentials['userdata'] = $getArguments['userdata'];
         $this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
     }
 }
 /**
  * Updates the username and password credentials from the POST vars, if the POST parameters
  * are available. Sets the authentication status to REAUTHENTICATION_NEEDED, if credentials have been sent.
  *
  * Note: You need to send the username and password in these two POST parameters:
  *       __authentication[TYPO3][Flow][Security][Authentication][Token][UsernamePassword][username]
  *   and __authentication[TYPO3][Flow][Security][Authentication][Token][UsernamePassword][password]
  *
  * @param ActionRequest $actionRequest The current action request
  * @return void
  */
 public function updateCredentials(ActionRequest $actionRequest)
 {
     $httpRequest = $actionRequest->getHttpRequest();
     if ($httpRequest->getMethod() !== 'POST') {
         return;
     }
     $arguments = $actionRequest->getInternalArguments();
     $username = ObjectAccess::getPropertyPath($arguments, '__authentication.TYPO3.Flow.Security.Authentication.Token.UsernamePassword.username');
     $password = ObjectAccess::getPropertyPath($arguments, '__authentication.TYPO3.Flow.Security.Authentication.Token.UsernamePassword.password');
     if (!empty($username) && !empty($password)) {
         $this->credentials['username'] = $username;
         $this->credentials['password'] = $password;
         $this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
     }
 }
 /**
  * Build the proper pluginRequest to render the PluginView
  * of some configured Master Plugin
  *
  * @return ActionRequest
  */
 protected function buildPluginRequest()
 {
     /** @var $parentRequest ActionRequest */
     $parentRequest = $this->tsRuntime->getControllerContext()->getRequest();
     $pluginRequest = new ActionRequest($parentRequest);
     if (!$this->pluginViewNode instanceof NodeInterface) {
         $pluginRequest->setArgumentNamespace('--' . $this->getPluginNamespace());
         $this->passArgumentsToPluginRequest($pluginRequest);
         $pluginRequest->setControllerPackageKey($this->getPackage());
         $pluginRequest->setControllerSubpackageKey($this->getSubpackage());
         $pluginRequest->setControllerName($this->getController());
         $pluginRequest->setControllerActionName($this->getAction());
         return $pluginRequest;
     }
     $pluginNodeIdentifier = $this->pluginViewNode->getProperty('plugin');
     if (strlen($pluginNodeIdentifier) === 0) {
         return $pluginRequest;
     }
     // Set the node to render this to the master plugin node
     $this->node = $this->pluginViewNode->getContext()->getNodeByIdentifier($pluginNodeIdentifier);
     if ($this->node === null) {
         return $pluginRequest;
     }
     $pluginRequest->setArgument('__node', $this->node);
     $pluginRequest->setArgumentNamespace('--' . $this->getPluginNamespace());
     $this->passArgumentsToPluginRequest($pluginRequest);
     if ($pluginRequest->getControllerObjectName() !== '') {
         return $pluginRequest;
     }
     $controllerObjectPairs = array();
     $pluginViewName = $this->pluginViewNode->getProperty('view');
     foreach ($this->pluginService->getPluginViewDefinitionsByPluginNodeType($this->node->getNodeType()) as $pluginViewDefinition) {
         /** @var PluginViewDefinition $pluginViewDefinition */
         if ($pluginViewDefinition->getName() !== $pluginViewName) {
             continue;
         }
         $controllerObjectPairs = $pluginViewDefinition->getControllerActionPairs();
         break;
     }
     if ($controllerObjectPairs === array()) {
         return $pluginRequest;
     }
     $defaultControllerObjectName = key($controllerObjectPairs);
     $defaultActionName = current($controllerObjectPairs[$defaultControllerObjectName]);
     $pluginRequest->setControllerObjectName($defaultControllerObjectName);
     $pluginRequest->setControllerActionName($defaultActionName);
     return $pluginRequest;
 }
 /**
  * @test
  */
 public function updateCredentialsIgnoresAnythingOtherThanPostRequests()
 {
     $arguments = array();
     $arguments['__authentication']['TYPO3']['Flow']['Security']['Authentication']['Token']['PasswordToken']['password'] = '******';
     $this->mockHttpRequest->expects($this->atLeastOnce())->method('getMethod')->will($this->returnValue('POST'));
     $this->mockActionRequest->expects($this->atLeastOnce())->method('getInternalArguments')->will($this->returnValue($arguments));
     $this->token->updateCredentials($this->mockActionRequest);
     $this->assertEquals(array('password' => 'verysecurepassword'), $this->token->getCredentials());
     $secondToken = new PasswordToken();
     $secondMockActionRequest = $this->getMockBuilder(\TYPO3\Flow\Mvc\ActionRequest::class)->disableOriginalConstructor()->getMock();
     $secondMockHttpRequest = $this->getMockBuilder(\TYPO3\Flow\Http\Request::class)->disableOriginalConstructor()->getMock();
     $secondMockActionRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($secondMockHttpRequest));
     $secondMockHttpRequest->expects($this->atLeastOnce())->method('getMethod')->will($this->returnValue('GET'));
     $secondToken->updateCredentials($secondMockActionRequest);
     $this->assertEquals(array('password' => ''), $secondToken->getCredentials());
 }
 /**
  * @test
  */
 public function dispatchContinuesWithNextRequestFoundInAForwardException()
 {
     $httpRequest = Request::create(new Uri('http://localhost'));
     $httpResponse = new Response();
     $mainRequest = $httpRequest->createActionRequest();
     $subRequest = new ActionRequest($mainRequest);
     $nextRequest = $httpRequest->createActionRequest();
     $mainRequest->setDispatched(TRUE);
     $mainRequest->setControllerSubPackageKey('main');
     $subRequest->setControllerSubPackageKey('sub');
     $nextRequest->setControllerSubPackageKey('next');
     $mockController = $this->getMock('TYPO3\\Flow\\Mvc\\Controller\\ControllerInterface', array('processRequest'));
     $mockController->expects($this->at(0))->method('processRequest')->will($this->returnCallback(function (ActionRequest $request) use($nextRequest) {
         $request->setDispatched(TRUE);
         $forwardException = new ForwardException();
         $forwardException->setNextRequest($nextRequest);
         throw $forwardException;
     }));
     $mockController->expects($this->at(1))->method('processRequest')->will($this->returnCallback(function (ActionRequest $request) use($nextRequest) {
         // NOTE: PhpUnit creates a clone of $nextRequest, thus $request is not the same instance as expected.
         if ($request == $nextRequest) {
             $nextRequest->setDispatched(TRUE);
         }
     }));
     $dispatcher = $this->getMock('TYPO3\\Flow\\Mvc\\Dispatcher', array('resolveController', 'emitAfterControllerInvocation'), array(), '', FALSE);
     $dispatcher->expects($this->any())->method('resolveController')->will($this->returnValue($mockController));
     $dispatcher->dispatch($subRequest, $httpResponse);
 }
 /**
  * @test
  */
 public function handleMergesInternalArgumentsWithRoutingMatchResults()
 {
     $this->mockHttpRequest->expects($this->any())->method('getArguments')->will($this->returnValue(array('__internalArgument1' => 'request', '__internalArgument2' => 'request', '__internalArgument3' => 'request')));
     $this->mockPropertyMapper->expects($this->any())->method('convert')->with('', 'array', $this->mockPropertyMappingConfiguration)->will($this->returnValue(array('__internalArgument2' => 'requestBody', '__internalArgument3' => 'requestBody')));
     $this->mockComponentContext->expects($this->atLeastOnce())->method('getParameter')->with('TYPO3\\Flow\\Mvc\\Routing\\RoutingComponent', 'matchResults')->will($this->returnValue(array('__internalArgument3' => 'routing')));
     $this->mockActionRequest->expects($this->once())->method('setArguments')->with(array('__internalArgument1' => 'request', '__internalArgument2' => 'requestBody', '__internalArgument3' => 'routing'));
     $this->dispatchComponent->handle($this->mockComponentContext);
 }
Beispiel #16
0
 /**
  * Set the default controller and action names if none has been specified.
  *
  * @return void
  */
 protected function setDefaultControllerAndActionNameIfNoneSpecified()
 {
     if ($this->actionRequest->getControllerName() === NULL) {
         $this->actionRequest->setControllerName('Standard');
     }
     if ($this->actionRequest->getControllerActionName() === NULL) {
         $this->actionRequest->setControllerActionName('index');
     }
 }
 /**
  * @param string $path
  * @return string
  * @throws \Exception
  */
 public function render($path = NULL)
 {
     /** @var RequestHandler $activeRequestHandler */
     $activeRequestHandler = $this->bootstrap->getActiveRequestHandler();
     $parentHttpRequest = $activeRequestHandler->getHttpRequest();
     $httpRequest = Request::create(new Uri($parentHttpRequest->getBaseUri() . $path . '.html'));
     $matchingRoute = $this->router->route($httpRequest);
     if (!$matchingRoute) {
         throw new \Exception(sprintf('Uri with path "%s" could not be found.', $parentHttpRequest->getBaseUri() . $path . '.html'), 1426446160);
     }
     $request = new ActionRequest($parentHttpRequest);
     foreach ($matchingRoute as $argumentName => $argumentValue) {
         $request->setArgument($argumentName, $argumentValue);
     }
     $response = new Response($activeRequestHandler->getHttpResponse());
     $this->dispatcher->dispatch($request, $response);
     return $response->getContent();
 }
 /**
  * @test
  */
 public function buildAddsActionNameFromRootRequestIfRequestIsOfTypeSubRequest()
 {
     $expectedArguments = array('@action' => 'RootRequestActionName');
     $this->mockMainRequest->expects($this->once())->method('getControllerActionName')->will($this->returnValue('RootRequestActionName'));
     $this->mockMainRequest->expects($this->any())->method('getArguments')->will($this->returnValue(array()));
     $this->uriBuilder->setRequest($this->mockSubRequest);
     $this->uriBuilder->build();
     $this->assertEquals($expectedArguments, $this->uriBuilder->getLastArguments());
 }
 /**
  * @test
  */
 public function tokenCanBeCastToString()
 {
     $arguments = array();
     $arguments['__authentication']['TYPO3']['Flow']['Security']['Authentication']['Token']['UsernamePassword']['username'] = '******';
     $arguments['__authentication']['TYPO3']['Flow']['Security']['Authentication']['Token']['UsernamePassword']['password'] = '******';
     $this->mockHttpRequest->expects($this->atLeastOnce())->method('getMethod')->will($this->returnValue('POST'));
     $this->mockActionRequest->expects($this->atLeastOnce())->method('getInternalArguments')->will($this->returnValue($arguments));
     $this->token->updateCredentials($this->mockActionRequest);
     $this->assertEquals('Username: "******"', (string) $this->token);
 }
 /**
  * Maps arguments delivered by the request object to the local controller arguments.
  *
  * @return void
  * @throws \TYPO3\Flow\Mvc\Exception\RequiredArgumentMissingException
  * @api
  */
 protected function mapRequestArgumentsToControllerArguments()
 {
     foreach ($this->arguments as $argument) {
         $argumentName = $argument->getName();
         if ($this->request->hasArgument($argumentName)) {
             $argument->setValue($this->request->getArgument($argumentName));
         } elseif ($argument->isRequired()) {
             throw new \TYPO3\Flow\Mvc\Exception\RequiredArgumentMissingException('Required argument "' . $argumentName . '" is not set.', 1298012500);
         }
     }
 }
 /**
  * Updates the authentication credentials, the authentication manager needs to authenticate this token.
  * This could be a username/password from a login controller.
  * This method is called while initializing the security context. By returning TRUE you
  * make sure that the authentication manager will (re-)authenticate the tokens with the current credentials.
  * Note: You should not persist the credentials!
  *
  * @param \TYPO3\Flow\Mvc\ActionRequest $request The current request instance
  * @return boolean TRUE if this token needs to be (re-)authenticated
  */
 public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
 {
     $httpRequest = $actionRequest->getHttpRequest();
     if ($httpRequest->getMethod() !== 'GET') {
         return;
     }
     // Check if we have a callback request
     $arguments = $httpRequest->getArguments();
     $accessTokenCipher = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($arguments, '__flowpack.singlesignon.accessToken');
     $signature = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($arguments, '__flowpack.singlesignon.signature');
     if (!empty($accessTokenCipher) && !empty($signature)) {
         // Get callback parameters from request
         $this->credentials['accessToken'] = base64_decode($accessTokenCipher);
         $this->credentials['signature'] = base64_decode($signature);
         $this->callbackUri = $actionRequest->getHttpRequest()->getUri();
         $arguments = $this->callbackUri->getArguments();
         unset($arguments['__flowpack']);
         $this->callbackUri->setQuery(http_build_query($arguments));
         $this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
     }
 }
 /**
  * Updates the authentication credentials, the authentication manager needs to authenticate this token.
  * This could be a username/password from a login controller.
  * This method is called while initializing the security context. By returning TRUE you
  * make sure that the authentication manager will (re-)authenticate the tokens with the current credentials.
  * Note: You should not persist the credentials!
  *
  * @param ActionRequest $actionRequest The current request instance
  * @throws \InvalidArgumentException
  * @return boolean TRUE if this token needs to be (re-)authenticated
  */
 public function updateCredentials(ActionRequest $actionRequest)
 {
     if ($actionRequest->getHttpRequest()->getMethod() !== 'GET' || $actionRequest->getInternalArgument('__oauth2Provider') !== $this->authenticationProviderName) {
         return;
     }
     if (!$actionRequest->hasArgument('code')) {
         $this->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
         $this->securityLogger->log('There was no argument `code` provided.', LOG_NOTICE);
         return;
     }
     $code = $actionRequest->getArgument('code');
     $redirectUri = $this->oauthUriBuilder->getRedirectionEndpointUri($this->authenticationProviderName);
     try {
         $this->credentials['accessToken'] = $this->tokenEndpoint->requestAuthorizationCodeGrantAccessToken($code, $redirectUri);
         $this->setAuthenticationStatus(TokenInterface::AUTHENTICATION_NEEDED);
     } catch (Exception $exception) {
         $this->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
         $this->securityLogger->logException($exception);
         return;
     }
 }
 /**
  * Redirects the web request to another uri.
  *
  * NOTE: This method only supports web requests and will throw an exception
  * if used with other request types.
  *
  * @param mixed $uri Either a string representation of a URI or a \TYPO3\Flow\Http\Uri object
  * @param integer $delay (optional) The delay in seconds. Default is no delay.
  * @param integer $statusCode (optional) The HTTP status code for the redirect. Default is "303 See Other"
  * @return void
  * @throws \TYPO3\Flow\Mvc\Exception\StopActionException
  * @api
  */
 protected function redirectToUri($uri, $delay = 0, $statusCode = 303)
 {
     // the parent method throws the exception, but we need to act afterwards
     // thus the code in catch - it's the expected state
     try {
         parent::redirectToUri($uri, $delay, $statusCode);
     } catch (\TYPO3\Flow\Mvc\Exception\StopActionException $exception) {
         if ($this->request->getFormat() === 'json') {
             $this->response->setContent('');
         }
         throw $exception;
     }
 }
 /**
  * Calculates the dimensions of the thumbnail to be generated and returns the thumbnail URI.
  * In case of Images this is a thumbnail of the image, in case of other assets an icon representation.
  *
  * @param AssetInterface $asset
  * @param ThumbnailConfiguration $configuration
  * @param ActionRequest $request Request argument must be provided for asynchronous thumbnails
  * @return array|null Array with keys "width", "height" and "src" if the thumbnail generation work or null
  * @throws AssetServiceException
  */
 public function getThumbnailUriAndSizeForAsset(AssetInterface $asset, ThumbnailConfiguration $configuration, ActionRequest $request = null)
 {
     $thumbnailImage = $this->thumbnailService->getThumbnail($asset, $configuration);
     if (!$thumbnailImage instanceof ImageInterface) {
         return null;
     }
     $resource = $thumbnailImage->getResource();
     if ($thumbnailImage instanceof Thumbnail) {
         $staticResource = $thumbnailImage->getStaticResource();
         if ($configuration->isAsync() === true && $resource === null && $staticResource === null) {
             if ($request === null) {
                 throw new AssetServiceException('Request argument must be provided for async thumbnails.', 1447660835);
             }
             $this->uriBuilder->setRequest($request->getMainRequest());
             $uri = $this->uriBuilder->reset()->setCreateAbsoluteUri(true)->uriFor('thumbnail', array('thumbnail' => $thumbnailImage), 'Thumbnail', 'TYPO3.Media');
         } else {
             $uri = $this->thumbnailService->getUriForThumbnail($thumbnailImage);
         }
     } else {
         $uri = $this->resourceManager->getPublicPersistentResourceUri($resource);
     }
     return array('width' => $thumbnailImage->getWidth(), 'height' => $thumbnailImage->getHeight(), 'src' => $uri);
 }
 /**
  * @test
  */
 public function matchRequestReturnsFalseIfAuthorizationChecksAreDisabled()
 {
     $httpRequest = Request::create(new Uri('http://localhost'), 'POST');
     $this->mockActionRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($httpRequest));
     $mockAuthenticationManager = $this->createMock(\TYPO3\Flow\Security\Authentication\AuthenticationManagerInterface::class);
     $mockAuthenticationManager->expects($this->any())->method('isAuthenticated')->will($this->returnValue(true));
     $mockSecurityContext = $this->createMock(\TYPO3\Flow\Security\Context::class);
     $mockSecurityContext->expects($this->atLeastOnce())->method('areAuthorizationChecksDisabled')->will($this->returnValue(true));
     $mockCsrfProtectionPattern = $this->getAccessibleMock(\TYPO3\Flow\Security\RequestPattern\CsrfProtection::class, array('dummy'));
     $mockCsrfProtectionPattern->_set('authenticationManager', $mockAuthenticationManager);
     $mockCsrfProtectionPattern->_set('systemLogger', $this->mockSystemLogger);
     $mockCsrfProtectionPattern->_set('securityContext', $mockSecurityContext);
     $this->assertFalse($mockCsrfProtectionPattern->matchRequest($this->mockActionRequest));
 }
 /**
  * Sets up security test requirements
  *
  * Security is based on action requests so we need a working route for the TestingProvider.
  *
  * @return void
  */
 protected function setupSecurity()
 {
     $this->accessDecisionManager = $this->objectManager->get('TYPO3\\Flow\\Security\\Authorization\\AccessDecisionManagerInterface');
     $this->accessDecisionManager->setOverrideDecision(NULL);
     $this->policyService = $this->objectManager->get('TYPO3\\Flow\\Security\\Policy\\PolicyService');
     $this->authenticationManager = $this->objectManager->get('TYPO3\\Flow\\Security\\Authentication\\AuthenticationProviderManager');
     $this->testingProvider = $this->objectManager->get('TYPO3\\Flow\\Security\\Authentication\\Provider\\TestingProvider');
     $this->testingProvider->setName('TestingProvider');
     $this->securityContext = $this->objectManager->get('TYPO3\\Flow\\Security\\Context');
     $this->securityContext->clearContext();
     $httpRequest = Request::createFromEnvironment();
     $this->mockActionRequest = new ActionRequest($httpRequest);
     $this->mockActionRequest->setControllerObjectName('TYPO3\\Flow\\Tests\\Functional\\Security\\Fixtures\\Controller\\AuthenticationController');
     $this->securityContext->setRequest($this->mockActionRequest);
 }
 /**
  * @test
  */
 public function evaluateIgnoresPackagePropertyIfAResourcePathIsGiven()
 {
     $this->mockTsRuntime->expects($this->any())->method('evaluate')->will($this->returnCallback(function ($evaluatePath, $that) {
         $relativePath = str_replace('resourceUri/test/', '', $evaluatePath);
         switch ($relativePath) {
             case 'path':
                 return 'resource://Some.Package/Public/SomeResource';
             case 'package':
                 return 'Specified.Package';
         }
         return null;
     }));
     $this->mockActionRequest->expects($this->any())->method('getControllerPackageKey')->will($this->returnValue('Current.Package'));
     $this->mockResourceManager->expects($this->atLeastOnce())->method('getPublicPackageResourceUri')->will($this->returnValue('Static/Resources/Packages/Some.Package/SomeResource'));
     $this->assertSame('Static/Resources/Packages/Some.Package/SomeResource', $this->resourceUriImplementation->evaluate());
 }
 /**
  * @test
  */
 public function processRequestInjectsSettingsToView()
 {
     $this->actionController = $this->getAccessibleMock(\TYPO3\Flow\Mvc\Controller\ActionController::class, array('resolveActionMethodName', 'initializeActionMethodArguments', 'initializeActionMethodValidators', 'resolveView', 'callActionMethod'));
     $this->inject($this->actionController, 'objectManager', $this->mockObjectManager);
     $this->inject($this->actionController, 'controllerContext', $this->mockControllerContext);
     $mockSettings = array('foo', 'bar');
     $this->inject($this->actionController, 'settings', $mockSettings);
     $mockMvcPropertyMappingConfigurationService = $this->createMock(\TYPO3\Flow\Mvc\Controller\MvcPropertyMappingConfigurationService::class);
     $this->inject($this->actionController, 'mvcPropertyMappingConfigurationService', $mockMvcPropertyMappingConfigurationService);
     $mockHttpRequest = $this->getMockBuilder(\TYPO3\Flow\Http\Request::class)->disableOriginalConstructor()->getMock();
     $mockHttpRequest->expects($this->any())->method('getNegotiatedMediaType')->will($this->returnValue('*/*'));
     $this->mockRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($mockHttpRequest));
     $mockResponse = $this->createMock(\TYPO3\Flow\Http\Response::class);
     $mockView = $this->createMock(\TYPO3\Flow\Mvc\View\ViewInterface::class);
     $mockView->expects($this->once())->method('assign')->with('settings', $mockSettings);
     $this->actionController->expects($this->once())->method('resolveView')->will($this->returnValue($mockView));
     $this->actionController->processRequest($this->mockRequest, $mockResponse);
 }
 /**
  * @test
  * @expectedException \TYPO3\Flow\Mvc\Exception\RequiredArgumentMissingException
  */
 public function mapRequestArgumentsToControllerArgumentsThrowsExceptionIfRequiredArgumentWasNotSet()
 {
     $mockPropertyMapper = $this->getMock('TYPO3\\Flow\\Property\\PropertyMapper', array('convert'), array(), '', FALSE);
     $mockPropertyMapper->expects($this->atLeastOnce())->method('convert')->will($this->returnArgument(0));
     $controllerArguments = new Arguments();
     $controllerArguments->addNewArgument('foo', 'string', TRUE);
     $controllerArguments->addNewArgument('baz', 'string', TRUE);
     foreach ($controllerArguments as $controllerArgument) {
         $this->inject($controllerArgument, 'propertyMapper', $mockPropertyMapper);
     }
     $controller = $this->getAccessibleMock('TYPO3\\Flow\\Mvc\\Controller\\AbstractController', array('processRequest'));
     $controller->_call('initializeController', $this->mockActionRequest, $this->mockHttpResponse);
     $controller->_set('arguments', $controllerArguments);
     $this->mockActionRequest->expects($this->at(0))->method('hasArgument')->with('foo')->will($this->returnValue(TRUE));
     $this->mockActionRequest->expects($this->at(1))->method('getArgument')->with('foo')->will($this->returnValue('bar'));
     $this->mockActionRequest->expects($this->at(2))->method('hasArgument')->with('baz')->will($this->returnValue(FALSE));
     $controller->_call('mapRequestArgumentsToControllerArguments');
 }
 /**
  * @test
  * @expectedException \TYPO3\Flow\Mvc\Exception\RequiredArgumentMissingException
  */
 public function mapRequestArgumentsToControllerArgumentsThrowsExceptionIfRequiredArgumentWasNotSet()
 {
     $mockPropertyMapper = $this->getMockBuilder(\TYPO3\Flow\Property\PropertyMapper::class)->disableOriginalConstructor()->setMethods(array('convert'))->getMock();
     $mockPropertyMapper->expects($this->atLeastOnce())->method('convert')->will($this->returnArgument(0));
     $controllerArguments = new Arguments();
     $controllerArguments->addNewArgument('foo', 'string', true);
     $controllerArguments->addNewArgument('baz', 'string', true);
     foreach ($controllerArguments as $controllerArgument) {
         $this->inject($controllerArgument, 'propertyMapper', $mockPropertyMapper);
     }
     $controller = $this->getAccessibleMock(\TYPO3\Flow\Mvc\Controller\AbstractController::class, array('processRequest'));
     $controller->_call('initializeController', $this->mockActionRequest, $this->mockHttpResponse);
     $controller->_set('arguments', $controllerArguments);
     $this->mockActionRequest->expects($this->at(0))->method('hasArgument')->with('foo')->will($this->returnValue(true));
     $this->mockActionRequest->expects($this->at(1))->method('getArgument')->with('foo')->will($this->returnValue('bar'));
     $this->mockActionRequest->expects($this->at(2))->method('hasArgument')->with('baz')->will($this->returnValue(false));
     $controller->_call('mapRequestArgumentsToControllerArguments');
 }