/**
  * @return void
  */
 public function indexAction()
 {
     // check is a user is authenticated
     if ($this->authenticationManager->isAuthenticated()) {
         if ($this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:ProjectManager')) {
             $this->forward('dashboard', 'Standard');
         }
         if ($this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:Administrator')) {
             $this->forward('index', 'Admin');
         }
     }
 }
 /**
  * index action, does only display the form
  * @param string $username
  * @return void
  */
 public function loginAction($username = NULL)
 {
     if ($this->authenticationManager->isAuthenticated()) {
         if (isset($this->settings['Redirect']['signedIn'])) {
             $redirect = $this->settings['Redirect']['signedIn'];
             $this->redirect($redirect['actionName'], $redirect['controllerName'], $redirect['packageKey']);
         }
         $this->redirect('index', 'Dashboard');
     }
     $this->view->assign('username', $username);
     $this->view->assign('hostname', $this->request->getHttpRequest()->getBaseUri()->getHost());
     $this->view->assign('date', new \DateTime());
 }
 /**
  * Adds a NotEmptyValidator to the current element if the "trigger" value is not empty.
  * The trigger can be configured with $this->properties['triggerPropertyPath']
  *
  * @param \TYPO3\Form\Core\Runtime\FormRuntime $formRuntime
  * @return void
  */
 protected function requireIfTriggerIsSet(\TYPO3\Form\Core\Runtime\FormRuntime $formRuntime)
 {
     if ($formRuntime->getRequest()->getParentRequest()->getControllerActionName() == 'newDataSheet') {
         if ($this->authenticationManager->isAuthenticated() && $this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:Administrator')) {
             $this->addValidator(new \TYPO3\Flow\Validation\Validator\NotEmptyValidator());
         } elseif (!$this->authenticationManager->isAuthenticated()) {
             $this->addValidator(new \TYPO3\Flow\Validation\Validator\NotEmptyValidator());
         } else {
             return;
         }
     } elseif ($formRuntime->getRequest()->getParentRequest()->getControllerActionName() == 'editDataSheet') {
         return;
     }
 }
 /**
  * @Flow\SkipCsrfProtection
  * @return void|string
  */
 public function authenticateAction()
 {
     try {
         $this->authenticationManager->authenticate();
         if ($this->authenticationManager->isAuthenticated()) {
             $profile = $this->profileService->getCurrentPartyProfile();
             $this->redirect('show', 'Frontend\\Node', 'TYPO3.Neos', ['node' => $profile->getPath()]);
         } else {
             $this->addFlashMessage('Gebruikersnaam of wachtwoord is niet correct');
             $this->forwardToReferringRequest();
         }
     } catch (\Exception $e) {
         $this->addFlashMessage('Gebruikersnaam of wachtwoord is niet correct');
         $this->forwardToReferringRequest();
     }
 }
 /**
  * Matches a \TYPO3\Flow\Mvc\RequestInterface against the configured CSRF pattern rules and
  * searches for invalid csrf tokens. If this returns TRUE, the request is invalid!
  *
  * @param RequestInterface $request The request that should be matched
  * @return boolean TRUE if the pattern matched, FALSE otherwise
  * @throws AuthenticationRequiredException
  */
 public function matchRequest(RequestInterface $request)
 {
     if (!$request instanceof ActionRequest || $request->getHttpRequest()->isMethodSafe()) {
         $this->systemLogger->log('CSRF: No token required, safe request', LOG_DEBUG);
         return false;
     }
     if ($this->authenticationManager->isAuthenticated() === false) {
         $this->systemLogger->log('CSRF: No token required, not authenticated', LOG_DEBUG);
         return false;
     }
     if ($this->securityContext->areAuthorizationChecksDisabled() === true) {
         $this->systemLogger->log('CSRF: No token required, authorization checks are disabled', LOG_DEBUG);
         return false;
     }
     $controllerClassName = $this->objectManager->getClassNameByObjectName($request->getControllerObjectName());
     $actionMethodName = $request->getControllerActionName() . 'Action';
     if (!$this->hasPolicyEntryForMethod($controllerClassName, $actionMethodName)) {
         $this->systemLogger->log(sprintf('CSRF: No token required, method %s::%s() is not restricted by a policy.', $controllerClassName, $actionMethodName), LOG_DEBUG);
         return false;
     }
     if ($this->reflectionService->isMethodTaggedWith($controllerClassName, $actionMethodName, 'skipcsrfprotection')) {
         $this->systemLogger->log(sprintf('CSRF: No token required, method %s::%s() is tagged with a "skipcsrfprotection" annotation', $controllerClassName, $actionMethodName), LOG_DEBUG);
         return false;
     }
     $httpRequest = $request->getHttpRequest();
     if ($httpRequest->hasHeader('X-Flow-Csrftoken')) {
         $csrfToken = $httpRequest->getHeader('X-Flow-Csrftoken');
     } else {
         $internalArguments = $request->getMainRequest()->getInternalArguments();
         $csrfToken = isset($internalArguments['__csrfToken']) ? $internalArguments['__csrfToken'] : null;
     }
     if (empty($csrfToken)) {
         $this->systemLogger->log(sprintf('CSRF: token was empty but a valid token is required for %s::%s()', $controllerClassName, $actionMethodName), LOG_DEBUG);
         return true;
     }
     if (!$this->securityContext->hasCsrfProtectionTokens()) {
         throw new AuthenticationRequiredException(sprintf('CSRF: No CSRF tokens in security context, possible session timeout. A valid token is required for %s::%s()', $controllerClassName, $actionMethodName), 1317309673);
     }
     if ($this->securityContext->isCsrfProtectionTokenValid($csrfToken) === false) {
         $this->systemLogger->log(sprintf('CSRF: token was invalid but a valid token is required for %s::%s()', $controllerClassName, $actionMethodName), LOG_DEBUG);
         return true;
     }
     $this->systemLogger->log(sprintf('CSRF: Successfully verified token for %s::%s()', $controllerClassName, $actionMethodName), LOG_DEBUG);
     return false;
 }
 /**
  * Matches a \TYPO3\Flow\Mvc\RequestInterface against the configured CSRF pattern rules and
  * searches for invalid csrf tokens. If this returns TRUE, the request is invalid!
  *
  * @param \TYPO3\Flow\Mvc\RequestInterface $request The request that should be matched
  * @return boolean TRUE if the pattern matched, FALSE otherwise
  * @throws \TYPO3\Flow\Security\Exception\AuthenticationRequiredException
  */
 public function matchRequest(\TYPO3\Flow\Mvc\RequestInterface $request)
 {
     if (!$request instanceof ActionRequest || $request->getHttpRequest()->isMethodSafe()) {
         $this->systemLogger->log('No CSRF required, safe request', LOG_DEBUG);
         return FALSE;
     }
     if ($this->authenticationManager->isAuthenticated() === FALSE) {
         $this->systemLogger->log('No CSRF required, not authenticated', LOG_DEBUG);
         return FALSE;
     }
     if ($this->securityContext->areAuthorizationChecksDisabled() === TRUE) {
         $this->systemLogger->log('No CSRF required, authorization checks are disabled', LOG_DEBUG);
         return FALSE;
     }
     $controllerClassName = $this->objectManager->getClassNameByObjectName($request->getControllerObjectName());
     $actionName = $request->getControllerActionName() . 'Action';
     if (!$this->policyService->hasPolicyEntryForMethod($controllerClassName, $actionName)) {
         $this->systemLogger->log(sprintf('CSRF protection filter: allowed %s request without requiring CSRF token because action "%s" in controller "%s" is not restricted by a policy.', $request->getHttpRequest()->getMethod(), $actionName, $controllerClassName), LOG_NOTICE);
         return FALSE;
     }
     if ($this->reflectionService->isMethodTaggedWith($controllerClassName, $actionName, 'skipcsrfprotection')) {
         return FALSE;
     }
     $httpRequest = $request->getHttpRequest();
     if ($httpRequest->hasHeader('X-Flow-Csrftoken')) {
         $csrfToken = $httpRequest->getHeader('X-Flow-Csrftoken');
     } else {
         $internalArguments = $request->getMainRequest()->getInternalArguments();
         $csrfToken = isset($internalArguments['__csrfToken']) ? $internalArguments['__csrfToken'] : NULL;
     }
     if (empty($csrfToken)) {
         $this->systemLogger->log('CSRF token was empty', LOG_DEBUG);
         return TRUE;
     }
     if (!$this->securityContext->hasCsrfProtectionTokens()) {
         throw new \TYPO3\Flow\Security\Exception\AuthenticationRequiredException('No tokens in security context, possible session timeout', 1317309673);
     }
     if ($this->securityContext->isCsrfProtectionTokenValid($csrfToken) === FALSE) {
         $this->systemLogger->log('CSRF token was invalid', LOG_DEBUG);
         return TRUE;
     }
     // the CSRF token was necessary and is valid
     return FALSE;
 }
 /**
  * Calls the authentication manager to authenticate all active tokens
  * and redirects to the original intercepted request on success if there
  * is one stored in the security context. If no intercepted request is
  * found, the function simply returns.
  *
  * If authentication fails, the result of calling the defined
  * $errorMethodName is returned.
  *
  * Note: Usually there is no need to override this action. You should use
  * the according callback methods instead (onAuthenticationSuccess() and
  * onAuthenticationFailure()).
  *
  * @return string
  * @Flow\SkipCsrfProtection
  */
 public function authenticateAction()
 {
     $authenticationException = null;
     try {
         $this->authenticationManager->authenticate();
     } catch (\TYPO3\Flow\Security\Exception\AuthenticationRequiredException $exception) {
         $authenticationException = $exception;
     }
     if ($this->authenticationManager->isAuthenticated()) {
         $storedRequest = $this->securityContext->getInterceptedRequest();
         if ($storedRequest !== null) {
             $this->securityContext->setInterceptedRequest(null);
         }
         return $this->onAuthenticationSuccess($storedRequest);
     } else {
         $this->onAuthenticationFailure($authenticationException);
         return call_user_func(array($this, $this->errorMethodName));
     }
 }
 /**
  * Render the a hidden field with a CSRF token
  *
  * @return string the CSRF token field
  */
 protected function renderCsrfTokenField()
 {
     if (strtolower($this->arguments['method']) === 'get') {
         return '';
     }
     if (!$this->securityContext->isInitialized() || !$this->authenticationManager->isAuthenticated()) {
         return '';
     }
     $csrfToken = $this->securityContext->getCsrfProtectionToken();
     return '<input type="hidden" name="__csrfToken" value="' . htmlspecialchars($csrfToken) . '" />' . chr(10);
 }
 /**
  * Receive an SSO authentication callback and trigger authentication
  * through the SingleSignOnProvider.
  *
  * GET /sso/authentication/callback?...
  *
  * @param string $callbackUri
  * @return void
  */
 public function callbackAction($callbackUri)
 {
     try {
         $this->authenticationManager->authenticate();
     } catch (\TYPO3\Flow\Security\Exception\AuthenticationRequiredException $exception) {
         $authenticationException = $exception;
     }
     if ($this->authenticationManager->isAuthenticated()) {
         $storedRequest = $this->securityContext->getInterceptedRequest();
         if ($storedRequest !== NULL) {
             $this->securityContext->setInterceptedRequest(NULL);
             $this->redirectToRequest($storedRequest);
         } else {
             // TODO Do we have to check the URI?
             $this->redirectToUri($callbackUri);
         }
     } else {
         throw new \Flowpack\SingleSignOn\Client\Exception('Could not authenticate in callbackAction triggered by the SSO server.', 1366613161, isset($authenticationException) ? $authenticationException : NULL);
     }
 }
 /**
  * Returns TRUE, if at least one of the currently authenticated accounts holds
  * a role with the given identifier, also recursively.
  *
  * @param string $roleIdentifier The string representation of the role to search for
  * @return boolean TRUE, if a role with the given string representation was found
  */
 public function hasRole($roleIdentifier)
 {
     if ($roleIdentifier === 'TYPO3.Flow:Everybody') {
         return true;
     }
     if ($roleIdentifier === 'TYPO3.Flow:Anonymous') {
         return !$this->authenticationManager->isAuthenticated();
     }
     if ($roleIdentifier === 'TYPO3.Flow:AuthenticatedUser') {
         return $this->authenticationManager->isAuthenticated();
     }
     $roles = $this->getRoles();
     return isset($roles[$roleIdentifier]);
 }
 /**
  * Executes this finisher
  * @see AbstractFinisher::execute()
  *
  * @return void
  * @throws \TYPO3\Flow\Mvc\Exception\StopActionException();
  */
 protected function executeInternal()
 {
     /** @var \TYPO3\Form\Core\Runtime\FormRuntime $formRuntime */
     $formRuntime = $this->finisherContext->getFormRuntime();
     $formValueArray = $formRuntime->getFormState()->getFormValues();
     if ($formRuntime->getRequest()->getParentRequest()->getControllerActionName() == 'editDataSheet') {
         // we need to update the data sheet, we assume that the person is authenticated because a data sheet can only be edited by a authenticated user
         /** @var \GIB\GradingTool\Domain\Model\Project $project */
         $project = $this->projectRepository->findByIdentifier($formRuntime->getRequest()->getParentRequest()->getArgument('project'));
         // make a HTML representation of a diff of the old and new data
         $diffContent = DiffUtility::arrayDiffRecursive($project->getDataSheetContentArray(), $formValueArray);
         // store changes to project
         $project->setDataSheetContent($formValueArray);
         $project->setLastUpdated(new \TYPO3\Flow\Utility\Now());
         // update e-mail address (could have changed in the data sheet)
         $projectManagerElectronicAddress = new \TYPO3\Party\Domain\Model\ElectronicAddress();
         $projectManagerElectronicAddress->setIdentifier($formValueArray['projectManagerEmail']);
         $projectManagerElectronicAddress->setType(\TYPO3\Party\Domain\Model\ElectronicAddress::TYPE_EMAIL);
         $project->getProjectManager()->setPrimaryElectronicAddress($projectManagerElectronicAddress);
         $this->partyRepository->update($project->getProjectManager());
         $this->projectRepository->update($project);
         $this->persistenceManager->persistAll();
         // send a notification mail to the Administrator containing the changes
         $templateIdentifierOverlay = $this->templateService->getTemplateIdentifierOverlay('editDataSheetNotification', $project);
         $this->notificationMailService->sendNotificationMail($templateIdentifierOverlay, $project, NULL, '', '', $diffContent);
         // add a flash message
         $message = new \TYPO3\Flow\Error\Message('Your data sheet for project "%s" was successfully edited.', \TYPO3\Flow\Error\Message::SEVERITY_OK, array($project->getProjectTitle()));
         $this->flashMessageContainer->addMessage($message);
     } else {
         // we need to add a new data sheet
         /** @var \GIB\GradingTool\Domain\Model\Project $project */
         $project = new \GIB\GradingTool\Domain\Model\Project();
         $project->setProjectTitle($formValueArray['projectTitle']);
         $project->setDataSheetFormIdentifier($this->settings['forms']['dataSheet']['default']);
         $project->setSubmissionFormIdentifier($this->settings['forms']['submission']['default']);
         // store identifier=userName and password for later usage
         $identifier = $formValueArray['userName'];
         $password = $formValueArray['password'];
         // remove userName and password from data array so it doesn't get saved unencrypted
         unset($formValueArray['userName']);
         unset($formValueArray['password']);
         $project->setDataSheetContent($formValueArray);
         $project->setCreated(new \TYPO3\Flow\Utility\Now());
         $this->projectRepository->add($project);
         // add a flash message
         $message = new \TYPO3\Flow\Error\Message('Your data sheet for project "%s" was successfully submitted.', \TYPO3\Flow\Error\Message::SEVERITY_OK, array($formValueArray['projectTitle']));
         $this->flashMessageContainer->addMessage($message);
         if (!$this->authenticationManager->isAuthenticated() || $this->authenticationManager->isAuthenticated() && $this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:Administrator')) {
             // the product manager (supposedly) doesn't have an account yet, so we create one
             $projectManager = new \GIB\GradingTool\Domain\Model\ProjectManager();
             $projectManagerName = new \TYPO3\Party\Domain\Model\PersonName('', $formValueArray['projectManagerFirstName'], '', $formValueArray['projectManagerLastName']);
             $projectManager->setName($projectManagerName);
             $projectManagerElectronicAddress = new \TYPO3\Party\Domain\Model\ElectronicAddress();
             $projectManagerElectronicAddress->setIdentifier($formValueArray['projectManagerEmail']);
             $projectManagerElectronicAddress->setType(\TYPO3\Party\Domain\Model\ElectronicAddress::TYPE_EMAIL);
             $projectManager->addElectronicAddress($projectManagerElectronicAddress);
             $projectManager->setPrimaryElectronicAddress($projectManagerElectronicAddress);
             // add account
             $roles = array('GIB.GradingTool:ProjectManager');
             $authenticationProviderName = 'DefaultProvider';
             $account = $this->accountFactory->createAccountWithPassword($identifier, $password, $roles, $authenticationProviderName);
             $this->accountRepository->add($account);
             // add account to ProjectManager
             $projectManager->addAccount($account);
             // add project to ProjectManager
             $projectManager->addProject($project);
             // finally add the complete ProjectManager
             $this->partyRepository->add($projectManager);
             if (!$this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:Administrator')) {
                 // authenticate user if no Administrator is authenticated
                 $authenticationTokens = $this->securityContext->getAuthenticationTokensOfType('TYPO3\\Flow\\Security\\Authentication\\Token\\UsernamePassword');
                 if (count($authenticationTokens) === 1) {
                     $authenticationTokens[0]->setAccount($account);
                     $authenticationTokens[0]->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL);
                 }
                 // add a flash message
                 $message = new \TYPO3\Flow\Error\Message('The account "%s" was created and you were successfully logged in.', \TYPO3\Flow\Error\Message::SEVERITY_OK, array($identifier));
                 $this->flashMessageContainer->addMessage($message);
             }
         } elseif ($this->authenticationManager->isAuthenticated() && $this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:ProjectManager')) {
             // a productManager is adding a new project to his account
             /** @var \GIB\GradingTool\Domain\Model\ProjectManager $projectManager */
             $projectManager = $this->authenticationManager->getSecurityContext()->getParty();
             $projectManager->addProject($project);
             $this->partyRepository->update($projectManager);
         }
         $this->persistenceManager->persistAll();
         // send notification mail to project manager (bcc to team)
         $templateIdentifierOverlay = $this->templateService->getTemplateIdentifierOverlay('newDataSheetProjectManagerNotification', $project);
         $this->notificationMailService->sendNotificationMail($templateIdentifierOverlay, $project, $projectManager, $formValueArray['projectManagerFirstName'] . ' ' . $formValueArray['projectManagerLastName'], $formValueArray['projectManagerEmail']);
         // send notification mail to the GIB team
         $templateIdentifierOverlay = $this->templateService->getTemplateIdentifierOverlay('newDataSheetTeamNotification', $project);
         $dataSheetArray = $this->dataSheetService->getProcessedDataSheet($project);
         $this->notificationMailService->sendNotificationMail($templateIdentifierOverlay, $project, $projectManager, '', '', $dataSheetArray);
     }
     $this->persistenceManager->persistAll();
     // redirect to dashboard
     $formRuntime = $this->finisherContext->getFormRuntime();
     $request = $formRuntime->getRequest()->getMainRequest();
     $uriBuilder = new \TYPO3\Flow\Mvc\Routing\UriBuilder();
     $uriBuilder->setRequest($request);
     $uriBuilder->reset();
     $uri = $uriBuilder->uriFor('editDatasheet', array('project' => $project), 'Project');
     $response = $formRuntime->getResponse();
     $mainResponse = $response;
     while ($response = $response->getParentResponse()) {
         $mainResponse = $response;
     }
     $mainResponse->setStatus(303);
     $mainResponse->setHeader('Location', (string) $uri);
     throw new \TYPO3\Flow\Mvc\Exception\StopActionException();
 }