/**
* @return void
*/
public function indexAction()
{
// check is a user is authenticated
if ($this->authenticationManager->isAuthenticated()) {
if ($this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:ProjectManager')) {
$this->forward('dashboard', 'Standard');
}
if ($this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:Administrator')) {
$this->forward('index', 'Admin');
}
}
}
/**
* index action, does only display the form
* @param string $username
* @return void
*/
public function loginAction($username = NULL)
{
if ($this->authenticationManager->isAuthenticated()) {
if (isset($this->settings['Redirect']['signedIn'])) {
$redirect = $this->settings['Redirect']['signedIn'];
$this->redirect($redirect['actionName'], $redirect['controllerName'], $redirect['packageKey']);
}
$this->redirect('index', 'Dashboard');
}
$this->view->assign('username', $username);
$this->view->assign('hostname', $this->request->getHttpRequest()->getBaseUri()->getHost());
$this->view->assign('date', new \DateTime());
}
/**
* Adds a NotEmptyValidator to the current element if the "trigger" value is not empty.
* The trigger can be configured with $this->properties['triggerPropertyPath']
*
* @param \TYPO3\Form\Core\Runtime\FormRuntime $formRuntime
* @return void
*/
protected function requireIfTriggerIsSet(\TYPO3\Form\Core\Runtime\FormRuntime $formRuntime)
{
if ($formRuntime->getRequest()->getParentRequest()->getControllerActionName() == 'newDataSheet') {
if ($this->authenticationManager->isAuthenticated() && $this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:Administrator')) {
$this->addValidator(new \TYPO3\Flow\Validation\Validator\NotEmptyValidator());
} elseif (!$this->authenticationManager->isAuthenticated()) {
$this->addValidator(new \TYPO3\Flow\Validation\Validator\NotEmptyValidator());
} else {
return;
}
} elseif ($formRuntime->getRequest()->getParentRequest()->getControllerActionName() == 'editDataSheet') {
return;
}
}
/**
* @Flow\SkipCsrfProtection
* @return void|string
*/
public function authenticateAction()
{
try {
$this->authenticationManager->authenticate();
if ($this->authenticationManager->isAuthenticated()) {
$profile = $this->profileService->getCurrentPartyProfile();
$this->redirect('show', 'Frontend\\Node', 'TYPO3.Neos', ['node' => $profile->getPath()]);
} else {
$this->addFlashMessage('Gebruikersnaam of wachtwoord is niet correct');
$this->forwardToReferringRequest();
}
} catch (\Exception $e) {
$this->addFlashMessage('Gebruikersnaam of wachtwoord is niet correct');
$this->forwardToReferringRequest();
}
}
/**
* Matches a \TYPO3\Flow\Mvc\RequestInterface against the configured CSRF pattern rules and
* searches for invalid csrf tokens. If this returns TRUE, the request is invalid!
*
* @param RequestInterface $request The request that should be matched
* @return boolean TRUE if the pattern matched, FALSE otherwise
* @throws AuthenticationRequiredException
*/
public function matchRequest(RequestInterface $request)
{
if (!$request instanceof ActionRequest || $request->getHttpRequest()->isMethodSafe()) {
$this->systemLogger->log('CSRF: No token required, safe request', LOG_DEBUG);
return false;
}
if ($this->authenticationManager->isAuthenticated() === false) {
$this->systemLogger->log('CSRF: No token required, not authenticated', LOG_DEBUG);
return false;
}
if ($this->securityContext->areAuthorizationChecksDisabled() === true) {
$this->systemLogger->log('CSRF: No token required, authorization checks are disabled', LOG_DEBUG);
return false;
}
$controllerClassName = $this->objectManager->getClassNameByObjectName($request->getControllerObjectName());
$actionMethodName = $request->getControllerActionName() . 'Action';
if (!$this->hasPolicyEntryForMethod($controllerClassName, $actionMethodName)) {
$this->systemLogger->log(sprintf('CSRF: No token required, method %s::%s() is not restricted by a policy.', $controllerClassName, $actionMethodName), LOG_DEBUG);
return false;
}
if ($this->reflectionService->isMethodTaggedWith($controllerClassName, $actionMethodName, 'skipcsrfprotection')) {
$this->systemLogger->log(sprintf('CSRF: No token required, method %s::%s() is tagged with a "skipcsrfprotection" annotation', $controllerClassName, $actionMethodName), LOG_DEBUG);
return false;
}
$httpRequest = $request->getHttpRequest();
if ($httpRequest->hasHeader('X-Flow-Csrftoken')) {
$csrfToken = $httpRequest->getHeader('X-Flow-Csrftoken');
} else {
$internalArguments = $request->getMainRequest()->getInternalArguments();
$csrfToken = isset($internalArguments['__csrfToken']) ? $internalArguments['__csrfToken'] : null;
}
if (empty($csrfToken)) {
$this->systemLogger->log(sprintf('CSRF: token was empty but a valid token is required for %s::%s()', $controllerClassName, $actionMethodName), LOG_DEBUG);
return true;
}
if (!$this->securityContext->hasCsrfProtectionTokens()) {
throw new AuthenticationRequiredException(sprintf('CSRF: No CSRF tokens in security context, possible session timeout. A valid token is required for %s::%s()', $controllerClassName, $actionMethodName), 1317309673);
}
if ($this->securityContext->isCsrfProtectionTokenValid($csrfToken) === false) {
$this->systemLogger->log(sprintf('CSRF: token was invalid but a valid token is required for %s::%s()', $controllerClassName, $actionMethodName), LOG_DEBUG);
return true;
}
$this->systemLogger->log(sprintf('CSRF: Successfully verified token for %s::%s()', $controllerClassName, $actionMethodName), LOG_DEBUG);
return false;
}
/**
* Matches a \TYPO3\Flow\Mvc\RequestInterface against the configured CSRF pattern rules and
* searches for invalid csrf tokens. If this returns TRUE, the request is invalid!
*
* @param \TYPO3\Flow\Mvc\RequestInterface $request The request that should be matched
* @return boolean TRUE if the pattern matched, FALSE otherwise
* @throws \TYPO3\Flow\Security\Exception\AuthenticationRequiredException
*/
public function matchRequest(\TYPO3\Flow\Mvc\RequestInterface $request)
{
if (!$request instanceof ActionRequest || $request->getHttpRequest()->isMethodSafe()) {
$this->systemLogger->log('No CSRF required, safe request', LOG_DEBUG);
return FALSE;
}
if ($this->authenticationManager->isAuthenticated() === FALSE) {
$this->systemLogger->log('No CSRF required, not authenticated', LOG_DEBUG);
return FALSE;
}
if ($this->securityContext->areAuthorizationChecksDisabled() === TRUE) {
$this->systemLogger->log('No CSRF required, authorization checks are disabled', LOG_DEBUG);
return FALSE;
}
$controllerClassName = $this->objectManager->getClassNameByObjectName($request->getControllerObjectName());
$actionName = $request->getControllerActionName() . 'Action';
if (!$this->policyService->hasPolicyEntryForMethod($controllerClassName, $actionName)) {
$this->systemLogger->log(sprintf('CSRF protection filter: allowed %s request without requiring CSRF token because action "%s" in controller "%s" is not restricted by a policy.', $request->getHttpRequest()->getMethod(), $actionName, $controllerClassName), LOG_NOTICE);
return FALSE;
}
if ($this->reflectionService->isMethodTaggedWith($controllerClassName, $actionName, 'skipcsrfprotection')) {
return FALSE;
}
$httpRequest = $request->getHttpRequest();
if ($httpRequest->hasHeader('X-Flow-Csrftoken')) {
$csrfToken = $httpRequest->getHeader('X-Flow-Csrftoken');
} else {
$internalArguments = $request->getMainRequest()->getInternalArguments();
$csrfToken = isset($internalArguments['__csrfToken']) ? $internalArguments['__csrfToken'] : NULL;
}
if (empty($csrfToken)) {
$this->systemLogger->log('CSRF token was empty', LOG_DEBUG);
return TRUE;
}
if (!$this->securityContext->hasCsrfProtectionTokens()) {
throw new \TYPO3\Flow\Security\Exception\AuthenticationRequiredException('No tokens in security context, possible session timeout', 1317309673);
}
if ($this->securityContext->isCsrfProtectionTokenValid($csrfToken) === FALSE) {
$this->systemLogger->log('CSRF token was invalid', LOG_DEBUG);
return TRUE;
}
// the CSRF token was necessary and is valid
return FALSE;
}
/**
* Calls the authentication manager to authenticate all active tokens
* and redirects to the original intercepted request on success if there
* is one stored in the security context. If no intercepted request is
* found, the function simply returns.
*
* If authentication fails, the result of calling the defined
* $errorMethodName is returned.
*
* Note: Usually there is no need to override this action. You should use
* the according callback methods instead (onAuthenticationSuccess() and
* onAuthenticationFailure()).
*
* @return string
* @Flow\SkipCsrfProtection
*/
public function authenticateAction()
{
$authenticationException = null;
try {
$this->authenticationManager->authenticate();
} catch (\TYPO3\Flow\Security\Exception\AuthenticationRequiredException $exception) {
$authenticationException = $exception;
}
if ($this->authenticationManager->isAuthenticated()) {
$storedRequest = $this->securityContext->getInterceptedRequest();
if ($storedRequest !== null) {
$this->securityContext->setInterceptedRequest(null);
}
return $this->onAuthenticationSuccess($storedRequest);
} else {
$this->onAuthenticationFailure($authenticationException);
return call_user_func(array($this, $this->errorMethodName));
}
}
/**
* Render the a hidden field with a CSRF token
*
* @return string the CSRF token field
*/
protected function renderCsrfTokenField()
{
if (strtolower($this->arguments['method']) === 'get') {
return '';
}
if (!$this->securityContext->isInitialized() || !$this->authenticationManager->isAuthenticated()) {
return '';
}
$csrfToken = $this->securityContext->getCsrfProtectionToken();
return '<input type="hidden" name="__csrfToken" value="' . htmlspecialchars($csrfToken) . '" />' . chr(10);
}
/**
* Receive an SSO authentication callback and trigger authentication
* through the SingleSignOnProvider.
*
* GET /sso/authentication/callback?...
*
* @param string $callbackUri
* @return void
*/
public function callbackAction($callbackUri)
{
try {
$this->authenticationManager->authenticate();
} catch (\TYPO3\Flow\Security\Exception\AuthenticationRequiredException $exception) {
$authenticationException = $exception;
}
if ($this->authenticationManager->isAuthenticated()) {
$storedRequest = $this->securityContext->getInterceptedRequest();
if ($storedRequest !== NULL) {
$this->securityContext->setInterceptedRequest(NULL);
$this->redirectToRequest($storedRequest);
} else {
// TODO Do we have to check the URI?
$this->redirectToUri($callbackUri);
}
} else {
throw new \Flowpack\SingleSignOn\Client\Exception('Could not authenticate in callbackAction triggered by the SSO server.', 1366613161, isset($authenticationException) ? $authenticationException : NULL);
}
}
/**
* Returns TRUE, if at least one of the currently authenticated accounts holds
* a role with the given identifier, also recursively.
*
* @param string $roleIdentifier The string representation of the role to search for
* @return boolean TRUE, if a role with the given string representation was found
*/
public function hasRole($roleIdentifier)
{
if ($roleIdentifier === 'TYPO3.Flow:Everybody') {
return true;
}
if ($roleIdentifier === 'TYPO3.Flow:Anonymous') {
return !$this->authenticationManager->isAuthenticated();
}
if ($roleIdentifier === 'TYPO3.Flow:AuthenticatedUser') {
return $this->authenticationManager->isAuthenticated();
}
$roles = $this->getRoles();
return isset($roles[$roleIdentifier]);
}
/**
* Executes this finisher
* @see AbstractFinisher::execute()
*
* @return void
* @throws \TYPO3\Flow\Mvc\Exception\StopActionException();
*/
protected function executeInternal()
{
/** @var \TYPO3\Form\Core\Runtime\FormRuntime $formRuntime */
$formRuntime = $this->finisherContext->getFormRuntime();
$formValueArray = $formRuntime->getFormState()->getFormValues();
if ($formRuntime->getRequest()->getParentRequest()->getControllerActionName() == 'editDataSheet') {
// we need to update the data sheet, we assume that the person is authenticated because a data sheet can only be edited by a authenticated user
/** @var \GIB\GradingTool\Domain\Model\Project $project */
$project = $this->projectRepository->findByIdentifier($formRuntime->getRequest()->getParentRequest()->getArgument('project'));
// make a HTML representation of a diff of the old and new data
$diffContent = DiffUtility::arrayDiffRecursive($project->getDataSheetContentArray(), $formValueArray);
// store changes to project
$project->setDataSheetContent($formValueArray);
$project->setLastUpdated(new \TYPO3\Flow\Utility\Now());
// update e-mail address (could have changed in the data sheet)
$projectManagerElectronicAddress = new \TYPO3\Party\Domain\Model\ElectronicAddress();
$projectManagerElectronicAddress->setIdentifier($formValueArray['projectManagerEmail']);
$projectManagerElectronicAddress->setType(\TYPO3\Party\Domain\Model\ElectronicAddress::TYPE_EMAIL);
$project->getProjectManager()->setPrimaryElectronicAddress($projectManagerElectronicAddress);
$this->partyRepository->update($project->getProjectManager());
$this->projectRepository->update($project);
$this->persistenceManager->persistAll();
// send a notification mail to the Administrator containing the changes
$templateIdentifierOverlay = $this->templateService->getTemplateIdentifierOverlay('editDataSheetNotification', $project);
$this->notificationMailService->sendNotificationMail($templateIdentifierOverlay, $project, NULL, '', '', $diffContent);
// add a flash message
$message = new \TYPO3\Flow\Error\Message('Your data sheet for project "%s" was successfully edited.', \TYPO3\Flow\Error\Message::SEVERITY_OK, array($project->getProjectTitle()));
$this->flashMessageContainer->addMessage($message);
} else {
// we need to add a new data sheet
/** @var \GIB\GradingTool\Domain\Model\Project $project */
$project = new \GIB\GradingTool\Domain\Model\Project();
$project->setProjectTitle($formValueArray['projectTitle']);
$project->setDataSheetFormIdentifier($this->settings['forms']['dataSheet']['default']);
$project->setSubmissionFormIdentifier($this->settings['forms']['submission']['default']);
// store identifier=userName and password for later usage
$identifier = $formValueArray['userName'];
$password = $formValueArray['password'];
// remove userName and password from data array so it doesn't get saved unencrypted
unset($formValueArray['userName']);
unset($formValueArray['password']);
$project->setDataSheetContent($formValueArray);
$project->setCreated(new \TYPO3\Flow\Utility\Now());
$this->projectRepository->add($project);
// add a flash message
$message = new \TYPO3\Flow\Error\Message('Your data sheet for project "%s" was successfully submitted.', \TYPO3\Flow\Error\Message::SEVERITY_OK, array($formValueArray['projectTitle']));
$this->flashMessageContainer->addMessage($message);
if (!$this->authenticationManager->isAuthenticated() || $this->authenticationManager->isAuthenticated() && $this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:Administrator')) {
// the product manager (supposedly) doesn't have an account yet, so we create one
$projectManager = new \GIB\GradingTool\Domain\Model\ProjectManager();
$projectManagerName = new \TYPO3\Party\Domain\Model\PersonName('', $formValueArray['projectManagerFirstName'], '', $formValueArray['projectManagerLastName']);
$projectManager->setName($projectManagerName);
$projectManagerElectronicAddress = new \TYPO3\Party\Domain\Model\ElectronicAddress();
$projectManagerElectronicAddress->setIdentifier($formValueArray['projectManagerEmail']);
$projectManagerElectronicAddress->setType(\TYPO3\Party\Domain\Model\ElectronicAddress::TYPE_EMAIL);
$projectManager->addElectronicAddress($projectManagerElectronicAddress);
$projectManager->setPrimaryElectronicAddress($projectManagerElectronicAddress);
// add account
$roles = array('GIB.GradingTool:ProjectManager');
$authenticationProviderName = 'DefaultProvider';
$account = $this->accountFactory->createAccountWithPassword($identifier, $password, $roles, $authenticationProviderName);
$this->accountRepository->add($account);
// add account to ProjectManager
$projectManager->addAccount($account);
// add project to ProjectManager
$projectManager->addProject($project);
// finally add the complete ProjectManager
$this->partyRepository->add($projectManager);
if (!$this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:Administrator')) {
// authenticate user if no Administrator is authenticated
$authenticationTokens = $this->securityContext->getAuthenticationTokensOfType('TYPO3\\Flow\\Security\\Authentication\\Token\\UsernamePassword');
if (count($authenticationTokens) === 1) {
$authenticationTokens[0]->setAccount($account);
$authenticationTokens[0]->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL);
}
// add a flash message
$message = new \TYPO3\Flow\Error\Message('The account "%s" was created and you were successfully logged in.', \TYPO3\Flow\Error\Message::SEVERITY_OK, array($identifier));
$this->flashMessageContainer->addMessage($message);
}
} elseif ($this->authenticationManager->isAuthenticated() && $this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:ProjectManager')) {
// a productManager is adding a new project to his account
/** @var \GIB\GradingTool\Domain\Model\ProjectManager $projectManager */
$projectManager = $this->authenticationManager->getSecurityContext()->getParty();
$projectManager->addProject($project);
$this->partyRepository->update($projectManager);
}
$this->persistenceManager->persistAll();
// send notification mail to project manager (bcc to team)
$templateIdentifierOverlay = $this->templateService->getTemplateIdentifierOverlay('newDataSheetProjectManagerNotification', $project);
$this->notificationMailService->sendNotificationMail($templateIdentifierOverlay, $project, $projectManager, $formValueArray['projectManagerFirstName'] . ' ' . $formValueArray['projectManagerLastName'], $formValueArray['projectManagerEmail']);
// send notification mail to the GIB team
$templateIdentifierOverlay = $this->templateService->getTemplateIdentifierOverlay('newDataSheetTeamNotification', $project);
$dataSheetArray = $this->dataSheetService->getProcessedDataSheet($project);
$this->notificationMailService->sendNotificationMail($templateIdentifierOverlay, $project, $projectManager, '', '', $dataSheetArray);
}
$this->persistenceManager->persistAll();
// redirect to dashboard
$formRuntime = $this->finisherContext->getFormRuntime();
$request = $formRuntime->getRequest()->getMainRequest();
$uriBuilder = new \TYPO3\Flow\Mvc\Routing\UriBuilder();
$uriBuilder->setRequest($request);
$uriBuilder->reset();
$uri = $uriBuilder->uriFor('editDatasheet', array('project' => $project), 'Project');
$response = $formRuntime->getResponse();
$mainResponse = $response;
while ($response = $response->getParentResponse()) {
$mainResponse = $response;
}
$mainResponse->setStatus(303);
$mainResponse->setHeader('Location', (string) $uri);
throw new \TYPO3\Flow\Mvc\Exception\StopActionException();
}
