/**
  * Add the Annotated Method to the Navigation
  *
  * @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint
  * @FLOW3\Before("method(protected TYPO3\Fluid\View\TemplateView->getLayoutPathAndFilename(.*))")
  * @return void
  */
 public function addNavigationitem(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
 {
     $layout = $joinPoint->getMethodArgument("layoutName");
     if (stristr($layout, "resource://")) {
         $joinPoint->getProxy()->setLayoutPathAndFilename($layout);
     }
 }
Beispiel #2
0
 /**
  * Logs calls of destroy()
  *
  * @FLOW3\Before("within(TYPO3\FLOW3\Session\SessionInterface) && method(.*->destroy())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint
  * @return mixed The result of the target method if it has not been intercepted
  */
 public function logDestroy(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $session = $joinPoint->getProxy();
     if ($session->isStarted()) {
         $reason = $joinPoint->isMethodArgument('reason') ? $joinPoint->getMethodArgument('reason') : 'no reason given';
         $this->systemLogger->log(sprintf('Destroyed session with id %s: %s', $joinPoint->getProxy()->getId(), $reason), LOG_DEBUG);
     }
 }
 /**
  * Logs exceptional results of the NodeService's getNodeByContextNodePath() method which is called by FrontendNodeRoutePartHandler::matchValue()
  *
  * @FLOW3\AfterThrowing("method(TYPO3\TYPO3\Service\NodeService->getNodeByContextNodePath())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return void
  */
 public function logFailedMatch(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $relativeContextNodePath = $joinPoint->getMethodArgument('relativeContextNodePath');
     $exception = $joinPoint->getException();
     if ($exception !== NULL) {
         $this->systemLogger->log(sprintf('%s failed to retrieve a node for path "%s" with message: %s', $joinPoint->getClassName(), $relativeContextNodePath, $exception->getMessage()), LOG_INFO);
     }
 }
 /**
  * Convert the object to its context path, if we deal with TYPO3CR nodes.
  *
  * @FLOW3\Around("method(TYPO3\FLOW3\Persistence\AbstractPersistenceManager->convertObjectToIdentityArray())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint the joinpoint
  * @return string|array the context path to be used for routing
  */
 public function convertNodeToContextPathForRouting(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $objectArgument = $joinPoint->getMethodArgument('object');
     if ($objectArgument instanceof NodeInterface) {
         return $objectArgument->getContextPath();
     } else {
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     }
 }
Beispiel #5
0
 /**
  * Advices the dispatch method so that illegal requests are blocked before invoking
  * any controller.
  *
  * @FLOW3\Around("method(TYPO3\FLOW3\MVC\Dispatcher->dispatch())")
  * @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint The current joinpoint
  * @return mixed Result of the advice chain
  */
 public function checkAccess(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
 {
     $this->securityManager->setRequest($joinPoint->getMethodArgument('request'));
     $this->securityManager->setResponse($joinPoint->getMethodArgument('response'));
     $request = $joinPoint->getMethodArgument('request');
     if (is_a($request, "\\TYPO3\\FLOW3\\MVC\\Web\\Request")) {
         $className = $request->getControllerObjectName();
         $methodName = $request->getControllerActionName() . 'Action';
         try {
             if (!empty($className) && $this->reflectionService->isMethodAnnotatedWith($className, $methodName, "Admin\\Annotations\\Access")) {
                 $annotation = $this->reflectionService->getMethodAnnotation($className, $methodName, "Admin\\Annotations\\Access");
                 if (!is_object($user = $this->securityManager->getUser())) {
                     return $this->securityManager->redirectToLogin($joinPoint);
                 }
                 if ($annotation->admin && !$user->isAdmin()) {
                     return $this->securityManager->redirectToLogin($joinPoint);
                 }
                 if ($annotation->role !== null) {
                     $hasRole = false;
                     foreach ($user->getRoles() as $role) {
                         if ($role->getName() == $annotation->role) {
                             $hasRole = true;
                         }
                     }
                     if (!$hasRole) {
                         $message = new \TYPO3\FLOW3\Error\Error("You don't have access to this page!");
                         $this->flashMessageContainer->addMessage($message);
                         return $this->securityManager->redirectToLogin($joinPoint);
                     }
                 }
             }
         } catch (\Exception $e) {
         }
     }
     if (is_object($adviceChain = $joinPoint->getAdviceChain())) {
         $result = $adviceChain->proceed($joinPoint);
         return $result;
     }
 }
Beispiel #6
0
 /**
  * Adds a CSRF token as argument in the URI builder
  *
  * @FLOW3\Before("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Routing\UriBuilder->build())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return void
  */
 public function addCsrfTokenToUri(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $uriBuilder = $joinPoint->getProxy();
     $arguments = $joinPoint->getMethodArgument('arguments');
     $packageKey = isset($arguments['@package']) ? $arguments['@package'] : '';
     $subpackageKey = isset($arguments['@subpackage']) ? $arguments['@subpackage'] : '';
     $controllerName = isset($arguments['@controller']) ? $arguments['@controller'] : 'Standard';
     $actionName = (isset($arguments['@action']) ? $arguments['@action'] : 'index') . 'Action';
     $possibleObjectName = '@package\\@subpackage\\Controller\\@controllerController';
     $possibleObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleObjectName);
     $possibleObjectName = str_replace('@subpackage', $subpackageKey, $possibleObjectName);
     $possibleObjectName = str_replace('@controller', $controllerName, $possibleObjectName);
     $possibleObjectName = str_replace('\\\\', '\\', $possibleObjectName);
     $lowercaseObjectName = strtolower($possibleObjectName);
     $className = $this->objectManager->getClassNameByObjectName($this->objectManager->getCaseSensitiveObjectName($lowercaseObjectName));
     if ($this->policyService->hasPolicyEntryForMethod($className, $actionName) && !$this->reflectionService->isMethodAnnotatedWith($className, $actionName, 'TYPO3\\FLOW3\\Annotations\\SkipCsrfProtection')) {
         $internalArguments = $uriBuilder->getArguments();
         $internalArguments['__csrfToken'] = $this->securityContext->getCsrfProtectionToken();
         $uriBuilder->setArguments($internalArguments);
     }
 }
Beispiel #7
0
 /**
  * Logs calls and results of decideOnJoinPoint()
  *
  * @FLOW3\AfterThrowing("method(TYPO3\FLOW3\Security\Authorization\AccessDecisionVoterManager->decideOnJoinPoint())")
  *
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint
  * @throws \Exception
  * @return void
  */
 public function logJoinPointAccessDecisions(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $exception = $joinPoint->getException();
     $subjectJoinPoint = $joinPoint->getMethodArgument('joinPoint');
     $message = $exception->getMessage() . ' to method ' . $subjectJoinPoint->getClassName() . '::' . $subjectJoinPoint->getMethodName() . '().';
     $this->securityLogger->log($message, \LOG_INFO);
     throw $exception;
 }
 /**
  * Advices the dispatch method so that access denied exceptions are transformed into the correct
  * response status.
  *
  * @FLOW3\Around("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Dispatcher->dispatch())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint
  * @return mixed Result of the advice chain
  */
 public function setAccessDeniedResponseHeader(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $response = $joinPoint->getMethodArgument('response');
     try {
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     } catch (\TYPO3\FLOW3\Security\Exception\AccessDeniedException $exception) {
         if ($response instanceof \TYPO3\FLOW3\Http\Response) {
             $response->setStatus(403);
         }
         $response->setContent('Access denied!');
     }
 }
 /**
  * Returns the publish path and filename to be used to publish the specified persistent resource
  *
  * @FLOW3\Around("method(TYPO3\FLOW3\Resource\Publishing\FileSystemPublishingTarget->buildPersistentResourcePublishPathAndFilename()) && setting(TYPO3.FLOW3.security.enable)")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return mixed Result of the target method
  */
 public function rewritePersistentResourcePublishPathAndFilenameForPrivateResources(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $resource = $joinPoint->getMethodArgument('resource');
     $configuration = $resource->getPublishingConfiguration();
     $returnFilename = $joinPoint->getMethodArgument('returnFilename');
     if ($configuration === NULL || $configuration instanceof \TYPO3\FLOW3\Security\Authorization\Resource\SecurityPublishingConfiguration === FALSE) {
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     }
     $publishingPath = FALSE;
     $allowedRoles = $configuration->getAllowedRoles();
     if (count(array_intersect($allowedRoles, $this->securityContext->getRoles())) > 0) {
         $publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($joinPoint->getProxy()->getResourcesPublishingPath(), 'Persistent/', $this->session->getID())) . '/';
         $filename = $resource->getResourcePointer()->getHash() . '.' . $resource->getFileExtension();
         \TYPO3\FLOW3\Utility\Files::createDirectoryRecursively($publishingPath);
         $this->accessRestrictionPublisher->publishAccessRestrictionsForPath($publishingPath);
         if ($this->settings['resource']['publishing']['fileSystem']['mirrorMode'] === 'link') {
             foreach ($allowedRoles as $role) {
                 $roleDirectory = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($this->environment->getPathToTemporaryDirectory(), 'PrivateResourcePublishing/', $role));
                 \TYPO3\FLOW3\Utility\Files::createDirectoryRecursively($roleDirectory);
                 if (file_exists($publishingPath . $role)) {
                     if (\TYPO3\FLOW3\Utility\Files::is_link(\TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role))) && realpath(\TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role))) === $roleDirectory) {
                         continue;
                     }
                     unlink($publishingPath . $role);
                     symlink($roleDirectory, \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role)));
                 } else {
                     symlink($roleDirectory, \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role)));
                 }
             }
             $publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $allowedRoles[0])) . '/';
         }
         if ($returnFilename === TRUE) {
             $publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $filename));
         }
     }
     return $publishingPath;
 }
 /**
  * @FLOW3\Around("method(public TYPO3\FLOW3\Tests\Functional\Aop\Fixtures\TargetClass01->greet())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint
  * @return string
  */
 public function changeNameArgumentAdvice(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     if ($joinPoint->getMethodArgument('name') === 'Andi') {
         $joinPoint->setMethodArgument('name', 'Robert');
     }
     return $joinPoint->getAdviceChain()->proceed($joinPoint);
 }