/** * Constructs a unauthorized exception * @param string $message The message of the exception * @param integer $code Code of the exception * @param Exception $previous Previous exception which caused this exception * @return null */ public function __construct($message = null, $code = null, Exception $previous = null) { if ($code === null) { $code = 202; } parent::__construct($message, $code, $previous); }
/** * Returns securely generated key of variable length in hexadecimal representation * * @param int $bits * @return string * @throws SecurityException */ public static function randomKey(int $bits = 256) : string { // $bits must be divisible by 8 if ($bits % 8 != 0) { throw SecurityException::incorrectRandomBits(__METHOD__); } return bin2hex(random_bytes(intval($bits / 8))); }
public function __construct($username) { parent::__construct('a username has to be unique!', 1001); $this->username = $username; }
public function __construct() { parent::__construct('Logged in user must be an admin', Http::STATUS_FORBIDDEN); }
public function __construct($token) { $this->token = $token; parent::__construct(sprintf('The token "%s" does not exist!', $token), 1005); }
public function doCheck($object, IPermission $perm, LoginContext $context = null) { if (SecurityManager::$Logger->isDebugEnabled()) { SecurityManager::$Logger->debug('Preparing to check permission with login context:'); SecurityManager::$Logger->debug(print_r($context, true)); } // A little "hack" here to avoid any lock to the root user due to configuration problem // in the next steps (= even without any configuration or with a broken configuration file, // the root will always have all the permissions on everything) $eyeosUser = null; try { $eyeosUser = $context->getEyeosUser(); if ($eyeosUser->getName() === 'root') { if (SecurityManager::$Logger->isInfoEnabled()) { SecurityManager::$Logger->info('Root user found in login context: bypassing any further security check for requested permission ' . $perm . '.'); } return; } } catch (EyeNullPointerException $e) { } $configuration = PolicyConfiguration::getConfiguration(); // Browse policy entries until we find one that matches the class of our object foreach ($configuration->getPolicyEntries() as $policyEntry) { $objectClass = $policyEntry->getObjectClass(); if ($object instanceof $objectClass) { // Check permission using each handler defined for this entry foreach ($policyEntry->getHandlerEntries() as $handlerEntry) { try { $handler = SecurityManager::getNewHandlerInstance($handlerEntry->getHandlerClass(), $handlerEntry->getParams()); try { $status = $handler->checkPermission($object, $perm, $context); // SUCCESS (access granted byt the current handler) if ($status === true) { if ($handlerEntry->getFlag() == PolicyHandlerEntry::FLAG_SUFFICIENT) { if ($this->firstRequiredError === null) { return; } } $this->success = true; } else { if (SecurityManager::$Logger->isInfoEnabled()) { $failureExceptionMessage = '(none available)'; if ($handler->getFailureException() !== null) { $failureExceptionMessage = $handler->getFailureException()->getMessage(); } SecurityManager::$Logger->debug($handlerEntry->getHandlerClass() . ' failure message: ' . $failureExceptionMessage); } } } catch (EyeSecurityException $e) { if ($handlerEntry->getFlag() == PolicyHandlerEntry::FLAG_REQUISITE) { if (SecurityManager::$Logger->isInfoEnabled()) { SecurityManager::$Logger->info('Requested permission ' . $perm . ' denied object of class ' . get_class($object) . ' (REQUISITE handler ' . $handlerEntry->getHandlerClass() . ' failed).'); SecurityManager::$Logger->info($e->getMessage()); } $this->throwException($this->firstRequiredError, $e); } else { if ($handlerEntry->getFlag() == PolicyHandlerEntry::FLAG_REQUIRED) { if ($this->firstRequiredError === null) { $this->firstRequiredError = $e; } } else { if ($this->firstError === null) { $this->firstError = $e; } } } } } catch (EyeException $e) { $this->throwException(null, $e); } } if ($this->firstRequiredError !== null) { // A required handler failed if (SecurityManager::$Logger->isInfoEnabled()) { SecurityManager::$Logger->info('Requested permission ' . $perm . ' denied on object of class ' . get_class($object) . ' (a REQUIRED handler failed).'); SecurityManager::$Logger->info($this->firstRequiredError->getMessage()); } $this->throwException($this->firstRequiredError, null); } else { if (!$this->success && $this->firstError !== null) { // No handler succeeded: return the first error if (SecurityManager::$Logger->isInfoEnabled()) { SecurityManager::$Logger->info('Requested permission ' . $perm . ' denied on object of class ' . get_class($object) . '.'); SecurityManager::$Logger->info($this->firstError->getMessage()); } $this->throwException($this->firstError, null); } else { if (!$this->success) { // All handlers returned FALSE (= they could not perform permission checks for any reason) SecurityManager::$Logger->warn('All SecurityHandlers have been ignored for object of class ' . get_class($object) . '.'); $this->throwException(new EyeSecurityException('Permission check failure: all handlers ignored on object of class "' . $objectClass . '".'), null); } else { if (SecurityManager::$Logger->isDebugEnabled()) { SecurityManager::$Logger->debug('Permission ' . $perm . ' granted on object of class ' . get_class($object) . '.'); } return; } } } } } // No matching policy entry has been found for given $object: report it in the log and allow access if (!$this->success) { SecurityManager::$Logger->warn('No matching policy entry for object of class ' . get_class($object) . ' has been found.'); } }
public function __construct() { parent::__construct('Current user is not logged in', Http::STATUS_UNAUTHORIZED); }
public function __construct($email) { $this->email = $email; parent::__construct(sprintf('The email "%s" is not unique!', $email), 1004); }
public function __construct() { parent::__construct('CSRF check failed', Http::STATUS_PRECONDITION_FAILED); }
public function __construct($interval) { parent::__construct('a token has already been generated', 1003); $this->interval = $interval; }
/** * Construct this exception * @param string $error Error message * @param string $translationKey Translation key of the error message * @param string $field Name of the field which caused this exception (optional) * @return null */ public function __construct($error, $translationKey, $field = null) { parent::__construct($error, 201); $this->setTranslationKey($translationKey); $this->setField($field); }
public function __construct() { parent::__construct('App is not enabled', Http::STATUS_PRECONDITION_FAILED); }
public function __construct($message = 'Unknown user', $code = SecurityException::UNKNOWN_USER) { parent::__construct($message, $code); }
public function __construct() { parent::__construct('The password is missing!', 1002); }
public function __construct($message, $code = 503) { parent::__construct($message, $code); }