Ejemplo n.º 1
0
 /**
  * Sets up this test case
  */
 public function setUp()
 {
     $this->securityContext = $this->getAccessibleMock(\TYPO3\Flow\Security\Context::class, array('separateActiveAndInactiveTokens'));
     $this->mockAuthenticationManager = $this->getMock(\TYPO3\Flow\Security\Authentication\AuthenticationManagerInterface::class);
     $this->mockAuthenticationManager->expects($this->any())->method('getTokens')->will($this->returnValue(array()));
     $this->securityContext->injectAuthenticationManager($this->mockAuthenticationManager);
     $this->mockActionRequest = $this->getMockBuilder(\TYPO3\Flow\Mvc\ActionRequest::class)->disableOriginalConstructor()->getMock();
     $this->securityContext->setRequest($this->mockActionRequest);
 }
Ejemplo n.º 2
0
 /**
  * Create an action request from stored route match values and dispatch to that
  *
  * @param ComponentContext $componentContext
  * @return void
  */
 public function handle(ComponentContext $componentContext)
 {
     $httpRequest = $componentContext->getHttpRequest();
     /** @var $actionRequest ActionRequest */
     $actionRequest = $this->objectManager->get(ActionRequest::class, $httpRequest);
     $this->securityContext->setRequest($actionRequest);
     $routingMatchResults = $componentContext->getParameter(Routing\RoutingComponent::class, 'matchResults');
     $actionRequest->setArguments($this->mergeArguments($httpRequest, $routingMatchResults));
     $this->setDefaultControllerAndActionNameIfNoneSpecified($actionRequest);
     $componentContext->setParameter(self::class, 'actionRequest', $actionRequest);
     $this->dispatcher->dispatch($actionRequest, $componentContext->getHttpResponse());
 }
Ejemplo n.º 3
0
 /**
  * @param array $patterns
  * @param bool $expectedActive
  * @test
  * @dataProvider separateActiveAndInactiveTokensDataProvider
  */
 public function separateActiveAndInactiveTokensTests(array $patterns, $expectedActive)
 {
     $mockRequestPatterns = [];
     foreach ($patterns as $pattern) {
         $mockRequestPattern = $this->getMockBuilder(\TYPO3\Flow\Security\RequestPatternInterface::class)->setMockClassName('RequestPattern_' . $pattern['type'])->getMock();
         $mockRequestPattern->expects($this->any())->method('matchRequest')->with($this->mockActionRequest)->will($this->returnValue($pattern['matchesRequest']));
         $mockRequestPatterns[] = $mockRequestPattern;
     }
     $mockToken = $this->createMock(\TYPO3\Flow\Security\Authentication\TokenInterface::class);
     $mockToken->expects($this->once())->method('hasRequestPatterns')->will($this->returnValue($mockRequestPatterns !== []));
     $mockToken->expects($this->any())->method('getRequestPatterns')->will($this->returnValue($mockRequestPatterns));
     /** @var \TYPO3\Flow\Security\Authentication\AuthenticationManagerInterface|\PHPUnit_Framework_MockObject_MockObject $mockAuthenticationManager */
     $mockAuthenticationManager = $this->createMock(\TYPO3\Flow\Security\Authentication\AuthenticationManagerInterface::class);
     $mockAuthenticationManager->expects($this->once())->method('getTokens')->will($this->returnValue([$mockToken]));
     $this->securityContext = $this->getAccessibleMock(Context::class, ['dummy']);
     $settings = [];
     $settings['security']['authentication']['authenticationStrategy'] = 'allTokens';
     $this->securityContext->injectSettings($settings);
     $this->securityContext->injectAuthenticationManager($mockAuthenticationManager);
     $this->securityContext->setRequest($this->mockActionRequest);
     $this->securityContext->initialize();
     if ($expectedActive) {
         $this->assertContains($mockToken, $this->securityContext->_get('activeTokens'));
     } else {
         $this->assertContains($mockToken, $this->securityContext->_get('inactiveTokens'));
     }
 }
Ejemplo n.º 4
0
 /**
  * Prepares the environment for and conducts an account authentication
  *
  * @param Account $account
  * @return void
  */
 protected function authenticateAccount(Account $account)
 {
     $this->testingProvider->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
     $this->testingProvider->setAccount($account);
     $this->securityContext->clearContext();
     /** @var RequestHandler $requestHandler */
     $this->securityContext->setRequest($this->mockActionRequest);
     $this->authenticationManager->authenticate();
 }
Ejemplo n.º 5
0
 /**
  * Prepares the environment for and conducts an account authentication
  *
  * @param \TYPO3\Flow\Security\Account $account
  * @return void
  * @api
  */
 protected function authenticateAccount(\TYPO3\Flow\Security\Account $account)
 {
     $this->testingProvider->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL);
     $this->testingProvider->setAccount($account);
     $this->securityContext->clearContext();
     $requestHandler = self::$bootstrap->getActiveRequestHandler();
     $actionRequest = $this->route($requestHandler->getHttpRequest());
     $this->securityContext->setRequest($actionRequest);
     $this->authenticationManager->authenticate();
 }
Ejemplo n.º 6
0
 /**
  * Checks whether the current request has the same security context hash as the one of the token
  *
  * @param array $tokenData
  * @param HttpRequest $httpRequest
  * @return void
  * @throws AccessDeniedException
  */
 protected function verifySecurityContextHash(array $tokenData, HttpRequest $httpRequest)
 {
     if (!isset($tokenData['securityContextHash'])) {
         return;
     }
     /** @var $actionRequest ActionRequest */
     $actionRequest = $this->objectManager->get(ActionRequest::class, $httpRequest);
     $this->securityContext->setRequest($actionRequest);
     if ($tokenData['securityContextHash'] !== $this->securityContext->getContextHash()) {
         throw new AccessDeniedException(sprintf('Invalid security hash!%sThis request is signed for a security context hash of "%s", but the current hash is "%s"', chr(10), $tokenData['securityContextHash'], $this->securityContext->getContextHash()), 1429705633);
     }
 }
Ejemplo n.º 7
0
 /**
  * Sends the given HTTP request
  *
  * @param \TYPO3\Flow\Http\Request $request
  * @return \TYPO3\Flow\Http\Response
  * @throws \TYPO3\Flow\Http\Exception
  * @api
  */
 public function sendRequest(Request $request)
 {
     $requestHandler = $this->bootstrap->getActiveRequestHandler();
     if (!$requestHandler instanceof \TYPO3\Flow\Tests\FunctionalTestRequestHandler) {
         throw new \TYPO3\Flow\Http\Exception('The browser\'s internal request engine has only been designed for use within functional tests.', 1335523749);
     }
     $response = new Response();
     $requestHandler->setHttpRequest($request);
     $requestHandler->setHttpResponse($response);
     try {
         $actionRequest = $this->router->route($request);
         $this->securityContext->clearContext();
         $this->securityContext->setRequest($actionRequest);
         $this->validatorResolver->reset();
         $this->dispatcher->dispatch($actionRequest, $response);
         $session = $this->bootstrap->getObjectManager()->get('TYPO3\\Flow\\Session\\SessionInterface');
         if ($session->isStarted()) {
             $session->close();
         }
     } catch (\Exception $exception) {
         $pathPosition = strpos($exception->getFile(), 'Packages/');
         $filePathAndName = $pathPosition !== FALSE ? substr($exception->getFile(), $pathPosition) : $exception->getFile();
         $exceptionCodeNumber = $exception->getCode() > 0 ? '#' . $exception->getCode() . ': ' : '';
         $content = PHP_EOL . 'Uncaught Exception in Flow ' . $exceptionCodeNumber . $exception->getMessage() . PHP_EOL;
         $content .= 'thrown in file ' . $filePathAndName . PHP_EOL;
         $content .= 'in line ' . $exception->getLine() . PHP_EOL . PHP_EOL;
         $content .= \TYPO3\Flow\Error\Debugger::getBacktraceCode($exception->getTrace(), FALSE, TRUE) . PHP_EOL;
         if ($exception instanceof \TYPO3\Flow\Exception) {
             $statusCode = $exception->getStatusCode();
         } else {
             $statusCode = 500;
         }
         $response->setStatus($statusCode);
         $response->setContent($content);
         $response->setHeader('X-Flow-ExceptionCode', $exception->getCode());
         $response->setHeader('X-Flow-ExceptionMessage', $exception->getMessage());
     }
     return $response;
 }
Ejemplo n.º 8
0
 /**
  * Handles a HTTP request
  *
  * @return void
  */
 public function handleRequest()
 {
     // Create the request very early so the Resource Management has a chance to grab it:
     $this->request = Request::createFromEnvironment();
     $this->response = new Response();
     $this->boot();
     $this->resolveDependencies();
     $this->request->injectSettings($this->settings);
     $this->router->setRoutesConfiguration($this->routesConfiguration);
     $actionRequest = $this->router->route($this->request);
     $this->securityContext->setRequest($actionRequest);
     $this->dispatcher->dispatch($actionRequest, $this->response);
     $this->response->makeStandardsCompliant($this->request);
     $this->response->send();
     $this->bootstrap->shutdown('Runtime');
     $this->exit->__invoke();
 }