/** * Handles redirects in case of dispatch errors caused by unauthorized access * * @param MvcEvent $event * @return void */ public function onError(MvcEvent $event) { if (!$event->getRequest() instanceof HttpRequest || !($routeMatch = $event->getRouteMatch())) { return; } if (null === $this->redirectUri) { if (null === $this->redirectRoute) { if ($this->authenticationService->hasIdentity()) { $this->setRedirectRoute($this->options->getAuthenticatedIdentityRedirectRoute()); } else { $this->setRedirectRoute($this->options->getUnauthenticatedIdentityRedirectRoute()); } } if (!($this->redirectRoute && $this->redirectRoute !== $routeMatch->getMatchedRouteName())) { return parent::onError($event); } $params = ['name' => $this->redirectRoute]; if ($this->options->getUseRedirectParameter()) { $redirectKey = $this->options->getRedirectKey(); $params['query'][$redirectKey] = $event->getRequest()->getUriString(); } $this->setRedirectUri($event->getRouter()->assemble([], $params)); } $response = $event->getResponse() ?: new HttpResponse(); $response->getHeaders()->addHeaderLine('Location', $this->redirectUri); $response->setStatusCode(302); $event->setResponse($response); }
/** * @private * @param MvcEvent $event * @return void */ public function onError(MvcEvent $event) { // Do nothing if no error or if response is not HTTP response if (!$event->getParam('exception') instanceof UnauthorizedExceptionInterface || $event->getResult() instanceof HttpResponse || !$event->getResponse() instanceof HttpResponse) { return; } $router = $event->getRouter(); if ($this->authenticationService->hasIdentity()) { if (!$this->options->getRedirectWhenConnected()) { return; } $redirectRoute = $this->options->getRedirectToRouteConnected(); } else { $redirectRoute = $this->options->getRedirectToRouteDisconnected(); } $uri = $router->assemble([], ['name' => $redirectRoute]); if ($this->options->getAppendPreviousUri()) { $redirectKey = $this->options->getPreviousUriQueryKey(); $previousUri = $event->getRequest()->getUriString(); $uri = $router->assemble([], ['name' => $redirectRoute, 'query' => [$redirectKey => $previousUri]]); } $response = $event->getResponse() ?: new HttpResponse(); $response->getHeaders()->addHeaderLine('Location', $uri); $response->setStatusCode(302); $event->setResponse($response); $event->setResult($response); }
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null) { $registration = $this->service->registrationPath(); $logout = $this->service->logoutPath(); $login = $this->service->loginPath(); $base = $this->service->basePath(); $uri = $request->getUri(); $path = $uri->getPath(); if ($path === $logout) { $this->service->clearIdentity(); // including the user session return $this->redirectTo($uri->withPath($login)); } // Disallow to render the view (by default) if not authenticated if (!$this->service->hasIdentity()) { switch ($path) { case $login: return $next($request, $response); case $registration: return $next($request, $response); default: return $this->redirectTo($uri->withPath($login)); } } switch ($path) { case $login: return $this->redirectTo($uri->withPath($base)); case $registration: return $this->redirectTo($uri->withPath($base)); } return $next($request, $response); }
/** * Retrieve the current identity, if any. * * If none is present, returns null. * * @return mixed|null * @throws Exception\RuntimeException */ public function __invoke() { if (!$this->authenticationService instanceof AuthenticationServiceInterface) { throw new Exception\RuntimeException('No AuthenticationServiceInterface instance provided; cannot lookup identity'); } if (!$this->authenticationService->hasIdentity()) { return; } return $this->authenticationService->getIdentity(); }
public function __invoke(ServerRequestInterface $req, Response $res) { if ($this->authService->hasIdentity()) { $identity = $this->authService->getIdentity(); $events = $this->events; $this->authService->clearIdentity(); $events('trigger', 'logout', $identity, $this->redirectUrl); } return $res->withRedirect($this->redirectUrl); }
/** * Determines whether or not user has access to requested resource. * * @param ServerRequestInterface $request * @param ResponseInterface $response * @param callable $next * * @return ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { $route = $request->getAttribute('route', null); if ($route === null) { // User likely accessing a nonexistent route. Calling next middleware. return $next($request, $response); } $role = $this->getRole($this->auth->getIdentity()); $resource = $route->getPattern(); /* * THIS BUG HAPPENED WHEN ROUTE DID NOT SET ->allow([roles]) * Hope fix problems when an optional / maybe followed by arguments * Route::group('/venues', function (){ Route::get('/', ... Route::get('[/{id:[0-9]+}]', ... dont work for groups that do not have a sub route like '/' */ // $resource = preg_replace("|\[\/[^\[].*\]|", "/", $route->getPattern()); // $resource = $route->getIdentifier(); $privilege = $request->getMethod(); // $isAllowed = false; // if(!$this->acl && $route instanceof AuthorizableRoute){ // $route->getAcl()->isAllowed($role, $resource, $privilege); // } else { // $this->acl->isAllowed($role, $resource, $privilege); // } // var_dump($this->acl); $isAllowed = $this->acl->isAllowed($role, $resource, $privilege); $isAuthenticated = $this->auth->hasIdentity(); if ($isAllowed) { return $next($request, $response); } if ($isAuthenticated) { // Authenticated but unauthorized for this resource return $this->handler->notAuthorized($response); } // Not authenticated and must be authenticated to access this resource return $this->handler->notAuthenticated($response); }