Ejemplo n.º 1
0
 public function __invoke(MvcAuthEvent $mvcAuthEvent)
 {
     /** @var AclAuthorization $authorization */
     $authorization = $mvcAuthEvent->getAuthorizationService();
     $authenticaton = $mvcAuthEvent->getAuthenticationService();
     /**
      * Regardless of how our configuration is currently through via the Apigility UI,
      * we want to ensure that the default rule for the service we want to give access
      * to a particular identity has a DENY BY DEFAULT rule.
      *
      * Naturally, if you have many versions, or many methods, you would want to build
      * some kind of logic to build all the possible strings, and push these into the
      * ACL. If this gets too cumbersome, writing an assertion would be the next best
      * approach.
      */
     $authorization->deny(null, 'DbApi\\V1\\Rest\\User\\Controller::collection', 'GET');
     $authorization->deny(null, 'DbApi\\V1\\Rest\\User\\Controller::entity', 'GET');
     if ($authenticaton->hasIdentity() && $authenticaton->getIdentity()->getAuthenticationIdentity()) {
         /** @var \ZF\MvcAuth\Identity\IdentityInterface $currentUser */
         $currentUser = $authenticaton->getIdentity()->getAuthenticationIdentity();
         /**
          * Now, add the name of the identity in question as a role to the ACL
          */
         $authorization->addRole($currentUser['user_id']);
         /**
          * Next, assign the particular privilege that this identity needs.
          */
         $authorization->allow($currentUser['user_id'], 'DbApi\\V1\\Rest\\User\\Controller::entity', 'GET');
     }
 }
Ejemplo n.º 2
0
 public function testGetAuthenticationService()
 {
     $this->assertInstanceOf('Zend\\Authentication\\AuthenticationService', $this->mvcAuthEvent->getAuthenticationService());
 }
 /**
  * Listen to authentication events
  *
  * @param MvcAuthEvent $mvcAuthEvent
  * @return mixed
  */
 public function __invoke(MvcAuthEvent $mvcAuthEvent)
 {
     $mvcEvent = $mvcAuthEvent->getMvcEvent();
     $request = $mvcEvent->getRequest();
     $response = $mvcEvent->getResponse();
     //Skip authentication for console requests or OPTIONS requests
     if (!$request instanceof HttpRequest || $request->isOptions()) {
         return null;
     }
     //Skip authentication if the requested URI is on the whitelist
     $relPath = $this->_getRelativePath($request);
     foreach ($this->getUriWhitelist() as $pattern) {
         $regex = '/' . str_replace('/', '\\/', $pattern) . '/';
         if (preg_match($regex, $relPath)) {
             return null;
         }
     }
     //Provide our auth adapter with the request and response objects if it needs them
     if (is_callable(array($this->adapter, 'setRequest'))) {
         $this->adapter->setRequest($request);
     }
     if (is_callable(array($this->adapter, 'setResponse'))) {
         $this->adapter->setResponse($response);
     }
     //Ask the adapter to authenticate
     $authService = $mvcAuthEvent->getAuthenticationService();
     $authResult = $authService->authenticate($this->adapter);
     $mvcAuthEvent->setAuthenticationResult($authResult);
     //Create the identity object
     if ($authResult->isValid()) {
         //Create MvcAuth identity
         $resultIdentity = $authResult->getIdentity();
         $identity = new AuthenticatedIdentity($resultIdentity);
         $identity->setName((string) $resultIdentity);
     } else {
         $identity = new GuestIdentity();
     }
     $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
     return $identity;
 }
    /**
     * Attach the $httpAdapter as a proper adapter
     *
     * This is to allow using the setHttpAdapter() method along with the
     * AdapterInterface system, and will be removed in a future version.
     *
     * @deprecated
     * @param MvcAuthEvent $mvcAuthEvent
     */
    private function attachHttpAdapter(MvcAuthEvent $mvcAuthEvent)
    {
        if (! $this->httpAdapter instanceof HttpAuth) {
            return;
        }

        $this->attach(new HttpAdapter($this->httpAdapter, $mvcAuthEvent->getAuthenticationService()));
        $this->httpAdapter = null;
    }
 /**
  * Listen to the authentication event
  *
  * @param MvcAuthEvent $mvcAuthEvent
  * @return mixed
  */
 public function __invoke(MvcAuthEvent $mvcAuthEvent)
 {
     $mvcEvent = $mvcAuthEvent->getMvcEvent();
     $request = $mvcEvent->getRequest();
     $response = $mvcEvent->getResponse();
     if (!$request instanceof HttpRequest || $request->isOptions()) {
         return;
     }
     $type = false;
     if ($this->httpAdapter instanceof HttpAuth) {
         $this->httpAdapter->setRequest($request);
         $this->httpAdapter->setResponse($response);
     }
     $authHeader = $request->getHeader('Authorization');
     if ($authHeader) {
         $headerContent = trim($authHeader->getFieldValue());
         // we only support headers in the format: Authorization: xxx yyyyy
         if (strpos($headerContent, ' ') === false) {
             $identity = new Identity\GuestIdentity();
             $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
             return $identity;
         }
         list($type, $credential) = preg_split('# #', $headerContent, 2);
     }
     if (!$type && !in_array($request->getMethod(), $this->requestsWithoutBodies) && $request->getHeaders()->has('Content-Type') && $request->getHeaders()->get('Content-Type')->match('application/x-www-form-urlencoded') && $request->getPost('access_token')) {
         $type = 'oauth2';
     }
     if (!$type && null !== $request->getQuery('access_token')) {
         $type = 'oauth2';
     }
     if (!$type) {
         if ($this->httpAdapter instanceof HttpAuth) {
             $this->httpAdapter->challengeClient();
         }
         $identity = new Identity\GuestIdentity();
         $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
         return $identity;
     }
     switch (strtolower($type)) {
         case 'basic':
         case 'digest':
             if (!$this->httpAdapter instanceof HttpAuth) {
                 $identity = new Identity\GuestIdentity();
                 $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
                 return $identity;
             }
             $auth = $mvcAuthEvent->getAuthenticationService();
             $result = $auth->authenticate($this->httpAdapter);
             $mvcAuthEvent->setAuthenticationResult($result);
             if ($result->isValid()) {
                 $resultIdentity = $result->getIdentity();
                 // Pass full discovered identity to AuthenticatedIdentity object
                 $identity = new Identity\AuthenticatedIdentity($resultIdentity);
                 // But determine name separately
                 $name = $resultIdentity;
                 if (is_array($resultIdentity)) {
                     $name = isset($resultIdentity['username']) ? $resultIdentity['username'] : (string) $resultIdentity;
                 }
                 $identity->setName($name);
                 // Set in MvcEvent
                 $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
                 return $identity;
             }
             $identity = new Identity\GuestIdentity();
             $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
             return $identity;
         case 'oauth2':
         case 'bearer':
             if (!$this->oauth2Server instanceof OAuth2Server) {
                 $identity = new Identity\GuestIdentity();
                 $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
                 return $identity;
             }
             $content = $request->getContent();
             $oauth2request = new OAuth2Request($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER, $content);
             if ($this->oauth2Server->verifyResourceRequest($oauth2request)) {
                 $token = $this->oauth2Server->getAccessTokenData($oauth2request);
                 $identity = new Identity\AuthenticatedIdentity($token);
                 $identity->setName($token['user_id']);
                 $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
                 return $identity;
             }
             $identity = new Identity\GuestIdentity();
             $mvcEvent->setParam('ZF\\MvcAuth\\Identity', $identity);
             return $identity;
         case 'token':
             throw new \Exception('zf-mvc-auth has not yet implemented a "token" authentication adapter');
     }
 }