/** * Method executed before each action * * @access public */ public function beforeAction($controller, $action) { // Start the session $this->session->open(BASE_URL_DIRECTORY); // HTTP secure headers $this->response->csp(array('style-src' => "'self' 'unsafe-inline'")); $this->response->nosniff(); $this->response->xss(); // Allow the public board iframe inclusion if ($action !== 'readonly') { $this->response->xframe(); } if (ENABLE_HSTS) { $this->response->hsts(); } $this->config->setupTranslations(); $this->config->setupTimezone(); // Authentication if (!$this->authentication->isAuthenticated($controller, $action)) { if ($this->request->isAjax()) { $this->response->text('Not Authorized', 401); } $this->response->redirect('?controller=user&action=login&redirect_query=' . urlencode($this->request->getQueryString())); } // Check if the user is allowed to see this page if (!$this->acl->isPageAccessAllowed($controller, $action)) { $this->response->redirect('?controller=user&action=forbidden'); } // Attach events $this->attachEvents(); }
/** * Check authentication * * @access public */ public function handleAuthentication() { if (!$this->authentication->isAuthenticated()) { if ($this->request->isAjax()) { $this->response->text('Not Authorized', 401); } $this->response->redirect('?controller=user&action=login&redirect_query=' . urlencode($this->request->getQueryString())); } }
/** * Check 2FA * * @access public */ public function handle2FA($controller, $action) { $ignore = $controller === 'twofactor' && in_array($action, array('code', 'check')) || $controller === 'auth' && $action === 'logout'; if ($ignore === false && $this->userSession->has2FA() && !$this->userSession->check2FA()) { if ($this->request->isAjax()) { $this->response->text('Not Authorized', 401); } $this->response->redirect($this->helper->url->to('twofactor', 'code')); } }
/** * Check page access and authentication * * @access public */ public function handleAuthenticatedUser($controller, $action) { if (!$this->authentication->isAuthenticated()) { if ($this->request->isAjax()) { $this->response->text('Not Authorized', 401); } $this->response->redirect('?controller=user&action=login&redirect_query=' . urlencode($this->request->getQueryString())); } if (!$this->acl->isAllowed($controller, $action, $this->request->getIntegerParam('project_id', 0))) { $this->forbidden(); } }
/** * Check webhook token * * @access protected */ protected function checkWebhookToken() { if ($this->config->get('webhook_token') !== $this->request->getStringParam('token')) { $this->response->text('Not Authorized', 401); } }