/**
* Handles form based authentication.
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
$request = $event->get('request');
if ($this->options['check_path'] !== $request->getPathInfo()) {
return;
}
try {
if (null === ($token = $this->attemptAuthentication($request))) {
return;
}
$response = $this->onSuccess($request, $token);
} catch (AuthenticationException $failed) {
$response = $this->onFailure($event->getSubject(), $request, $failed);
}
$event->setReturnValue($response);
return true;
}
public function handle(Event $event)
{
$request = $event->get('request');
$master = HttpKernelInterface::MASTER_REQUEST === $event->get('request_type');
$this->initializeSession($request, $master);
$this->initializeRequestAttributes($request, $master);
}
/**
* Handles security.
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->get('request_type')) {
return;
}
$request = $event->get('request');
$this->dispatcher->disconnect('core.security');
list($listeners, $exception) = $this->map->getListeners($request);
if (null !== $exception) {
$exception->register($this->dispatcher);
}
foreach ($listeners as $listener) {
$listener->register($this->dispatcher);
}
$e = $this->dispatcher->notifyUntil(new Event($request, 'core.security', array('request' => $request)));
if ($e->isProcessed()) {
$event->setReturnValue($e->getReturnValue());
return true;
}
return;
}
public function handle(Event $event)
{
static $handling;
if (true === $handling) {
return false;
}
$handling = true;
$exception = $event->get('exception');
$request = $event->get('request');
if (null !== $this->logger) {
$this->logger->err(sprintf('%s: %s (uncaught exception)', get_class($exception), $exception->getMessage()));
} else {
error_log(sprintf('Uncaught PHP Exception %s: "%s" at %s line %s', get_class($exception), $exception->getMessage(), $exception->getFile(), $exception->getLine()));
}
$logger = null !== $this->logger ? $this->logger->getDebugLogger() : null;
$attributes = array('_controller' => $this->controller, 'exception' => FlattenException::create($exception), 'logger' => $logger, 'format' => 0 === strncasecmp(PHP_SAPI, 'cli', 3) ? 'txt' : $request->getRequestFormat());
$request = $request->duplicate(null, null, $attributes);
try {
$response = $event->getSubject()->handle($request, HttpKernelInterface::SUB_REQUEST, true);
} catch (\Exception $e) {
$message = sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage());
if (null !== $this->logger) {
$this->logger->err($message);
} else {
error_log($message);
}
// re-throw the exception as this is a catch-all
throw $exception;
}
$event->setReturnValue($response);
$handling = false;
return true;
}
/**
* Handles security.
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->get('request_type')) {
return;
}
$request = $event->get('request');
// disconnect all listeners from core.security to avoid the overhead
// of most listeners having to do this manually
$this->dispatcher->disconnect('core.security');
// ensure that listeners disconnect from wherever they have connected to
foreach ($this->currentListeners as $listener) {
$listener->unregister($this->dispatcher);
}
// register listeners for this firewall
list($listeners, $exception) = $this->map->getListeners($request);
if (null !== $exception) {
$exception->register($this->dispatcher);
}
foreach ($listeners as $listener) {
$listener->register($this->dispatcher);
}
// save current listener instances
$this->currentListeners = $listeners;
$this->currentListeners[] = $exception;
// initiate the listener chain
$e = $this->dispatcher->notifyUntil(new Event($request, 'core.security', array('request' => $request)));
if ($e->isProcessed()) {
$event->setReturnValue($e->getReturnValue());
return true;
}
return;
}
/**
* Filters the Response.
*
* @param Event $event An Event instance
* @param Response $response A Response instance
*/
public function filter(Event $event, Response $response)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->get('request_type') || $response->headers->has('Content-Type')) {
return $response;
}
$request = $event->get('request');
$format = $request->getRequestFormat();
if (null !== $format && ($mimeType = $request->getMimeType($format))) {
$response->headers->set('Content-Type', $mimeType);
}
return $response;
}
/**
* Handles security related exceptions.
*
* @param Event $event An Event instance
*/
public function handleException(Event $event)
{
$exception = $event->get('exception');
$request = $event->get('request');
if ($exception instanceof AuthenticationException) {
if (null !== $this->logger) {
$this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage()));
}
try {
$response = $this->startAuthentication($request, $exception);
} catch (\Exception $e) {
$event->set('exception', $e);
return;
}
} elseif ($exception instanceof AccessDeniedException) {
$token = $this->context->getToken();
if (!$this->authenticationTrustResolver->isFullFledged($token)) {
if (null !== $this->logger) {
$this->logger->info('Access denied (user is not fully authenticated); redirecting to authentication entry point');
}
try {
$response = $this->startAuthentication($request, new InsufficientAuthenticationException('Full authentication is required to access this resource.', $token, 0, $exception));
} catch (\Exception $e) {
$event->set('exception', $e);
return;
}
} else {
if (null !== $this->logger) {
$this->logger->info('Access is denied (and user is neither anonymous, nor remember-me)');
}
if (null === $this->errorPage) {
return;
}
$subRequest = Request::create($this->errorPage);
$subRequest->attributes->set(SecurityContext::ACCESS_DENIED_ERROR, $exception->getMessage());
try {
$response = $event->getSubject()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
} catch (\Exception $e) {
if (null !== $this->logger) {
$this->logger->err(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage()));
}
$event->set('exception', new \RuntimeException('Exception thrown when handling an exception.', 0, $e));
return;
}
$response->setStatusCode(403);
}
} else {
return;
}
$event->setReturnValue($response);
return true;
}
/**
* Handles the core.response event.
*
* @param Event $event An Event instance
*
* @return Response $response A Response instance
*/
public function handleResponse(Event $event, Response $response)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->get('request_type')) {
return $response;
}
if (null !== $this->matcher && !$this->matcher->matches($event->get('request'))) {
return $response;
}
if ($this->onlyException && null === $this->exception) {
return $response;
}
$this->profiler->collect($event->get('request'), $response, $this->exception);
$this->exception = null;
return $response;
}
/**
* Handles basic authentication.
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
$request = $event->get('request');
if (false === ($username = $request->server->get('PHP_AUTH_USER', false))) {
return;
}
if (null !== ($token = $this->securityContext->getToken())) {
if ($token->isImmutable()) {
return;
}
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $username) {
return;
}
}
if (null !== $this->logger) {
$this->logger->debug(sprintf('Basic Authentication Authorization header found for user "%s"', $username));
}
try {
$token = $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $request->server->get('PHP_AUTH_PW')));
$this->securityContext->setToken($token);
} catch (AuthenticationException $failed) {
$this->securityContext->setToken(null);
if (null !== $this->logger) {
$this->logger->debug(sprintf('Authentication request failed: %s', $failed->getMessage()));
}
if ($this->ignoreFailure) {
return;
}
$event->setReturnValue($this->authenticationEntryPoint->start($request, $failed));
return true;
}
}
/**
* Handles X509 authentication.
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
$request = $event->get('request');
if (null !== $this->logger) {
$this->logger->debug(sprintf('Checking secure context token: %s', $this->securityContext->getToken()));
}
list($user, $credentials) = $this->getPreAuthenticatedData($request);
if (null !== ($token = $this->securityContext->getToken())) {
if ($token->isImmutable()) {
return;
}
if ($token instanceof PreAuthenticatedToken && $token->isAuthenticated() && (string) $token === $user) {
return;
}
}
if (null !== $this->logger) {
$this->logger->debug(sprintf('Trying to pre-authenticate user "%s"', $user));
}
try {
$token = $this->authenticationManager->authenticate(new PreAuthenticatedToken($user, $credentials));
if (null !== $this->logger) {
$this->logger->debug(sprintf('Authentication success: %s', $token));
}
$this->securityContext->setToken($token);
} catch (AuthenticationException $failed) {
$this->securityContext->setToken(null);
if (null !== $this->logger) {
$this->logger->debug(sprintf("Cleared security context due to exception: %s", $failed->getMessage()));
}
}
}
public function getController(Event $event, $controller)
{
if (HttpKernelInterface::MASTER_REQUEST === $event->get('request_type')) {
$this->extension->setController($controller);
}
return $controller;
}
/**
*
*
* @param Event $event An Event instance
*/
public function filter(Event $event, Response $response)
{
if (!$configuration = $event->get('request')->attributes->get('_cache')) {
return $response;
}
if (!$response->isSuccessful()) {
return $response;
}
if (null !== $configuration->getSMaxAge()) {
$response->setSharedMaxAge($configuration->getSMaxAge());
}
if (null !== $configuration->getMaxAge()) {
$response->setMaxAge($configuration->getMaxAge());
}
if (null !== $configuration->getExpires()) {
$date = \DateTime::create(\DateTime::createFromFormat('U', $configuration->getExpires(), new \DateTimeZone('UTC')));
$response->setLastModified($date);
}
return $response;
}
/**
* Handles channel management.
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
$request = $event->get('request');
list($attributes, $channel) = $this->map->getPatterns($request);
if ('https' === $channel && !$request->isSecure()) {
if (null !== $this->logger) {
$this->logger->debug('Redirecting to HTTPS');
}
$event->setReturnValue($this->authenticationEntryPoint->start($request));
return true;
}
if ('http' === $channel && $request->isSecure()) {
if (null !== $this->logger) {
$this->logger->debug('Redirecting to HTTP');
}
$event->setReturnValue($this->authenticationEntryPoint->start($request));
return true;
}
}
/**
*
*
* @param Event $event An Event instance
*/
public function filter(Event $event, $controller)
{
$request = $event->get('request');
if ($configuration = $request->attributes->get('_converters')) {
$this->manager->apply($request, $configuration);
}
if (is_array($controller)) {
$r = new \ReflectionMethod($controller[0], $controller[1]);
} else {
$r = new \ReflectionFunction($controller);
}
// automatically apply conversion for non-configured objects
foreach ($r->getParameters() as $param) {
if ($param->getClass() && !$request->attributes->get($param->getName())) {
$configuration = new ParamConverter();
$configuration->setName($param->getName());
$configuration->setClass($param->getClass()->getName());
$configuration->setOptional($param->isOptional());
$this->manager->apply($request, $configuration);
}
}
return $controller;
}
/**
* Handles digest authentication.
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
$request = $event->get('request');
if (!$request->get($this->usernameParameter)) {
return;
}
if ('_exit' === $request->get($this->usernameParameter)) {
$this->securityContext->setToken($this->attemptExitUser($request));
} else {
try {
$this->securityContext->setToken($this->attemptSwitchUser($request));
} catch (AuthenticationException $e) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('Switch User failed: "%s"', $e->getMessage()));
}
}
}
$response = new Response();
$request->server->set('QUERY_STRING', '');
$response->setRedirect($request->getUri(), 302);
$event->setReturnValue($response);
return true;
}
public function listenToInteractiveLogin(Event $event)
{
$user = $event->get('token')->getUser();
if ($user instanceof User) {
$user->setLastLogin(new DateTime());
$this->userManager->updateUser($user);
}
}
public function handle(Event $event, Response $response)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->get('request_type')) {
return $response;
}
if ($response->headers->has('X-Debug-Token') && $response->isRedirect() && $this->interceptRedirects) {
$response->setContent(sprintf('<html><head></head><body><h1>This Request redirects to<br /><a href="%1$s">%1$s</a>.</h1><h4>The redirect was intercepted by the web debug toolbar to help debugging.<br/>For more information, see the "intercept-redirects" option of the Profiler.</h4></body></html>', $response->headers->get('Location')));
$response->setStatusCode(200);
$response->headers->remove('Location');
}
$request = $event->get('request');
if (!$response->headers->has('X-Debug-Token') || '3' === substr($response->getStatusCode(), 0, 1) || $response->headers->has('Content-Type') && false === strpos($response->headers->get('Content-Type'), 'html') || 'html' !== $request->getRequestFormat() || $request->isXmlHttpRequest()) {
return $response;
}
$this->injectToolbar($request, $response);
return $response;
}
public function parseRequest(Event $event)
{
$request = $event->get('request');
$matcher = new UrlMatcher($this->routes, array('base_url' => $request->getBaseUrl(), 'method' => $request->getMethod(), 'host' => $request->getHost(), 'is_secure' => $request->isSecure()));
if (false === ($attributes = $matcher->match($request->getPathInfo()))) {
return false;
}
$request->attributes->add($attributes);
}
public function resolve(Event $event)
{
$request = $event->get('request');
if (HttpKernelInterface::MASTER_REQUEST === $event->get('request_type')) {
// set the context even if the parsing does not need to be done
// to have correct link generation
$this->router->setContext(array('base_url' => $request->getBaseUrl(), 'method' => $request->getMethod(), 'host' => $request->getHost(), 'is_secure' => $request->isSecure()));
}
if ($request->attributes->has('_controller')) {
return;
}
$url = $request->getPathInfo();
$parts = explode('/', $url);
if (count($parts) < 4) {
return;
}
$controllerName = sprintf('App\\%sBundle\\Controller\\%sController::%sAction', $parts[1], $parts[2], $parts[3]);
$request->attributes->add(array('_controller' => $controllerName));
}
/**
* Handles anonymous authentication.
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
$request = $event->get('request');
if (null !== $this->context->getToken()) {
return;
}
$this->context->setToken(new AnonymousToken($this->key, 'anon.', array()));
if (null !== $this->logger) {
$this->logger->debug(sprintf('Populated SecurityContext with an anonymous Token'));
}
}
/**
* Checks for a NoUserForPrincipalException and unauthenticates the user
* locally and then remotely by redirecting to the CAS logout URL.
*
* @param Symfony\Component\EventDispatcher\Event $event
*/
public function handle(Event $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->get('request_type')) {
return;
}
if ($this->container->has('simplecas')) {
$exception = $event->get('exception');
if ($exception instanceof NoUserForPrincipalException) {
if (null !== $this->logger) {
$this->logger->err(sprintf('Redirecting to CAS logout page (%s)', $exception->getMessage()));
}
$simplecas = $this->container->get('simplecas');
$simplecas->unauthenticate();
$response = $this->container->get('response');
$response->setStatusCode(302);
$response->headers->set('Location', $simplecas->getLogoutUrl());
$event->setReturnValue($response);
return true;
}
}
}
/**
* Handles digest authentication.
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
$request = $event->get('request');
if (!($header = $request->server->get('PHP_AUTH_DIGEST'))) {
return;
}
if (null !== ($token = $this->securityContext->getToken())) {
if ($token->isImmutable()) {
return;
}
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $username) {
return;
}
}
if (null !== $this->logger) {
$this->logger->debug(sprintf('Digest Authorization header received from user agent: %s', $header));
}
$digestAuth = new DigestData($header);
try {
$digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
} catch (BadCredentialsException $e) {
$this->fail($request, $e);
return;
}
try {
$user = $this->provider->loadUserByUsername($digestAuth->getUsername());
if (null === $user) {
throw new AuthenticationServiceException('AuthenticationDao returned null, which is an interface contract violation');
}
$serverDigestMd5 = $digestAuth->calculateServerDigest($user->getPassword(), $request->getMethod());
} catch (UsernameNotFoundException $notFound) {
$this->fail($request, new BadCredentialsException(sprintf('Username %s not found.', $digestAuth->getUsername())));
return;
}
if ($serverDigestMd5 !== $digestAuth->getResponse()) {
if (null !== $this->logger) {
$this->logger->debug(sprintf("Expected response: '%s' but received: '%s'; is AuthenticationDao returning clear text passwords?", $serverDigestMd5, $digestAuth->getResponse()));
}
$this->fail($request, new BadCredentialsException('Incorrect response'));
return;
}
if ($digestAuth->isNonceExpired()) {
$this->fail($request, new NonceExpiredException('Nonce has expired/timed out.'));
return;
}
if (null !== $this->logger) {
$this->logger->debug(sprintf('Authentication success for user "%s" with response "%s"', $digestAuth->getUsername(), $digestAuth->getResponse()));
}
$this->securityContext->setToken(new UsernamePasswordToken($user, $user->getPassword()));
}
/**
* Performs the logout if requested
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
$request = $event->get('request');
if ($this->logoutPath !== $request->getPathInfo()) {
return;
}
$response = new Response();
$response->setRedirect(0 !== strpos($this->targetUrl, 'http') ? $request->getUriForPath($this->targetUrl) : $this->targetUrl, 302);
$token = $this->securityContext->getToken();
foreach ($this->handlers as $handler) {
$handler->logout($request, $response, $token);
}
$this->securityContext->setToken(null);
$event->setReturnValue($response);
return true;
}
/**
* Writes the SecurityContext to the session.
*
* @param Event $event An Event instance
*/
public function write(Event $event, Response $response)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->get('request_type')) {
return $response;
}
if (null === ($token = $this->context->getToken())) {
return $response;
}
if (null === $token || $token instanceof AnonymousToken) {
return $response;
}
if (null !== $this->logger) {
$this->logger->debug('Write SecurityContext in the session');
}
$event->get('request')->getSession()->set('_security', serialize($token));
return $response;
}
/**
*
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
$request = $event->get('request');
if ($this->logoutPath !== $request->getPathInfo()) {
return;
}
$this->securityContext->setToken(null);
$request->getSession()->invalidate();
$response = new Response();
$response->setRedirect(0 !== strpos($this->targetUrl, 'http') ? $request->getUriForPath($this->targetUrl) : $this->targetUrl, 302);
$event->setReturnValue($response);
return true;
}
/**
* Handles access authorization.
*
* @param Event $event An Event instance
*/
public function handle(Event $event)
{
if (null === ($token = $this->context->getToken())) {
throw new AuthenticationCredentialsNotFoundException('A Token was not found in the SecurityContext.');
}
$request = $event->get('request');
list($attributes, $channel) = $this->map->getPatterns($request);
if (null === $attributes) {
return;
}
if (!$token->isAuthenticated()) {
$token = $this->authManager->authenticate($token);
$this->context->setToken($token);
}
if (!$this->accessDecisionManager->decide($token, $attributes, $request)) {
throw new AccessDeniedException();
}
}
/**
*
*
* @param Event $event An Event instance
*/
public function filter(Event $event, $controller)
{
if (!is_array($controller)) {
return $controller;
}
$object = new \ReflectionObject($controller[0]);
$method = $object->getMethod($controller[1]);
$request = $event->get('request');
foreach ($this->reader->getMethodAnnotations($method) as $configuration) {
if ($configuration instanceof ConfigurationInterface) {
$request->attributes->set('_'.$configuration->getAliasName(), $configuration);
}
}
return $controller;
}
/**
* @param Event $event
* @param mixed $controller
*
* @return mixed
*
* @throws NotFoundHttpException
*/
public function filterController(Event $event, $controller)
{
if (!is_array($controller)) {
return $controller;
}
$request = $event->get('request');
$method = new \ReflectionMethod($controller[0], $controller[1]);
foreach ($method->getParameters() as $param) {
if (null !== $param->getClass() && false === $request->attributes->has($param->getName())) {
try {
$this->manager->apply($request, $param);
} catch (\InvalidArgumentException $e) {
if (false === $param->isOptional()) {
throw new NotFoundHttpException(sprintf('Unable to convert parameter "%s".', $param->getName()), $e);
}
}
}
}
return $controller;
}
public function create(Event $event)
{
$this->sitemap->add($event->get('loc'), array('changefreq' => $event->has('changefreq') ? $event->get('changefreq') : Url::YEARLY, 'priority' => $event->has('priority') ? $event->get('priority') : self::DEFAULT_PRIORITY, 'lastmod' => new \DateTime()));
$this->dump($this->sitemap);
}
/**
*
*
* @param Event $event An Event instance
*/
public function filterView(Event $event, $parameters)
{
$request = $event->get('request');
if (null === $parameters) {
if (!$vars = $request->attributes->get('_template_vars')) {
if (!$vars = $request->attributes->get('_template_default_vars')) {
return;
}
}
$parameters = array();
foreach ($vars as $var) {
$parameters[$var] = $request->attributes->get($var);
}
}
if (!is_array($parameters)) {
return $parameters;
}
if (!$template = $request->attributes->get('_template')) {
return $parameters;
}
$response = $this->container->get('response');
$response->setContent($this->container->get('templating')->render($template, $parameters));
return $response;
}
