/**
* Helper function for a mapping result with errors
*/
protected function stubRequestWithMappingErrors()
{
$this->request->getOriginalRequest()->willReturn(null);
$this->request->getArguments()->willReturn([]);
$result = $this->prophesize(Result::class);
$result->forProperty('objectName')->willReturn($result->reveal());
$result->forProperty('someProperty')->willReturn($result->reveal());
$result->hasErrors()->willReturn(true);
$this->request->getOriginalRequestMappingResults()->willReturn($result->reveal());
}
/**
* Checks if cHash is required for the current request and calls
* TypoScriptFrontendController::reqCHash() if so.
* This call will trigger a PageNotFoundException if arguments are required and cHash is not present.
*
* @param Request $request
* @param string $pluginNamespace
*/
public function enforceForRequest(Request $request, string $pluginNamespace)
{
$arguments = $request->getArguments();
if (is_array($arguments) && count($arguments) > 0) {
$parameters = [$pluginNamespace => $arguments];
$parameters['id'] = $this->typoScriptFrontendController->id;
$relevantParameters = $this->cacheHashCalculator->getRelevantParameters(http_build_query($parameters));
if (count($relevantParameters) > 0) {
$this->typoScriptFrontendController->reqCHash();
}
}
}
/**
* @param Page $page
* @return Result
* @throws PropertyMappingException
*/
protected function mapAndValidatePage(Page $page) : Result
{
$result = $this->objectManager->get(Result::class);
$requestArguments = $this->request->getArguments();
$propertyPathsForWhichPropertyMappingShouldHappen = [];
$registerPropertyPaths = function ($propertyPath) use(&$propertyPathsForWhichPropertyMappingShouldHappen) {
$propertyPathParts = explode('.', $propertyPath);
$accumulatedPropertyPathParts = [];
foreach ($propertyPathParts as $propertyPathPart) {
$accumulatedPropertyPathParts[] = $propertyPathPart;
$temporaryPropertyPath = implode('.', $accumulatedPropertyPathParts);
$propertyPathsForWhichPropertyMappingShouldHappen[$temporaryPropertyPath] = $temporaryPropertyPath;
}
};
foreach ($page->getElementsRecursively() as $element) {
$value = ArrayUtility::getValueByPath($requestArguments, $element->getIdentifier());
$element->onSubmit($this, $value, $requestArguments);
$this->formState->setFormValue($element->getIdentifier(), $value);
$registerPropertyPaths($element->getIdentifier());
}
// The more parts the path has, the more early it is processed
usort($propertyPathsForWhichPropertyMappingShouldHappen, function ($a, $b) {
return substr_count($b, '.') - substr_count($a, '.');
});
$processingRules = $this->formDefinition->getProcessingRules();
foreach ($propertyPathsForWhichPropertyMappingShouldHappen as $propertyPath) {
if (isset($processingRules[$propertyPath])) {
$processingRule = $processingRules[$propertyPath];
$value = $this->formState->getFormValue($propertyPath);
try {
$value = $processingRule->process($value);
} catch (PropertyException $exception) {
throw new PropertyMappingException('Failed to process FormValue at "' . $propertyPath . '" from "' . gettype($value) . '" to "' . $processingRule->getDataType() . '"', 1480024933, $exception);
}
$result->forProperty($propertyPath)->merge($processingRule->getProcessingMessages());
$this->formState->setFormValue($propertyPath, $value);
}
}
return $result;
}
/**
* Verify the request. Checks if there is an __hmac argument, and if yes, tries to validate and verify it.
*
* In the end, $request->setHmacVerified is set depending on the value.
*
* @param \TYPO3\CMS\Extbase\Mvc\Web\Request $request The request to verify
* @throws \TYPO3\CMS\Extbase\Security\Exception\SyntacticallyWrongRequestHashException
* @return void
*/
public function verifyRequest(\TYPO3\CMS\Extbase\Mvc\Web\Request $request)
{
if (!$request->getInternalArgument('__hmac')) {
$request->setHmacVerified(FALSE);
return;
}
$hmac = $request->getInternalArgument('__hmac');
if (strlen($hmac) < 40) {
throw new \TYPO3\CMS\Extbase\Security\Exception\SyntacticallyWrongRequestHashException('Request hash too short. This is a probably manipulation attempt!', 1255089361);
}
$serializedFieldNames = substr($hmac, 0, -40);
// TODO: Constant for hash length needs to be introduced
$hash = substr($hmac, -40);
if ($this->hashService->validateHmac($serializedFieldNames, $hash)) {
$requestArguments = $request->getArguments();
// Unset framework arguments
unset($requestArguments['__referrer']);
unset($requestArguments['__hmac']);
if ($this->checkFieldNameInclusion($requestArguments, unserialize($serializedFieldNames))) {
$request->setHmacVerified(TRUE);
} else {
$request->setHmacVerified(FALSE);
}
} else {
$request->setHmacVerified(FALSE);
}
}
