/** * Calls the authentication manager to authenticate all active tokens * and redirects to the original intercepted request on success if there * is one stored in the security context. If no intercepted request is * found, the function simply returns. * * If authentication fails, the result of calling the defined * $errorMethodName is returned. * * Note: Usually there is no need to override this action. You should use * the according callback methods instead (onAuthenticationSuccess() and * onAuthenticationFailure()). * * @return string * @Flow\SkipCsrfProtection */ public function authenticateAction() { $authenticationException = null; try { $this->authenticationManager->authenticate(); } catch (\TYPO3\Flow\Security\Exception\AuthenticationRequiredException $exception) { $authenticationException = $exception; } if ($this->authenticationManager->isAuthenticated()) { $storedRequest = $this->securityContext->getInterceptedRequest(); if ($storedRequest !== null) { $this->securityContext->setInterceptedRequest(null); } return $this->onAuthenticationSuccess($storedRequest); } else { $this->onAuthenticationFailure($authenticationException); return call_user_func(array($this, $this->errorMethodName)); } }
/** * Receive an SSO authentication callback and trigger authentication * through the SingleSignOnProvider. * * GET /sso/authentication/callback?... * * @param string $callbackUri * @return void */ public function callbackAction($callbackUri) { try { $this->authenticationManager->authenticate(); } catch (\TYPO3\Flow\Security\Exception\AuthenticationRequiredException $exception) { $authenticationException = $exception; } if ($this->authenticationManager->isAuthenticated()) { $storedRequest = $this->securityContext->getInterceptedRequest(); if ($storedRequest !== NULL) { $this->securityContext->setInterceptedRequest(NULL); $this->redirectToRequest($storedRequest); } else { // TODO Do we have to check the URI? $this->redirectToUri($callbackUri); } } else { throw new \Flowpack\SingleSignOn\Client\Exception('Could not authenticate in callbackAction triggered by the SSO server.', 1366613161, isset($authenticationException) ? $authenticationException : NULL); } }
/** * Advices the dispatch method so that illegal action requests are blocked before * invoking any controller. * * The "request" referred to within this method is an ActionRequest or some other * dispatchable request implementing RequestInterface. Note that we don't deal * with HTTP requests here. * * @Flow\Around("setting(TYPO3.Flow.security.enable) && method(TYPO3\Flow\Mvc\Dispatcher->dispatch())") * @param \TYPO3\Flow\Aop\JoinPointInterface $joinPoint The current joinpoint * @return mixed Result of the advice chain * @throws \Exception|\TYPO3\Flow\Security\Exception\AccessDeniedException * @throws \Exception|\TYPO3\Flow\Security\Exception\AuthenticationRequiredException */ public function blockIllegalRequestsAndForwardToAuthenticationEntryPoints(JoinPointInterface $joinPoint) { $request = $joinPoint->getMethodArgument('request'); if (!$request instanceof ActionRequest || $this->securityContext->areAuthorizationChecksDisabled()) { return $joinPoint->getAdviceChain()->proceed($joinPoint); } try { $this->firewall->blockIllegalRequests($request); return $joinPoint->getAdviceChain()->proceed($joinPoint); } catch (AuthenticationRequiredException $exception) { $response = $joinPoint->getMethodArgument('response'); $entryPointFound = FALSE; /** @var $token \TYPO3\Flow\Security\Authentication\TokenInterface */ foreach ($this->securityContext->getAuthenticationTokens() as $token) { $entryPoint = $token->getAuthenticationEntryPoint(); if ($entryPoint !== NULL) { $entryPointFound = TRUE; if ($entryPoint instanceof WebRedirect) { $this->securityLogger->log('Redirecting to authentication entry point', LOG_INFO, $entryPoint->getOptions()); } else { $this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO); } $this->securityContext->setInterceptedRequest($request->getMainRequest()); $entryPoint->startAuthentication($request->getHttpRequest(), $response); } } if ($entryPointFound === FALSE) { $this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE); throw $exception; } } catch (AccessDeniedException $exception) { $this->securityLogger->log('Access denied', LOG_WARNING); throw $exception; } return NULL; }