/**
* Updates the password credential from the POST vars, if the POST parameters
* are available. Sets the authentication status to AUTHENTICATION_NEEDED, if credentials have been sent.
*
* Note: You need to send the password in this POST parameter:
* __authentication[TYPO3][FLOW3][Security][Authentication][Token][PasswordToken][password]
*
* @param \TYPO3\FLOW3\Mvc\ActionRequest $actionRequest The current action request
* @return void
*/
public function updateCredentials(\TYPO3\FLOW3\Mvc\ActionRequest $actionRequest)
{
if ($actionRequest->getHttpRequest()->getMethod() !== 'POST') {
return;
}
$postArguments = $actionRequest->getInternalArguments();
$password = \TYPO3\FLOW3\Reflection\ObjectAccess::getPropertyPath($postArguments, '__authentication.TYPO3.FLOW3.Security.Authentication.Token.PasswordToken.password');
if (!empty($password)) {
$this->credentials['password'] = $password;
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* Updates the username and password credentials from the HTTP authorization header.
* Sets the authentication status to AUTHENTICATION_NEEDED, if the header has been
* sent, to NO_CREDENTIALS_GIVEN if no authorization header was there.
*
* @param \TYPO3\FLOW3\Mvc\ActionRequest $actionRequest The current action request instance
* @return void
*/
public function updateCredentials(\TYPO3\FLOW3\Mvc\ActionRequest $actionRequest)
{
$authorizationHeader = $actionRequest->getHttpRequest()->getHeaders()->get('Authorization');
if (substr($authorizationHeader, 0, 5) === 'Basic') {
$credentials = base64_decode(substr($authorizationHeader, 6));
$this->credentials['username'] = substr($credentials, 0, strpos($credentials, ':'));
$this->credentials['password'] = substr($credentials, strpos($credentials, ':') + 1);
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
} else {
$this->credentials = array('username' => NULL, 'password' => NULL);
$this->authenticationStatus = self::NO_CREDENTIALS_GIVEN;
}
}
/**
* Updates the username and password credentials from the POST vars, if the POST parameters
* are available. Sets the authentication status to REAUTHENTICATION_NEEDED, if credentials have been sent.
*
* @param \TYPO3\FLOW3\Mvc\ActionRequest $actionRequest The current action request instance
* @return void
*/
public function updateCredentials(\TYPO3\FLOW3\Mvc\ActionRequest $actionRequest)
{
$getArguments = $actionRequest->getArguments();
if (!empty($getArguments['user']) && !empty($getArguments['signature']) && !empty($getArguments['expires']) && !empty($getArguments['version']) && !empty($getArguments['tpa_id']) && !empty($getArguments['action']) && !empty($getArguments['flags']) && !empty($getArguments['userdata'])) {
$this->credentials['username'] = $getArguments['user'];
$this->credentials['signature'] = \TYPO3\FLOW3\Utility\TypeHandling::hex2bin($getArguments['signature']);
$this->credentials['expires'] = $getArguments['expires'];
$this->credentials['version'] = $getArguments['version'];
$this->credentials['tpaId'] = $getArguments['tpa_id'];
$this->credentials['action'] = $getArguments['action'];
$this->credentials['flags'] = $getArguments['flags'];
$this->credentials['userdata'] = $getArguments['userdata'];
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* @test
*/
public function dispatchContinuesWithNextRequestFoundInAForwardException()
{
$httpRequest = Request::create(new Uri('http://localhost'));
$httpResponse = new Response();
$mainRequest = $httpRequest->createActionRequest();
$subRequest = new ActionRequest($mainRequest);
$nextRequest = $httpRequest->createActionRequest();
$mainRequest->setDispatched(TRUE);
$mainRequest->setControllerSubPackageKey('main');
$subRequest->setControllerSubPackageKey('sub');
$nextRequest->setControllerSubPackageKey('next');
$mockController = $this->getMock('TYPO3\\FLOW3\\Mvc\\Controller\\ControllerInterface', array('processRequest'));
$mockController->expects($this->at(0))->method('processRequest')->will($this->returnCallback(function (ActionRequest $request) use($nextRequest) {
$request->setDispatched(TRUE);
$forwardException = new ForwardException();
$forwardException->setNextRequest($nextRequest);
throw $forwardException;
}));
$mockController->expects($this->at(1))->method('processRequest')->will($this->returnCallback(function (ActionRequest $request) use($nextRequest) {
// NOTE: PhpUnit creates a clone of $nextRequest, thus $request is not the same instance as expected.
if ($request == $nextRequest) {
$nextRequest->setDispatched(TRUE);
}
}));
$dispatcher = $this->getMock('TYPO3\\FLOW3\\Mvc\\Dispatcher', array('resolveController', 'emitAfterControllerInvocation'), array(), '', FALSE);
$dispatcher->expects($this->any())->method('resolveController')->will($this->returnValue($mockController));
$dispatcher->dispatch($subRequest, $httpResponse);
}
/**
* @test
*/
public function buildAddsActionNameFromRootRequestIfRequestIsOfTypeSubRequest()
{
$expectedArguments = array('@action' => 'RootRequestActionName');
$this->mockMainRequest->expects($this->once())->method('getControllerActionName')->will($this->returnValue('RootRequestActionName'));
$this->mockMainRequest->expects($this->any())->method('getArguments')->will($this->returnValue(array()));
$this->uriBuilder->setRequest($this->mockSubRequest);
$this->uriBuilder->build();
$this->assertEquals($expectedArguments, $this->uriBuilder->getLastArguments());
}
/**
* Set the default controller and action names if none has been specified.
*
* @return void
*/
protected function setDefaultControllerAndActionNameIfNoneSpecified()
{
if ($this->actionRequest->getControllerName() === NULL) {
$this->actionRequest->setControllerName('Standard');
}
if ($this->actionRequest->getControllerActionName() === NULL) {
$this->actionRequest->setControllerActionName('index');
}
}
/**
* Maps arguments delivered by the request object to the local controller arguments.
*
* @return void
* @throws \TYPO3\FLOW3\Mvc\Exception\RequiredArgumentMissingException
* @api
*/
protected function mapRequestArgumentsToControllerArguments()
{
foreach ($this->arguments as $argument) {
$argumentName = $argument->getName();
if ($this->request->hasArgument($argumentName)) {
$argument->setValue($this->request->getArgument($argumentName));
} elseif ($argument->isRequired()) {
throw new \TYPO3\FLOW3\Mvc\Exception\RequiredArgumentMissingException('Required argument "' . $argumentName . '" is not set.', 1298012500);
}
}
}
/**
* Redirects the web request to another uri.
*
* NOTE: This method only supports web requests and will throw an exception
* if used with other request types.
*
* @param mixed $uri Either a string representation of a URI or a \TYPO3\FLOW3\Http\Uri object
* @param integer $delay (optional) The delay in seconds. Default is no delay.
* @param integer $statusCode (optional) The HTTP status code for the redirect. Default is "303 See Other"
* @return void
* @throws \TYPO3\FLOW3\Mvc\Exception\StopActionException
* @api
*/
protected function redirectToUri($uri, $delay = 0, $statusCode = 303)
{
// the parent method throws the exception, but we need to act afterwards
// thus the code in catch - it's the expected state
try {
parent::redirectToUri($uri, $delay, $statusCode);
} catch (\TYPO3\FLOW3\Mvc\Exception\StopActionException $exception) {
if ($this->request->getFormat() === 'json') {
$this->response->setContent('');
}
throw $exception;
}
}
/**
* @param array $module
* @return void
* @FLOW3\SkipCsrfProtection
*/
public function indexAction(array $module)
{
$moduleRequest = new ActionRequest($this->request);
$moduleRequest->setArgumentNamespace('moduleArguments');
$moduleRequest->setControllerObjectName($module['controller']);
$moduleRequest->setControllerActionName($module['action']);
if ($this->request->hasArgument($moduleRequest->getArgumentNamespace()) === TRUE && is_array($this->request->getArgument($moduleRequest->getArgumentNamespace()))) {
$moduleRequest->setArguments($this->request->getArgument($moduleRequest->getArgumentNamespace()));
}
foreach ($this->request->getPluginArguments() as $argumentNamespace => $argument) {
$moduleRequest->setArgument('--' . $argumentNamespace, $argument);
}
$modules = explode('/', $module['module']);
$moduleConfiguration = \TYPO3\FLOW3\Utility\Arrays::getValueByPath($this->settings['modules'], implode('.submodules.', $modules));
$moduleConfiguration['path'] = $module['module'];
$moduleBreadcrumb = array();
$path = array();
foreach ($modules as $moduleIdentifier) {
array_push($path, $moduleIdentifier);
$config = \TYPO3\FLOW3\Utility\Arrays::getValueByPath($this->settings['modules'], implode('.submodules.', $path));
$moduleBreadcrumb[implode('/', $path)] = $config['label'];
}
$moduleRequest->setArgument('__moduleConfiguration', $moduleConfiguration);
$moduleRequest->setArgument('__moduleBreadcrumb', $moduleBreadcrumb);
$moduleResponse = new Response($this->response);
$this->dispatcher->dispatch($moduleRequest, $moduleResponse);
$this->view->assignMultiple(array('moduleClass' => implode('-', $modules), 'moduleContents' => $moduleResponse->getContent(), 'title' => $moduleRequest->hasArgument('title') ? $moduleRequest->getArgument('title') : $moduleConfiguration['label'], 'rootModule' => array_shift($modules), 'submodule' => array_shift($modules), 'moduleConfiguration' => $moduleConfiguration));
}
/**
* Get the path of the argument namespaces of all parent requests.
* Example: mainrequest.subrequest.subsubrequest
*
* @param \TYPO3\FLOW3\Mvc\ActionRequest $request
* @return string
*/
protected function getRequestNamespacePath($request)
{
if (!$request instanceof \TYPO3\FLOW3\Http\Request) {
$parentPath = $this->getRequestNamespacePath($request->getParentRequest());
return $parentPath . ($parentPath !== '' && $request->getArgumentNamespace() !== '' ? '.' : '') . $request->getArgumentNamespace();
} else {
return '';
}
}
/**
* @test
*/
public function redirectUsesRequestFormatAsDefaultAndUnsetsSubPackageKeyIfNeccessary()
{
$arguments = array('foo' => 'bar');
$request = new ActionRequest(HttpRequest::create(new Uri('http://localhost/foo.json')));
$request->setFormat('json');
$response = new HttpResponse();
$mockUriBuilder = $this->getMock('TYPO3\\FLOW3\\Mvc\\Routing\\UriBuilder');
$mockUriBuilder->expects($this->once())->method('reset')->will($this->returnValue($mockUriBuilder));
$mockUriBuilder->expects($this->once())->method('setFormat')->with('json')->will($this->returnValue($mockUriBuilder));
$mockUriBuilder->expects($this->once())->method('setCreateAbsoluteUri')->will($this->returnValue($mockUriBuilder));
$mockUriBuilder->expects($this->once())->method('uriFor')->with('show', $arguments, 'Stuff', 'Super', NULL)->will($this->returnValue('the uri'));
$controller = $this->getAccessibleMock('TYPO3\\FLOW3\\Mvc\\Controller\\AbstractController', array('processRequest', 'redirectToUri'));
$this->inject($controller, 'flashMessageContainer', new FlashMessageContainer());
$controller->_call('initializeController', $request, $response);
$this->inject($controller, 'uriBuilder', $mockUriBuilder);
$controller->expects($this->once())->method('redirectToUri')->with('the uri');
$controller->_call('redirect', 'show', 'Stuff', 'Super', $arguments);
}
/**
* @test
* @expectedException \TYPO3\FLOW3\Security\Exception\InvalidHashException
*/
public function getReferringRequestThrowsAnExceptionIfTheHmacOfTheArgumentsCouldNotBeValid()
{
$referrer = array('@controller' => 'Foo', '@action' => 'bar', 'arguments' => base64_encode('some manipulated arguments string without valid HMAC'));
$httpRequest = HttpRequest::create(new Uri('http://acme.com', 'GET'));
$request = new ActionRequest($httpRequest);
$request->setArgument('__referrer', $referrer);
$this->inject($request, 'hashService', new \TYPO3\FLOW3\Security\Cryptography\HashService());
$request->getReferringRequest();
}
/**
* Initialize the property mapping configuration in $controllerArguments if
* the trusted properties are set inside the request.
*
* @param \TYPO3\FLOW3\Mvc\ActionRequest $request
* @param \TYPO3\FLOW3\Mvc\Controller\Arguments $controllerArguments
* @return void
*/
public function initializePropertyMappingConfigurationFromRequest(\TYPO3\FLOW3\Mvc\ActionRequest $request, \TYPO3\FLOW3\Mvc\Controller\Arguments $controllerArguments)
{
$trustedPropertiesToken = $request->getInternalArgument('__trustedProperties');
if (!is_string($trustedPropertiesToken)) {
return;
}
$serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken);
$trustedProperties = unserialize($serializedTrustedProperties);
foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
if (!$controllerArguments->hasArgument($propertyName)) {
continue;
}
$propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration();
$this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
}
}
/**
* Creates a new Action Request request as a sub request to this HTTP request.
* Maps the arguments of this request to the new Action Request.
*
* @return \TYPO3\FLOW3\Mvc\ActionRequest
*/
public function createActionRequest()
{
$actionRequest = new ActionRequest($this);
$actionRequest->setArguments($this->arguments);
return $actionRequest;
}
