Example #1
0
 /**
  * Updates the password credential from the POST vars, if the POST parameters
  * are available. Sets the authentication status to AUTHENTICATION_NEEDED, if credentials have been sent.
  *
  * Note: You need to send the password in this POST parameter:
  *       __authentication[TYPO3][FLOW3][Security][Authentication][Token][PasswordToken][password]
  *
  * @param \TYPO3\FLOW3\Mvc\ActionRequest $actionRequest The current action request
  * @return void
  */
 public function updateCredentials(\TYPO3\FLOW3\Mvc\ActionRequest $actionRequest)
 {
     if ($actionRequest->getHttpRequest()->getMethod() !== 'POST') {
         return;
     }
     $postArguments = $actionRequest->getInternalArguments();
     $password = \TYPO3\FLOW3\Reflection\ObjectAccess::getPropertyPath($postArguments, '__authentication.TYPO3.FLOW3.Security.Authentication.Token.PasswordToken.password');
     if (!empty($password)) {
         $this->credentials['password'] = $password;
         $this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
     }
 }
 /**
  * Updates the username and password credentials from the HTTP authorization header.
  * Sets the authentication status to AUTHENTICATION_NEEDED, if the header has been
  * sent, to NO_CREDENTIALS_GIVEN if no authorization header was there.
  *
  * @param \TYPO3\FLOW3\Mvc\ActionRequest $actionRequest The current action request instance
  * @return void
  */
 public function updateCredentials(\TYPO3\FLOW3\Mvc\ActionRequest $actionRequest)
 {
     $authorizationHeader = $actionRequest->getHttpRequest()->getHeaders()->get('Authorization');
     if (substr($authorizationHeader, 0, 5) === 'Basic') {
         $credentials = base64_decode(substr($authorizationHeader, 6));
         $this->credentials['username'] = substr($credentials, 0, strpos($credentials, ':'));
         $this->credentials['password'] = substr($credentials, strpos($credentials, ':') + 1);
         $this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
     } else {
         $this->credentials = array('username' => NULL, 'password' => NULL);
         $this->authenticationStatus = self::NO_CREDENTIALS_GIVEN;
     }
 }
Example #3
0
 /**
  * Updates the username and password credentials from the POST vars, if the POST parameters
  * are available. Sets the authentication status to REAUTHENTICATION_NEEDED, if credentials have been sent.
  *
  * @param \TYPO3\FLOW3\Mvc\ActionRequest $actionRequest The current action request instance
  * @return void
  */
 public function updateCredentials(\TYPO3\FLOW3\Mvc\ActionRequest $actionRequest)
 {
     $getArguments = $actionRequest->getArguments();
     if (!empty($getArguments['user']) && !empty($getArguments['signature']) && !empty($getArguments['expires']) && !empty($getArguments['version']) && !empty($getArguments['tpa_id']) && !empty($getArguments['action']) && !empty($getArguments['flags']) && !empty($getArguments['userdata'])) {
         $this->credentials['username'] = $getArguments['user'];
         $this->credentials['signature'] = \TYPO3\FLOW3\Utility\TypeHandling::hex2bin($getArguments['signature']);
         $this->credentials['expires'] = $getArguments['expires'];
         $this->credentials['version'] = $getArguments['version'];
         $this->credentials['tpaId'] = $getArguments['tpa_id'];
         $this->credentials['action'] = $getArguments['action'];
         $this->credentials['flags'] = $getArguments['flags'];
         $this->credentials['userdata'] = $getArguments['userdata'];
         $this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
     }
 }
Example #4
0
 /**
  * @test
  */
 public function dispatchContinuesWithNextRequestFoundInAForwardException()
 {
     $httpRequest = Request::create(new Uri('http://localhost'));
     $httpResponse = new Response();
     $mainRequest = $httpRequest->createActionRequest();
     $subRequest = new ActionRequest($mainRequest);
     $nextRequest = $httpRequest->createActionRequest();
     $mainRequest->setDispatched(TRUE);
     $mainRequest->setControllerSubPackageKey('main');
     $subRequest->setControllerSubPackageKey('sub');
     $nextRequest->setControllerSubPackageKey('next');
     $mockController = $this->getMock('TYPO3\\FLOW3\\Mvc\\Controller\\ControllerInterface', array('processRequest'));
     $mockController->expects($this->at(0))->method('processRequest')->will($this->returnCallback(function (ActionRequest $request) use($nextRequest) {
         $request->setDispatched(TRUE);
         $forwardException = new ForwardException();
         $forwardException->setNextRequest($nextRequest);
         throw $forwardException;
     }));
     $mockController->expects($this->at(1))->method('processRequest')->will($this->returnCallback(function (ActionRequest $request) use($nextRequest) {
         // NOTE: PhpUnit creates a clone of $nextRequest, thus $request is not the same instance as expected.
         if ($request == $nextRequest) {
             $nextRequest->setDispatched(TRUE);
         }
     }));
     $dispatcher = $this->getMock('TYPO3\\FLOW3\\Mvc\\Dispatcher', array('resolveController', 'emitAfterControllerInvocation'), array(), '', FALSE);
     $dispatcher->expects($this->any())->method('resolveController')->will($this->returnValue($mockController));
     $dispatcher->dispatch($subRequest, $httpResponse);
 }
Example #5
0
 /**
  * @test
  */
 public function buildAddsActionNameFromRootRequestIfRequestIsOfTypeSubRequest()
 {
     $expectedArguments = array('@action' => 'RootRequestActionName');
     $this->mockMainRequest->expects($this->once())->method('getControllerActionName')->will($this->returnValue('RootRequestActionName'));
     $this->mockMainRequest->expects($this->any())->method('getArguments')->will($this->returnValue(array()));
     $this->uriBuilder->setRequest($this->mockSubRequest);
     $this->uriBuilder->build();
     $this->assertEquals($expectedArguments, $this->uriBuilder->getLastArguments());
 }
Example #6
0
 /**
  * Set the default controller and action names if none has been specified.
  *
  * @return void
  */
 protected function setDefaultControllerAndActionNameIfNoneSpecified()
 {
     if ($this->actionRequest->getControllerName() === NULL) {
         $this->actionRequest->setControllerName('Standard');
     }
     if ($this->actionRequest->getControllerActionName() === NULL) {
         $this->actionRequest->setControllerActionName('index');
     }
 }
Example #7
0
 /**
  * Maps arguments delivered by the request object to the local controller arguments.
  *
  * @return void
  * @throws \TYPO3\FLOW3\Mvc\Exception\RequiredArgumentMissingException
  * @api
  */
 protected function mapRequestArgumentsToControllerArguments()
 {
     foreach ($this->arguments as $argument) {
         $argumentName = $argument->getName();
         if ($this->request->hasArgument($argumentName)) {
             $argument->setValue($this->request->getArgument($argumentName));
         } elseif ($argument->isRequired()) {
             throw new \TYPO3\FLOW3\Mvc\Exception\RequiredArgumentMissingException('Required argument "' . $argumentName . '" is not set.', 1298012500);
         }
     }
 }
Example #8
0
 /**
  * Redirects the web request to another uri.
  *
  * NOTE: This method only supports web requests and will throw an exception
  * if used with other request types.
  *
  * @param mixed $uri Either a string representation of a URI or a \TYPO3\FLOW3\Http\Uri object
  * @param integer $delay (optional) The delay in seconds. Default is no delay.
  * @param integer $statusCode (optional) The HTTP status code for the redirect. Default is "303 See Other"
  * @return void
  * @throws \TYPO3\FLOW3\Mvc\Exception\StopActionException
  * @api
  */
 protected function redirectToUri($uri, $delay = 0, $statusCode = 303)
 {
     // the parent method throws the exception, but we need to act afterwards
     // thus the code in catch - it's the expected state
     try {
         parent::redirectToUri($uri, $delay, $statusCode);
     } catch (\TYPO3\FLOW3\Mvc\Exception\StopActionException $exception) {
         if ($this->request->getFormat() === 'json') {
             $this->response->setContent('');
         }
         throw $exception;
     }
 }
 /**
  * @param array $module
  * @return void
  * @FLOW3\SkipCsrfProtection
  */
 public function indexAction(array $module)
 {
     $moduleRequest = new ActionRequest($this->request);
     $moduleRequest->setArgumentNamespace('moduleArguments');
     $moduleRequest->setControllerObjectName($module['controller']);
     $moduleRequest->setControllerActionName($module['action']);
     if ($this->request->hasArgument($moduleRequest->getArgumentNamespace()) === TRUE && is_array($this->request->getArgument($moduleRequest->getArgumentNamespace()))) {
         $moduleRequest->setArguments($this->request->getArgument($moduleRequest->getArgumentNamespace()));
     }
     foreach ($this->request->getPluginArguments() as $argumentNamespace => $argument) {
         $moduleRequest->setArgument('--' . $argumentNamespace, $argument);
     }
     $modules = explode('/', $module['module']);
     $moduleConfiguration = \TYPO3\FLOW3\Utility\Arrays::getValueByPath($this->settings['modules'], implode('.submodules.', $modules));
     $moduleConfiguration['path'] = $module['module'];
     $moduleBreadcrumb = array();
     $path = array();
     foreach ($modules as $moduleIdentifier) {
         array_push($path, $moduleIdentifier);
         $config = \TYPO3\FLOW3\Utility\Arrays::getValueByPath($this->settings['modules'], implode('.submodules.', $path));
         $moduleBreadcrumb[implode('/', $path)] = $config['label'];
     }
     $moduleRequest->setArgument('__moduleConfiguration', $moduleConfiguration);
     $moduleRequest->setArgument('__moduleBreadcrumb', $moduleBreadcrumb);
     $moduleResponse = new Response($this->response);
     $this->dispatcher->dispatch($moduleRequest, $moduleResponse);
     $this->view->assignMultiple(array('moduleClass' => implode('-', $modules), 'moduleContents' => $moduleResponse->getContent(), 'title' => $moduleRequest->hasArgument('title') ? $moduleRequest->getArgument('title') : $moduleConfiguration['label'], 'rootModule' => array_shift($modules), 'submodule' => array_shift($modules), 'moduleConfiguration' => $moduleConfiguration));
 }
Example #10
0
 /**
  * Get the path of the argument namespaces of all parent requests.
  * Example: mainrequest.subrequest.subsubrequest
  *
  * @param \TYPO3\FLOW3\Mvc\ActionRequest $request
  * @return string
  */
 protected function getRequestNamespacePath($request)
 {
     if (!$request instanceof \TYPO3\FLOW3\Http\Request) {
         $parentPath = $this->getRequestNamespacePath($request->getParentRequest());
         return $parentPath . ($parentPath !== '' && $request->getArgumentNamespace() !== '' ? '.' : '') . $request->getArgumentNamespace();
     } else {
         return '';
     }
 }
Example #11
0
 /**
  * @test
  */
 public function redirectUsesRequestFormatAsDefaultAndUnsetsSubPackageKeyIfNeccessary()
 {
     $arguments = array('foo' => 'bar');
     $request = new ActionRequest(HttpRequest::create(new Uri('http://localhost/foo.json')));
     $request->setFormat('json');
     $response = new HttpResponse();
     $mockUriBuilder = $this->getMock('TYPO3\\FLOW3\\Mvc\\Routing\\UriBuilder');
     $mockUriBuilder->expects($this->once())->method('reset')->will($this->returnValue($mockUriBuilder));
     $mockUriBuilder->expects($this->once())->method('setFormat')->with('json')->will($this->returnValue($mockUriBuilder));
     $mockUriBuilder->expects($this->once())->method('setCreateAbsoluteUri')->will($this->returnValue($mockUriBuilder));
     $mockUriBuilder->expects($this->once())->method('uriFor')->with('show', $arguments, 'Stuff', 'Super', NULL)->will($this->returnValue('the uri'));
     $controller = $this->getAccessibleMock('TYPO3\\FLOW3\\Mvc\\Controller\\AbstractController', array('processRequest', 'redirectToUri'));
     $this->inject($controller, 'flashMessageContainer', new FlashMessageContainer());
     $controller->_call('initializeController', $request, $response);
     $this->inject($controller, 'uriBuilder', $mockUriBuilder);
     $controller->expects($this->once())->method('redirectToUri')->with('the uri');
     $controller->_call('redirect', 'show', 'Stuff', 'Super', $arguments);
 }
Example #12
0
 /**
  * @test
  * @expectedException \TYPO3\FLOW3\Security\Exception\InvalidHashException
  */
 public function getReferringRequestThrowsAnExceptionIfTheHmacOfTheArgumentsCouldNotBeValid()
 {
     $referrer = array('@controller' => 'Foo', '@action' => 'bar', 'arguments' => base64_encode('some manipulated arguments string without valid HMAC'));
     $httpRequest = HttpRequest::create(new Uri('http://acme.com', 'GET'));
     $request = new ActionRequest($httpRequest);
     $request->setArgument('__referrer', $referrer);
     $this->inject($request, 'hashService', new \TYPO3\FLOW3\Security\Cryptography\HashService());
     $request->getReferringRequest();
 }
 /**
  * Initialize the property mapping configuration in $controllerArguments if
  * the trusted properties are set inside the request.
  *
  * @param \TYPO3\FLOW3\Mvc\ActionRequest $request
  * @param \TYPO3\FLOW3\Mvc\Controller\Arguments $controllerArguments
  * @return void
  */
 public function initializePropertyMappingConfigurationFromRequest(\TYPO3\FLOW3\Mvc\ActionRequest $request, \TYPO3\FLOW3\Mvc\Controller\Arguments $controllerArguments)
 {
     $trustedPropertiesToken = $request->getInternalArgument('__trustedProperties');
     if (!is_string($trustedPropertiesToken)) {
         return;
     }
     $serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken);
     $trustedProperties = unserialize($serializedTrustedProperties);
     foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
         if (!$controllerArguments->hasArgument($propertyName)) {
             continue;
         }
         $propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration();
         $this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
     }
 }
Example #14
0
 /**
  * Creates a new Action Request request as a sub request to this HTTP request.
  * Maps the arguments of this request to the new Action Request.
  *
  * @return \TYPO3\FLOW3\Mvc\ActionRequest
  */
 public function createActionRequest()
 {
     $actionRequest = new ActionRequest($this);
     $actionRequest->setArguments($this->arguments);
     return $actionRequest;
 }