Example #1
0
 /**
  * Resolves the class name of a request pattern. If a valid request pattern class name is given, it is just returned.
  *
  * @param string $name The (short) name of the pattern
  * @return string The class name of the request pattern, NULL if no class was found.
  * @throws \TYPO3\FLOW3\Security\Exception\NoRequestPatternFoundException
  */
 public function resolveRequestPatternClass($name)
 {
     $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName($name);
     if ($resolvedObjectName !== FALSE) {
         return $resolvedObjectName;
     }
     $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName('TYPO3\\FLOW3\\Security\\RequestPattern\\' . $name);
     if ($resolvedObjectName !== FALSE) {
         return $resolvedObjectName;
     }
     throw new \TYPO3\FLOW3\Security\Exception\NoRequestPatternFoundException('A request pattern with the name: "' . $name . '" could not be resolved.', 1217154134);
 }
Example #2
0
 /**
  * Resolves the class name of an authentication provider. If a valid provider class name is given, it is just returned.
  *
  * @param string $providerName The (short) name of the provider
  * @return string The object name of the authentication provider
  * @throws \TYPO3\FLOW3\Security\Exception\NoAuthenticationProviderFoundException
  */
 public function resolveProviderClass($providerName)
 {
     $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName($providerName);
     if ($resolvedObjectName !== FALSE) {
         return $resolvedObjectName;
     }
     $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName('TYPO3\\FLOW3\\Security\\Authentication\\Provider\\' . $providerName);
     if ($resolvedObjectName !== FALSE) {
         return $resolvedObjectName;
     }
     throw new \TYPO3\FLOW3\Security\Exception\NoAuthenticationProviderFoundException('An authentication provider with the name "' . $providerName . '" could not be resolved.', 1217154134);
 }
Example #3
0
 /**
  * Resolves the class name of a security interceptor. If a valid interceptor class name is given, it is just returned.
  *
  * @param string $name The (short) name of the interceptor
  * @return string The class name of the security interceptor, NULL if no class was found.
  * @throws \TYPO3\FLOW3\Security\Exception\NoInterceptorFoundException
  */
 public function resolveInterceptorClass($name)
 {
     $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName($name);
     if ($resolvedObjectName !== FALSE) {
         return $resolvedObjectName;
     }
     $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName('TYPO3\\FLOW3\\Security\\Authorization\\Interceptor\\' . $name);
     if ($resolvedObjectName !== FALSE) {
         return $resolvedObjectName;
     }
     throw new \TYPO3\FLOW3\Security\Exception\NoInterceptorFoundException('A security interceptor with the name: "' . $name . '" could not be resolved.', 1217154134);
 }
Example #4
0
 /**
  * Execute a task
  *
  * @param string $task
  * @param \TYPO3\Deploy\Domain\Model\Node $node
  * @param \TYPO3\Deploy\Domain\Model\Application $application
  * @param \TYPO3\Deploy\Domain\Model\Deployment $deployment
  * @param array $options
  * @return void
  */
 public function execute($task, \TYPO3\Deploy\Domain\Model\Node $node, \TYPO3\Deploy\Domain\Model\Application $application, \TYPO3\Deploy\Domain\Model\Deployment $deployment, array $options = array())
 {
     list($packageKey, $taskName) = explode(':', $task, 2);
     $taskClassName = strtr($packageKey, '.', '\\') . '\\Task\\' . strtr($taskName, ':', '\\') . 'Task';
     $taskObjectName = $this->objectManager->getCaseSensitiveObjectName($taskClassName);
     if (!$this->objectManager->isRegistered($taskObjectName)) {
         throw new \Exception('Task "' . $task . '" not registered ' . $taskClassName);
     }
     $task = $this->objectManager->create($taskObjectName);
     if (!$deployment->isDryRun()) {
         $task->execute($node, $application, $deployment, $options);
     } else {
         $task->simulate($node, $application, $deployment, $options);
     }
     $this->taskHistory[] = array('task' => $task, 'node' => $node, 'application' => $application, 'deployment' => $deployment, 'options' => $options);
 }
Example #5
0
 /**
  * Returns the object name of the controller defined by the package, subpackage key and
  * controller name
  *
  * @param string $packageKey the package key of the controller
  * @param string $subPackageKey the subpackage key of the controller
  * @param string $controllerName the controller name excluding the "Controller" suffix
  * @return string The controller's Object Name or NULL if the controller does not exist
  * @api
  */
 public function getControllerObjectName($packageKey, $subPackageKey, $controllerName)
 {
     $possibleObjectName = $this->controllerObjectNamePattern;
     $possibleObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleObjectName);
     $possibleObjectName = str_replace('@subpackage', $subPackageKey, $possibleObjectName);
     $possibleObjectName = str_replace('@controller', $controllerName, $possibleObjectName);
     $possibleObjectName = str_replace('\\\\', '\\', $possibleObjectName);
     $controllerObjectName = $this->objectManager->getCaseSensitiveObjectName($possibleObjectName);
     return $controllerObjectName !== FALSE ? $controllerObjectName : NULL;
 }
Example #6
0
 /**
  * Adds a CSRF token as argument in the URI builder
  *
  * @FLOW3\Before("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Routing\UriBuilder->build())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return void
  */
 public function addCsrfTokenToUri(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $uriBuilder = $joinPoint->getProxy();
     $arguments = $joinPoint->getMethodArgument('arguments');
     $packageKey = isset($arguments['@package']) ? $arguments['@package'] : '';
     $subpackageKey = isset($arguments['@subpackage']) ? $arguments['@subpackage'] : '';
     $controllerName = isset($arguments['@controller']) ? $arguments['@controller'] : 'Standard';
     $actionName = (isset($arguments['@action']) ? $arguments['@action'] : 'index') . 'Action';
     $possibleObjectName = '@package\\@subpackage\\Controller\\@controllerController';
     $possibleObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleObjectName);
     $possibleObjectName = str_replace('@subpackage', $subpackageKey, $possibleObjectName);
     $possibleObjectName = str_replace('@controller', $controllerName, $possibleObjectName);
     $possibleObjectName = str_replace('\\\\', '\\', $possibleObjectName);
     $lowercaseObjectName = strtolower($possibleObjectName);
     $className = $this->objectManager->getClassNameByObjectName($this->objectManager->getCaseSensitiveObjectName($lowercaseObjectName));
     if ($this->policyService->hasPolicyEntryForMethod($className, $actionName) && !$this->reflectionService->isMethodAnnotatedWith($className, $actionName, 'TYPO3\\FLOW3\\Annotations\\SkipCsrfProtection')) {
         $internalArguments = $uriBuilder->getArguments();
         $internalArguments['__csrfToken'] = $this->securityContext->getCsrfProtectionToken();
         $uriBuilder->setArguments($internalArguments);
     }
 }
Example #7
0
 /**
  * Determines the fully qualified view object name.
  *
  * @return mixed The fully qualified view object name or FALSE if no matching view could be found.
  * @api
  */
 protected function resolveViewObjectName()
 {
     $possibleViewObjectName = $this->viewObjectNamePattern;
     $packageKey = $this->request->getControllerPackageKey();
     $subpackageKey = $this->request->getControllerSubpackageKey();
     $format = $this->request->getFormat();
     if ($subpackageKey !== NULL && $subpackageKey !== '') {
         $packageKey .= '\\' . $subpackageKey;
     }
     $possibleViewObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleViewObjectName);
     $possibleViewObjectName = str_replace('@controller', $this->request->getControllerName(), $possibleViewObjectName);
     $possibleViewObjectName = str_replace('@action', $this->request->getControllerActionName(), $possibleViewObjectName);
     $viewObjectName = $this->objectManager->getCaseSensitiveObjectName(strtolower(str_replace('@format', $format, $possibleViewObjectName)));
     if ($viewObjectName === FALSE) {
         $viewObjectName = $this->objectManager->getCaseSensitiveObjectName(strtolower(str_replace('@format', '', $possibleViewObjectName)));
     }
     if ($viewObjectName === FALSE && isset($this->viewFormatToObjectNameMap[$format])) {
         $viewObjectName = $this->viewFormatToObjectNameMap[$format];
     }
     return $viewObjectName;
 }
Example #8
0
 /**
  * Sets the package key of the controller.
  *
  * This function tries to determine the correct case for the given package key.
  * If the Package Manager does not know the specified package, the package key
  * cannot be verified or corrected and is stored as is.
  *
  * @param string $packageKey The package key
  * @return void
  * @api
  */
 public function setControllerPackageKey($packageKey)
 {
     $upperCamelCasedPackageClassName = $this->objectManager->getCaseSensitiveObjectName(str_replace('.', '\\', $packageKey) . '\\Package');
     $this->controllerPackageKey = $upperCamelCasedPackageClassName !== FALSE ? substr(str_replace('\\', '.', $upperCamelCasedPackageClassName), 0, strlen($packageKey)) : $packageKey;
 }