/**
* Handles redirects in case of dispatch errors caused by unauthorized access
*
* @param MvcEvent $event
* @return void
*/
public function onError(MvcEvent $event)
{
if (!$event->getRequest() instanceof HttpRequest || !($routeMatch = $event->getRouteMatch())) {
return;
}
if (null === $this->redirectUri) {
if (null === $this->redirectRoute) {
if ($this->authenticationService->hasIdentity()) {
$this->setRedirectRoute($this->options->getAuthenticatedIdentityRedirectRoute());
} else {
$this->setRedirectRoute($this->options->getUnauthenticatedIdentityRedirectRoute());
}
}
if (!($this->redirectRoute && $this->redirectRoute !== $routeMatch->getMatchedRouteName())) {
return parent::onError($event);
}
$params = ['name' => $this->redirectRoute];
if ($this->options->getUseRedirectParameter()) {
$redirectKey = $this->options->getRedirectKey();
$params['query'][$redirectKey] = $event->getRequest()->getUriString();
}
$this->setRedirectUri($event->getRouter()->assemble([], $params));
}
$response = $event->getResponse() ?: new HttpResponse();
$response->getHeaders()->addHeaderLine('Location', $this->redirectUri);
$response->setStatusCode(302);
$event->setResponse($response);
}
/**
* @private
* @param MvcEvent $event
* @return void
*/
public function onError(MvcEvent $event)
{
// Do nothing if no error or if response is not HTTP response
if (!$event->getParam('exception') instanceof UnauthorizedExceptionInterface || $event->getResult() instanceof HttpResponse || !$event->getResponse() instanceof HttpResponse) {
return;
}
$router = $event->getRouter();
if ($this->authenticationService->hasIdentity()) {
if (!$this->options->getRedirectWhenConnected()) {
return;
}
$redirectRoute = $this->options->getRedirectToRouteConnected();
} else {
$redirectRoute = $this->options->getRedirectToRouteDisconnected();
}
$uri = $router->assemble([], ['name' => $redirectRoute]);
if ($this->options->getAppendPreviousUri()) {
$redirectKey = $this->options->getPreviousUriQueryKey();
$previousUri = $event->getRequest()->getUriString();
$uri = $router->assemble([], ['name' => $redirectRoute, 'query' => [$redirectKey => $previousUri]]);
}
$response = $event->getResponse() ?: new HttpResponse();
$response->getHeaders()->addHeaderLine('Location', $uri);
$response->setStatusCode(302);
$event->setResponse($response);
$event->setResult($response);
}
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null)
{
$registration = $this->service->registrationPath();
$logout = $this->service->logoutPath();
$login = $this->service->loginPath();
$base = $this->service->basePath();
$uri = $request->getUri();
$path = $uri->getPath();
if ($path === $logout) {
$this->service->clearIdentity();
// including the user session
return $this->redirectTo($uri->withPath($login));
}
// Disallow to render the view (by default) if not authenticated
if (!$this->service->hasIdentity()) {
switch ($path) {
case $login:
return $next($request, $response);
case $registration:
return $next($request, $response);
default:
return $this->redirectTo($uri->withPath($login));
}
}
switch ($path) {
case $login:
return $this->redirectTo($uri->withPath($base));
case $registration:
return $this->redirectTo($uri->withPath($base));
}
return $next($request, $response);
}
/**
* Retrieve the current identity, if any.
*
* If none is present, returns null.
*
* @return mixed|null
* @throws Exception\RuntimeException
*/
public function __invoke()
{
if (!$this->authenticationService instanceof AuthenticationServiceInterface) {
throw new Exception\RuntimeException('No AuthenticationServiceInterface instance provided; cannot lookup identity');
}
if (!$this->authenticationService->hasIdentity()) {
return;
}
return $this->authenticationService->getIdentity();
}
public function __invoke(ServerRequestInterface $req, Response $res)
{
if ($this->authService->hasIdentity()) {
$identity = $this->authService->getIdentity();
$events = $this->events;
$this->authService->clearIdentity();
$events('trigger', 'logout', $identity, $this->redirectUrl);
}
return $res->withRedirect($this->redirectUrl);
}
/**
* Determines whether or not user has access to requested resource.
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param callable $next
*
* @return ResponseInterface
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
$route = $request->getAttribute('route', null);
if ($route === null) {
// User likely accessing a nonexistent route. Calling next middleware.
return $next($request, $response);
}
$role = $this->getRole($this->auth->getIdentity());
$resource = $route->getPattern();
/*
* THIS BUG HAPPENED WHEN ROUTE DID NOT SET ->allow([roles])
* Hope fix problems when an optional / maybe followed by arguments
* Route::group('/venues', function (){
Route::get('/', ...
Route::get('[/{id:[0-9]+}]', ...
dont work for groups that do not have a sub route like '/'
*/
// $resource = preg_replace("|\[\/[^\[].*\]|", "/", $route->getPattern());
// $resource = $route->getIdentifier();
$privilege = $request->getMethod();
// $isAllowed = false;
// if(!$this->acl && $route instanceof AuthorizableRoute){
// $route->getAcl()->isAllowed($role, $resource, $privilege);
// } else {
// $this->acl->isAllowed($role, $resource, $privilege);
// }
// var_dump($this->acl);
$isAllowed = $this->acl->isAllowed($role, $resource, $privilege);
$isAuthenticated = $this->auth->hasIdentity();
if ($isAllowed) {
return $next($request, $response);
}
if ($isAuthenticated) {
// Authenticated but unauthorized for this resource
return $this->handler->notAuthorized($response);
}
// Not authenticated and must be authenticated to access this resource
return $this->handler->notAuthenticated($response);
}
