public function findCursor(Query $query) { $current = $this->request->query('cursor'); $limit = $this->request->query('limit') ?: 10; if ($current) { $query->where(['id >' => $current]); } $query->limit($limit); return $query; }
/** * Enriches all of the passed audit logs to add the request * info metadata. * * @param Event The AuditStash.beforeLog event * @param array $logs The audit log event objects * @return void */ public function beforeLog(Event $event, array $logs) { $meta = ['ip' => $this->request->clientIp(), 'url' => $this->request->here(), 'user' => $this->user]; foreach ($logs as $log) { $log->setMetaInfo($log->getMetaInfo() + $meta); } }
public function beforeSave(Event $event, EntityInterface $entity) { if ($entity === null) { return true; } $isNew = $entity->isNew(); $fields = $this->config('fields'); $ip = self::$_request->clientIp(); foreach ($fields as $field => $when) { $when = strtolower($when); if (!in_array($when, ['always', 'new'])) { throw new UnexpectedValueException(sprintf('"When" should be one of "always", "new". The passed value "%s" is invalid', $when)); } switch ($when) { case 'always': $entity->set($field, $ip); continue; break; case 'new': if ($isNew) { $entity->set($field, $ip); continue; } break; } } return true; }
/** * Get data of the request * * @param Request $request * @return array */ public function getData(Request $request) { $data = $request->data('attributes'); if ($request->data('id')) { $data['id'] = $request->data('id'); } return $data; }
/** * {@inheritDoc} */ public function val($field, $options = []) { $options += ['default' => null, 'schemaDefault' => true]; $val = $this->_request->data($field); if ($val !== null) { return $val; } return $options['default']; }
/** * Permission extract constructor. * * @param $user * @param Request $request */ public function __construct($user, Request $request) { $this->_request = $request; $this->_user = (array) $user; $this->_requestPref = $request->param('prefix'); $this->_controller = $request->param('Controller'); $this->_setAclPlugins(); $this->_setupAllowed(); }
/** * Setup * * @return void */ public function setUp() { parent::setUp(); Router::connect('/:controller/:action'); $request = new Request(); $request->addParams(array('controller' => 'pages', 'action' => 'display')); $this->View = new View($request); $this->Toolbar = new ToolbarHelper($this->View); }
/** * test check() failing * * @return void */ public function testAuthorizeCheckFailure() { $request = new Request('posts/index'); $request->addParams(['controller' => 'posts', 'action' => 'index']); $user = ['Users' => ['username' => 'mark']]; $this->_mockAcl(); $this->Acl->expects($this->once())->method('check')->with($user, 'Posts', 'read')->will($this->returnValue(false)); $this->assertFalse($this->auth->authorize($user['Users'], $request)); }
/** * User authorize. * * @param array $user * @param Request $request * @return bool */ public function authorize($user, Request $request) { $user = new Data($user); // Allow all for admin role. if (Role::ADMIN_ID == $user->get('role_id', Role::PUBLIC_ID)) { return true; } return (bool) $request->param('allowed'); }
/** * Checks the fields to ensure they are supplied. * * @param \Cake\Network\Request $request The request that contains login information. * @param array $fields The fields to be checked. * @return bool False if the fields have not been supplied. True if they exist. */ protected function _checkFields(Request $request, array $fields) { foreach ([$fields['username'], $fields['password']] as $field) { $value = $request->data($field); if (empty($value) || !is_string($value)) { return false; } } return true; }
/** * test setting parameters in beforeDispatch method * * @return void * @triggers __CLASS__ $this, compact(request) */ public function testBeforeDispatchSkipWhenControllerSet() { $filter = new RoutingFilter(); $request = new Request("/testcontroller/testaction/params1/params2/params3"); $request->addParams(['controller' => 'articles']); $event = new Event(__CLASS__, $this, compact('request')); $filter->beforeDispatch($event); $this->assertSame($request->params['controller'], 'articles'); $this->assertEmpty($request->params['action']); }
/** * test authenticate token as request header * * @return void */ public function testAuthenticateTokenHeader() { $request = new Request('posts/index'); $expected = ['id' => 1, 'user_name' => 'mariano', 'email' => '*****@*****.**', 'token' => '12345', 'created' => new Time('2007-03-17 01:16:23'), 'updated' => new Time('2007-03-17 01:18:31')]; $request->env('HTTP_X_APITOKEN', '12345'); $result = $this->auth->getUser($request, $this->response); $this->assertEquals($expected, $result); $request->env('HTTP_X_APITOKEN', '66666'); $result = $this->auth->getUser($request, $this->response); $this->assertFalse($result); }
/** * Hands authorization over to the AnnAuthorize class. * @param array $user * An array containing information about the user to authorize. * @param Request $request * Describes the request to authorize. */ public function authorize($user, Request $request) { $controller = $this->_registry->getController(); $action = $request->param('action'); $pass = $request->param('pass'); Log::debug(sprintf('Trying to authorize user %s for request %s/%s and parameters %s.', $user['username'], $controller->name, $action, json_encode($pass))); $annAuthorization = AnnAuthorization::getInstance(); $authorized = $annAuthorization->authorizeRequest($user['id'], $controller, $action, $pass, $request); Log::debug(sprintf('Authorization %s', $authorized ? 'was successful.' : 'failed.')); return $authorized; }
/** * setup create a request object to get out of router later. * * @return void */ public function setUp() { parent::setUp(); Router::reload(); $request = new Request(); $request->base = ''; $request->env('HTTP_REFERER', '/referer'); Router::setRequestInfo($request); Configure::write('debug', true); $this->_logger = $this->getMock('Psr\\Log\\LoggerInterface'); Log::reset(); Log::config('error_test', ['engine' => $this->_logger]); }
/** * Get user's credentials (username and password) from either session or request data * * @param Request $request Request instance * @return array|bool */ protected function _getCredentials(Request $request) { $credentials = []; foreach (['username', 'password'] as $field) { if (!($credentials[$field] = $request->data($this->_config['fields'][$field]))) { $credentials[$field] = $this->_decrypt($request->session()->read('TwoFactorAuth.credentials.' . $field)); } if (empty($credentials[$field]) || !is_string($credentials[$field])) { return false; } } return $credentials; }
/** * Check and get current theme. * * @param Request $request * @return string|null */ public static function get(Request $request) { $theme = Configure::read('Theme.site'); if ($request->param('prefix') == 'admin') { $theme = Configure::read('Theme.admin'); } $path = self::_find($theme); if ($path !== null) { self::loadList([$theme]); return $theme; } return null; }
/** * Authenticate callback * Reads the stored cookie and auto login the user * * @param Request $request Cake request object. * @param Response $response Cake response object. * @return mixed */ public function authenticate(Request $request, Response $response) { $cookieName = Configure::read('Users.RememberMe.Cookie.name'); if (!$this->_registry->Cookie->check($cookieName)) { return false; } $cookie = $this->_registry->Cookie->read($cookieName); $this->config('fields.username', 'id'); $user = $this->_findUser($cookie['id']); if ($user && !empty($cookie['user_agent']) && $request->header('User-Agent') === $cookie['user_agent']) { return $user; } return false; }
/** * Check if the user can access to the given URL. * * @param array $params The params to check. * * @return bool */ public function check(array $params = []) { if (!$this->request->session()->read('Auth.User')) { return false; } $params += ['_base' => false]; $url = Router::url($params); $params = Router::parse($url); $user = [$this->Authorize->config('userModel') => $this->request->session()->read('Auth.User')]; $request = new Request(); $request->addParams($params); $action = $this->Authorize->action($request); return $this->Acl->check($user, $action); }
/** * {@inheritDoc} */ public function validate(Request $request) { if ($request->is('post')) { // The (User's) Remote Address $whatRemoteIP = env('REMOTE_ADDR') ? '&remoteip=' . env('REMOTE_ADDR') : ''; // The reCAPTCHA data is extracted from Request $gRecaptchaResponse = $request->data('g-recaptcha-response'); // Verify reCAPTCHA data $response = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . $this->config('secretKey') . '&response=' . $gRecaptchaResponse . $whatRemoteIP); $response = json_decode($response, true); // We return the Google server's response 'success' value return (bool) $response['success']; } return false; }
/** * testBeforeDispatch * * @return void */ public function testBeforeDispatch() { Configure::write('App.namespace', 'TestApp'); $filter = new ControllerFactoryFilter(); $request = new Request(); $response = new Response(); $request->addParams(['prefix' => 'admin', 'controller' => 'Posts', 'action' => 'index']); $event = new Event(__CLASS__, $this, compact('request', 'response')); $filter->beforeDispatch($event); $this->assertEquals('TestApp\\Controller\\Admin\\PostsController', get_class($event->data['controller'])); $request->addParams(['prefix' => 'admin/sub', 'controller' => 'Posts', 'action' => 'index']); $event = new Event(__CLASS__, $this, compact('request', 'response')); $filter->beforeDispatch($event); $this->assertEquals('TestApp\\Controller\\Admin\\Sub\\PostsController', get_class($event->data['controller'])); }
/** * Determines which content-types the client prefers. If no parameters are given, * the single content-type that the client most likely prefers is returned. If $type is * an array, the first item in the array that the client accepts is returned. * Preference is determined primarily by the file extension parsed by the Router * if provided, and secondarily by the list of content-types provided in * HTTP_ACCEPT. * * @param string|array $type An optional array of 'friendly' content-type names, i.e. * 'html', 'xml', 'js', etc. * @return mixed If $type is null or not provided, the first content-type in the * list, based on preference, is returned. If a single type is provided * a boolean will be returned if that type is preferred. * If an array of types are provided then the first preferred type is returned. * If no type is provided the first preferred type is returned. * @see RequestHandlerComponent::setContent() */ public function prefers($type = null) { $acceptRaw = $this->request->parseAccept(); if (empty($acceptRaw)) { return $this->ext; } $accepts = $this->response->mapType(array_shift($acceptRaw)); if (!$type) { if (empty($this->ext) && !empty($accepts)) { return $accepts[0]; } return $this->ext; } $types = (array) $type; if (count($types) === 1) { if (!empty($this->ext)) { return in_array($this->ext, $types); } return in_array($types[0], $accepts); } $intersect = array_values(array_intersect($accepts, $types)); if (empty($intersect)) { return false; } return $intersect[0]; }
public function testParamsRedirect() { $request = new Request(['url' => 'controller_posts/index', 'action' => 'index', '_method' => 'POST']); $request->env('REQUEST_METHOD', 'POST'); $request->action = 'index'; $request->data['Filter'] = ['Posts' => ['title' => 'foo', 'body' => 'bar', 'multi' => [1, 2]]]; $controller = new Controller($request); $controller->listFilters = ['index' => ['fields' => ['Posts.title' => ['searchType' => 'wildcard', 'options' => []], 'Posts.body' => ['searchType' => 'wildcard'], 'Posts.multi' => ['searchType' => 'multipleselect', 'options' => [1 => 'one', 2 => 'two']]]]]; $ListFilter = new ListFilterComponent($controller->components(), []); $event = new Event('Controller.startup', $controller); $ListFilter->startup($event); $this->assertEquals(array_keys($controller->listFilters['index']['fields']), array_keys($ListFilter->getFilters()['fields'])); // Check if the request is being redirected properly $redirectUrl = parse_url($controller->response->header()['Location']); $this->assertEquals(urldecode($redirectUrl['query']), 'Filter-Posts-title=foo&Filter-Posts-body=bar&Filter-Posts-multi[0]=1&Filter-Posts-multi[1]=2'); }
protected function filterMustBeCleared($options) { $current_path = $this->getComparisonPath($this->request->params); $referer_path = $this->getComparisonPath(Router::parse($this->request->referer(true))); if ($current_path == $referer_path) { return false; } else { $plugin = isset($this->request->params['plugin']) ? $this->request->params['plugin'] : null; $prefix = isset($this->request->params['prefix']) ? $this->request->params['prefix'] : null; $controller = $this->request->params['controller']; $action = $this->request->params['action']; $pass = isset($this->request->params['pass']) ? $this->request->params['pass'] : []; $query = isset($this->request->params['?']) ? $this->request->params['?'] : []; $referer = Router::parse($this->request->referer(true)); $referer_plugin = isset($referer['plugin']) ? $referer['plugin'] : null; $referer_prefix = isset($referer['prefix']) ? $referer['prefix'] : null; $referer_controller = $referer['controller']; $referer_action = $referer['action']; $referer_pass = isset($referer['pass']) ? $referer['pass'] : []; $referer_query = isset($referer['?']) ? $referer['?'] : []; if ($plugin == $referer_plugin && $prefix == $referer_prefix && $controller == $referer_controller) { if (isset($options['keep_filter_actions']) && is_array($options['keep_filter_actions'])) { if (in_array($referer_action, $options['keep_filter_actions'])) { return false; } } } } return true; }
/** * Get the value for a given path. * * Traverses the entity data and finds the value for $path. * * @param string $field The dot separated path to the value. * @param array $options Options: * - `default`: Default value to return if no value found in request * data or entity. * - `schemaDefault`: Boolen indicating whether default value from table * schema should be used if it's not explicitly provided. * @return mixed The value of the field or null on a miss. */ public function val($field, $options = []) { $options += ['default' => null, 'schemaDefault' => true]; $val = $this->_request->data($field); if ($val !== null) { return $val; } if (empty($this->_context['entity'])) { return $options['default']; } $parts = explode('.', $field); $entity = $this->entity($parts); if (end($parts) === '_ids' && !empty($entity)) { return $this->_extractMultiple($entity, $parts); } if ($entity instanceof EntityInterface) { $part = array_pop($parts); $val = $entity->get($part); if ($val !== null) { return $val; } if ($options['default'] !== null || !$options['schemaDefault'] || !$entity->isNew()) { return $options['default']; } return $this->_schemaDefault($part, $entity); } if (is_array($entity)) { $key = array_pop($parts); return isset($entity[$key]) ? $entity[$key] : null; } return null; }
/** * Retrieves or creates a user based on header data * * @param \Cake\Network\Request $request Request object. * @return mixed Either false or an array of user information */ protected function _getUser(Request $request) { $config = $this->_config; $username = $request->header($config['headers']['username']); $result = $this->_query($username)->first(); if (!empty($result)) { return $result; } $data = [$config['fields']['username'] => $username, $config['fields']['password'] => '', $config['fields']['name'] => $request->header($config['headers']['name']), $config['fields']['email'] => $request->header($config['headers']['email'])]; $table = TableRegistry::get($config['userModel']); $result = $table->newEntity($data); if (!$table->save($result)) { return false; } return $result; }
/** * Handle unauthenticated access attempt. In implementation valid return values * can be: * * - Null - No action taken, AuthComponent should return appropriate response. * - Cake\Network\Response - A response object, which will cause AuthComponent to * simply return that response. * * @param \Cake\Network\Request $request A request object. * @param \Cake\Network\Response $response A response object. * @return \Cake\Network\Response|bool */ public function unauthenticated(Request $request, Response $response) { $response->type('json'); $deviceId = $request->header($this->config('headerDeviceId')); $token = $request->header($this->config('headerToken')); if ($deviceId == null || $token == null) { return $this->unauthorizedResponse($response); } $generatedToken = $this->generateToken($deviceId); //Log::debug("CREATED TOKEN: ".$generatedToken); //Log::debug("SENT TOKEN: ".$token); if ($token != $generatedToken) { return $this->unauthorizedResponse($response); } return true; }
/** * @return void */ public function testAutoPostRedirectRefererNotWhitelisted() { $this->request->env('HTTP_REFERER', 'http://localhost/my_controller/wrong'); $is = $this->Controller->Common->autoPostRedirect(['controller' => 'MyController', 'action' => 'foo'], true); $is = $this->Controller->response->header(); $this->assertSame('http://localhost/my_controller/foo', $is['Location']); $this->assertSame(302, $this->Controller->response->statusCode()); }
/** * Authenticate callback * * @param Request $request Cake request object. * @param Response $response Cake response object. * @return bool|mixed */ public function authenticate(Request $request, Response $response) { $data = $request->session()->read(Configure::read('Users.Key.Session.social')); if (empty($data)) { return false; } $socialMail = Hash::get((array) $data->info, Configure::read('Users.Key.Data.email')); if (!empty($socialMail)) { $data->email = $socialMail; $data->validated = true; } else { $data->email = $request->data(Configure::read('Users.Key.Data.email')); $data->validated = false; } $user = $this->_findOrCreateUser($data); return $user; }
/** * Get node ref path by request. * * @return string */ protected function _getNodeRef() { $ref = ['type' => 'controllers', 'plugin' => null, 'prefix' => Inflector::camelize($this->_request->param('prefix')), 'controller' => $this->_request->param('controller')]; if ($this->_request->param('plugin') !== false) { $ref['plugin'] = FS::clean($this->_request->param('plugin'), '\\'); return implode('/', $ref); } return FS::clean(implode('/', $ref), '/'); }
/** * Get token from header or query string. * * @param \Cake\Network\Request $request Request object. * @return string|bool Token string if found else false. */ protected function _getToken($request) { $token = $request->env('HTTP_AUTHORIZATION'); // @codeCoverageIgnoreStart if (!$token && function_exists('getallheaders')) { $headers = array_change_key_case(getallheaders()); if (isset($headers['authorization']) && substr($headers['authorization'], 0, 7) === 'Bearer ') { $token = $headers['authorization']; } } // @codeCoverageIgnoreEnd if ($token) { return substr($token, 7); } if (!empty($this->_config['parameter']) && isset($request->query[$this->_config['parameter']])) { $token = $request->query($this->_config['parameter']); } return $token ? $token : false; }