/**
* @param \Symfony\Component\HttpFoundation\Response $response
*/
protected function injectToolbar(Response $response)
{
$content = $response->getContent();
$pos = mb_strripos($content, '</body>');
if (FALSE !== $pos) {
if ($token = $response->headers->get('X-Debug-Token')) {
$loader = ['#theme' => 'webprofiler_loader', '#token' => $token, '#profiler_url' => $this->urlGenerator->generate('webprofiler.toolbar', ['profile' => $token])];
$content = mb_substr($content, 0, $pos) . $this->renderer->renderRoot($loader) . mb_substr($content, $pos);
$response->setContent($content);
}
}
}
/**
* Returns the site maintenance page if the site is offline.
*
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
* The event to process.
*/
public function onKernelRequestMaintenance(GetResponseEvent $event)
{
$route_match = RouteMatch::createFromRequest($event->getRequest());
if ($this->maintenanceMode->applies($route_match)) {
// Don't cache maintenance mode pages.
\Drupal::service('page_cache_kill_switch')->trigger();
if (!$this->maintenanceMode->exempt($this->account)) {
// Deliver the 503 page if the site is in maintenance mode and the
// logged in user is not allowed to bypass it.
drupal_maintenance_theme();
$content = Xss::filterAdmin(SafeMarkup::format($this->config->get('system.maintenance')->get('message'), array('@site' => $this->config->get('system.site')->get('name'))));
$output = $this->bareHtmlPageRenderer->renderBarePage(['#markup' => $content], $this->t('Site under maintenance'), 'maintenance_page');
$response = new Response($output, 503);
$event->setResponse($response);
} else {
// Display a message if the logged in user has access to the site in
// maintenance mode. However, suppress it on the maintenance mode
// settings page.
if ($route_match->getRouteName() != 'system.site_maintenance_mode') {
if ($this->account->hasPermission('administer site configuration')) {
$this->drupalSetMessage($this->t('Operating in maintenance mode. <a href="@url">Go online.</a>', array('@url' => $this->urlGenerator->generate('system.site_maintenance_mode'))), 'status', FALSE);
} else {
$this->drupalSetMessage($this->t('Operating in maintenance mode.'), 'status', FALSE);
}
}
}
}
}
/**
* Returns the site maintenance page if the site is offline.
*
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
* The event to process.
*/
public function onKernelRequestMaintenance(GetResponseEvent $event)
{
$request = $event->getRequest();
$route_match = RouteMatch::createFromRequest($request);
if ($this->maintenanceMode->applies($route_match)) {
// Don't cache maintenance mode pages.
\Drupal::service('page_cache_kill_switch')->trigger();
if (!$this->maintenanceMode->exempt($this->account)) {
// Deliver the 503 page if the site is in maintenance mode and the
// logged in user is not allowed to bypass it.
// If the request format is not 'html' then show default maintenance
// mode page else show a text/plain page with maintenance message.
if ($request->getRequestFormat() !== 'html') {
$response = new Response($this->getSiteMaintenanceMessage(), 503, array('Content-Type' => 'text/plain'));
$event->setResponse($response);
return;
}
drupal_maintenance_theme();
$response = $this->bareHtmlPageRenderer->renderBarePage(['#markup' => $this->getSiteMaintenanceMessage()], $this->t('Site under maintenance'), 'maintenance_page');
$response->setStatusCode(503);
$event->setResponse($response);
} else {
// Display a message if the logged in user has access to the site in
// maintenance mode. However, suppress it on the maintenance mode
// settings page.
if ($route_match->getRouteName() != 'system.site_maintenance_mode') {
if ($this->account->hasPermission('administer site configuration')) {
$this->drupalSetMessage($this->t('Operating in maintenance mode. <a href=":url">Go online.</a>', array(':url' => $this->urlGenerator->generate('system.site_maintenance_mode'))), 'status', FALSE);
} else {
$this->drupalSetMessage($this->t('Operating in maintenance mode.'), 'status', FALSE);
}
}
}
}
}
/**
* Returns the site maintenance page if the site is offline.
*
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
* The event to process.
*/
public function onKernelRequestMaintenance(GetResponseEvent $event)
{
$route_match = RouteMatch::createFromRequest($event->getRequest());
if ($this->maintenanceMode->applies($route_match)) {
if (!$this->maintenanceMode->exempt($this->account)) {
// Deliver the 503 page if the site is in maintenance mode and the
// logged in user is not allowed to bypass it.
drupal_maintenance_theme();
$content = Xss::filterAdmin(String::format($this->config->get('system.maintenance')->get('message'), array('@site' => $this->config->get('system.site')->get('name'))));
// @todo Break the dependency on DefaultHtmlPageRenderer, see:
// https://www.drupal.org/node/2295609
$content = DefaultHtmlPageRenderer::renderPage($content, $this->t('Site under maintenance'));
$response = new Response('Service unavailable', 503);
$response->setContent($content);
$event->setResponse($response);
} else {
// Display a message if the logged in user has access to the site in
// maintenance mode. However, suppress it on the maintenance mode
// settings page.
if ($route_match->getRouteName() != 'system.site_maintenance_mode') {
if ($this->account->hasPermission('administer site configuration')) {
$this->drupalSetMessage($this->t('Operating in maintenance mode. <a href="@url">Go online.</a>', array('@url' => $this->urlGenerator->generate('system.site_maintenance_mode'))), 'status', FALSE);
} else {
$this->drupalSetMessage($this->t('Operating in maintenance mode.'), 'status', FALSE);
}
}
}
}
}
/**
* {@inheritdoc}
*/
public function build()
{
if ($block = $this->getEntity()) {
return $this->entityManager->getViewBuilder($block->getEntityTypeId())->view($block, $this->configuration['view_mode']);
} else {
return array('#markup' => $this->t('Block with uuid %uuid does not exist. <a href=":url">Add custom block</a>.', array('%uuid' => $this->getDerivativeId(), ':url' => $this->urlGenerator->generate('block_content.add_page'))), '#access' => $this->account->hasPermission('administer blocks'));
}
}
/**
* Handles a request to either validate a user login or log a user out.
*
* The path that this controller/action handle are always set to the "service"
* when authenticating with the CAS server, so CAS server communicates back to
* the Drupal site using this controller.
*/
public function handle()
{
$request = $this->requestStack->getCurrentRequest();
// First, check if this is a single-log-out (SLO) request from the server.
if ($request->request->has('logoutRequest')) {
$this->casHelper->log("Logout request: passing to casLogout::handleSlo");
$this->casLogout->handleSlo($request->request->get('logoutRequest'));
// Always return a 200 code. CAS Server doesn’t care either way what
// happens here, since it is a fire-and-forget approach taken.
return Response::create('', 200);
}
// Our CAS Subscriber, which implements forced redirect and gateway, will
// set this query string param which indicates we should disable the
// subscriber on the next redirect. This prevents an infinite redirect loop.
if ($request->query->has('cas_temp_disable')) {
$this->casHelper->log("Temp disable flag set, set session flag.");
$_SESSION['cas_temp_disable'] = TRUE;
}
// Check if there is a ticket parameter. If there isn't, we could be
// returning from a gateway request and the user may not be logged into CAS.
// Just redirect away from here.
if (!$request->query->has('ticket')) {
$this->casHelper->log("No ticket detected, move along.");
$this->handleReturnToParameter($request);
return RedirectResponse::create($this->urlGenerator->generate('<front>'));
}
$ticket = $request->query->get('ticket');
// Our CAS service will need to reconstruct the original service URL
// when validating the ticket. We always know what the base URL for
// the service URL (it's this page), but there may be some query params
// attached as well (like a destination param) that we need to pass in
// as well. So, detach the ticket param, and pass the rest off.
$service_params = $request->query->all();
unset($service_params['ticket']);
$cas_version = $this->casHelper->getCasProtocolVersion();
$this->casHelper->log("Configured to use CAS protocol version: {$cas_version}");
try {
$cas_validation_info = $this->casValidator->validateTicket($cas_version, $ticket, $service_params);
} catch (CasValidateException $e) {
// Validation failed, redirect to homepage and set message.
$this->setMessage(t('There was a problem validating your login, please contact a site administrator.'), 'error');
$this->handleReturnToParameter($request);
return RedirectResponse::create($this->urlGenerator->generate('<front>'));
}
try {
$this->casLogin->loginToDrupal($cas_validation_info, $ticket);
if ($this->casHelper->isProxy() && $cas_validation_info->getPgt()) {
$this->casHelper->log("Storing PGT information for this session.");
$this->casHelper->storePGTSession($cas_validation_info->getPgt());
}
$this->setMessage(t('You have been logged in.'));
} catch (CasLoginException $e) {
$this->setMessage(t('There was a problem logging in, please contact a site administrator.'), 'error');
}
$this->handleReturnToParameter($request);
return RedirectResponse::create($this->urlGenerator->generate('<front>'));
}
/**
* Return the logout URL for the CAS server.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* The current request, to provide base url context.
*
* @return string
* The fully constructed server logout URL.
*/
public function getServerLogoutUrl($request)
{
$base_url = $this->getServerBaseUrl() . 'logout';
if ($this->settings->get('redirection.logout_destination') != '') {
$destination = $this->settings->get('redirection.logout_destination');
if ($destination == '<front>') {
// If we have '<front>', resolve the path.
$params['service'] = $this->urlGenerator->generate($destination, array(), TRUE);
} elseif ($this->isExternal($destination)) {
// If we have an absolute URL, use that.
$params['service'] = $destination;
} else {
// This is a regular Drupal path.
$params['service'] = $request->getSchemeAndHttpHost() . '/' . ltrim($destination, '/');
}
return $base_url . '?' . UrlHelper::buildQuery($params);
} else {
return $base_url;
}
}
/**
* Main point of communication between CAS server and the Drupal site.
*
* The path that this controller/action handle are always set to the "service"
* url when authenticating with the CAS server, so CAS server communicates
* back to the Drupal site using this controller action. That's why there's
* so much going on in here - it needs to process a few different types of
* requests.
*/
public function handle()
{
$request = $this->requestStack->getCurrentRequest();
// First, check if this is a single-log-out (SLO) request from the server.
if ($request->request->has('logoutRequest')) {
try {
$this->casLogout->handleSlo($request->request->get('logoutRequest'));
} catch (CasSloException $e) {
$this->casHelper->log($e->getMessage());
}
// Always return a 200 code. CAS Server doesn’t care either way what
// happens here, since it is a fire-and-forget approach taken.
return Response::create('', 200);
}
// We will be redirecting the user below. To prevent the CasSubscriber from
// initiating an automatic authentiation on the that request (like forced
// auth or gateway auth) and potentially creating an authentication loop,
// we set a session variable instructing the CasSubscriber skip auto auth
// for that request.
$request->getSession()->set('cas_temp_disable_auto_auth', TRUE);
/* If there is no ticket parameter on the request, the browser either:
* (a) is returning from a gateway request to the CAS server in which
* the user was not already authenticated to CAS, so there is no
* service ticket to validate and nothing to do.
* (b) has hit this URL for some other reason (crawler, curiosity, etc)
* and there is nothing to do.
* In either case, we just want to redirect them away from this controller.
*/
if (!$request->query->has('ticket')) {
$this->casHelper->log("No ticket detected, move along.");
$this->handleReturnToParameter($request);
return RedirectResponse::create($this->urlGenerator->generate('<front>'));
}
// There is a ticket present, meaning CAS server has returned the browser
// to the Drupal site so we can authenticate the user locally using the
// ticket.
$ticket = $request->query->get('ticket');
// Our CAS service will need to reconstruct the original service URL
// when validating the ticket. We always know what the base URL for
// the service URL (it's this page), but there may be some query params
// attached as well (like a destination param) that we need to pass in
// as well. So, detach the ticket param, and pass the rest off.
$service_params = $request->query->all();
unset($service_params['ticket']);
try {
$cas_validation_info = $this->casValidator->validateTicket($ticket, $service_params);
} catch (CasValidateException $e) {
// Validation failed, redirect to homepage and set message.
$this->casHelper->log($e->getMessage());
$this->setMessage($this->t('There was a problem validating your login, please contact a site administrator.'), 'error');
$this->handleReturnToParameter($request);
return RedirectResponse::create($this->urlGenerator->generate('<front>'));
}
// Now that the ticket has been validated, we can use the information from
// validation request to authenticate the user locally on the Drupal site.
try {
$this->casLogin->loginToDrupal($cas_validation_info, $ticket);
if ($this->casHelper->isProxy() && $cas_validation_info->getPgt()) {
$this->casHelper->log("Storing PGT information for this session.");
$this->casHelper->storePgtSession($cas_validation_info->getPgt());
}
$this->setMessage($this->t('You have been logged in.'));
} catch (CasLoginException $e) {
$this->casHelper->log($e->getMessage());
$this->setMessage($this->t('There was a problem logging in, please contact a site administrator.'), 'error');
}
// And finally redirect the user to the homepage, or so a specific
// destination found in the destination param (like the page they were on
// prior to initiating authentication).
$this->handleReturnToParameter($request);
return RedirectResponse::create($this->urlGenerator->generate('<front>'));
}
/**
* @param string $name
* @param array $parameters
* @param bool|string $referenceType
* @return string
*/
public function generate($name, $parameters = array(), $referenceType = self::ABSOLUTE_PATH)
{
return $this->urlGenerator->generate($name, $parameters, $referenceType);
}
