/** * Shows the specified node and takes visibility and access restrictions into * account. * * @param NodeInterface $node * @return string View output for the specified node * @Flow\SkipCsrfProtection We need to skip CSRF protection here because this action could be called with unsafe requests from widgets or plugins that are rendered on the node - For those the CSRF token is validated on the sub-request, so it is safe to be skipped here * @Flow\IgnoreValidation("node") * @throws NodeNotFoundException */ public function showAction(NodeInterface $node = null) { if ($node === null) { throw new NodeNotFoundException('The requested node does not exist or isn\'t accessible to the current user', 1430218623); } $inBackend = $node->getContext()->isInBackend(); if ($node->getNodeType()->isOfType('Neos.Neos:Shortcut') && !$inBackend) { $this->handleShortcutNode($node); } $this->view->assign('value', $node); if ($inBackend) { $this->overrideViewVariablesFromInternalArguments(); /** @var UserInterfaceMode $renderingMode */ $renderingMode = $node->getContext()->getCurrentRenderingMode(); $this->response->setHeader('Cache-Control', 'no-cache'); if ($renderingMode !== null) { // Deprecated TypoScript context variable from version 2.0. $this->view->assign('editPreviewMode', $renderingMode->getTypoScriptPath()); } if (!$this->view->canRenderWithNodeAndPath()) { $this->view->setTypoScriptPath('rawContent'); } } if ($this->session->isStarted() && $inBackend) { $this->session->putData('lastVisitedNode', $node->getContextPath()); } }
/** * Is called if authentication was successful. * * @param ActionRequest $originalRequest The request that was intercepted by the security framework, NULL if there was none * @return void */ protected function onAuthenticationSuccess(ActionRequest $originalRequest = null) { if ($this->view instanceof JsonView) { $this->view->assign('value', array('success' => $this->authenticationManager->isAuthenticated(), 'csrfToken' => $this->securityContext->getCsrfProtectionToken())); } else { if ($this->request->hasArgument('lastVisitedNode') && strlen($this->request->getArgument('lastVisitedNode')) > 0) { $this->session->putData('lastVisitedNode', $this->request->getArgument('lastVisitedNode')); } if ($originalRequest !== null) { // Redirect to the location that redirected to the login form because the user was nog logged in $this->redirectToRequest($originalRequest); } $this->redirect('index', 'Backend\\Backend'); } }
/** * @param string $actionName Name of the action to forward to * @param string $controllerName Unqualified object name of the controller to forward to. If not specified, the current controller is used. * @param string $packageKey Key of the package containing the controller to forward to. If not specified, the current package is assumed. * @param array $arguments Array of arguments for the target action * @param integer $delay (optional) The delay in seconds. Default is no delay. * @param integer $statusCode (optional) The HTTP status code for the redirect. Default is "303 See Other" * @param string $format The format to use for the redirect URI * @return void */ protected function unsetLastVisitedNodeAndRedirect($actionName, $controllerName = null, $packageKey = null, array $arguments = null, $delay = 0, $statusCode = 303, $format = null) { $this->session->putData('lastVisitedNode', null); parent::redirect($actionName, $controllerName, $packageKey, $arguments, $delay, $statusCode, $format); }