/**
* Call
*
* Perform actions specific to this middleware and optionally
* call the next downstream middleware.
*/
public function call()
{
/** @var \rmatil\cms\Login\LoginHandler $loginHandler */
$loginHandler = $this->app->loginHandler;
if (!$loginHandler->isRouteProtected($this->app->request->getPath())) {
// if route is not protected, just forward request to next middleware
$this->next->call();
return;
}
// requires SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
// in htaccess for forwarding Basic-Auth headers
$auth = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : null;
$pw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : null;
if (null === $auth || null === $pw) {
// Send 401 along with authenticate field if header is absent and route is protected
// @link http://tools.ietf.org/html/rfc1945#section-11
ResponseFactory::createUnauthorizedResponse($this->app, $this->realm);
return;
}
try {
$user = $loginHandler->authenticateUser($auth, $pw);
$loginHandler->isGranted($this->app->request->getPath(), $user->getUserGroup()->getRole());
} catch (UserNotFoundException $unfe) {
ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::NOT_FOUND, $unfe->getMessage());
return;
} catch (WrongCredentialsException $wce) {
// resend basic auth login form, if credentials are wrong
ResponseFactory::createUnauthorizedResponse($this->app, $this->realm);
return;
} catch (UserLockedException $ule) {
ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::FORBIDDEN, $ule->getMessage());
return;
} catch (AccessDeniedException $ade) {
ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::FORBIDDEN, $ade->getMessage());
return;
}
$this->next->call();
}
