/**
  * Attempt to authorize the discovered identity based on the ACLs present
  *
  * @param MvcAuthEvent $mvcAuthEvent
  * @return bool
  */
 public function __invoke(MvcAuthEvent $mvcAuthEvent)
 {
     if ($mvcAuthEvent->isAuthorized()) {
         return;
     }
     $mvcEvent = $mvcAuthEvent->getMvcEvent();
     $request = $mvcEvent->getRequest();
     if (!$request instanceof Request) {
         return;
     }
     $response = $mvcEvent->getResponse();
     if (!$response instanceof Response) {
         return;
     }
     $routeMatch = $mvcEvent->getRouteMatch();
     if (!$routeMatch instanceof RouteMatch) {
         return;
     }
     $identity = $mvcAuthEvent->getIdentity();
     if (!$identity instanceof IdentityInterface) {
         return;
     }
     $resource = $mvcAuthEvent->getResource();
     $identity = $mvcAuthEvent->getIdentity();
     return $this->authorization->isAuthorized($identity, $resource, $request->getMethod());
 }
Exemple #2
0
 public function onAuthenticationPost(MvcAuthEvent $e)
 {
     if ($this->container->has('api-identity')) {
         return;
     }
     $this->container->setService('api-identity', $e->getIdentity());
 }
 public function __invoke(MvcAuthEvent $mvcAuthEvent)
 {
     $identity = $mvcAuthEvent->getIdentity()->getAuthenticationIdentity();
     if (!is_null($identity)) {
         $identity = $this->services->get('User\\Service\\UserService')->fetch($identity['user_id']);
         $this->services->get('Application\\Authorization\\IdentityService')->setIdentity($identity);
     }
 }
 public function testInvokeForBasicAuthHasNoIdentityWhenNotValid()
 {
     $httpAuth = new HttpAuth(['accept_schemes' => 'basic', 'realm' => 'My Web Site', 'digest_domains' => '/', 'nonce_timeout' => 3600]);
     $httpAuth->setBasicResolver(new HttpAuth\ApacheResolver(__DIR__ . '/../TestAsset/htpasswd'));
     $this->listener->setHttpAdapter($httpAuth);
     $this->request->getHeaders()->addHeaderLine('Authorization: Basic xxxxxxxxx');
     $this->listener->__invoke($this->mvcAuthEvent);
     $this->assertNull($this->mvcAuthEvent->getIdentity());
 }
 /**
  *
  * @param MvcAuthEvent $mvcAuthEvent
  * @throws \Dws\Exception\Service\ModelNotFoundException
  */
 public function __invoke(MvcAuthEvent $mvcAuthEvent)
 {
     // Add validated identity to ZfcUser storage
     $identity = $mvcAuthEvent->getIdentity();
     if ($identity instanceof AuthenticatedIdentity) {
         $user = $this->userService->getUserMapper()->findById($identity->getAuthenticationIdentity()['user_id']);
         if ($user) {
             $this->authenticationService->getStorage()->write($user);
         }
         $identity->setName(implode(', ', $user->getRoles()->toArray()));
     }
 }
    /**
     * @param MvcAuthEvent $mvcAuthEvent
     * @throws \Dws\Exception\Service\ModelNotFoundException
     */
    public function __invoke(MvcAuthEvent $mvcAuthEvent)
    {
        // Add validated identity to ZfcUser storage
        $identity = $mvcAuthEvent->getIdentity();
        if ($identity instanceof AuthenticatedIdentity) {
            /** var AuthenticatedIdentity $identity */
            $user = $this->userService->find($identity->getAuthenticationIdentity()['user_id']);
            if ($user) {
                // It should not be possible to be authenticated without valid user, but in that case
                // we simply don't set the identity to the authentication service. No permissions
                // will then be granted.
                $this->authenticationService->getStorage()->write($user);
            }

        }
    }
 public function authorization(MvcAuthEvent $event)
 {
     /** @var \ZF\MvcAuth\Identity\AuthenticatedIdentity $identity */
     $identity = $event->getIdentity();
     if (!$identity instanceof IdentityInterface || $identity instanceof GuestIdentity) {
         return;
     }
     $method = $event->getMvcEvent()->getRequest()->getMethod();
     /** @var \ZF\MvcAuth\Authorization\AclAuthorization $authorization */
     $authorization = $event->getAuthorizationService();
     $sl = $event->getMvcEvent()->getApplication()->getServiceManager();
     /** @var \Zend\Permissions\Acl\Assertion\AssertionInterface $resourceAssertion */
     $resourceAssertion = $sl->get('Zfegg\\Admin\\MvcAuth\\Authorization\\ResourceAssertion');
     if (!$authorization->hasRole($identity)) {
         $authorization->addRole($identity);
     }
     if (!$authorization->hasResource($event->getResource())) {
         $authorization->addResource($event->getResource());
     }
     $authorization->deny($identity, $event->getResource(), $method, $resourceAssertion);
 }
 /**
  * Attempt to authorize the discovered identity based on the ACLs present
  *
  * @param MvcAuthEvent $mvcAuthEvent
  * @void
  */
 public function __invoke(MvcAuthEvent $mvcAuthEvent)
 {
     $imageService = $this->getServiceLocator()->get('AqilixAPI\\Image\\Service\\Image');
     $authService = $mvcAuthEvent->getAuthorizationService();
     $config = $this->getServiceLocator()->get('Config')['authorization'];
     $imageService->setUser($this->getServiceLocator()->get('image.authenticated.user'));
     $identity = $mvcAuthEvent->getIdentity();
     if ($identity instanceof \ZF\MvcAuth\Identity\GuestIdentity) {
         return;
     }
     // resource:method
     $requestedResource = $mvcAuthEvent->getResource() . ':' . $mvcAuthEvent->getMvcEvent()->getRequest()->getMethod();
     foreach ($config['scopes'] as $scope => $scopeConfig) {
         $resource = $scopeConfig['resource'] . ':' . $scopeConfig['method'];
         // if authorization resource equals to requested resource
         if ($resource == $requestedResource) {
             // check scope in identity
             if (!in_array($scope, explode(' ', $identity->getAuthenticationIdentity()['scope']))) {
                 return $mvcAuthEvent->getMvcEvent()->getResponse()->setStatusCode(401);
             }
         }
     }
 }
 public function onAuthenticationPost(MvcAuthEvent $e)
 {
     $this->services->setService('api-identity', $e->getIdentity());
 }
 public function testGetIdentity()
 {
     $this->mvcAuthEvent->setIdentity($i = new GuestIdentity());
     $this->assertSame($i, $this->mvcAuthEvent->getIdentity());
 }