Esempio n. 1
0
 /**
  * Renders the legacy website toolbar template.
  *
  * If the logged in user doesn't have the required permission, an empty response is returned
  *
  * @param mixed $locationId
  * @param Request $request
  *
  * @return Response
  */
 public function websiteToolbarAction($locationId, Request $request)
 {
     $response = new Response();
     if (isset($this->csrfProvider)) {
         $parameters['form_token'] = $this->csrfProvider->generateCsrfToken('legacy');
     }
     if ($this->previewHelper->isPreviewActive()) {
         $template = 'design:parts/website_toolbar_versionview.tpl';
         $previewedContent = $authValueObject = $this->previewHelper->getPreviewedContent();
         $previewedVersionInfo = $previewedContent->versionInfo;
         $parameters = array('object' => $previewedContent, 'version' => $previewedVersionInfo, 'language' => $previewedVersionInfo->initialLanguageCode, 'is_creator' => $previewedVersionInfo->creatorId === $this->getRepository()->getCurrentUser()->id);
     } elseif ($locationId === null) {
         return $response;
     } else {
         $authValueObject = $this->loadContentByLocationId($locationId);
         $template = 'design:parts/website_toolbar.tpl';
         $parameters = array('current_node_id' => $locationId, 'redirect_uri' => $request->attributes->get('semanticPathinfo'));
     }
     $authorizationAttribute = new AuthorizationAttribute('websitetoolbar', 'use', array('valueObject' => $authValueObject));
     if (!$this->authChecker->isGranted($authorizationAttribute)) {
         return $response;
     }
     $response->setContent($this->legacyTemplateEngine->render($template, $parameters));
     return $response;
 }
Esempio n. 2
0
 /**
  * {@inheritdoc}
  */
 public function renderCsrfToken($intention)
 {
     if (null === $this->csrfProvider) {
         throw new \BadMethodCallException('CSRF token can only be generated if a CsrfProviderInterface is injected in the constructor.');
     }
     return $this->csrfProvider->generateCsrfToken($intention);
 }
Esempio n. 3
0
 public function onBindClientData(DataEvent $event)
 {
     $form = $event->getForm();
     $data = $event->getData();
     if ((!$form->hasParent() || $form->getParent()->isRoot()) && !$this->csrfProvider->isCsrfTokenValid($this->intention, $data)) {
         $form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form'));
         // If the session timed out, the token is invalid now.
         // Regenerate the token so that a resubmission is possible.
         $event->setData($this->csrfProvider->generateCsrfToken($this->intention));
     }
 }
Esempio n. 4
0
 public function loginAction()
 {
     $session = $this->request->getSession();
     if ($this->request->attributes->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
         $error = $this->request->attributes->get(SecurityContextInterface::AUTHENTICATION_ERROR);
     } else {
         $error = $session->get(SecurityContextInterface::AUTHENTICATION_ERROR);
         $session->remove(SecurityContextInterface::AUTHENTICATION_ERROR);
     }
     $csrfToken = isset($this->csrfProvider) ? $this->csrfProvider->generateCsrfToken('authenticate') : null;
     return new Response($this->templateEngine->render($this->configResolver->getParameter('security.login_template'), array('last_username' => $session->get(SecurityContextInterface::LAST_USERNAME), 'error' => $error, 'csrf_token' => $csrfToken, 'layout' => $this->configResolver->getParameter('security.base_layout'))));
 }
Esempio n. 5
0
 /**
  * Renders the legacy website toolbar template.
  *
  * If the logged in user doesn't have the required permission, an empty response is returned
  *
  * @param mixed $locationId
  */
 public function websiteToolbarAction($locationId)
 {
     $response = new Response();
     // Happens in PreviewController. See EZP-22823.
     if ($locationId === null) {
         return $response;
     }
     $authorizationAttribute = new AuthorizationAttribute('websitetoolbar', 'use', array('valueObject' => $this->loadContentByLocationId($locationId)));
     if (!$this->securityContext->isGranted($authorizationAttribute)) {
         return $response;
     }
     $parameters = array('current_node_id' => $locationId);
     if (isset($this->csrfProvider)) {
         $parameters['form_token'] = $this->csrfProvider->generateCsrfToken('legacy');
     }
     $response->setContent($this->legacyTemplateEngine->render('design:parts/website_toolbar.tpl', $parameters));
     return $response;
 }
Esempio n. 6
0
 /**
  * @param string $intention
  * @return string
  */
 public function getToken($intention)
 {
     return $this->csrfProvider->generateCsrfToken($intention);
 }
Esempio n. 7
0
 /**
  * {@inheritdoc}
  */
 public function getToken($tokenId)
 {
     return new CsrfToken($tokenId, $this->csrfProvider->generateCsrfToken($tokenId));
 }
Esempio n. 8
0
 public function getAuthorizationUrl()
 {
     $options = [self::STATE_KEY => $this->csrf->generateCsrfToken(__CLASS__)];
     return $this->provider->getAuthorizationUrl($options);
 }
Esempio n. 9
0
 private function getDefaultViewVars()
 {
     $vars = $this->getConfiguration()->getDefaultViewVars($this->getRequest());
     $vars['csrf_token'] = $this->csrfProvider->generateCsrfToken($this->getConfiguration()->getCSRFIntention());
     return $vars;
 }