/**
* Determines the action method and assures that the method exists.
*
* @return string The action method name
* @throws \TYPO3\Flow\Mvc\Exception\NoSuchActionException if the action specified in the request object does not exist (and if there's no default action either).
*/
protected function resolveActionMethodName()
{
if ($this->request->getControllerActionName() === 'index') {
$actionName = 'index';
switch ($this->request->getHttpRequest()->getMethod()) {
case 'HEAD':
case 'GET':
$actionName = $this->request->hasArgument($this->resourceArgumentName) ? 'show' : 'list';
break;
case 'POST':
$actionName = 'create';
break;
case 'PUT':
if (!$this->request->hasArgument($this->resourceArgumentName)) {
$this->throwStatus(400, NULL, 'No resource specified');
}
$actionName = 'update';
break;
case 'DELETE':
if (!$this->request->hasArgument($this->resourceArgumentName)) {
$this->throwStatus(400, NULL, 'No resource specified');
}
$actionName = 'delete';
break;
}
$this->request->setControllerActionName($actionName);
}
return parent::resolveActionMethodName();
}
/**
* @test
*/
public function getHttpRequestReturnsTheHttpRequestWhichIsTheRootOfAllActionRequests()
{
$anotherActionRequest = new ActionRequest($this->actionRequest);
$yetAnotherActionRequest = new ActionRequest($anotherActionRequest);
$this->assertSame($this->mockHttpRequest, $this->actionRequest->getHttpRequest());
$this->assertSame($this->mockHttpRequest, $yetAnotherActionRequest->getHttpRequest());
$this->assertSame($this->mockHttpRequest, $anotherActionRequest->getHttpRequest());
}
/**
* Updates the authentication credentials, the authentication manager needs to authenticate this token.
* This could be a username/password from a login controller.
* This method is called while initializing the security context. By returning TRUE you
* make sure that the authentication manager will (re-)authenticate the tokens with the current credentials.
* Note: You should not persist the credentials!
*
* @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current request instance
*
* @return bool TRUE if this token needs to be (re-)authenticated
*/
public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
{
$httpRequest = $actionRequest->getHttpRequest();
if ($httpRequest->getMethod() !== 'GET') {
return;
}
if ($actionRequest->getInternalArgument('__casAuthenticationProviderName') === $this->authenticationProviderName) {
$this->authenticationStatus = self::AUTHENTICATION_NEEDED;
}
}
/**
* @test
*/
public function getHttpRequestReturnsTheHttpRequestWhichIsTheRootOfAllActionRequests()
{
$httpRequest = HttpRequest::create(new Uri('http://robertlemke.com/blog'));
$actionRequest = new ActionRequest($httpRequest);
$anotherActionRequest = new ActionRequest($actionRequest);
$yetAnotherActionRequest = new ActionRequest($anotherActionRequest);
$this->assertSame($httpRequest, $actionRequest->getHttpRequest());
$this->assertSame($httpRequest, $yetAnotherActionRequest->getHttpRequest());
$this->assertSame($httpRequest, $anotherActionRequest->getHttpRequest());
}
/**
* Updates the password credential from the POST vars, if the POST parameters
* are available. Sets the authentication status to AUTHENTICATION_NEEDED, if credentials have been sent.
*
* Note: You need to send the password in this POST parameter:
* __authentication[TYPO3][Flow][Security][Authentication][Token][PasswordToken][password]
*
* @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current action request
* @return void
*/
public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
{
if ($actionRequest->getHttpRequest()->getMethod() !== 'POST') {
return;
}
$postArguments = $actionRequest->getInternalArguments();
$password = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($postArguments, '__authentication.TYPO3.Flow.Security.Authentication.Token.PasswordToken.password');
if (!empty($password)) {
$this->credentials['password'] = $password;
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* Updates the authentication credentials, the authentication manager needs to authenticate this token.
* This could be a username/password from a login controller.
* This method is called while initializing the security context. By returning TRUE you
* make sure that the authentication manager will (re-)authenticate the tokens with the current credentials.
* Note: You should not persist the credentials!
*
* @param \TYPO3\Flow\Mvc\ActionRequest $request The current request instance
* @return boolean TRUE if this token needs to be (re-)authenticated
*/
public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
{
$httpRequest = $actionRequest->getHttpRequest();
if ($httpRequest->getMethod() !== 'GET') {
return;
}
// Check if we have a callback request
$arguments = $httpRequest->getArguments();
$accessTokenCipher = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($arguments, '__flowpack.singlesignon.accessToken');
$signature = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($arguments, '__flowpack.singlesignon.signature');
if (!empty($accessTokenCipher) && !empty($signature)) {
// Get callback parameters from request
$this->credentials['accessToken'] = base64_decode($accessTokenCipher);
$this->credentials['signature'] = base64_decode($signature);
$this->callbackUri = $actionRequest->getHttpRequest()->getUri();
$arguments = $this->callbackUri->getArguments();
unset($arguments['__flowpack']);
$this->callbackUri->setQuery(http_build_query($arguments));
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* Updates the username and password credentials from the HTTP authorization header.
* Sets the authentication status to AUTHENTICATION_NEEDED, if the header has been
* sent, to NO_CREDENTIALS_GIVEN if no authorization header was there.
*
* @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current action request instance
* @return void
*/
public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
{
$authorizationHeader = $actionRequest->getHttpRequest()->getHeaders()->get('Authorization');
if (substr($authorizationHeader, 0, 5) === 'Basic') {
$credentials = base64_decode(substr($authorizationHeader, 6));
$this->credentials['username'] = substr($credentials, 0, strpos($credentials, ':'));
$this->credentials['password'] = substr($credentials, strpos($credentials, ':') + 1);
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
} else {
$this->credentials = array('username' => null, 'password' => null);
$this->authenticationStatus = self::NO_CREDENTIALS_GIVEN;
}
}
/**
* @param ActionRequest $actionRequest The current action request
* @return void
*/
public function updateCredentials(ActionRequest $actionRequest)
{
if ($actionRequest->getHttpRequest()->getMethod() === 'OPTIONS') {
return;
}
$authorizationHeader = $actionRequest->getHttpRequest()->getHeaders()->get('Authorization');
$authorizationArguments = $actionRequest->getArguments();
if (isset($authorizationArguments['username']) && isset($authorizationArguments['password'])) {
$this->credentials['username'] = $authorizationArguments['username'];
$this->credentials['password'] = $authorizationArguments['password'];
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
return;
} elseif (substr($authorizationHeader, 0, 6) === 'Bearer') {
$this->credentials['token'] = substr($authorizationHeader, 7);
$this->credentials['user_agent'] = $actionRequest->getHttpRequest()->getHeader('User-Agent');
$this->credentials['ip_address'] = $actionRequest->getHttpRequest()->getClientIpAddress();
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
return;
} else {
$this->credentials = array('token' => NULL);
$this->authenticationStatus = self::NO_CREDENTIALS_GIVEN;
return;
}
}
/**
* Updates the username and password credentials from the POST vars, if the POST parameters
* are available. Sets the authentication status to REAUTHENTICATION_NEEDED, if credentials have been sent.
*
* Note: You need to send the username and password in these two POST parameters:
* __authentication[TYPO3][Flow][Security][Authentication][Token][UsernamePassword][username]
* and __authentication[TYPO3][Flow][Security][Authentication][Token][UsernamePassword][password]
*
* @param ActionRequest $actionRequest The current action request
* @return void
*/
public function updateCredentials(ActionRequest $actionRequest)
{
$httpRequest = $actionRequest->getHttpRequest();
if ($httpRequest->getMethod() !== 'POST') {
return;
}
$arguments = $actionRequest->getInternalArguments();
$username = ObjectAccess::getPropertyPath($arguments, '__authentication.TYPO3.Flow.Security.Authentication.Token.UsernamePassword.username');
$password = ObjectAccess::getPropertyPath($arguments, '__authentication.TYPO3.Flow.Security.Authentication.Token.UsernamePassword.password');
if (!empty($username) && !empty($password)) {
$this->credentials['username'] = $username;
$this->credentials['password'] = $password;
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* Builds the URI
*
* @param array $arguments optional URI arguments. Will be merged with $this->arguments with precedence to $arguments
* @return string The URI
* @api
*/
public function build(array $arguments = array())
{
$arguments = Arrays::arrayMergeRecursiveOverrule($this->arguments, $arguments);
$arguments = $this->mergeArgumentsWithRequestArguments($arguments);
$uri = $this->router->resolve($arguments);
$this->lastArguments = $arguments;
if (!$this->environment->isRewriteEnabled()) {
$uri = 'index.php/' . $uri;
}
$httpRequest = $this->request->getHttpRequest();
if ($this->createAbsoluteUri === true) {
$uri = $httpRequest->getBaseUri() . $uri;
} elseif (!$this->createRelativePaths) {
$uri = $httpRequest->getScriptRequestPath() . $uri;
}
if ($this->section !== '') {
$uri .= '#' . $this->section;
}
return $uri;
}
/**
* Updates the authentication credentials, the authentication manager needs to authenticate this token.
* This could be a username/password from a login controller.
* This method is called while initializing the security context. By returning TRUE you
* make sure that the authentication manager will (re-)authenticate the tokens with the current credentials.
* Note: You should not persist the credentials!
*
* @param ActionRequest $actionRequest The current request instance
* @throws \InvalidArgumentException
* @return boolean TRUE if this token needs to be (re-)authenticated
*/
public function updateCredentials(ActionRequest $actionRequest)
{
if ($actionRequest->getHttpRequest()->getMethod() !== 'GET' || $actionRequest->getInternalArgument('__oauth2Provider') !== $this->authenticationProviderName) {
return;
}
if (!$actionRequest->hasArgument('code')) {
$this->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
$this->securityLogger->log('There was no argument `code` provided.', LOG_NOTICE);
return;
}
$code = $actionRequest->getArgument('code');
$redirectUri = $this->oauthUriBuilder->getRedirectionEndpointUri($this->authenticationProviderName);
try {
$this->credentials['accessToken'] = $this->tokenEndpoint->requestAuthorizationCodeGrantAccessToken($code, $redirectUri);
$this->setAuthenticationStatus(TokenInterface::AUTHENTICATION_NEEDED);
} catch (Exception $exception) {
$this->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
$this->securityLogger->logException($exception);
return;
}
}
/**
* Returns the top level request: the HTTP request object
*
* @return HttpRequest
* @api
*/
public function getHttpRequest()
{
if ($this->rootRequest === null) {
$this->rootRequest = $this->parentRequest instanceof HttpRequest ? $this->parentRequest : $this->parentRequest->getHttpRequest();
}
return $this->rootRequest;
}
/**
* @param AbstractParty $party
* @param \TYPO3\Flow\Mvc\ActionRequest $request
* @return \RFY\JsonApi\Users\Domain\Model\ResetToken
* @throws \Exception
* @throws \TYPO3\Flow\Exception
*/
public function generateResetPasswordTokenForParty(AbstractParty $party, \TYPO3\Flow\Mvc\ActionRequest $request = NULL)
{
$account = $this->getAccountByParty($party);
$request->getHttpRequest()->getClientIpAddress();
return $this->generateResetPasswordToken($account, $request);
}
