Esempio n. 1
0
 public function redirectToLogin()
 {
     $entryPointFound = FALSE;
     foreach ($this->securityContext->getAuthenticationTokens() as $token) {
         if (!is_object($token)) {
             continue;
         }
         $entryPoint = $token->getAuthenticationEntryPoint();
         if ($entryPoint !== NULL && $entryPoint->canForward($this->request)) {
             $entryPointFound = TRUE;
             if ($entryPoint instanceof \TYPO3\FLOW3\Security\Authentication\EntryPoint\WebRedirect) {
                 $options = $entryPoint->getOptions();
                 $options['uri'] = $options['uri'] . "?_redirect=" . urlencode($this->request->getRequestUri());
                 $entryPoint->setOptions($options);
                 $this->securityLogger->log('Redirecting to authentication entry point with URI ' . (isset($options['uri']) ? $options['uri'] : '- undefined -'), LOG_INFO);
             } else {
                 $this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO);
             }
             $rootRequest = $this->request;
             if ($this->request instanceof \TYPO3\FLOW3\MVC\Web\SubRequest) {
                 $rootRequest = $this->request->getRootRequest();
             }
             $this->securityContext->setInterceptedRequest($rootRequest);
             $entryPoint->startAuthentication($rootRequest, $this->response);
             throw new \TYPO3\FLOW3\MVC\Exception\StopActionException();
         }
     }
     if ($entryPointFound === FALSE) {
         $this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE);
         throw new \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', 1317309673);
     }
 }
 /**
  * Logout all active authentication tokens
  *
  * @return void
  */
 public function logout()
 {
     if ($this->isAuthenticated() !== TRUE) {
         return;
     }
     foreach ($this->securityContext->getAuthenticationTokens() as $token) {
         $token->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN);
     }
     $this->emitLoggedOut();
 }
Esempio n. 3
0
 /**
  * Advices the dispatch method so that illegal action requests are blocked before
  * invoking any controller.
  *
  * The "request" referred to within this method is an ActionRequest or some other
  * dispatchable request implementing RequestInterface. Note that we don't deal
  * with HTTP requests here.
  *
  * @FLOW3\Around("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Dispatcher->dispatch())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint
  * @return mixed Result of the advice chain
  * @throws \TYPO3\FLOW3\Security\Exception\AccessDeniedException
  * @throws \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException
  */
 public function blockIllegalRequestsAndForwardToAuthenticationEntryPoints(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $request = $joinPoint->getMethodArgument('request');
     if (!$request instanceof ActionRequest) {
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     }
     try {
         $this->firewall->blockIllegalRequests($request);
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     } catch (\TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException $exception) {
         $response = $joinPoint->getMethodArgument('response');
         $entryPointFound = FALSE;
         foreach ($this->securityContext->getAuthenticationTokens() as $token) {
             $entryPoint = $token->getAuthenticationEntryPoint();
             if ($entryPoint !== NULL) {
                 $entryPointFound = TRUE;
                 if ($entryPoint instanceof \TYPO3\FLOW3\Security\Authentication\EntryPoint\WebRedirect) {
                     $options = $entryPoint->getOptions();
                     $this->securityLogger->log('Redirecting to authentication entry point with URI ' . (isset($options['uri']) ? $options['uri'] : '- undefined -'), LOG_INFO);
                 } else {
                     $this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO);
                 }
                 $this->securityContext->setInterceptedRequest($request->getMainRequest());
                 $entryPoint->startAuthentication($request->getHttpRequest(), $response);
             }
         }
         if ($entryPointFound === FALSE) {
             $this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE);
             throw $exception;
         }
     } catch (\TYPO3\FLOW3\Security\Exception\AccessDeniedException $exception) {
         $this->securityLogger->log('Access denied', LOG_WARNING);
         $response = $joinPoint->getMethodArgument('response');
         $response->setStatus(403);
         $response->setContent('<h1>403 Forbidden</h1><p>' . $exception->getMessage());
     }
 }
Esempio n. 4
0
 /**
  * This is the default Policy voter, it votes for the access privilege for the given join point
  *
  * @param TYPO3\FLOW3\Security\Context $securityContext The current securit context
  * @param TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint The joinpoint to vote for
  * @return integer One of: VOTE_GRANT, VOTE_ABSTAIN, VOTE_DENY
  */
 public function voteForJoinPoint(\TYPO3\FLOW3\Security\Context $securityContext, \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
 {
     $proxy = $joinPoint->getProxy();
     if ($proxy instanceof \Admin\Controller\StandardController) {
         $arguments = $joinPoint->getMethodArguments();
         if (isset($arguments["being"])) {
             $arguments["action"] = $proxy->getAction();
             if ($arguments["action"] == "list") {
                 $arguments["action"] = "view";
             }
             #\dump($arguments, __FILE__ . ":" . __LINE__);
             $accessGrants = 0;
             $accessDenies = 0;
             foreach ($securityContext->getAuthenticationTokens() as $token) {
                 if (is_callable(array($token, "getUser"))) {
                     $user = $token->getUser();
                     if ($user->getAdmin()) {
                         return self::VOTE_GRANT;
                     }
                     foreach ($user->getRoles() as $role) {
                         foreach ($role->getGrant() as $policy) {
                             if ($this->comparePolicy($arguments, $policy)) {
                                 $accessGrants++;
                             }
                         }
                         #foreach ($role->getDeny() as $policy) {
                         #    if($this->comparePolicy($arguments, $policy)) $accessDenies++;
                         #}
                     }
                 }
             }
             if ($accessDenies > 0) {
                 return self::VOTE_DENY;
             }
             if ($accessGrants > 0) {
                 return self::VOTE_GRANT;
             }
         } else {
             return self::VOTE_ABSTAIN;
         }
     }
     return self::VOTE_ABSTAIN;
 }