public function redirectToLogin()
{
$entryPointFound = FALSE;
foreach ($this->securityContext->getAuthenticationTokens() as $token) {
if (!is_object($token)) {
continue;
}
$entryPoint = $token->getAuthenticationEntryPoint();
if ($entryPoint !== NULL && $entryPoint->canForward($this->request)) {
$entryPointFound = TRUE;
if ($entryPoint instanceof \TYPO3\FLOW3\Security\Authentication\EntryPoint\WebRedirect) {
$options = $entryPoint->getOptions();
$options['uri'] = $options['uri'] . "?_redirect=" . urlencode($this->request->getRequestUri());
$entryPoint->setOptions($options);
$this->securityLogger->log('Redirecting to authentication entry point with URI ' . (isset($options['uri']) ? $options['uri'] : '- undefined -'), LOG_INFO);
} else {
$this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO);
}
$rootRequest = $this->request;
if ($this->request instanceof \TYPO3\FLOW3\MVC\Web\SubRequest) {
$rootRequest = $this->request->getRootRequest();
}
$this->securityContext->setInterceptedRequest($rootRequest);
$entryPoint->startAuthentication($rootRequest, $this->response);
throw new \TYPO3\FLOW3\MVC\Exception\StopActionException();
}
}
if ($entryPointFound === FALSE) {
$this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE);
throw new \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', 1317309673);
}
}
/**
* Logout all active authentication tokens
*
* @return void
*/
public function logout()
{
if ($this->isAuthenticated() !== TRUE) {
return;
}
foreach ($this->securityContext->getAuthenticationTokens() as $token) {
$token->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN);
}
$this->emitLoggedOut();
}
/**
* Advices the dispatch method so that illegal action requests are blocked before
* invoking any controller.
*
* The "request" referred to within this method is an ActionRequest or some other
* dispatchable request implementing RequestInterface. Note that we don't deal
* with HTTP requests here.
*
* @FLOW3\Around("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Dispatcher->dispatch())")
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint
* @return mixed Result of the advice chain
* @throws \TYPO3\FLOW3\Security\Exception\AccessDeniedException
* @throws \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException
*/
public function blockIllegalRequestsAndForwardToAuthenticationEntryPoints(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
$request = $joinPoint->getMethodArgument('request');
if (!$request instanceof ActionRequest) {
return $joinPoint->getAdviceChain()->proceed($joinPoint);
}
try {
$this->firewall->blockIllegalRequests($request);
return $joinPoint->getAdviceChain()->proceed($joinPoint);
} catch (\TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException $exception) {
$response = $joinPoint->getMethodArgument('response');
$entryPointFound = FALSE;
foreach ($this->securityContext->getAuthenticationTokens() as $token) {
$entryPoint = $token->getAuthenticationEntryPoint();
if ($entryPoint !== NULL) {
$entryPointFound = TRUE;
if ($entryPoint instanceof \TYPO3\FLOW3\Security\Authentication\EntryPoint\WebRedirect) {
$options = $entryPoint->getOptions();
$this->securityLogger->log('Redirecting to authentication entry point with URI ' . (isset($options['uri']) ? $options['uri'] : '- undefined -'), LOG_INFO);
} else {
$this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO);
}
$this->securityContext->setInterceptedRequest($request->getMainRequest());
$entryPoint->startAuthentication($request->getHttpRequest(), $response);
}
}
if ($entryPointFound === FALSE) {
$this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE);
throw $exception;
}
} catch (\TYPO3\FLOW3\Security\Exception\AccessDeniedException $exception) {
$this->securityLogger->log('Access denied', LOG_WARNING);
$response = $joinPoint->getMethodArgument('response');
$response->setStatus(403);
$response->setContent('<h1>403 Forbidden</h1><p>' . $exception->getMessage());
}
}
/**
* This is the default Policy voter, it votes for the access privilege for the given join point
*
* @param TYPO3\FLOW3\Security\Context $securityContext The current securit context
* @param TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint The joinpoint to vote for
* @return integer One of: VOTE_GRANT, VOTE_ABSTAIN, VOTE_DENY
*/
public function voteForJoinPoint(\TYPO3\FLOW3\Security\Context $securityContext, \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
{
$proxy = $joinPoint->getProxy();
if ($proxy instanceof \Admin\Controller\StandardController) {
$arguments = $joinPoint->getMethodArguments();
if (isset($arguments["being"])) {
$arguments["action"] = $proxy->getAction();
if ($arguments["action"] == "list") {
$arguments["action"] = "view";
}
#\dump($arguments, __FILE__ . ":" . __LINE__);
$accessGrants = 0;
$accessDenies = 0;
foreach ($securityContext->getAuthenticationTokens() as $token) {
if (is_callable(array($token, "getUser"))) {
$user = $token->getUser();
if ($user->getAdmin()) {
return self::VOTE_GRANT;
}
foreach ($user->getRoles() as $role) {
foreach ($role->getGrant() as $policy) {
if ($this->comparePolicy($arguments, $policy)) {
$accessGrants++;
}
}
#foreach ($role->getDeny() as $policy) {
# if($this->comparePolicy($arguments, $policy)) $accessDenies++;
#}
}
}
}
if ($accessDenies > 0) {
return self::VOTE_DENY;
}
if ($accessGrants > 0) {
return self::VOTE_GRANT;
}
} else {
return self::VOTE_ABSTAIN;
}
}
return self::VOTE_ABSTAIN;
}
