/** * Get data of the request * * @param Request $request * @return array */ public function getData(Request $request) { $data = $request->data('attributes'); if ($request->data('id')) { $data['id'] = $request->data('id'); } return $data; }
/** * {@inheritDoc} */ public function val($field, $options = []) { $options += ['default' => null, 'schemaDefault' => true]; $val = $this->_request->data($field); if ($val !== null) { return $val; } return $options['default']; }
/** * Authenticate a user based on the request information. * * @param Request $request Request to get authentication information from. * @param Response $response A response object that can have headers added. * @return array|bool User array on success, false on failure. */ public function authenticate(Request $request, Response $response) { $fields = $this->_config['fields']; if (!$request->data($fields['provider'])) { return $this->getUser($request); } $provider = $this->_checkFields($request, $fields); if (!$provider) { return false; } if ($this->_config['hauth_return_to']) { $returnTo = Router::url($this->_config['hauth_return_to'], true); } else { $returnTo = Router::url(['plugin' => 'ADmad/HybridAuth', 'controller' => 'HybridAuth', 'action' => 'authenticated'], true); } $params = ['hauth_return_to' => $returnTo]; if ($provider === 'OpenID') { $params['openid_identifier'] = $request->data[$fields['openid_identifier']]; } $this->_init($request); $adapter = $this->hybridAuth->authenticate($provider, $params); if ($adapter) { return $this->_getUser($provider, $adapter); } return false; }
/** * Get the value for a given path. * * Traverses the entity data and finds the value for $path. * * @param string $field The dot separated path to the value. * @param array $options Options: * - `default`: Default value to return if no value found in request * data or entity. * - `schemaDefault`: Boolen indicating whether default value from table * schema should be used if it's not explicitly provided. * @return mixed The value of the field or null on a miss. */ public function val($field, $options = []) { $options += ['default' => null, 'schemaDefault' => true]; $val = $this->_request->data($field); if ($val !== null) { return $val; } if (empty($this->_context['entity'])) { return $options['default']; } $parts = explode('.', $field); $entity = $this->entity($parts); if (end($parts) === '_ids' && !empty($entity)) { return $this->_extractMultiple($entity, $parts); } if ($entity instanceof EntityInterface) { $part = array_pop($parts); $val = $entity->get($part); if ($val !== null) { return $val; } if ($options['default'] !== null || !$options['schemaDefault'] || !$entity->isNew()) { return $options['default']; } return $this->_schemaDefault($part, $entity); } if (is_array($entity)) { $key = array_pop($parts); return isset($entity[$key]) ? $entity[$key] : null; } return null; }
/** * Checks the fields to ensure they are supplied. * * @param \Cake\Network\Request $request The request that contains login information. * @param array $fields The fields to be checked. * @return bool False if the fields have not been supplied. True if they exist. */ protected function _checkFields(Request $request, array $fields) { foreach ([$fields['username'], $fields['password']] as $field) { $value = $request->data($field); if (empty($value) || !is_string($value)) { return false; } } return true; }
/** * Get the current value for a given field. * * This method will coalesce the current request data and the 'defaults' * array. * * @param string $field A dot separated path to the field a value * is needed for. * @return mixed */ public function val($field) { $val = $this->_request->data($field); if ($val !== null) { return $val; } if (empty($this->_context['defaults']) || !is_array($this->_context['defaults'])) { return null; } return Hash::get($this->_context['defaults'], $field); }
/** * Get user's credentials (username and password) from either session or request data * * @param Request $request Request instance * @return array|bool */ protected function _getCredentials(Request $request) { $credentials = []; foreach (['username', 'password'] as $field) { if (!($credentials[$field] = $request->data($this->_config['fields'][$field]))) { $credentials[$field] = $this->_decrypt($request->session()->read('TwoFactorAuth.credentials.' . $field)); } if (empty($credentials[$field]) || !is_string($credentials[$field])) { return false; } } return $credentials; }
/** * {@inheritDoc} */ public function val($field) { $val = $this->_request->data($field); if ($val !== null) { return $val; } if (empty($this->_context['entity'])) { return null; } $parts = explode('.', $field); $entity = $this->entity($parts); if ($entity instanceof Document) { return $entity->get(array_pop($parts)); } }
/** * Get the current value for a given field. * * This method will coalesce the current request data and the 'defaults' * array. * * @param string $field A dot separated path to the field a value * is needed for. * @param array $options Options: * - `default`: Default value to return if no value found in request * data or context record. * - `schemaDefault`: Boolean indicating whether default value from * context's schema should be used if it's not explicitly provided. * @return mixed */ public function val($field, $options = []) { $options += ['default' => null, 'schemaDefault' => true]; $val = $this->_request->data($field); if ($val !== null) { return $val; } if ($options['default'] !== null || !$options['schemaDefault']) { return $options['default']; } if (empty($this->_context['defaults']) || !is_array($this->_context['defaults'])) { return null; } return Hash::get($this->_context['defaults'], $field); }
/** * {@inheritDoc} */ public function validate(Request $request) { if ($request->is('post')) { // The (User's) Remote Address $whatRemoteIP = env('REMOTE_ADDR') ? '&remoteip=' . env('REMOTE_ADDR') : ''; // The reCAPTCHA data is extracted from Request $gRecaptchaResponse = $request->data('g-recaptcha-response'); // Verify reCAPTCHA data $response = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . $this->config('secretKey') . '&response=' . $gRecaptchaResponse . $whatRemoteIP); $response = json_decode($response, true); // We return the Google server's response 'success' value return (bool) $response['success']; } return false; }
/** * Authenticate callback * * @param Request $request Cake request object. * @param Response $response Cake response object. * @return bool|mixed */ public function authenticate(Request $request, Response $response) { $data = $request->session()->read(Configure::read('Users.Key.Session.social')); if (empty($data)) { return false; } $socialMail = Hash::get((array) $data->info, Configure::read('Users.Key.Data.email')); if (!empty($socialMail)) { $data->email = $socialMail; $data->validated = true; } else { $data->email = $request->data(Configure::read('Users.Key.Data.email')); $data->validated = false; } $user = $this->_findOrCreateUser($data); return $user; }
/** * Get the value for a given path. * * Traverses the entity data and finds the value for $path. * * @param string $field The dot separated path to the value. * @return mixed The value of the field or null on a miss. */ public function val($field) { $val = $this->_request->data($field); if ($val !== null) { return $val; } if (empty($this->_context['entity'])) { return null; } $parts = explode('.', $field); $entity = $this->_getEntity($parts); if (end($parts) === '_ids' && !empty($entity)) { return $this->_extractMultiple($entity, $parts); } if ($entity instanceof Entity) { return $entity->get(array_pop($parts)); } return null; }
/** * Get the value for a given path. * * Traverses the entity data and finds the value for $path. * * @param string $field The dot separated path to the value. * @return mixed The value of the field or null on a miss. */ public function val($field) { $val = $this->_request->data($field); if ($val !== null) { return $val; } if (empty($this->_context['entity'])) { return null; } $parts = explode('.', $field); $entity = $this->entity($parts); if (end($parts) === '_ids' && !empty($entity)) { return $this->_extractMultiple($entity, $parts); } if ($entity instanceof EntityInterface) { return $entity->get(array_pop($parts)); } elseif (is_array($entity)) { $key = array_pop($parts); return isset($entity[$key]) ? $entity[$key] : null; } return null; }
/** * Validate the request data against the cookie token. * * @param \Cake\Network\Request $request The request to validate against. * @throws \Cake\Network\Exception\InvalidCsrfTokenException when the CSRF token is invalid or missing. * @return void */ protected function _validateToken(Request $request) { $cookie = $request->cookie($this->_config['cookieName']); $post = $request->data($this->_config['field']); $header = $request->header('X-CSRF-Token'); if (empty($cookie)) { throw new InvalidCsrfTokenException(__d('cake', 'Missing CSRF token cookie')); } if ($post !== $cookie && $header !== $cookie) { throw new InvalidCsrfTokenException(__d('cake', 'CSRF token mismatch.')); } }
/** * Test writing falsey values. * * @return void */ public function testDataWritingFalsey() { $request = new Request(); $request->data('Post.null', null); $this->assertNull($request->data['Post']['null']); $request->data('Post.false', false); $this->assertFalse($request->data['Post']['false']); $request->data('Post.zero', 0); $this->assertSame(0, $request->data['Post']['zero']); $request->data('Post.empty', ''); $this->assertSame('', $request->data['Post']['empty']); }
/** * Get a user based on information in the request. * * @param \Cake\Network\Request $request Request object. * @return mixed Either false or an array of user information * @throws \RuntimeException If the `CakeDC/Users/OAuth2.newUser` event is missing or returns empty. */ public function getUser(Request $request) { $data = $request->session()->read(Configure::read('Users.Key.Session.social')); $requestDataEmail = $request->data('email'); if (!empty($data) && (!empty($data['email']) || !empty($requestDataEmail))) { if (!empty($requestDataEmail)) { $data['email'] = $requestDataEmail; } $user = $data; $request->session()->delete(Configure::read('Users.Key.Session.social')); } else { if (empty($data) && !($rawData = $this->_authenticate($request))) { return false; } if (empty($rawData)) { $rawData = $data; } $provider = $this->_getProviderName($request); $user = $this->_mapUser($provider, $rawData); if ($user['provider'] === SocialAccountsTable::PROVIDER_TWITTER) { $request->session()->write(Configure::read('Users.Key.Session.social'), $user); } } if (!$user || !$this->config('userModel')) { return false; } if (!($result = $this->_touch($user))) { return false; } if ($request->session()->check(Configure::read('Users.Key.Session.social'))) { $request->session()->delete(Configure::read('Users.Key.Session.social')); } return $result; }
/** * Get data of the request * * @param Request $request * @return array */ public function getData(Request $request) { return $request->data('data'); }
/** * {@inheritDoc} */ public function val($field) { return $this->_request->data($field); }
/** * Validate the request data against the cookie token. * * @param \Cake\Network\Request $request The request to validate against. * @throws \Cake\Network\Exception\ForbiddenException when the CSRF token is invalid or missing. * @return void */ protected function _validateToken(Request $request) { $cookie = $request->cookie($this->_config['cookieName']); $post = $request->data($this->_config['field']); $header = $request->header('X-CSRF-Token'); if ($post !== $cookie && $header !== $cookie) { throw new ForbiddenException(__d('cake', 'Invalid CSRF token.')); } }
/** * Get a user based on information in the request. * * @param \Cake\Network\Request $request Request object. * @return mixed Either false or an array of user information * @throws \RuntimeException If the `Muffin/OAuth2.newUser` event is missing or returns empty. */ public function getUser(Request $request) { $data = $request->session()->read(Configure::read('Users.Key.Session.social')); if (!empty($data) && !empty($data['email'] || !empty($request->data('email')))) { if (!empty($request->data('email'))) { $data['email'] = $request->data('email'); } $user = $data; $request->session()->delete(Configure::read('Users.Key.Session.social')); } else { if (empty($data) && !($rawData = $this->_authenticate($request))) { return false; } if (empty($rawData)) { $rawData = $data; } $provider = $this->_getProviderName($request); $user = $this->_mapUser($provider, $rawData); } if (!$user || !$this->config('userModel')) { return false; } if (!($result = $this->_touch($user))) { return false; } return $result; }