protected function handleAuth(AuthInterface $auth)
{
// Force Json presenter for this type of controller (so all replies are in JSON format)
// and set its Callback property from the value in $getVars['callback'], then unset that
// value from the array if it exists.
$this->presenterClass = 'Json';
$this->presenter = new Json();
$this->presenter->SetCallback($this->request->Get('callback', ''));
$getVars = $this->request->Get();
unset($getVars['callback']);
switch ($this->request->Method) {
case 'GET':
try {
/** @var \Fluxoft\Rebar\Auth\Reply $authReply */
$authReply = $auth->GetAuthenticatedUser($this->request);
$this->set('auth', $authReply);
} catch (UserNotFoundException $e) {
$this->response->Status = 404;
$this->set('error', $e->getMessage());
} catch (InvalidPasswordException $e) {
$this->response->Status = 403;
$this->set('error', $e->getMessage());
} catch (\Exception $e) {
$this->response->Status = 500;
$this->set('error', $e->getMessage());
}
break;
case 'POST':
try {
$body = json_decode($this->request->Body, true);
if (!isset($body['credentials']) || !isset($body['credentials']['username']) || !isset($body['credentials']['password'])) {
$this->response->Status = 400;
$this->set('error', 'A credentials object is required to log in and must contain a username and password');
} else {
$email = $body['credentials']['username'];
$password = $body['credentials']['password'];
$remember = isset($body['credentials']['remember']) ? $body['credentials']['remember'] : false;
/** @var \Fluxoft\Rebar\Auth\Reply $authReply */
$authReply = $auth->Login($email, $password, $remember);
$this->set('auth', $authReply);
}
} catch (UserNotFoundException $e) {
$this->response->Status = 404;
$this->set('error', $e->getMessage());
} catch (InvalidPasswordException $e) {
$this->response->Status = 403;
$this->set('error', $e->getMessage());
} catch (\Exception $e) {
$this->response->Status = 500;
$this->set('error', $e->getMessage());
}
break;
case 'DELETE':
$auth->Logout($this->request);
$this->set('auth', false);
break;
}
}
public function Authorize($method)
{
$allowedMethods = array_map('strtoupper', $this->allowedMethods);
// always allow OPTIONS requests
if (!in_array('OPTIONS', $allowedMethods)) {
array_push($allowedMethods, 'OPTIONS');
}
// set CORS headers if configured
if ($this->crossOriginEnabled) {
$headers = $this->request->Headers;
if (isset($headers['Origin'])) {
$allowedHeaders = isset($headers['Access-Control-Request-Headers']) ? $headers['Access-Control-Request-Headers'] : '';
$origin = $headers['Origin'];
if (in_array($origin, $this->crossOriginDomainsAllowed)) {
$this->response->AddHeader('Access-Control-Allow-Origin', $origin);
$this->response->AddHeader('Access-Control-Allow-Credentials', 'true');
$this->response->AddHeader('Access-Control-Allow-Methods', implode(',', $allowedMethods));
$this->response->AddHeader('Access-Control-Allow-Headers', $allowedHeaders);
} else {
throw new CrossOriginException(sprintf('The origin "%s" is not permitted.', $origin));
}
}
}
if (!in_array($this->request->Method, $allowedMethods)) {
throw new MethodNotAllowedException(sprintf('The %s method is not permitted here (118).', $this->request->Method));
}
/*
* Issue #30: Authorize any OPTIONS request.
*/
if (strtoupper($this->request->Method) === 'OPTIONS') {
return true;
}
$authorized = true;
if (isset($this->auth)) {
if (!(in_array($method, $this->skipAuthentication) || in_array('*', $this->skipAuthentication))) {
$requireAuth = false;
// If requireAuthentication is empty, prevent access by default.
if (empty($this->requireAuthentication)) {
$requireAuth = true;
} else {
if (in_array($method, $this->requireAuthentication) || in_array('*', $this->requireAuthentication)) {
$requireAuth = true;
}
}
if ($requireAuth) {
/** @var \Fluxoft\Rebar\Auth\Reply $authReply */
$authReply = $this->auth->GetAuthenticatedUser($this->request);
if (!$authReply->Auth) {
// method is limited and user is not authenticated
throw new AccessDeniedException(sprintf('Access denied for %s', $method));
}
}
}
}
return $authorized;
}
