public function isAuthenticated($request) { if (Security::isAuthenticated()) { return true; } // Token kann im Header oder in einem Parameter stehen $token = 'XYZ'; if (isset($_SERVER['HTTP_X_TOKEN'])) { $token = $_SERVER['HTTP_X_TOKEN']; } elseif (isset($request->token)) { $token = $request->token; } $user = User::loadByToken($token); if ($user !== null) { Security::loginUser($user); return true; } else { return false; } }
use NewFrontiers\Framework\Core\Application; use NewFrontiers\Framework\Events\FrameworkEvents; use Nostromo\Contracts\Facades\Events; use Nostromo\Contracts\Facades\Logging; use Nostromo\Contracts\Facades\Profiler; use Nostromo\Contracts\Facades\Security; use Symfony\Component\EventDispatcher\Event; Profiler::startSection('initApplication'); // Listener, der als Login-Gate fungiert // TODO: In eigene Klasse Events::addListener(FrameworkEvents::REQUEST_BEFORE, function (\NewFrontiers\Framework\Events\RequestEvent $event) { $request = $event->getRequest(); // Nur Admin schützen if (!$request->admin) { return; } // API ausnhemen (pauschal) if ($request->module == 'api' || $request->module == 'Api') { return; } $allowedActions = array('showLogin', 'login', 'loginFailure', 'logout', 'password', 'doPassword', 'reset', 'doReset'); if (!Security::isAuthenticated() && !in_array($request->action, $allowedActions)) { $request->followUpModule = $request->module; $request->followUpAction = $request->action; $request->module = 'defaultMod'; $request->action = 'showLogin'; Logging::warning('Action not allowed. User was sent to Login-Screen'); } else { } }); Profiler::endSection('initApplication');
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries --> <!--[if lt IE 9]> <script src="//oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> <script src="//oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script> <![endif]--> <script src="//code.jquery.com/jquery-1.11.2.min.js"></script> </head> <body style="padding-top: 70px;"> <!-- Navbar --> <?php if (Security::isAuthenticated()) { ?> <nav class="navbar navbar-inverse navbar-fixed-top" role="navigation"> <div class="container"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <!--<a class="navbar-brand" href="#"><img src="http://pixw.net/p3/themes/p3-bootstrap/img/p3.png" style="margin-top: -4px"></a>--> </div>
/** * Prüft, ob der aktuell angemeldete Benutzer berechtigt für diese Aktion ist * @return bool */ public function isBerechtigt() { Logging::debug("Prüfe Berechtigung für {$this->name} : {$this->securityLevel}"); if ($this->securityLevel === Action::LEVEL_ALL) { return true; } elseif ($this->securityLevel === Action::LEVEL_LOGGEDIN) { return Security::isAuthenticated(); } elseif ($this->securityLevel === Action::LEVEL_CONFIG) { return Security::hatBerechtigung($this->getSecurityToken()); } else { // TODO: Hier könnte man jetzt auch den Rückgriff auf // andere Module einbauen. Wäre kein Problem $module = $this->module; $action = $module->getAction($this->securityLevel); if ($action !== null) { return $action->isBerechtigt(); } } return false; }