public function it_does_not_secure_when_it_does_not(GetResponseEvent $event) { $event->getRequestType()->willReturn(HttpKernelInterface::MASTER_REQUEST); $event->getRequest()->willReturn($this->unsecureRequest); $event->getResponse()->shouldNotBeCalled(); $this->onKernelRequest($event); }
/** * @param GetResponseEvent $event * @param Request $request * @param RpcRequest $rpcRequest * * @return Response */ protected function getResponse(GetResponseEvent $event, Request $request, RpcRequest $rpcRequest = null) { $response = $event->getResponse() ?: new Response(); $accept = $request->headers->get('Accept'); $response->headers->set('Content-Type', $accept); return $response; }
public function testOnKernelRequestUserHash() { $hash = '123abc'; $this->hashGenerator->expects($this->once())->method('generate')->will($this->returnValue($hash)); $this->request->headers->add(array('X-HTTP-Override' => 'AUTHENTICATE', 'Accept' => Kernel::USER_HASH_ACCEPT_HEADER)); $this->request->expects($this->once())->method('hasSession')->will($this->returnValue(true)); $this->assertNull($this->requestEventListener->onKernelRequestUserHash($this->event)); $this->assertTrue($this->event->isPropagationStopped()); $this->assertTrue($this->event->hasResponse()); $response = $this->event->getResponse(); $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\Response', $response); $this->assertTrue($response->headers->has('X-User-Hash')); $this->assertSame($hash, $response->headers->get('X-User-Hash')); }
public function checkForHttp(GetResponseEvent $event) { $response = $event->getResponse(); $current_path = \Drupal::service('path.current')->getPath(); // Special path for verifying SSL status. if ($current_path == 'admin/config/system/securepages/test') { if (\Drupal::request()->isSecure()) { // @TODO: Update //header('HTTP/1.1 200 OK'); $response->setStatusCode('200'); $response->send(); } else { // @TODO: Update //header('HTTP/1.1 404 Not Found'); $response->setStatusCode('404'); $response->send(); } } $config = \Drupal::config('securepages.settings'); $securepages_enable = $config->get('securepages_enable'); if ($securepages_enable && basename($_SERVER['PHP_SELF']) == 'index.php' && php_sapi_name() != 'cli') { $securepagesservice = \Drupal::service('securepages.securepagesservice'); $redirect = $securepagesservice->securePagesRedirect(); if (is_null($redirect)) { } elseif ($redirect == TRUE) { $url = Url::fromUri($event->getRequest()->getUri(), array('absolute' => TRUE, 'https' => TRUE))->toString(); $event->setResponse(new RedirectResponse($url, 302)); } elseif ($redirect == FALSE) { $url = Url::fromUri($event->getRequest()->getUri(), array('absolute' => TRUE, 'https' => FALSE))->toString(); $event->setResponse(new RedirectResponse($url, 302)); } // Store the response in the page cache. // @TODO: port this code /* if (variable_get('cache', 0) && ($cache = drupal_page_set_cache())) { drupal_serve_page_from_cache($cache); } else { ob_flush(); } */ //} } }
public function onKernelRequestSiteOff(GetResponseEvent $event) { if (!$event->isMasterRequest()) { return; } $response = $event->getResponse(); $request = $event->getRequest(); if ($response instanceof PlainResponse || $response instanceof JsonResponse || $request->isXmlHttpRequest()) { return; } if (\System::isInstalling()) { return; } // Get variables $module = strtolower($request->query->get('module')); $type = strtolower($request->query->get('type')); $func = strtolower($request->query->get('func')); $siteOff = (bool) \System::getVar('siteoff'); $hasAdminPerms = \SecurityUtil::checkPermission('ZikulaSettingsModule::', 'SiteOff::', ACCESS_ADMIN); $urlParams = $module == 'users' && $type == 'user' && $func == 'siteofflogin'; // params are lowercase $versionCheck = \Zikula_Core::VERSION_NUM != \System::getVar('Version_Num'); // Check for site closed if ($siteOff && !$hasAdminPerms && !$urlParams || $versionCheck) { $hasOnlyOverviewAccess = \SecurityUtil::checkPermission('ZikulaUsersModule::', '::', ACCESS_OVERVIEW); if ($hasOnlyOverviewAccess && \UserUtil::isLoggedIn()) { \UserUtil::logout(); } // initialise the language system to enable translations (#1764) $lang = \ZLanguage::getInstance(); $lang->setup($request); $response = new Response(); $response->headers->add(array('HTTP/1.1 503 Service Unavailable')); $response->setStatusCode(503); $content = (require_once \System::getSystemErrorTemplate('siteoff.tpl')); // move to CoreBundle and use Twig $response->setContent($content); $event->setResponse($response); $event->stopPropagation(); } }
public function checkForHttp(GetResponseEvent $event) { $response = $event->getResponse(); $current_path = \Drupal::service('path.current')->getPath(); $config = \Drupal::config('securepages.settings'); $securepages_enable = $config->get('securepages_enable'); if ($securepages_enable && basename($_SERVER['PHP_SELF']) == 'index.php' && php_sapi_name() != 'cli') { $securepagesservice = \Drupal::service('securepages.securepagesservice'); $redirect = $securepagesservice->securePagesRedirect(); $request = $event->getRequest(); //Replaces current URL with the one defined in the module's settings page. $uri = $securepagesservice->securePagesGenerateUrl($request->getSchemeAndHttpHost(), $request->getUri(), $redirect); if (is_null($redirect)) { } elseif ($redirect == TRUE) { //Unset destination parameter so this won't redirect in this request $request->query->remove('destination'); $url = Url::fromUri($uri, array('absolute' => TRUE, 'https' => TRUE))->toString(); $event->setResponse(new TrustedRedirectResponse($url, 302)); } elseif ($redirect == FALSE) { //If parameter "destination" is set, don't force redirect to HTTP. //This prevents a loop when the user is logged in without SSL and then needs to login with SSL. if (!empty($request->query->get('destination'))) { return; } $url = Url::fromUri($uri, array('absolute' => TRUE, 'https' => FALSE))->toString(); $event->setResponse(new TrustedRedirectResponse($url, 302)); } // Store the response in the page cache. // @TODO: port this code /* if (variable_get('cache', 0) && ($cache = drupal_page_set_cache())) { drupal_serve_page_from_cache($cache); } else { ob_flush(); } */ //} } }
/** * @param GetResponseEvent $event * @return bool */ public function onKernelRequest(GetResponseEvent $event) { //Check if we have to prerender page $request = $event->getRequest(); if (!$this->shouldPrerenderPage($request)) { return false; } $event->stopPropagation(); //Dispatch event for a more custom way of retrieving response $eventBefore = new RenderBeforeEvent($request); // @codingStandardsIgnoreStart $this->eventDispatcher->dispatch(Events::onBeforeRequest, $eventBefore); // @codingStandardsIgnoreEnd //Check if event get back a response if ($eventBefore->hasResponse()) { $response = $eventBefore->getResponse(); if (is_string($response)) { $event->setResponse(new Response($response, 200)); return true; } elseif ($response instanceof Response) { $event->setResponse($response); return true; } } //Launch prerender if ($this->forceSecureRedirect === null) { $scheme = $request->getScheme(); } else { $scheme = $this->forceSecureRedirect ? 'https' : 'http'; } $uri = rtrim($this->backendUrl, '/') . '/' . $scheme . '://' . $request->getHost() . $request->getRequestUri(); try { $event->setResponse(new Response($this->httpClient->send($uri), 200)); } catch (\Yucca\PrerenderBundle\HttpClient\Exception $e) { // pass } //Dispatch event to save response if ($event->getResponse()) { $eventAfter = new RenderAfterEvent($request, $event->getResponse()); // @codingStandardsIgnoreStart $this->eventDispatcher->dispatch(Events::onAfterRequest, $eventAfter); // @codingStandardsIgnoreEnd } return true; }