/**
* Look at safe requests and handle refresh requests.
*
* Ignore refresh to let normal lookup happen when the request comes from
* a non-authorized client.
*
* @param CacheEvent $event
*/
public function handleRefresh(CacheEvent $event)
{
$request = $event->getRequest();
if (!$request->isMethodSafe() || !$request->isNoCache() || !$this->isRequestAllowed($request)) {
return;
}
$event->setResponse($event->getKernel()->fetch($request));
}
/**
* Look at the request before it is handled by the kernel.
*
* Adds the user hash header to the request.
*
* Checks if an external request tries tampering with the use context hash mechanism
* to prevent attacks.
*
* @param CacheEvent $event
*/
public function preHandle(CacheEvent $event)
{
$request = $event->getRequest();
if (!$this->isInternalRequest($request)) {
// Prevent tampering attacks on the hash mechanism
if ($request->headers->get('accept') === $this->options['user_hash_accept_header'] || $request->headers->get($this->options['user_hash_header']) !== null) {
$event->setResponse(new Response('', 400));
return;
}
if ($request->isMethodSafe()) {
$request->headers->set($this->options['user_hash_header'], $this->getUserHash($event->getKernel(), $request));
}
}
// let the kernel handle this request.
}
/**
* Look at unsafe requests and handle purge requests.
*
* Prevents access when the request comes from a non-authorized client.
*
* @param CacheEvent $event
*/
public function handlePurge(CacheEvent $event)
{
$request = $event->getRequest();
if ($this->options['purge_method'] !== $request->getMethod()) {
return;
}
if (!$this->isRequestAllowed($request)) {
$event->setResponse(new Response('', 400));
return;
}
$response = new Response();
if ($event->getKernel()->getStore()->purge($request->getUri())) {
$response->setStatusCode(200, 'Purged');
} else {
$response->setStatusCode(200, 'Not found');
}
$event->setResponse($response);
}
public function preInvalidate(CacheEvent $event)
{
$this->test->assertSame($this->kernel, $event->getKernel());
$this->test->assertSame($this->request, $event->getRequest());
if ($this->preInvalidateResponse) {
$event->setResponse($this->preInvalidateResponse);
}
++$this->preInvalidateCalls;
}
