/** * Returns a string message, giving insights what happened during privilege evaluation. * * @param string $privilegeReasonMessage * @return string */ protected function renderDecisionReasonMessage($privilegeReasonMessage) { if (count($this->securityContext->getRoles()) === 0) { $rolesMessage = 'No authenticated roles'; } else { $rolesMessage = 'Authenticated roles: ' . implode(', ', array_keys($this->securityContext->getRoles())); } return sprintf('Access denied for method' . chr(10) . 'Method: %s::%s()' . chr(10) . chr(10) . '%s' . chr(10) . chr(10) . '%s', $this->joinPoint->getClassName(), $this->joinPoint->getMethodName(), $privilegeReasonMessage, $rolesMessage); }
/** * Passes the signal over to the Dispatcher * * @Flow\AfterReturning("methodAnnotatedWith(Neos\Flow\Annotations\Signal)") * @param JoinPointInterface $joinPoint The current join point * @return void */ public function forwardSignalToDispatcher(JoinPointInterface $joinPoint) { $signalName = lcfirst(str_replace('emit', '', $joinPoint->getMethodName())); $this->dispatcher->dispatch($joinPoint->getClassName(), $signalName, $joinPoint->getMethodArguments()); }
/** * Logs calls and results of the authenticate() method of an authentication provider * * @Flow\AfterReturning("within(Neos\Flow\Security\Authentication\AuthenticationProviderInterface) && method(.*->authenticate())") * @param JoinPointInterface $joinPoint The current joinpoint * @return mixed The result of the target method if it has not been intercepted */ public function logPersistedUsernamePasswordProviderAuthenticate(JoinPointInterface $joinPoint) { $token = $joinPoint->getMethodArgument('authenticationToken'); switch ($token->getAuthenticationStatus()) { case TokenInterface::AUTHENTICATION_SUCCESSFUL: $this->securityLogger->log(sprintf('Successfully authenticated token: %s', $token), LOG_NOTICE, [], 'Neos.Flow', $joinPoint->getClassName(), $joinPoint->getMethodName()); $this->alreadyLoggedAuthenticateCall = true; break; case TokenInterface::WRONG_CREDENTIALS: $this->securityLogger->log(sprintf('Wrong credentials given for token: %s', $token), LOG_WARNING, [], 'Neos.Flow', $joinPoint->getClassName(), $joinPoint->getMethodName()); break; case TokenInterface::NO_CREDENTIALS_GIVEN: $this->securityLogger->log(sprintf('No credentials given or no account found for token: %s', $token), LOG_WARNING, [], 'Neos.Flow', $joinPoint->getClassName(), $joinPoint->getMethodName()); break; } }
/** * Around advice, wrapping every method of a scope session object. It redirects * all method calls to the session object once there is one. * * @param JoinPointInterface $joinPoint The current join point * @return mixed * @Flow\Around("filter(Neos\Flow\Session\Aspect\SessionObjectMethodsPointcutFilter)") */ public function callMethodOnOriginalSessionObject(JoinPointInterface $joinPoint) { $objectName = $this->objectManager->getObjectNameByClassName(get_class($joinPoint->getProxy())); $methodName = $joinPoint->getMethodName(); $proxy = $joinPoint->getProxy(); if (!isset($this->sessionOriginalInstances[$objectName])) { $this->sessionOriginalInstances[$objectName] = $this->objectManager->get($objectName); } if ($this->sessionOriginalInstances[$objectName] === $proxy) { return $joinPoint->getAdviceChain()->proceed($joinPoint); } else { return call_user_func_array([$this->sessionOriginalInstances[$objectName], $methodName], $joinPoint->getMethodArguments()); } }