/**
* @return void
*/
public function setUp()
{
$this->viewHelperVariableContainer = $this->getMock('TYPO3\\Fluid\\Core\\ViewHelper\\ViewHelperVariableContainer');
$this->viewHelperVariableContainer->expects($this->any())->method('exists')->will($this->returnCallback(array($this, 'viewHelperVariableContainerExistsCallback')));
$this->viewHelperVariableContainer->expects($this->any())->method('get')->will($this->returnCallback(array($this, 'viewHelperVariableContainerGetCallback')));
$this->templateVariableContainer = $this->getMock('TYPO3\\Fluid\\Core\\ViewHelper\\TemplateVariableContainer');
$this->uriBuilder = $this->getMock('TYPO3\\Flow\\Mvc\\Routing\\UriBuilder');
$this->uriBuilder->expects($this->any())->method('reset')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setArguments')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setSection')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setFormat')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setCreateAbsoluteUri')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setAddQueryString')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setArgumentsToBeExcludedFromQueryString')->will($this->returnValue($this->uriBuilder));
// BACKPORTER TOKEN #1
$httpRequest = \TYPO3\Flow\Http\Request::create(new \TYPO3\Flow\Http\Uri('http://localhost/foo'));
$this->request = $this->getMock('TYPO3\\Flow\\Mvc\\ActionRequest', array(), array($httpRequest));
$this->request->expects($this->any())->method('isMainRequest')->will($this->returnValue(TRUE));
$this->controllerContext = $this->getMock('TYPO3\\Flow\\Mvc\\Controller\\ControllerContext', array(), array(), '', FALSE);
$this->controllerContext->expects($this->any())->method('getUriBuilder')->will($this->returnValue($this->uriBuilder));
$this->controllerContext->expects($this->any())->method('getRequest')->will($this->returnValue($this->request));
$this->tagBuilder = $this->getMock('TYPO3\\Fluid\\Core\\ViewHelper\\TagBuilder');
$this->arguments = array();
$this->renderingContext = new \TYPO3\Fluid\Core\Rendering\RenderingContext();
$this->renderingContext->injectTemplateVariableContainer($this->templateVariableContainer);
$this->renderingContext->injectViewHelperVariableContainer($this->viewHelperVariableContainer);
$this->renderingContext->setControllerContext($this->controllerContext);
}
/**
* Returns an Response object containing the OPAuth data
*
* @return Response
*/
public function getResponse()
{
if ($this->actionRequest instanceof \TYPO3\Flow\Mvc\ActionRequest && $this->actionRequest->hasArgument('opauth')) {
$data = $this->actionRequest->getArgument('opauth');
$response = unserialize(base64_decode($data));
$this->response = new Response($response);
}
return $this->response;
}
/**
* @param Request $httpRequest
* @param array $matchResults
* @return ActionRequest
*/
protected function createActionRequest(Request $httpRequest, array $matchResults = NULL)
{
$actionRequest = new ActionRequest($httpRequest);
if ($matchResults !== NULL) {
$requestArguments = $actionRequest->getArguments();
$mergedArguments = Arrays::arrayMergeRecursiveOverrule($requestArguments, $matchResults);
$actionRequest->setArguments($mergedArguments);
}
return $actionRequest;
}
/**
* Updates the authentication credentials, the authentication manager needs to authenticate this token.
* This could be a username/password from a login controller.
* This method is called while initializing the security context. By returning TRUE you
* make sure that the authentication manager will (re-)authenticate the tokens with the current credentials.
* Note: You should not persist the credentials!
*
* @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current request instance
*
* @return bool TRUE if this token needs to be (re-)authenticated
*/
public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
{
$httpRequest = $actionRequest->getHttpRequest();
if ($httpRequest->getMethod() !== 'GET') {
return;
}
if ($actionRequest->getInternalArgument('__casAuthenticationProviderName') === $this->authenticationProviderName) {
$this->authenticationStatus = self::AUTHENTICATION_NEEDED;
}
}
/**
* @test
*/
public function actionRequestStripsParentHttpRequest()
{
$httpRequest = Request::create(new Uri('http://typo3.org'));
$actionRequest = new ActionRequest($httpRequest);
$actionRequest->setControllerActionName('foo');
$serializedActionRequest = serialize($actionRequest);
/* @var $unserializedActionRequest ActionRequest */
$unserializedActionRequest = unserialize($serializedActionRequest);
$this->assertNull($unserializedActionRequest->getParentRequest(), 'Parent HTTP request should be NULL after deserialization');
$this->assertSame('foo', $unserializedActionRequest->getControllerActionName());
}
/**
* Updates the identifier credential from the GET/POST vars, if the GET/POST parameters
* are available. Sets the authentication status to AUTHENTICATION_NEEDED, if credentials have been sent.
*
* Note: You need to send the password in this parameter:
* __authentication[_OurBrand_][Quiz][Security][IdentifierToken][identifier]
*
* @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current action request
* @return void
*/
public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
{
$postArguments = $actionRequest->getInternalArguments();
$username = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($postArguments, '__authentication._OurBrand_.Quiz.Security.IdentifierToken.username');
$password = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($postArguments, '__authentication._OurBrand_.Quiz.Security.IdentifierToken.password');
if (!empty($username) && !empty($password)) {
$this->credentials['username'] = $username;
$this->credentials['password'] = $password;
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* Is called if authentication was successful.
*
* See the implementation in the AbstractAuthenticationController for details!
*
* @param \TYPO3\Flow\Mvc\ActionRequest $originalRequest The request that was intercepted by the security framework, NULL if there was none
* @return string
*/
protected function onAuthenticationSuccess(\TYPO3\Flow\Mvc\ActionRequest $originalRequest = NULL)
{
// if the login attempt is authenticated, add a success flash message
$this->addFlashMessage($this->translate('status_login_success', 'Login'));
// basically redirect to the intercepted requiest if there's one - but never redirect
// to the login form after successful login as this seems to make no sense.
if ($originalRequest !== NULL && $originalRequest->getControllerActionName() != 'login') {
$this->redirectToRequest($originalRequest);
} else {
$this->redirect('dashboard', 'Standard');
}
}
/**
* Updates the password credential from the POST vars, if the POST parameters
* are available. Sets the authentication status to AUTHENTICATION_NEEDED, if credentials have been sent.
*
* Note: You need to send the password in this POST parameter:
* __authentication[TYPO3][Flow][Security][Authentication][Token][PasswordToken][password]
*
* @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current action request
* @return void
*/
public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
{
if ($actionRequest->getHttpRequest()->getMethod() !== 'POST') {
return;
}
$postArguments = $actionRequest->getInternalArguments();
$password = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($postArguments, '__authentication.TYPO3.Flow.Security.Authentication.Token.PasswordToken.password');
if (!empty($password)) {
$this->credentials['password'] = $password;
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* Updates the username and password credentials from the HTTP authorization header.
* Sets the authentication status to AUTHENTICATION_NEEDED, if the header has been
* sent, to NO_CREDENTIALS_GIVEN if no authorization header was there.
*
* @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current action request instance
* @return void
*/
public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
{
$authorizationHeader = $actionRequest->getHttpRequest()->getHeaders()->get('Authorization');
if (substr($authorizationHeader, 0, 5) === 'Basic') {
$credentials = base64_decode(substr($authorizationHeader, 6));
$this->credentials['username'] = substr($credentials, 0, strpos($credentials, ':'));
$this->credentials['password'] = substr($credentials, strpos($credentials, ':') + 1);
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
} else {
$this->credentials = array('username' => null, 'password' => null);
$this->authenticationStatus = self::NO_CREDENTIALS_GIVEN;
}
}
/**
* Updates the username and password credentials from the POST vars, if the POST parameters
* are available. Sets the authentication status to REAUTHENTICATION_NEEDED, if credentials have been sent.
*
* @param \TYPO3\Flow\Mvc\ActionRequest $actionRequest The current action request instance
* @return void
*/
public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
{
$getArguments = $actionRequest->getArguments();
if (!empty($getArguments['user']) && !empty($getArguments['signature']) && !empty($getArguments['expires']) && !empty($getArguments['version']) && !empty($getArguments['tpa_id']) && !empty($getArguments['action']) && !empty($getArguments['flags']) && !empty($getArguments['userdata'])) {
$this->credentials['username'] = $getArguments['user'];
$this->credentials['signature'] = \TYPO3\Flow\Utility\TypeHandling::hex2bin($getArguments['signature']);
$this->credentials['expires'] = $getArguments['expires'];
$this->credentials['version'] = $getArguments['version'];
$this->credentials['tpaId'] = $getArguments['tpa_id'];
$this->credentials['action'] = $getArguments['action'];
$this->credentials['flags'] = $getArguments['flags'];
$this->credentials['userdata'] = $getArguments['userdata'];
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* Updates the username and password credentials from the POST vars, if the POST parameters
* are available. Sets the authentication status to REAUTHENTICATION_NEEDED, if credentials have been sent.
*
* Note: You need to send the username and password in these two POST parameters:
* __authentication[TYPO3][Flow][Security][Authentication][Token][UsernamePassword][username]
* and __authentication[TYPO3][Flow][Security][Authentication][Token][UsernamePassword][password]
*
* @param ActionRequest $actionRequest The current action request
* @return void
*/
public function updateCredentials(ActionRequest $actionRequest)
{
$httpRequest = $actionRequest->getHttpRequest();
if ($httpRequest->getMethod() !== 'POST') {
return;
}
$arguments = $actionRequest->getInternalArguments();
$username = ObjectAccess::getPropertyPath($arguments, '__authentication.TYPO3.Flow.Security.Authentication.Token.UsernamePassword.username');
$password = ObjectAccess::getPropertyPath($arguments, '__authentication.TYPO3.Flow.Security.Authentication.Token.UsernamePassword.password');
if (!empty($username) && !empty($password)) {
$this->credentials['username'] = $username;
$this->credentials['password'] = $password;
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* Build the proper pluginRequest to render the PluginView
* of some configured Master Plugin
*
* @return ActionRequest
*/
protected function buildPluginRequest()
{
/** @var $parentRequest ActionRequest */
$parentRequest = $this->tsRuntime->getControllerContext()->getRequest();
$pluginRequest = new ActionRequest($parentRequest);
if (!$this->pluginViewNode instanceof NodeInterface) {
$pluginRequest->setArgumentNamespace('--' . $this->getPluginNamespace());
$this->passArgumentsToPluginRequest($pluginRequest);
$pluginRequest->setControllerPackageKey($this->getPackage());
$pluginRequest->setControllerSubpackageKey($this->getSubpackage());
$pluginRequest->setControllerName($this->getController());
$pluginRequest->setControllerActionName($this->getAction());
return $pluginRequest;
}
$pluginNodeIdentifier = $this->pluginViewNode->getProperty('plugin');
if (strlen($pluginNodeIdentifier) === 0) {
return $pluginRequest;
}
// Set the node to render this to the master plugin node
$this->node = $this->pluginViewNode->getContext()->getNodeByIdentifier($pluginNodeIdentifier);
if ($this->node === null) {
return $pluginRequest;
}
$pluginRequest->setArgument('__node', $this->node);
$pluginRequest->setArgumentNamespace('--' . $this->getPluginNamespace());
$this->passArgumentsToPluginRequest($pluginRequest);
if ($pluginRequest->getControllerObjectName() !== '') {
return $pluginRequest;
}
$controllerObjectPairs = array();
$pluginViewName = $this->pluginViewNode->getProperty('view');
foreach ($this->pluginService->getPluginViewDefinitionsByPluginNodeType($this->node->getNodeType()) as $pluginViewDefinition) {
/** @var PluginViewDefinition $pluginViewDefinition */
if ($pluginViewDefinition->getName() !== $pluginViewName) {
continue;
}
$controllerObjectPairs = $pluginViewDefinition->getControllerActionPairs();
break;
}
if ($controllerObjectPairs === array()) {
return $pluginRequest;
}
$defaultControllerObjectName = key($controllerObjectPairs);
$defaultActionName = current($controllerObjectPairs[$defaultControllerObjectName]);
$pluginRequest->setControllerObjectName($defaultControllerObjectName);
$pluginRequest->setControllerActionName($defaultActionName);
return $pluginRequest;
}
/**
* @test
*/
public function updateCredentialsIgnoresAnythingOtherThanPostRequests()
{
$arguments = array();
$arguments['__authentication']['TYPO3']['Flow']['Security']['Authentication']['Token']['PasswordToken']['password'] = '******';
$this->mockHttpRequest->expects($this->atLeastOnce())->method('getMethod')->will($this->returnValue('POST'));
$this->mockActionRequest->expects($this->atLeastOnce())->method('getInternalArguments')->will($this->returnValue($arguments));
$this->token->updateCredentials($this->mockActionRequest);
$this->assertEquals(array('password' => 'verysecurepassword'), $this->token->getCredentials());
$secondToken = new PasswordToken();
$secondMockActionRequest = $this->getMockBuilder(\TYPO3\Flow\Mvc\ActionRequest::class)->disableOriginalConstructor()->getMock();
$secondMockHttpRequest = $this->getMockBuilder(\TYPO3\Flow\Http\Request::class)->disableOriginalConstructor()->getMock();
$secondMockActionRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($secondMockHttpRequest));
$secondMockHttpRequest->expects($this->atLeastOnce())->method('getMethod')->will($this->returnValue('GET'));
$secondToken->updateCredentials($secondMockActionRequest);
$this->assertEquals(array('password' => ''), $secondToken->getCredentials());
}
/**
* @test
*/
public function dispatchContinuesWithNextRequestFoundInAForwardException()
{
$httpRequest = Request::create(new Uri('http://localhost'));
$httpResponse = new Response();
$mainRequest = $httpRequest->createActionRequest();
$subRequest = new ActionRequest($mainRequest);
$nextRequest = $httpRequest->createActionRequest();
$mainRequest->setDispatched(TRUE);
$mainRequest->setControllerSubPackageKey('main');
$subRequest->setControllerSubPackageKey('sub');
$nextRequest->setControllerSubPackageKey('next');
$mockController = $this->getMock('TYPO3\\Flow\\Mvc\\Controller\\ControllerInterface', array('processRequest'));
$mockController->expects($this->at(0))->method('processRequest')->will($this->returnCallback(function (ActionRequest $request) use($nextRequest) {
$request->setDispatched(TRUE);
$forwardException = new ForwardException();
$forwardException->setNextRequest($nextRequest);
throw $forwardException;
}));
$mockController->expects($this->at(1))->method('processRequest')->will($this->returnCallback(function (ActionRequest $request) use($nextRequest) {
// NOTE: PhpUnit creates a clone of $nextRequest, thus $request is not the same instance as expected.
if ($request == $nextRequest) {
$nextRequest->setDispatched(TRUE);
}
}));
$dispatcher = $this->getMock('TYPO3\\Flow\\Mvc\\Dispatcher', array('resolveController', 'emitAfterControllerInvocation'), array(), '', FALSE);
$dispatcher->expects($this->any())->method('resolveController')->will($this->returnValue($mockController));
$dispatcher->dispatch($subRequest, $httpResponse);
}
/**
* @test
*/
public function handleMergesInternalArgumentsWithRoutingMatchResults()
{
$this->mockHttpRequest->expects($this->any())->method('getArguments')->will($this->returnValue(array('__internalArgument1' => 'request', '__internalArgument2' => 'request', '__internalArgument3' => 'request')));
$this->mockPropertyMapper->expects($this->any())->method('convert')->with('', 'array', $this->mockPropertyMappingConfiguration)->will($this->returnValue(array('__internalArgument2' => 'requestBody', '__internalArgument3' => 'requestBody')));
$this->mockComponentContext->expects($this->atLeastOnce())->method('getParameter')->with('TYPO3\\Flow\\Mvc\\Routing\\RoutingComponent', 'matchResults')->will($this->returnValue(array('__internalArgument3' => 'routing')));
$this->mockActionRequest->expects($this->once())->method('setArguments')->with(array('__internalArgument1' => 'request', '__internalArgument2' => 'requestBody', '__internalArgument3' => 'routing'));
$this->dispatchComponent->handle($this->mockComponentContext);
}
/**
* Set the default controller and action names if none has been specified.
*
* @return void
*/
protected function setDefaultControllerAndActionNameIfNoneSpecified()
{
if ($this->actionRequest->getControllerName() === NULL) {
$this->actionRequest->setControllerName('Standard');
}
if ($this->actionRequest->getControllerActionName() === NULL) {
$this->actionRequest->setControllerActionName('index');
}
}
/**
* @param string $path
* @return string
* @throws \Exception
*/
public function render($path = NULL)
{
/** @var RequestHandler $activeRequestHandler */
$activeRequestHandler = $this->bootstrap->getActiveRequestHandler();
$parentHttpRequest = $activeRequestHandler->getHttpRequest();
$httpRequest = Request::create(new Uri($parentHttpRequest->getBaseUri() . $path . '.html'));
$matchingRoute = $this->router->route($httpRequest);
if (!$matchingRoute) {
throw new \Exception(sprintf('Uri with path "%s" could not be found.', $parentHttpRequest->getBaseUri() . $path . '.html'), 1426446160);
}
$request = new ActionRequest($parentHttpRequest);
foreach ($matchingRoute as $argumentName => $argumentValue) {
$request->setArgument($argumentName, $argumentValue);
}
$response = new Response($activeRequestHandler->getHttpResponse());
$this->dispatcher->dispatch($request, $response);
return $response->getContent();
}
/**
* @test
*/
public function buildAddsActionNameFromRootRequestIfRequestIsOfTypeSubRequest()
{
$expectedArguments = array('@action' => 'RootRequestActionName');
$this->mockMainRequest->expects($this->once())->method('getControllerActionName')->will($this->returnValue('RootRequestActionName'));
$this->mockMainRequest->expects($this->any())->method('getArguments')->will($this->returnValue(array()));
$this->uriBuilder->setRequest($this->mockSubRequest);
$this->uriBuilder->build();
$this->assertEquals($expectedArguments, $this->uriBuilder->getLastArguments());
}
/**
* @test
*/
public function tokenCanBeCastToString()
{
$arguments = array();
$arguments['__authentication']['TYPO3']['Flow']['Security']['Authentication']['Token']['UsernamePassword']['username'] = '******';
$arguments['__authentication']['TYPO3']['Flow']['Security']['Authentication']['Token']['UsernamePassword']['password'] = '******';
$this->mockHttpRequest->expects($this->atLeastOnce())->method('getMethod')->will($this->returnValue('POST'));
$this->mockActionRequest->expects($this->atLeastOnce())->method('getInternalArguments')->will($this->returnValue($arguments));
$this->token->updateCredentials($this->mockActionRequest);
$this->assertEquals('Username: "******"', (string) $this->token);
}
/**
* Maps arguments delivered by the request object to the local controller arguments.
*
* @return void
* @throws \TYPO3\Flow\Mvc\Exception\RequiredArgumentMissingException
* @api
*/
protected function mapRequestArgumentsToControllerArguments()
{
foreach ($this->arguments as $argument) {
$argumentName = $argument->getName();
if ($this->request->hasArgument($argumentName)) {
$argument->setValue($this->request->getArgument($argumentName));
} elseif ($argument->isRequired()) {
throw new \TYPO3\Flow\Mvc\Exception\RequiredArgumentMissingException('Required argument "' . $argumentName . '" is not set.', 1298012500);
}
}
}
/**
* Updates the authentication credentials, the authentication manager needs to authenticate this token.
* This could be a username/password from a login controller.
* This method is called while initializing the security context. By returning TRUE you
* make sure that the authentication manager will (re-)authenticate the tokens with the current credentials.
* Note: You should not persist the credentials!
*
* @param \TYPO3\Flow\Mvc\ActionRequest $request The current request instance
* @return boolean TRUE if this token needs to be (re-)authenticated
*/
public function updateCredentials(\TYPO3\Flow\Mvc\ActionRequest $actionRequest)
{
$httpRequest = $actionRequest->getHttpRequest();
if ($httpRequest->getMethod() !== 'GET') {
return;
}
// Check if we have a callback request
$arguments = $httpRequest->getArguments();
$accessTokenCipher = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($arguments, '__flowpack.singlesignon.accessToken');
$signature = \TYPO3\Flow\Reflection\ObjectAccess::getPropertyPath($arguments, '__flowpack.singlesignon.signature');
if (!empty($accessTokenCipher) && !empty($signature)) {
// Get callback parameters from request
$this->credentials['accessToken'] = base64_decode($accessTokenCipher);
$this->credentials['signature'] = base64_decode($signature);
$this->callbackUri = $actionRequest->getHttpRequest()->getUri();
$arguments = $this->callbackUri->getArguments();
unset($arguments['__flowpack']);
$this->callbackUri->setQuery(http_build_query($arguments));
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* Updates the authentication credentials, the authentication manager needs to authenticate this token.
* This could be a username/password from a login controller.
* This method is called while initializing the security context. By returning TRUE you
* make sure that the authentication manager will (re-)authenticate the tokens with the current credentials.
* Note: You should not persist the credentials!
*
* @param ActionRequest $actionRequest The current request instance
* @throws \InvalidArgumentException
* @return boolean TRUE if this token needs to be (re-)authenticated
*/
public function updateCredentials(ActionRequest $actionRequest)
{
if ($actionRequest->getHttpRequest()->getMethod() !== 'GET' || $actionRequest->getInternalArgument('__oauth2Provider') !== $this->authenticationProviderName) {
return;
}
if (!$actionRequest->hasArgument('code')) {
$this->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
$this->securityLogger->log('There was no argument `code` provided.', LOG_NOTICE);
return;
}
$code = $actionRequest->getArgument('code');
$redirectUri = $this->oauthUriBuilder->getRedirectionEndpointUri($this->authenticationProviderName);
try {
$this->credentials['accessToken'] = $this->tokenEndpoint->requestAuthorizationCodeGrantAccessToken($code, $redirectUri);
$this->setAuthenticationStatus(TokenInterface::AUTHENTICATION_NEEDED);
} catch (Exception $exception) {
$this->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
$this->securityLogger->logException($exception);
return;
}
}
/**
* Redirects the web request to another uri.
*
* NOTE: This method only supports web requests and will throw an exception
* if used with other request types.
*
* @param mixed $uri Either a string representation of a URI or a \TYPO3\Flow\Http\Uri object
* @param integer $delay (optional) The delay in seconds. Default is no delay.
* @param integer $statusCode (optional) The HTTP status code for the redirect. Default is "303 See Other"
* @return void
* @throws \TYPO3\Flow\Mvc\Exception\StopActionException
* @api
*/
protected function redirectToUri($uri, $delay = 0, $statusCode = 303)
{
// the parent method throws the exception, but we need to act afterwards
// thus the code in catch - it's the expected state
try {
parent::redirectToUri($uri, $delay, $statusCode);
} catch (\TYPO3\Flow\Mvc\Exception\StopActionException $exception) {
if ($this->request->getFormat() === 'json') {
$this->response->setContent('');
}
throw $exception;
}
}
/**
* Calculates the dimensions of the thumbnail to be generated and returns the thumbnail URI.
* In case of Images this is a thumbnail of the image, in case of other assets an icon representation.
*
* @param AssetInterface $asset
* @param ThumbnailConfiguration $configuration
* @param ActionRequest $request Request argument must be provided for asynchronous thumbnails
* @return array|null Array with keys "width", "height" and "src" if the thumbnail generation work or null
* @throws AssetServiceException
*/
public function getThumbnailUriAndSizeForAsset(AssetInterface $asset, ThumbnailConfiguration $configuration, ActionRequest $request = null)
{
$thumbnailImage = $this->thumbnailService->getThumbnail($asset, $configuration);
if (!$thumbnailImage instanceof ImageInterface) {
return null;
}
$resource = $thumbnailImage->getResource();
if ($thumbnailImage instanceof Thumbnail) {
$staticResource = $thumbnailImage->getStaticResource();
if ($configuration->isAsync() === true && $resource === null && $staticResource === null) {
if ($request === null) {
throw new AssetServiceException('Request argument must be provided for async thumbnails.', 1447660835);
}
$this->uriBuilder->setRequest($request->getMainRequest());
$uri = $this->uriBuilder->reset()->setCreateAbsoluteUri(true)->uriFor('thumbnail', array('thumbnail' => $thumbnailImage), 'Thumbnail', 'TYPO3.Media');
} else {
$uri = $this->thumbnailService->getUriForThumbnail($thumbnailImage);
}
} else {
$uri = $this->resourceManager->getPublicPersistentResourceUri($resource);
}
return array('width' => $thumbnailImage->getWidth(), 'height' => $thumbnailImage->getHeight(), 'src' => $uri);
}
/**
* @test
*/
public function matchRequestReturnsFalseIfAuthorizationChecksAreDisabled()
{
$httpRequest = Request::create(new Uri('http://localhost'), 'POST');
$this->mockActionRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($httpRequest));
$mockAuthenticationManager = $this->createMock(\TYPO3\Flow\Security\Authentication\AuthenticationManagerInterface::class);
$mockAuthenticationManager->expects($this->any())->method('isAuthenticated')->will($this->returnValue(true));
$mockSecurityContext = $this->createMock(\TYPO3\Flow\Security\Context::class);
$mockSecurityContext->expects($this->atLeastOnce())->method('areAuthorizationChecksDisabled')->will($this->returnValue(true));
$mockCsrfProtectionPattern = $this->getAccessibleMock(\TYPO3\Flow\Security\RequestPattern\CsrfProtection::class, array('dummy'));
$mockCsrfProtectionPattern->_set('authenticationManager', $mockAuthenticationManager);
$mockCsrfProtectionPattern->_set('systemLogger', $this->mockSystemLogger);
$mockCsrfProtectionPattern->_set('securityContext', $mockSecurityContext);
$this->assertFalse($mockCsrfProtectionPattern->matchRequest($this->mockActionRequest));
}
/**
* Sets up security test requirements
*
* Security is based on action requests so we need a working route for the TestingProvider.
*
* @return void
*/
protected function setupSecurity()
{
$this->accessDecisionManager = $this->objectManager->get('TYPO3\\Flow\\Security\\Authorization\\AccessDecisionManagerInterface');
$this->accessDecisionManager->setOverrideDecision(NULL);
$this->policyService = $this->objectManager->get('TYPO3\\Flow\\Security\\Policy\\PolicyService');
$this->authenticationManager = $this->objectManager->get('TYPO3\\Flow\\Security\\Authentication\\AuthenticationProviderManager');
$this->testingProvider = $this->objectManager->get('TYPO3\\Flow\\Security\\Authentication\\Provider\\TestingProvider');
$this->testingProvider->setName('TestingProvider');
$this->securityContext = $this->objectManager->get('TYPO3\\Flow\\Security\\Context');
$this->securityContext->clearContext();
$httpRequest = Request::createFromEnvironment();
$this->mockActionRequest = new ActionRequest($httpRequest);
$this->mockActionRequest->setControllerObjectName('TYPO3\\Flow\\Tests\\Functional\\Security\\Fixtures\\Controller\\AuthenticationController');
$this->securityContext->setRequest($this->mockActionRequest);
}
/**
* @test
*/
public function evaluateIgnoresPackagePropertyIfAResourcePathIsGiven()
{
$this->mockTsRuntime->expects($this->any())->method('evaluate')->will($this->returnCallback(function ($evaluatePath, $that) {
$relativePath = str_replace('resourceUri/test/', '', $evaluatePath);
switch ($relativePath) {
case 'path':
return 'resource://Some.Package/Public/SomeResource';
case 'package':
return 'Specified.Package';
}
return null;
}));
$this->mockActionRequest->expects($this->any())->method('getControllerPackageKey')->will($this->returnValue('Current.Package'));
$this->mockResourceManager->expects($this->atLeastOnce())->method('getPublicPackageResourceUri')->will($this->returnValue('Static/Resources/Packages/Some.Package/SomeResource'));
$this->assertSame('Static/Resources/Packages/Some.Package/SomeResource', $this->resourceUriImplementation->evaluate());
}
/**
* @test
*/
public function processRequestInjectsSettingsToView()
{
$this->actionController = $this->getAccessibleMock(\TYPO3\Flow\Mvc\Controller\ActionController::class, array('resolveActionMethodName', 'initializeActionMethodArguments', 'initializeActionMethodValidators', 'resolveView', 'callActionMethod'));
$this->inject($this->actionController, 'objectManager', $this->mockObjectManager);
$this->inject($this->actionController, 'controllerContext', $this->mockControllerContext);
$mockSettings = array('foo', 'bar');
$this->inject($this->actionController, 'settings', $mockSettings);
$mockMvcPropertyMappingConfigurationService = $this->createMock(\TYPO3\Flow\Mvc\Controller\MvcPropertyMappingConfigurationService::class);
$this->inject($this->actionController, 'mvcPropertyMappingConfigurationService', $mockMvcPropertyMappingConfigurationService);
$mockHttpRequest = $this->getMockBuilder(\TYPO3\Flow\Http\Request::class)->disableOriginalConstructor()->getMock();
$mockHttpRequest->expects($this->any())->method('getNegotiatedMediaType')->will($this->returnValue('*/*'));
$this->mockRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($mockHttpRequest));
$mockResponse = $this->createMock(\TYPO3\Flow\Http\Response::class);
$mockView = $this->createMock(\TYPO3\Flow\Mvc\View\ViewInterface::class);
$mockView->expects($this->once())->method('assign')->with('settings', $mockSettings);
$this->actionController->expects($this->once())->method('resolveView')->will($this->returnValue($mockView));
$this->actionController->processRequest($this->mockRequest, $mockResponse);
}
/**
* @test
* @expectedException \TYPO3\Flow\Mvc\Exception\RequiredArgumentMissingException
*/
public function mapRequestArgumentsToControllerArgumentsThrowsExceptionIfRequiredArgumentWasNotSet()
{
$mockPropertyMapper = $this->getMock('TYPO3\\Flow\\Property\\PropertyMapper', array('convert'), array(), '', FALSE);
$mockPropertyMapper->expects($this->atLeastOnce())->method('convert')->will($this->returnArgument(0));
$controllerArguments = new Arguments();
$controllerArguments->addNewArgument('foo', 'string', TRUE);
$controllerArguments->addNewArgument('baz', 'string', TRUE);
foreach ($controllerArguments as $controllerArgument) {
$this->inject($controllerArgument, 'propertyMapper', $mockPropertyMapper);
}
$controller = $this->getAccessibleMock('TYPO3\\Flow\\Mvc\\Controller\\AbstractController', array('processRequest'));
$controller->_call('initializeController', $this->mockActionRequest, $this->mockHttpResponse);
$controller->_set('arguments', $controllerArguments);
$this->mockActionRequest->expects($this->at(0))->method('hasArgument')->with('foo')->will($this->returnValue(TRUE));
$this->mockActionRequest->expects($this->at(1))->method('getArgument')->with('foo')->will($this->returnValue('bar'));
$this->mockActionRequest->expects($this->at(2))->method('hasArgument')->with('baz')->will($this->returnValue(FALSE));
$controller->_call('mapRequestArgumentsToControllerArguments');
}
/**
* @test
* @expectedException \TYPO3\Flow\Mvc\Exception\RequiredArgumentMissingException
*/
public function mapRequestArgumentsToControllerArgumentsThrowsExceptionIfRequiredArgumentWasNotSet()
{
$mockPropertyMapper = $this->getMockBuilder(\TYPO3\Flow\Property\PropertyMapper::class)->disableOriginalConstructor()->setMethods(array('convert'))->getMock();
$mockPropertyMapper->expects($this->atLeastOnce())->method('convert')->will($this->returnArgument(0));
$controllerArguments = new Arguments();
$controllerArguments->addNewArgument('foo', 'string', true);
$controllerArguments->addNewArgument('baz', 'string', true);
foreach ($controllerArguments as $controllerArgument) {
$this->inject($controllerArgument, 'propertyMapper', $mockPropertyMapper);
}
$controller = $this->getAccessibleMock(\TYPO3\Flow\Mvc\Controller\AbstractController::class, array('processRequest'));
$controller->_call('initializeController', $this->mockActionRequest, $this->mockHttpResponse);
$controller->_set('arguments', $controllerArguments);
$this->mockActionRequest->expects($this->at(0))->method('hasArgument')->with('foo')->will($this->returnValue(true));
$this->mockActionRequest->expects($this->at(1))->method('getArgument')->with('foo')->will($this->returnValue('bar'));
$this->mockActionRequest->expects($this->at(2))->method('hasArgument')->with('baz')->will($this->returnValue(false));
$controller->_call('mapRequestArgumentsToControllerArguments');
}
