/** * Advices the dispatch method so that illegal action requests are blocked before * invoking any controller. * * The "request" referred to within this method is an ActionRequest or some other * dispatchable request implementing RequestInterface. Note that we don't deal * with HTTP requests here. * * @Flow\Around("setting(TYPO3.Flow.security.enable) && method(TYPO3\Flow\Mvc\Dispatcher->dispatch())") * @param \TYPO3\Flow\Aop\JoinPointInterface $joinPoint The current joinpoint * @return mixed Result of the advice chain * @throws \Exception|\TYPO3\Flow\Security\Exception\AccessDeniedException * @throws \Exception|\TYPO3\Flow\Security\Exception\AuthenticationRequiredException */ public function blockIllegalRequestsAndForwardToAuthenticationEntryPoints(JoinPointInterface $joinPoint) { $request = $joinPoint->getMethodArgument('request'); if (!$request instanceof ActionRequest || $this->securityContext->areAuthorizationChecksDisabled()) { return $joinPoint->getAdviceChain()->proceed($joinPoint); } try { $this->firewall->blockIllegalRequests($request); return $joinPoint->getAdviceChain()->proceed($joinPoint); } catch (AuthenticationRequiredException $exception) { $response = $joinPoint->getMethodArgument('response'); $entryPointFound = FALSE; /** @var $token \TYPO3\Flow\Security\Authentication\TokenInterface */ foreach ($this->securityContext->getAuthenticationTokens() as $token) { $entryPoint = $token->getAuthenticationEntryPoint(); if ($entryPoint !== NULL) { $entryPointFound = TRUE; if ($entryPoint instanceof WebRedirect) { $this->securityLogger->log('Redirecting to authentication entry point', LOG_INFO, $entryPoint->getOptions()); } else { $this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO); } $this->securityContext->setInterceptedRequest($request->getMainRequest()); $entryPoint->startAuthentication($request->getHttpRequest(), $response); } } if ($entryPointFound === FALSE) { $this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE); throw $exception; } } catch (AccessDeniedException $exception) { $this->securityLogger->log('Access denied', LOG_WARNING); throw $exception; } return NULL; }
/** * @test * @expectedException \TYPO3\Flow\Security\Exception\AccessDeniedException */ public function dispatchRethrowsAccessDeniedException() { $this->mockActionRequest->expects($this->any())->method('isDispatched')->will($this->returnValue(TRUE)); $this->mockFirewall->expects($this->once())->method('blockIllegalRequests')->will($this->throwException(new AccessDeniedException())); $this->dispatcher->dispatch($this->mockActionRequest, $this->mockHttpResponse); }