/** * Sets up this test case */ public function setUp() { $this->securityContext = $this->getAccessibleMock(\TYPO3\Flow\Security\Context::class, array('separateActiveAndInactiveTokens')); $this->mockAuthenticationManager = $this->getMock(\TYPO3\Flow\Security\Authentication\AuthenticationManagerInterface::class); $this->mockAuthenticationManager->expects($this->any())->method('getTokens')->will($this->returnValue(array())); $this->securityContext->injectAuthenticationManager($this->mockAuthenticationManager); $this->mockActionRequest = $this->getMockBuilder(\TYPO3\Flow\Mvc\ActionRequest::class)->disableOriginalConstructor()->getMock(); $this->securityContext->setRequest($this->mockActionRequest); }
/** * Create an action request from stored route match values and dispatch to that * * @param ComponentContext $componentContext * @return void */ public function handle(ComponentContext $componentContext) { $httpRequest = $componentContext->getHttpRequest(); /** @var $actionRequest ActionRequest */ $actionRequest = $this->objectManager->get(ActionRequest::class, $httpRequest); $this->securityContext->setRequest($actionRequest); $routingMatchResults = $componentContext->getParameter(Routing\RoutingComponent::class, 'matchResults'); $actionRequest->setArguments($this->mergeArguments($httpRequest, $routingMatchResults)); $this->setDefaultControllerAndActionNameIfNoneSpecified($actionRequest); $componentContext->setParameter(self::class, 'actionRequest', $actionRequest); $this->dispatcher->dispatch($actionRequest, $componentContext->getHttpResponse()); }
/** * @param array $patterns * @param bool $expectedActive * @test * @dataProvider separateActiveAndInactiveTokensDataProvider */ public function separateActiveAndInactiveTokensTests(array $patterns, $expectedActive) { $mockRequestPatterns = []; foreach ($patterns as $pattern) { $mockRequestPattern = $this->getMockBuilder(\TYPO3\Flow\Security\RequestPatternInterface::class)->setMockClassName('RequestPattern_' . $pattern['type'])->getMock(); $mockRequestPattern->expects($this->any())->method('matchRequest')->with($this->mockActionRequest)->will($this->returnValue($pattern['matchesRequest'])); $mockRequestPatterns[] = $mockRequestPattern; } $mockToken = $this->createMock(\TYPO3\Flow\Security\Authentication\TokenInterface::class); $mockToken->expects($this->once())->method('hasRequestPatterns')->will($this->returnValue($mockRequestPatterns !== [])); $mockToken->expects($this->any())->method('getRequestPatterns')->will($this->returnValue($mockRequestPatterns)); /** @var \TYPO3\Flow\Security\Authentication\AuthenticationManagerInterface|\PHPUnit_Framework_MockObject_MockObject $mockAuthenticationManager */ $mockAuthenticationManager = $this->createMock(\TYPO3\Flow\Security\Authentication\AuthenticationManagerInterface::class); $mockAuthenticationManager->expects($this->once())->method('getTokens')->will($this->returnValue([$mockToken])); $this->securityContext = $this->getAccessibleMock(Context::class, ['dummy']); $settings = []; $settings['security']['authentication']['authenticationStrategy'] = 'allTokens'; $this->securityContext->injectSettings($settings); $this->securityContext->injectAuthenticationManager($mockAuthenticationManager); $this->securityContext->setRequest($this->mockActionRequest); $this->securityContext->initialize(); if ($expectedActive) { $this->assertContains($mockToken, $this->securityContext->_get('activeTokens')); } else { $this->assertContains($mockToken, $this->securityContext->_get('inactiveTokens')); } }
/** * Prepares the environment for and conducts an account authentication * * @param Account $account * @return void */ protected function authenticateAccount(Account $account) { $this->testingProvider->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); $this->testingProvider->setAccount($account); $this->securityContext->clearContext(); /** @var RequestHandler $requestHandler */ $this->securityContext->setRequest($this->mockActionRequest); $this->authenticationManager->authenticate(); }
/** * Prepares the environment for and conducts an account authentication * * @param \TYPO3\Flow\Security\Account $account * @return void * @api */ protected function authenticateAccount(\TYPO3\Flow\Security\Account $account) { $this->testingProvider->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL); $this->testingProvider->setAccount($account); $this->securityContext->clearContext(); $requestHandler = self::$bootstrap->getActiveRequestHandler(); $actionRequest = $this->route($requestHandler->getHttpRequest()); $this->securityContext->setRequest($actionRequest); $this->authenticationManager->authenticate(); }
/** * Checks whether the current request has the same security context hash as the one of the token * * @param array $tokenData * @param HttpRequest $httpRequest * @return void * @throws AccessDeniedException */ protected function verifySecurityContextHash(array $tokenData, HttpRequest $httpRequest) { if (!isset($tokenData['securityContextHash'])) { return; } /** @var $actionRequest ActionRequest */ $actionRequest = $this->objectManager->get(ActionRequest::class, $httpRequest); $this->securityContext->setRequest($actionRequest); if ($tokenData['securityContextHash'] !== $this->securityContext->getContextHash()) { throw new AccessDeniedException(sprintf('Invalid security hash!%sThis request is signed for a security context hash of "%s", but the current hash is "%s"', chr(10), $tokenData['securityContextHash'], $this->securityContext->getContextHash()), 1429705633); } }
/** * Sends the given HTTP request * * @param \TYPO3\Flow\Http\Request $request * @return \TYPO3\Flow\Http\Response * @throws \TYPO3\Flow\Http\Exception * @api */ public function sendRequest(Request $request) { $requestHandler = $this->bootstrap->getActiveRequestHandler(); if (!$requestHandler instanceof \TYPO3\Flow\Tests\FunctionalTestRequestHandler) { throw new \TYPO3\Flow\Http\Exception('The browser\'s internal request engine has only been designed for use within functional tests.', 1335523749); } $response = new Response(); $requestHandler->setHttpRequest($request); $requestHandler->setHttpResponse($response); try { $actionRequest = $this->router->route($request); $this->securityContext->clearContext(); $this->securityContext->setRequest($actionRequest); $this->validatorResolver->reset(); $this->dispatcher->dispatch($actionRequest, $response); $session = $this->bootstrap->getObjectManager()->get('TYPO3\\Flow\\Session\\SessionInterface'); if ($session->isStarted()) { $session->close(); } } catch (\Exception $exception) { $pathPosition = strpos($exception->getFile(), 'Packages/'); $filePathAndName = $pathPosition !== FALSE ? substr($exception->getFile(), $pathPosition) : $exception->getFile(); $exceptionCodeNumber = $exception->getCode() > 0 ? '#' . $exception->getCode() . ': ' : ''; $content = PHP_EOL . 'Uncaught Exception in Flow ' . $exceptionCodeNumber . $exception->getMessage() . PHP_EOL; $content .= 'thrown in file ' . $filePathAndName . PHP_EOL; $content .= 'in line ' . $exception->getLine() . PHP_EOL . PHP_EOL; $content .= \TYPO3\Flow\Error\Debugger::getBacktraceCode($exception->getTrace(), FALSE, TRUE) . PHP_EOL; if ($exception instanceof \TYPO3\Flow\Exception) { $statusCode = $exception->getStatusCode(); } else { $statusCode = 500; } $response->setStatus($statusCode); $response->setContent($content); $response->setHeader('X-Flow-ExceptionCode', $exception->getCode()); $response->setHeader('X-Flow-ExceptionMessage', $exception->getMessage()); } return $response; }
/** * Handles a HTTP request * * @return void */ public function handleRequest() { // Create the request very early so the Resource Management has a chance to grab it: $this->request = Request::createFromEnvironment(); $this->response = new Response(); $this->boot(); $this->resolveDependencies(); $this->request->injectSettings($this->settings); $this->router->setRoutesConfiguration($this->routesConfiguration); $actionRequest = $this->router->route($this->request); $this->securityContext->setRequest($actionRequest); $this->dispatcher->dispatch($actionRequest, $this->response); $this->response->makeStandardsCompliant($this->request); $this->response->send(); $this->bootstrap->shutdown('Runtime'); $this->exit->__invoke(); }