/** * Resolves the class name of a request pattern. If a valid request pattern class name is given, it is just returned. * * @param string $name The (short) name of the pattern * @return string The class name of the request pattern, NULL if no class was found. * @throws \TYPO3\FLOW3\Security\Exception\NoRequestPatternFoundException */ public function resolveRequestPatternClass($name) { $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName($name); if ($resolvedObjectName !== FALSE) { return $resolvedObjectName; } $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName('TYPO3\\FLOW3\\Security\\RequestPattern\\' . $name); if ($resolvedObjectName !== FALSE) { return $resolvedObjectName; } throw new \TYPO3\FLOW3\Security\Exception\NoRequestPatternFoundException('A request pattern with the name: "' . $name . '" could not be resolved.', 1217154134); }
/** * Resolves the class name of an authentication provider. If a valid provider class name is given, it is just returned. * * @param string $providerName The (short) name of the provider * @return string The object name of the authentication provider * @throws \TYPO3\FLOW3\Security\Exception\NoAuthenticationProviderFoundException */ public function resolveProviderClass($providerName) { $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName($providerName); if ($resolvedObjectName !== FALSE) { return $resolvedObjectName; } $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName('TYPO3\\FLOW3\\Security\\Authentication\\Provider\\' . $providerName); if ($resolvedObjectName !== FALSE) { return $resolvedObjectName; } throw new \TYPO3\FLOW3\Security\Exception\NoAuthenticationProviderFoundException('An authentication provider with the name "' . $providerName . '" could not be resolved.', 1217154134); }
/** * Resolves the class name of a security interceptor. If a valid interceptor class name is given, it is just returned. * * @param string $name The (short) name of the interceptor * @return string The class name of the security interceptor, NULL if no class was found. * @throws \TYPO3\FLOW3\Security\Exception\NoInterceptorFoundException */ public function resolveInterceptorClass($name) { $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName($name); if ($resolvedObjectName !== FALSE) { return $resolvedObjectName; } $resolvedObjectName = $this->objectManager->getCaseSensitiveObjectName('TYPO3\\FLOW3\\Security\\Authorization\\Interceptor\\' . $name); if ($resolvedObjectName !== FALSE) { return $resolvedObjectName; } throw new \TYPO3\FLOW3\Security\Exception\NoInterceptorFoundException('A security interceptor with the name: "' . $name . '" could not be resolved.', 1217154134); }
/** * Execute a task * * @param string $task * @param \TYPO3\Deploy\Domain\Model\Node $node * @param \TYPO3\Deploy\Domain\Model\Application $application * @param \TYPO3\Deploy\Domain\Model\Deployment $deployment * @param array $options * @return void */ public function execute($task, \TYPO3\Deploy\Domain\Model\Node $node, \TYPO3\Deploy\Domain\Model\Application $application, \TYPO3\Deploy\Domain\Model\Deployment $deployment, array $options = array()) { list($packageKey, $taskName) = explode(':', $task, 2); $taskClassName = strtr($packageKey, '.', '\\') . '\\Task\\' . strtr($taskName, ':', '\\') . 'Task'; $taskObjectName = $this->objectManager->getCaseSensitiveObjectName($taskClassName); if (!$this->objectManager->isRegistered($taskObjectName)) { throw new \Exception('Task "' . $task . '" not registered ' . $taskClassName); } $task = $this->objectManager->create($taskObjectName); if (!$deployment->isDryRun()) { $task->execute($node, $application, $deployment, $options); } else { $task->simulate($node, $application, $deployment, $options); } $this->taskHistory[] = array('task' => $task, 'node' => $node, 'application' => $application, 'deployment' => $deployment, 'options' => $options); }
/** * Returns the object name of the controller defined by the package, subpackage key and * controller name * * @param string $packageKey the package key of the controller * @param string $subPackageKey the subpackage key of the controller * @param string $controllerName the controller name excluding the "Controller" suffix * @return string The controller's Object Name or NULL if the controller does not exist * @api */ public function getControllerObjectName($packageKey, $subPackageKey, $controllerName) { $possibleObjectName = $this->controllerObjectNamePattern; $possibleObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleObjectName); $possibleObjectName = str_replace('@subpackage', $subPackageKey, $possibleObjectName); $possibleObjectName = str_replace('@controller', $controllerName, $possibleObjectName); $possibleObjectName = str_replace('\\\\', '\\', $possibleObjectName); $controllerObjectName = $this->objectManager->getCaseSensitiveObjectName($possibleObjectName); return $controllerObjectName !== FALSE ? $controllerObjectName : NULL; }
/** * Adds a CSRF token as argument in the URI builder * * @FLOW3\Before("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Routing\UriBuilder->build())") * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point * @return void */ public function addCsrfTokenToUri(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint) { $uriBuilder = $joinPoint->getProxy(); $arguments = $joinPoint->getMethodArgument('arguments'); $packageKey = isset($arguments['@package']) ? $arguments['@package'] : ''; $subpackageKey = isset($arguments['@subpackage']) ? $arguments['@subpackage'] : ''; $controllerName = isset($arguments['@controller']) ? $arguments['@controller'] : 'Standard'; $actionName = (isset($arguments['@action']) ? $arguments['@action'] : 'index') . 'Action'; $possibleObjectName = '@package\\@subpackage\\Controller\\@controllerController'; $possibleObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleObjectName); $possibleObjectName = str_replace('@subpackage', $subpackageKey, $possibleObjectName); $possibleObjectName = str_replace('@controller', $controllerName, $possibleObjectName); $possibleObjectName = str_replace('\\\\', '\\', $possibleObjectName); $lowercaseObjectName = strtolower($possibleObjectName); $className = $this->objectManager->getClassNameByObjectName($this->objectManager->getCaseSensitiveObjectName($lowercaseObjectName)); if ($this->policyService->hasPolicyEntryForMethod($className, $actionName) && !$this->reflectionService->isMethodAnnotatedWith($className, $actionName, 'TYPO3\\FLOW3\\Annotations\\SkipCsrfProtection')) { $internalArguments = $uriBuilder->getArguments(); $internalArguments['__csrfToken'] = $this->securityContext->getCsrfProtectionToken(); $uriBuilder->setArguments($internalArguments); } }
/** * Determines the fully qualified view object name. * * @return mixed The fully qualified view object name or FALSE if no matching view could be found. * @api */ protected function resolveViewObjectName() { $possibleViewObjectName = $this->viewObjectNamePattern; $packageKey = $this->request->getControllerPackageKey(); $subpackageKey = $this->request->getControllerSubpackageKey(); $format = $this->request->getFormat(); if ($subpackageKey !== NULL && $subpackageKey !== '') { $packageKey .= '\\' . $subpackageKey; } $possibleViewObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleViewObjectName); $possibleViewObjectName = str_replace('@controller', $this->request->getControllerName(), $possibleViewObjectName); $possibleViewObjectName = str_replace('@action', $this->request->getControllerActionName(), $possibleViewObjectName); $viewObjectName = $this->objectManager->getCaseSensitiveObjectName(strtolower(str_replace('@format', $format, $possibleViewObjectName))); if ($viewObjectName === FALSE) { $viewObjectName = $this->objectManager->getCaseSensitiveObjectName(strtolower(str_replace('@format', '', $possibleViewObjectName))); } if ($viewObjectName === FALSE && isset($this->viewFormatToObjectNameMap[$format])) { $viewObjectName = $this->viewFormatToObjectNameMap[$format]; } return $viewObjectName; }
/** * Sets the package key of the controller. * * This function tries to determine the correct case for the given package key. * If the Package Manager does not know the specified package, the package key * cannot be verified or corrected and is stored as is. * * @param string $packageKey The package key * @return void * @api */ public function setControllerPackageKey($packageKey) { $upperCamelCasedPackageClassName = $this->objectManager->getCaseSensitiveObjectName(str_replace('.', '\\', $packageKey) . '\\Package'); $this->controllerPackageKey = $upperCamelCasedPackageClassName !== FALSE ? substr(str_replace('\\', '.', $upperCamelCasedPackageClassName), 0, strlen($packageKey)) : $packageKey; }