/** * Attempt to authorize the discovered identity based on the ACLs present * * @param MvcAuthEvent $mvcAuthEvent * @return bool */ public function __invoke(MvcAuthEvent $mvcAuthEvent) { if ($mvcAuthEvent->isAuthorized()) { return; } $mvcEvent = $mvcAuthEvent->getMvcEvent(); $request = $mvcEvent->getRequest(); if (!$request instanceof Request) { return; } $response = $mvcEvent->getResponse(); if (!$response instanceof Response) { return; } $routeMatch = $mvcEvent->getRouteMatch(); if (!$routeMatch instanceof RouteMatch) { return; } $identity = $mvcAuthEvent->getIdentity(); if (!$identity instanceof IdentityInterface) { return; } $resource = $mvcAuthEvent->getResource(); $identity = $mvcAuthEvent->getIdentity(); return $this->authorization->isAuthorized($identity, $resource, $request->getMethod()); }
public function onAuthenticationPost(MvcAuthEvent $e) { if ($this->container->has('api-identity')) { return; } $this->container->setService('api-identity', $e->getIdentity()); }
public function __invoke(MvcAuthEvent $mvcAuthEvent) { $identity = $mvcAuthEvent->getIdentity()->getAuthenticationIdentity(); if (!is_null($identity)) { $identity = $this->services->get('User\\Service\\UserService')->fetch($identity['user_id']); $this->services->get('Application\\Authorization\\IdentityService')->setIdentity($identity); } }
public function testInvokeForBasicAuthHasNoIdentityWhenNotValid() { $httpAuth = new HttpAuth(['accept_schemes' => 'basic', 'realm' => 'My Web Site', 'digest_domains' => '/', 'nonce_timeout' => 3600]); $httpAuth->setBasicResolver(new HttpAuth\ApacheResolver(__DIR__ . '/../TestAsset/htpasswd')); $this->listener->setHttpAdapter($httpAuth); $this->request->getHeaders()->addHeaderLine('Authorization: Basic xxxxxxxxx'); $this->listener->__invoke($this->mvcAuthEvent); $this->assertNull($this->mvcAuthEvent->getIdentity()); }
/** * * @param MvcAuthEvent $mvcAuthEvent * @throws \Dws\Exception\Service\ModelNotFoundException */ public function __invoke(MvcAuthEvent $mvcAuthEvent) { // Add validated identity to ZfcUser storage $identity = $mvcAuthEvent->getIdentity(); if ($identity instanceof AuthenticatedIdentity) { $user = $this->userService->getUserMapper()->findById($identity->getAuthenticationIdentity()['user_id']); if ($user) { $this->authenticationService->getStorage()->write($user); } $identity->setName(implode(', ', $user->getRoles()->toArray())); } }
/** * @param MvcAuthEvent $mvcAuthEvent * @throws \Dws\Exception\Service\ModelNotFoundException */ public function __invoke(MvcAuthEvent $mvcAuthEvent) { // Add validated identity to ZfcUser storage $identity = $mvcAuthEvent->getIdentity(); if ($identity instanceof AuthenticatedIdentity) { /** var AuthenticatedIdentity $identity */ $user = $this->userService->find($identity->getAuthenticationIdentity()['user_id']); if ($user) { // It should not be possible to be authenticated without valid user, but in that case // we simply don't set the identity to the authentication service. No permissions // will then be granted. $this->authenticationService->getStorage()->write($user); } } }
public function authorization(MvcAuthEvent $event) { /** @var \ZF\MvcAuth\Identity\AuthenticatedIdentity $identity */ $identity = $event->getIdentity(); if (!$identity instanceof IdentityInterface || $identity instanceof GuestIdentity) { return; } $method = $event->getMvcEvent()->getRequest()->getMethod(); /** @var \ZF\MvcAuth\Authorization\AclAuthorization $authorization */ $authorization = $event->getAuthorizationService(); $sl = $event->getMvcEvent()->getApplication()->getServiceManager(); /** @var \Zend\Permissions\Acl\Assertion\AssertionInterface $resourceAssertion */ $resourceAssertion = $sl->get('Zfegg\\Admin\\MvcAuth\\Authorization\\ResourceAssertion'); if (!$authorization->hasRole($identity)) { $authorization->addRole($identity); } if (!$authorization->hasResource($event->getResource())) { $authorization->addResource($event->getResource()); } $authorization->deny($identity, $event->getResource(), $method, $resourceAssertion); }
/** * Attempt to authorize the discovered identity based on the ACLs present * * @param MvcAuthEvent $mvcAuthEvent * @void */ public function __invoke(MvcAuthEvent $mvcAuthEvent) { $imageService = $this->getServiceLocator()->get('AqilixAPI\\Image\\Service\\Image'); $authService = $mvcAuthEvent->getAuthorizationService(); $config = $this->getServiceLocator()->get('Config')['authorization']; $imageService->setUser($this->getServiceLocator()->get('image.authenticated.user')); $identity = $mvcAuthEvent->getIdentity(); if ($identity instanceof \ZF\MvcAuth\Identity\GuestIdentity) { return; } // resource:method $requestedResource = $mvcAuthEvent->getResource() . ':' . $mvcAuthEvent->getMvcEvent()->getRequest()->getMethod(); foreach ($config['scopes'] as $scope => $scopeConfig) { $resource = $scopeConfig['resource'] . ':' . $scopeConfig['method']; // if authorization resource equals to requested resource if ($resource == $requestedResource) { // check scope in identity if (!in_array($scope, explode(' ', $identity->getAuthenticationIdentity()['scope']))) { return $mvcAuthEvent->getMvcEvent()->getResponse()->setStatusCode(401); } } } }
public function onAuthenticationPost(MvcAuthEvent $e) { $this->services->setService('api-identity', $e->getIdentity()); }
public function testGetIdentity() { $this->mvcAuthEvent->setIdentity($i = new GuestIdentity()); $this->assertSame($i, $this->mvcAuthEvent->getIdentity()); }