Exemplo n.º 1
0
 /**
  * Matches a \TYPO3\FLOW3\Mvc\RequestInterface against the configured CSRF pattern rules and searches for invalid
  * csrf tokens.
  *
  * @param \TYPO3\FLOW3\Mvc\RequestInterface $request The request that should be matched
  * @return boolean TRUE if the pattern matched, FALSE otherwise
  * @throws \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException
  */
 public function matchRequest(\TYPO3\FLOW3\Mvc\RequestInterface $request)
 {
     if ($this->authenticationManager->isAuthenticated() === FALSE) {
         return FALSE;
     }
     $controllerClassName = $this->objectManager->getClassNameByObjectName($request->getControllerObjectName());
     $actionName = $request->getControllerActionName() . 'Action';
     if ($this->policyService->hasPolicyEntryForMethod($controllerClassName, $actionName) && !$this->reflectionService->isMethodTaggedWith($controllerClassName, $actionName, 'skipcsrfprotection')) {
         $internalArguments = $request->getInternalArguments();
         if (!isset($internalArguments['__csrfToken'])) {
             return TRUE;
         }
         $csrfToken = $internalArguments['__csrfToken'];
         if (!$this->securityContext->hasCsrfProtectionTokens()) {
             throw new \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException('No tokens in security context, possible session timeout', 1317309673);
         }
         if ($this->securityContext->isCsrfProtectionTokenValid($csrfToken) === FALSE) {
             return TRUE;
         }
     }
     return FALSE;
 }
Exemplo n.º 2
0
 /**
  * Finds and instantiates a controller that matches the current request.
  * If no controller can be found, an instance of NotFoundControllerInterface is returned.
  *
  * @param \TYPO3\FLOW3\Mvc\RequestInterface $request The request to dispatch
  * @return \TYPO3\FLOW3\Mvc\Controller\ControllerInterface
  * @throws \TYPO3\FLOW3\Mvc\Controller\Exception\InvalidControllerException
  */
 protected function resolveController(\TYPO3\FLOW3\Mvc\RequestInterface $request)
 {
     $exception = NULL;
     $controllerObjectName = $request->getControllerObjectName();
     if ($controllerObjectName === '') {
         $exception = new \TYPO3\FLOW3\Mvc\Controller\Exception\InvalidControllerException('No controller could be resolved which would match your request', 1303209195, NULL, $request);
     }
     if ($exception !== NULL) {
         $controller = $this->objectManager->get($this->settings['mvc']['notFoundController']);
         if (!$controller instanceof \TYPO3\FLOW3\Mvc\Controller\NotFoundControllerInterface) {
             throw new \TYPO3\FLOW3\Mvc\Controller\Exception\InvalidControllerException('The NotFoundController must implement "\\TYPO3\\FLOW3\\Mvc\\Controller\\NotFoundControllerInterface", ' . (is_object($controller) ? get_class($controller) : gettype($controller)) . ' given.', 1246714416, NULL, $request);
         }
         $controller->setException($exception);
     } else {
         $controller = $this->objectManager->get($controllerObjectName);
         if (!$controller instanceof \TYPO3\FLOW3\Mvc\Controller\ControllerInterface) {
             throw new \TYPO3\FLOW3\Mvc\Controller\Exception\InvalidControllerException('Invalid controller "' . $request->getControllerObjectName() . '". The controller must be a valid request handling controller, ' . (is_object($controller) ? get_class($controller) : gettype($controller)) . ' given.', 1202921619, NULL, $request);
         }
     }
     return $controller;
 }
Exemplo n.º 3
0
 /**
  * Matches a \TYPO3\FLOW3\Mvc\RequestInterface against its set controller object name pattern rules
  *
  * @param \TYPO3\FLOW3\Mvc\RequestInterface $request The request that should be matched
  * @return boolean TRUE if the pattern matched, FALSE otherwise
  */
 public function matchRequest(\TYPO3\FLOW3\Mvc\RequestInterface $request)
 {
     return (bool) preg_match('/^' . str_replace('\\', '\\\\', $this->controllerObjectNamePattern) . '$/', $request->getControllerObjectName());
 }