/**
* Matches a \TYPO3\FLOW3\Mvc\RequestInterface against the configured CSRF pattern rules and searches for invalid
* csrf tokens.
*
* @param \TYPO3\FLOW3\Mvc\RequestInterface $request The request that should be matched
* @return boolean TRUE if the pattern matched, FALSE otherwise
* @throws \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException
*/
public function matchRequest(\TYPO3\FLOW3\Mvc\RequestInterface $request)
{
if ($this->authenticationManager->isAuthenticated() === FALSE) {
return FALSE;
}
$controllerClassName = $this->objectManager->getClassNameByObjectName($request->getControllerObjectName());
$actionName = $request->getControllerActionName() . 'Action';
if ($this->policyService->hasPolicyEntryForMethod($controllerClassName, $actionName) && !$this->reflectionService->isMethodTaggedWith($controllerClassName, $actionName, 'skipcsrfprotection')) {
$internalArguments = $request->getInternalArguments();
if (!isset($internalArguments['__csrfToken'])) {
return TRUE;
}
$csrfToken = $internalArguments['__csrfToken'];
if (!$this->securityContext->hasCsrfProtectionTokens()) {
throw new \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException('No tokens in security context, possible session timeout', 1317309673);
}
if ($this->securityContext->isCsrfProtectionTokenValid($csrfToken) === FALSE) {
return TRUE;
}
}
return FALSE;
}
/**
* Finds and instantiates a controller that matches the current request.
* If no controller can be found, an instance of NotFoundControllerInterface is returned.
*
* @param \TYPO3\FLOW3\Mvc\RequestInterface $request The request to dispatch
* @return \TYPO3\FLOW3\Mvc\Controller\ControllerInterface
* @throws \TYPO3\FLOW3\Mvc\Controller\Exception\InvalidControllerException
*/
protected function resolveController(\TYPO3\FLOW3\Mvc\RequestInterface $request)
{
$exception = NULL;
$controllerObjectName = $request->getControllerObjectName();
if ($controllerObjectName === '') {
$exception = new \TYPO3\FLOW3\Mvc\Controller\Exception\InvalidControllerException('No controller could be resolved which would match your request', 1303209195, NULL, $request);
}
if ($exception !== NULL) {
$controller = $this->objectManager->get($this->settings['mvc']['notFoundController']);
if (!$controller instanceof \TYPO3\FLOW3\Mvc\Controller\NotFoundControllerInterface) {
throw new \TYPO3\FLOW3\Mvc\Controller\Exception\InvalidControllerException('The NotFoundController must implement "\\TYPO3\\FLOW3\\Mvc\\Controller\\NotFoundControllerInterface", ' . (is_object($controller) ? get_class($controller) : gettype($controller)) . ' given.', 1246714416, NULL, $request);
}
$controller->setException($exception);
} else {
$controller = $this->objectManager->get($controllerObjectName);
if (!$controller instanceof \TYPO3\FLOW3\Mvc\Controller\ControllerInterface) {
throw new \TYPO3\FLOW3\Mvc\Controller\Exception\InvalidControllerException('Invalid controller "' . $request->getControllerObjectName() . '". The controller must be a valid request handling controller, ' . (is_object($controller) ? get_class($controller) : gettype($controller)) . ' given.', 1202921619, NULL, $request);
}
}
return $controller;
}
/**
* Matches a \TYPO3\FLOW3\Mvc\RequestInterface against its set controller object name pattern rules
*
* @param \TYPO3\FLOW3\Mvc\RequestInterface $request The request that should be matched
* @return boolean TRUE if the pattern matched, FALSE otherwise
*/
public function matchRequest(\TYPO3\FLOW3\Mvc\RequestInterface $request)
{
return (bool) preg_match('/^' . str_replace('\\', '\\\\', $this->controllerObjectNamePattern) . '$/', $request->getControllerObjectName());
}