/**
* {@inheritdoc}
*/
public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response)
{
if (!$token instanceof HttpDigestToken) {
throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this)));
}
$params = ['realm' => $this->auth->getRealm(), 'qop' => $this->auth->getQualityOfProtection(), 'opaque' => $this->auth->getOpaque(), 'nonce' => $this->auth->createNonce($this->securityContext)];
if ($token->isStale()) {
$params['stale'] = true;
}
$authString = 'Digest ';
$i = 0;
foreach ($params as $name => $value) {
if ($i++ > 0) {
$authString .= ',';
}
if (is_bool($value)) {
$authString .= sprintf('%s=%s', $name, $value ? 'true' : 'false');
} elseif (is_numeric($value)) {
$authString .= sprintf('%s=%s', $name, $value);
} else {
$authString .= sprintf('%s="%s"', $name, str_replace('"', '\\"', trim($value)));
}
}
$response->setStatus(Http::CODE_UNAUTHORIZED);
$response->setReason(Http::getReason(Http::CODE_UNAUTHORIZED));
$response->addHeader('WWW-Authenticate', $authString);
}
/**
* {@inheritdoc}
*/
public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response)
{
if (!$token instanceof HttpBasicToken) {
throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this)));
}
$response->setStatus(Http::CODE_UNAUTHORIZED);
$response->setReason(Http::getReason(Http::CODE_UNAUTHORIZED));
$response->addHeader('WWW-Authenticate', sprintf('Basic realm="%s"', $this->auth->getRealm()));
}
public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response)
{
if (!$token instanceof NtlmAuthToken) {
throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this)));
}
$response->setStatus(Http::CODE_UNAUTHORIZED);
$response->setReason(Http::getReason(Http::CODE_UNAUTHORIZED));
if ($token->isMessage1()) {
$message = $token->getChallengeMessage($this->provider->createChallenge($this->context));
$response->addHeader('WWW-Authenticate', sprintf('NTLM %s', base64_encode($message)));
} else {
$response->addHeader('WWW-Authenticate', 'NTLM');
}
}
public function process(DispatchRequest $dispatch)
{
if (!$dispatch->isMaster()) {
return $dispatch->proceed();
}
$request = $dispatch->getHttpRequest();
$path = $request->getPathInfo();
$m = NULL;
if (!preg_match("'^_res/+(.+)\$'i", $path, $m)) {
return $dispatch->proceed();
}
$path = $m[1];
if ('app/' === substr($path, 0, 4)) {
$resource = 'k2://app/' . substr($path, 4);
} else {
$parts = explode('/', $path, 2);
if (count($parts) !== 2) {
return new HttpResponse(Http::CODE_NOT_FOUND);
}
$resource = 'k2://' . $parts[0] . '/' . $parts[1];
}
if (!is_file($resource)) {
return new HttpResponse(Http::CODE_NOT_FOUND);
}
if (!$this->publisher->isPublic($resource)) {
return new HttpResponse(Http::CODE_FORBIDDEN);
}
$response = new HttpResponse();
// Conditional caching:
$etag = sprintf('"%x-%x"', filemtime($resource), filesize($resource));
$response->setHeader('Access-Control-Allow-Origin', '*');
$response->setHeader('Cache-Control', 'public, max-age=7200');
$response->setHeader('ETag', $etag);
$response->setHeader(new ExpiresHeader(new \DateTimeImmutable('@' . (time() + 7200))));
if ($etag === $request->getHeader('If-None-Match', '')) {
$response->setStatus(Http::CODE_NOT_MODIFIED);
return $response;
}
$mediaType = new MediaType(Filesystem::guessMimeTypeFromFilename($resource));
$response->setHeader('X-Content-Type-Options', 'nosniff');
if ($mediaType->isType('text')) {
$response->setHeader('Content-Type', $mediaType . '; charset="utf-8"');
} else {
$response->setHeader('Content-Type', (string) $mediaType);
}
$response->setEntity(new FileEntity(new \SplFileInfo($resource)));
return $response;
}
/**
* {@inheritdoc}
*/
public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response)
{
if (!$token instanceof FormAuthToken) {
throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this)));
}
$loginUri = new Uri($this->auth->getLoginUri());
$path = trim($request->getUri()->getPath(false), '/');
$loginPath = trim($loginUri->getPath(false), '/');
$session = $this->securityContext->getSession();
$data = (array) $session->get($this->auth->getKey(), NULL);
// Save the current URI when it is not the login URI.
if ($path !== $loginPath && !array_key_exists(FormAuthenticationProvider::SESSION_URI, $data)) {
$data[FormAuthenticationProvider::SESSION_URI] = (string) $request->getUri();
}
$session->set($this->auth->getKey(), $data);
$response->setStatus(Http::REDIRECT_TEMPORARY);
$response->setReason(Http::getReason(Http::REDIRECT_TEMPORARY));
$response->setHeader('Location', $loginUri);
}
/**
* Evaluate preconditions found in this request based on the given values and create an appropriate
* HTTP response if an HTTP/1.1 304 Not Modified response should be sent.
*
* You can pass an ETag, a modification time or bot of these to the method, every precondition
* that is not NULL will be checked.
*
* @param EntityTag $etag The ETag of the requested resource.
* @param \DateTimeInterface $lastModified Date of the last modification of the requested resource.
* @return HttpResponse An HTTP 304 response or NULL if the client cache is invalid.
*/
public function evaluatePreconditions(EntityTag $etag = NULL, \DateTimeInterface $lastModified = NULL)
{
$response = new HttpResponse();
if ($etag !== NULL) {
if ($this->hasHeader('If-None-Match')) {
$valid = $this->firstHeader(function (IfNoneMatchHeader $match) use($etag) {
return $match->isWildcard() || $match->getEntityTag() == $etag;
});
if ($valid) {
$response->setStatus(Http::CODE_NOT_MODIFIED);
$response->setReason(Http::getReason(Http::CODE_NOT_MODIFIED));
$response->setHeader(new ETagHeader($etag));
}
}
}
if ($lastModified !== NULL) {
$unmodified = false;
if ($this->hasHeader('If-Modified-Since')) {
$unmodified = $this->firstHeader(function (IfModifiedSinceHeader $since) use($lastModified) {
return $since->getDate() >= $lastModified;
});
}
if ($unmodified) {
$response->setStatus(Http::CODE_NOT_MODIFIED);
$response->setReason(Http::getReason(Http::CODE_NOT_MODIFIED));
$response->setHeader(new LastModifiedHeader($lastModified));
}
}
return $response->isRedirect() ? $response : NULL;
}
