/**
* @return void
*/
public function setUp()
{
$this->viewHelperVariableContainer = $this->createMock(\TYPO3Fluid\Fluid\Core\ViewHelper\ViewHelperVariableContainer::class);
$this->viewHelperVariableContainer->expects($this->any())->method('exists')->will($this->returnCallback(array($this, 'viewHelperVariableContainerExistsCallback')));
$this->viewHelperVariableContainer->expects($this->any())->method('get')->will($this->returnCallback(array($this, 'viewHelperVariableContainerGetCallback')));
$this->templateVariableContainer = $this->createMock(TemplateVariableContainer::class);
$this->uriBuilder = $this->createMock(\Neos\Flow\Mvc\Routing\UriBuilder::class);
$this->uriBuilder->expects($this->any())->method('reset')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setArguments')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setSection')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setFormat')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setCreateAbsoluteUri')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setAddQueryString')->will($this->returnValue($this->uriBuilder));
$this->uriBuilder->expects($this->any())->method('setArgumentsToBeExcludedFromQueryString')->will($this->returnValue($this->uriBuilder));
// BACKPORTER TOKEN #1
$httpRequest = \Neos\Flow\Http\Request::create(new \Neos\Flow\Http\Uri('http://localhost/foo'));
$this->request = $this->getMockBuilder(\Neos\Flow\Mvc\ActionRequest::class)->setConstructorArgs(array($httpRequest))->getMock();
$this->request->expects($this->any())->method('isMainRequest')->will($this->returnValue(true));
$this->controllerContext = $this->getMockBuilder(\Neos\Flow\Mvc\Controller\ControllerContext::class)->disableOriginalConstructor()->getMock();
$this->controllerContext->expects($this->any())->method('getUriBuilder')->will($this->returnValue($this->uriBuilder));
$this->controllerContext->expects($this->any())->method('getRequest')->will($this->returnValue($this->request));
$this->tagBuilder = $this->createMock(TagBuilder::class);
$this->arguments = array();
$this->renderingContext = new \Neos\FluidAdaptor\Core\Rendering\RenderingContext(new StandaloneView(), []);
$this->renderingContext->setVariableProvider($this->templateVariableContainer);
$this->renderingContext->setViewHelperVariableContainer($this->viewHelperVariableContainer);
$this->renderingContext->setControllerContext($this->controllerContext);
}
/**
* @param Request $httpRequest
* @param array $matchResults
* @return ActionRequest
*/
protected function createActionRequest(Request $httpRequest, array $matchResults = null)
{
$actionRequest = new ActionRequest($httpRequest);
if ($matchResults !== null) {
$requestArguments = $actionRequest->getArguments();
$mergedArguments = Arrays::arrayMergeRecursiveOverrule($requestArguments, $matchResults);
$actionRequest->setArguments($mergedArguments);
}
return $actionRequest;
}
/**
* @test
*/
public function actionRequestStripsParentHttpRequest()
{
$httpRequest = Request::create(new Uri('http://neos.io'));
$actionRequest = new ActionRequest($httpRequest);
$actionRequest->setControllerActionName('foo');
$serializedActionRequest = serialize($actionRequest);
/* @var $unserializedActionRequest ActionRequest */
$unserializedActionRequest = unserialize($serializedActionRequest);
$this->assertNull($unserializedActionRequest->getParentRequest(), 'Parent HTTP request should be NULL after deserialization');
$this->assertSame('foo', $unserializedActionRequest->getControllerActionName());
}
/**
* Updates the password credential from the POST vars, if the POST parameters
* are available. Sets the authentication status to AUTHENTICATION_NEEDED, if credentials have been sent.
*
* Note: You need to send the password in this POST parameter:
* __authentication[TYPO3][Flow][Security][Authentication][Token][PasswordToken][password]
*
* @param ActionRequest $actionRequest The current action request
* @return void
*/
public function updateCredentials(ActionRequest $actionRequest)
{
if ($actionRequest->getHttpRequest()->getMethod() !== 'POST') {
return;
}
$postArguments = $actionRequest->getInternalArguments();
$password = ObjectAccess::getPropertyPath($postArguments, '__authentication.TYPO3.Flow.Security.Authentication.Token.PasswordToken.password');
if (!empty($password)) {
$this->credentials['password'] = $password;
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
}
}
/**
* Updates the username and password credentials from the HTTP authorization header.
* Sets the authentication status to AUTHENTICATION_NEEDED, if the header has been
* sent, to NO_CREDENTIALS_GIVEN if no authorization header was there.
*
* @param ActionRequest $actionRequest The current action request instance
* @return void
*/
public function updateCredentials(ActionRequest $actionRequest)
{
$authorizationHeader = $actionRequest->getHttpRequest()->getHeaders()->get('Authorization');
if (substr($authorizationHeader, 0, 5) === 'Basic') {
$credentials = base64_decode(substr($authorizationHeader, 6));
$this->credentials['username'] = substr($credentials, 0, strpos($credentials, ':'));
$this->credentials['password'] = substr($credentials, strpos($credentials, ':') + 1);
$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
} else {
$this->credentials = ['username' => null, 'password' => null];
$this->authenticationStatus = self::NO_CREDENTIALS_GIVEN;
}
}
/**
* Build the proper pluginRequest to render the PluginView
* of some configured Master Plugin
*
* @return ActionRequest
*/
protected function buildPluginRequest()
{
/** @var $parentRequest ActionRequest */
$parentRequest = $this->tsRuntime->getControllerContext()->getRequest();
$pluginRequest = new ActionRequest($parentRequest);
if (!$this->pluginViewNode instanceof NodeInterface) {
$pluginRequest->setArgumentNamespace('--' . $this->getPluginNamespace());
$this->passArgumentsToPluginRequest($pluginRequest);
$pluginRequest->setControllerPackageKey($this->getPackage());
$pluginRequest->setControllerSubpackageKey($this->getSubpackage());
$pluginRequest->setControllerName($this->getController());
$pluginRequest->setControllerActionName($this->getAction());
return $pluginRequest;
}
$pluginNodeIdentifier = $this->pluginViewNode->getProperty('plugin');
if (strlen($pluginNodeIdentifier) === 0) {
return $pluginRequest;
}
// Set the node to render this to the master plugin node
$this->node = $this->pluginViewNode->getContext()->getNodeByIdentifier($pluginNodeIdentifier);
if ($this->node === null) {
return $pluginRequest;
}
$pluginRequest->setArgument('__node', $this->node);
$pluginRequest->setArgumentNamespace('--' . $this->getPluginNamespace());
$this->passArgumentsToPluginRequest($pluginRequest);
if ($pluginRequest->getControllerObjectName() !== '') {
return $pluginRequest;
}
$controllerObjectPairs = array();
$pluginViewName = $this->pluginViewNode->getProperty('view');
foreach ($this->pluginService->getPluginViewDefinitionsByPluginNodeType($this->node->getNodeType()) as $pluginViewDefinition) {
/** @var PluginViewDefinition $pluginViewDefinition */
if ($pluginViewDefinition->getName() !== $pluginViewName) {
continue;
}
$controllerObjectPairs = $pluginViewDefinition->getControllerActionPairs();
break;
}
if ($controllerObjectPairs === array()) {
return $pluginRequest;
}
$defaultControllerObjectName = key($controllerObjectPairs);
$defaultActionName = current($controllerObjectPairs[$defaultControllerObjectName]);
$pluginRequest->setControllerObjectName($defaultControllerObjectName);
$pluginRequest->setControllerActionName($defaultActionName);
return $pluginRequest;
}
/**
* @test
*/
public function updateCredentialsIgnoresAnythingOtherThanPostRequests()
{
$arguments = [];
$arguments['__authentication']['TYPO3']['Flow']['Security']['Authentication']['Token']['PasswordToken']['password'] = '******';
$this->mockHttpRequest->expects($this->atLeastOnce())->method('getMethod')->will($this->returnValue('POST'));
$this->mockActionRequest->expects($this->atLeastOnce())->method('getInternalArguments')->will($this->returnValue($arguments));
$this->token->updateCredentials($this->mockActionRequest);
$this->assertEquals(['password' => 'verysecurepassword'], $this->token->getCredentials());
$secondToken = new PasswordToken();
$secondMockActionRequest = $this->getMockBuilder(ActionRequest::class)->disableOriginalConstructor()->getMock();
$secondMockHttpRequest = $this->getMockBuilder(Http\Request::class)->disableOriginalConstructor()->getMock();
$secondMockActionRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($secondMockHttpRequest));
$secondMockHttpRequest->expects($this->atLeastOnce())->method('getMethod')->will($this->returnValue('GET'));
$secondToken->updateCredentials($secondMockActionRequest);
$this->assertEquals(['password' => ''], $secondToken->getCredentials());
}
/**
* @param array $module
* @return mixed
* @throws DisabledModuleException
*/
public function indexAction(array $module)
{
$moduleRequest = new ActionRequest($this->request);
$moduleRequest->setArgumentNamespace('moduleArguments');
$moduleRequest->setControllerObjectName($module['controller']);
$moduleRequest->setControllerActionName($module['action']);
if (isset($module['format'])) {
$moduleRequest->setFormat($module['format']);
}
if ($this->request->hasArgument($moduleRequest->getArgumentNamespace()) === true && is_array($this->request->getArgument($moduleRequest->getArgumentNamespace()))) {
$moduleRequest->setArguments($this->request->getArgument($moduleRequest->getArgumentNamespace()));
}
foreach ($this->request->getPluginArguments() as $argumentNamespace => $argument) {
$moduleRequest->setArgument('--' . $argumentNamespace, $argument);
}
$modules = explode('/', $module['module']);
$moduleConfiguration = Arrays::getValueByPath($this->settings['modules'], implode('.submodules.', $modules));
$moduleConfiguration['path'] = $module['module'];
if (!$this->menuHelper->isModuleEnabled($moduleConfiguration['path'])) {
throw new DisabledModuleException(sprintf('The module "%s" is disabled. You can enable it with the "enabled" flag in Settings.yaml.', $module['module']), 1437148922);
}
$moduleBreadcrumb = array();
$path = array();
foreach ($modules as $moduleIdentifier) {
array_push($path, $moduleIdentifier);
$config = Arrays::getValueByPath($this->settings['modules'], implode('.submodules.', $path));
$moduleBreadcrumb[implode('/', $path)] = $config;
}
$moduleRequest->setArgument('__moduleConfiguration', $moduleConfiguration);
$moduleResponse = new Response($this->response);
$this->dispatcher->dispatch($moduleRequest, $moduleResponse);
if ($moduleResponse->hasHeader('Location')) {
$this->redirectToUri($moduleResponse->getHeader('Location'), 0, $moduleResponse->getStatusCode());
} elseif ($moduleRequest->getFormat() !== 'html') {
$mediaType = MediaTypes::getMediaTypeFromFilename('file.' . $moduleRequest->getFormat());
if ($mediaType !== 'application/octet-stream') {
$this->controllerContext->getResponse()->setHeader('Content-Type', $mediaType);
}
return $moduleResponse->getContent();
} else {
$user = $this->partyService->getAssignedPartyOfAccount($this->securityContext->getAccount());
$sites = $this->menuHelper->buildSiteList($this->controllerContext);
$this->view->assignMultiple(array('moduleClass' => implode('-', $modules), 'moduleContents' => $moduleResponse->getContent(), 'title' => $moduleRequest->hasArgument('title') ? $moduleRequest->getArgument('title') : $moduleConfiguration['label'], 'rootModule' => array_shift($modules), 'submodule' => array_shift($modules), 'moduleConfiguration' => $moduleConfiguration, 'moduleBreadcrumb' => $moduleBreadcrumb, 'user' => $user, 'modules' => $this->menuHelper->buildModuleList($this->controllerContext), 'sites' => $sites));
}
}
/**
* @test
*/
public function buildAddsActionNameFromRootRequestIfRequestIsOfTypeSubRequest()
{
$expectedArguments = ['@action' => 'RootRequestActionName'];
$this->mockMainRequest->expects($this->once())->method('getControllerActionName')->will($this->returnValue('RootRequestActionName'));
$this->mockMainRequest->expects($this->any())->method('getArguments')->will($this->returnValue([]));
$this->uriBuilder->setRequest($this->mockSubRequest);
$this->uriBuilder->build();
$this->assertEquals($expectedArguments, $this->uriBuilder->getLastArguments());
}
/**
* @test
*/
public function handleMergesInternalArgumentsWithRoutingMatchResults()
{
$this->mockHttpRequest->expects($this->any())->method('getArguments')->will($this->returnValue(['__internalArgument1' => 'request', '__internalArgument2' => 'request', '__internalArgument3' => 'request']));
$this->mockHttpRequest->expects(self::any())->method('getContent')->willReturn('requestBody');
$this->mockPropertyMapper->expects($this->any())->method('convert')->will($this->returnValue(['__internalArgument2' => 'requestBody', '__internalArgument3' => 'requestBody']));
$this->mockComponentContext->expects($this->atLeastOnce())->method('getParameter')->with(RoutingComponent::class, 'matchResults')->will($this->returnValue(['__internalArgument3' => 'routing']));
$this->mockActionRequest->expects($this->once())->method('setArguments')->with(['__internalArgument1' => 'request', '__internalArgument2' => 'requestBody', '__internalArgument3' => 'routing']);
$this->dispatchComponent->handle($this->mockComponentContext);
}
/**
* @test
*/
public function tokenCanBeCastToString()
{
$arguments = [];
$arguments['__authentication']['TYPO3']['Flow']['Security']['Authentication']['Token']['UsernamePassword']['username'] = '******';
$arguments['__authentication']['TYPO3']['Flow']['Security']['Authentication']['Token']['UsernamePassword']['password'] = '******';
$this->mockHttpRequest->expects($this->atLeastOnce())->method('getMethod')->will($this->returnValue('POST'));
$this->mockActionRequest->expects($this->atLeastOnce())->method('getInternalArguments')->will($this->returnValue($arguments));
$this->token->updateCredentials($this->mockActionRequest);
$this->assertEquals('Username: "******"', (string) $this->token);
}
/**
* Maps arguments delivered by the request object to the local controller arguments.
*
* @return void
* @throws RequiredArgumentMissingException
* @api
*/
protected function mapRequestArgumentsToControllerArguments()
{
foreach ($this->arguments as $argument) {
$argumentName = $argument->getName();
if ($this->request->hasArgument($argumentName)) {
$argument->setValue($this->request->getArgument($argumentName));
} elseif ($argument->isRequired()) {
throw new RequiredArgumentMissingException('Required argument "' . $argumentName . '" is not set.', 1298012500);
}
}
}
/**
* Redirects the web request to another uri.
*
* NOTE: This method only supports web requests and will throw an exception
* if used with other request types.
*
* @param mixed $uri Either a string representation of a URI or a \Neos\Flow\Http\Uri object
* @param integer $delay (optional) The delay in seconds. Default is no delay.
* @param integer $statusCode (optional) The HTTP status code for the redirect. Default is "303 See Other"
* @return void
* @throws StopActionException
* @api
*/
protected function redirectToUri($uri, $delay = 0, $statusCode = 303)
{
// the parent method throws the exception, but we need to act afterwards
// thus the code in catch - it's the expected state
try {
parent::redirectToUri($uri, $delay, $statusCode);
} catch (StopActionException $exception) {
if ($this->request->getFormat() === 'json') {
$this->response->setContent('');
}
throw $exception;
}
}
/**
* @test
*/
public function matchRequestReturnsFalseIfAuthorizationChecksAreDisabled()
{
$httpRequest = Request::create(new Uri('http://localhost'), 'POST');
$this->mockActionRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($httpRequest));
$mockAuthenticationManager = $this->getMockBuilder(AuthenticationManagerInterface::class)->disableOriginalConstructor()->getMock();
$mockAuthenticationManager->expects($this->any())->method('isAuthenticated')->will($this->returnValue(true));
$mockSecurityContext = $this->createMock(Security\Context::class);
$mockSecurityContext->expects($this->atLeastOnce())->method('areAuthorizationChecksDisabled')->will($this->returnValue(true));
$mockCsrfProtectionPattern = $this->getAccessibleMock(Security\RequestPattern\CsrfProtection::class, ['dummy']);
$mockCsrfProtectionPattern->_set('authenticationManager', $mockAuthenticationManager);
$mockCsrfProtectionPattern->_set('systemLogger', $this->mockSystemLogger);
$mockCsrfProtectionPattern->_set('securityContext', $mockSecurityContext);
$this->assertFalse($mockCsrfProtectionPattern->matchRequest($this->mockActionRequest));
}
/**
* @test
*/
public function evaluateIgnoresPackagePropertyIfAResourcePathIsGiven()
{
$this->mockTsRuntime->expects($this->any())->method('evaluate')->will($this->returnCallback(function ($evaluatePath, $that) {
$relativePath = str_replace('resourceUri/test/', '', $evaluatePath);
switch ($relativePath) {
case 'path':
return 'resource://Some.Package/Public/SomeResource';
case 'package':
return 'Specified.Package';
}
return null;
}));
$this->mockActionRequest->expects($this->any())->method('getControllerPackageKey')->will($this->returnValue('Current.Package'));
$this->mockResourceManager->expects($this->atLeastOnce())->method('getPublicPackageResourceUri')->will($this->returnValue('Static/Resources/Packages/Some.Package/SomeResource'));
$this->assertSame('Static/Resources/Packages/Some.Package/SomeResource', $this->resourceUriImplementation->evaluate());
}
/**
* @test
* @expectedException \Neos\Flow\Mvc\Exception\RequiredArgumentMissingException
*/
public function mapRequestArgumentsToControllerArgumentsThrowsExceptionIfRequiredArgumentWasNotSet()
{
$mockPropertyMapper = $this->getMockBuilder(PropertyMapper::class)->disableOriginalConstructor()->setMethods(['convert'])->getMock();
$mockPropertyMapper->expects($this->atLeastOnce())->method('convert')->will($this->returnArgument(0));
$controllerArguments = new Arguments();
$controllerArguments->addNewArgument('foo', 'string', true);
$controllerArguments->addNewArgument('baz', 'string', true);
foreach ($controllerArguments as $controllerArgument) {
$this->inject($controllerArgument, 'propertyMapper', $mockPropertyMapper);
}
$controller = $this->getAccessibleMock(AbstractController::class, ['processRequest']);
$controller->_call('initializeController', $this->mockActionRequest, $this->mockHttpResponse);
$controller->_set('arguments', $controllerArguments);
$this->mockActionRequest->expects($this->at(0))->method('hasArgument')->with('foo')->will($this->returnValue(true));
$this->mockActionRequest->expects($this->at(1))->method('getArgument')->with('foo')->will($this->returnValue('bar'));
$this->mockActionRequest->expects($this->at(2))->method('hasArgument')->with('baz')->will($this->returnValue(false));
$controller->_call('mapRequestArgumentsToControllerArguments');
}
/**
* @test
*/
public function processRequestInjectsSettingsToView()
{
$this->actionController = $this->getAccessibleMock(ActionController::class, ['resolveActionMethodName', 'initializeActionMethodArguments', 'initializeActionMethodValidators', 'resolveView', 'callActionMethod']);
$this->inject($this->actionController, 'objectManager', $this->mockObjectManager);
$this->inject($this->actionController, 'controllerContext', $this->mockControllerContext);
$mockSettings = ['foo', 'bar'];
$this->inject($this->actionController, 'settings', $mockSettings);
$mockMvcPropertyMappingConfigurationService = $this->createMock(Mvc\Controller\MvcPropertyMappingConfigurationService::class);
$this->inject($this->actionController, 'mvcPropertyMappingConfigurationService', $mockMvcPropertyMappingConfigurationService);
$mockHttpRequest = $this->getMockBuilder(Http\Request::class)->disableOriginalConstructor()->getMock();
$mockHttpRequest->expects($this->any())->method('getNegotiatedMediaType')->will($this->returnValue('*/*'));
$this->mockRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($mockHttpRequest));
$mockResponse = $this->createMock(Http\Response::class);
$mockView = $this->createMock(Mvc\View\ViewInterface::class);
$mockView->expects($this->once())->method('assign')->with('settings', $mockSettings);
$this->actionController->expects($this->once())->method('resolveView')->will($this->returnValue($mockView));
$this->actionController->processRequest($this->mockRequest, $mockResponse);
}
/**
* @param \Neos\Form\Core\Model\Page $page
* @return \Neos\Error\Messages\Result
* @internal
*/
protected function mapAndValidatePage(\Neos\Form\Core\Model\Page $page)
{
$result = new \Neos\Error\Messages\Result();
$requestArguments = $this->request->getArguments();
$propertyPathsForWhichPropertyMappingShouldHappen = array();
$registerPropertyPaths = function ($propertyPath) use(&$propertyPathsForWhichPropertyMappingShouldHappen) {
$propertyPathParts = explode('.', $propertyPath);
$accumulatedPropertyPathParts = array();
foreach ($propertyPathParts as $propertyPathPart) {
$accumulatedPropertyPathParts[] = $propertyPathPart;
$temporaryPropertyPath = implode('.', $accumulatedPropertyPathParts);
$propertyPathsForWhichPropertyMappingShouldHappen[$temporaryPropertyPath] = $temporaryPropertyPath;
}
};
foreach ($page->getElementsRecursively() as $element) {
$value = \Neos\Utility\Arrays::getValueByPath($requestArguments, $element->getIdentifier());
$element->onSubmit($this, $value);
$this->formState->setFormValue($element->getIdentifier(), $value);
$registerPropertyPaths($element->getIdentifier());
}
// The more parts the path has, the more early it is processed
usort($propertyPathsForWhichPropertyMappingShouldHappen, function ($a, $b) {
return substr_count($b, '.') - substr_count($a, '.');
});
$processingRules = $this->formDefinition->getProcessingRules();
foreach ($propertyPathsForWhichPropertyMappingShouldHappen as $propertyPath) {
if (isset($processingRules[$propertyPath])) {
$processingRule = $processingRules[$propertyPath];
$value = $this->formState->getFormValue($propertyPath);
try {
$value = $processingRule->process($value);
} catch (\Neos\Flow\Property\Exception $exception) {
throw new \Neos\Form\Exception\PropertyMappingException('Failed to process FormValue at "' . $propertyPath . '" from "' . gettype($value) . '" to "' . $processingRule->getDataType() . '"', 1355218921, $exception);
}
$result->forProperty($propertyPath)->merge($processingRule->getProcessingMessages());
$this->formState->setFormValue($propertyPath, $value);
}
}
return $result;
}
public function setUp()
{
$this->viewConfigurationManager = new ViewConfigurationManager();
// eel evaluator
$eelEvaluator = new CompilingEvaluator();
$this->inject($this->viewConfigurationManager, 'eelEvaluator', $eelEvaluator);
// a dummy configuration manager is prepared
$this->mockConfigurationManager = $this->getMockBuilder(ConfigurationManager::class)->disableOriginalConstructor()->getMock();
$this->inject($this->viewConfigurationManager, 'configurationManager', $this->mockConfigurationManager);
// caching is deactivated
$this->mockCache = $this->getMockBuilder(VariableFrontend::class)->disableOriginalConstructor()->getMock();
$this->mockCache->expects($this->any())->method('get')->will($this->returnValue(false));
$this->inject($this->viewConfigurationManager, 'cache', $this->mockCache);
// a dummy request is prepared
$this->mockActionRequest = $this->getMockBuilder(ActionRequest::class)->disableOriginalConstructor()->getMock();
$this->mockActionRequest->expects($this->any())->method('getControllerPackageKey')->will($this->returnValue('Neos.Flow'));
$this->mockActionRequest->expects($this->any())->method('getControllerSubpackageKey')->will($this->returnValue(''));
$this->mockActionRequest->expects($this->any())->method('getControllerName')->will($this->returnValue('Standard'));
$this->mockActionRequest->expects($this->any())->method('getControllerActionName')->will($this->returnValue('index'));
$this->mockActionRequest->expects($this->any())->method('getFormat')->will($this->returnValue('html'));
$this->mockActionRequest->expects($this->any())->method('getParentRequest')->will($this->returnValue(null));
}
/**
* Initialize the property mapping configuration in $controllerArguments if
* the trusted properties are set inside the request.
*
* @param ActionRequest $request
* @param Arguments $controllerArguments
* @return void
*/
public function initializePropertyMappingConfigurationFromRequest(ActionRequest $request, Arguments $controllerArguments)
{
$trustedPropertiesToken = $request->getInternalArgument('__trustedProperties');
if (!is_string($trustedPropertiesToken)) {
return;
}
$serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken);
$trustedProperties = unserialize($serializedTrustedProperties);
foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
if (!$controllerArguments->hasArgument($propertyName)) {
continue;
}
$propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration();
$this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
}
}
/**
* @test
*/
public function pluginArgumentsOfActionRequestOverruleThoseOfTheHttpRequest()
{
$this->actionRequest->setArguments(['--pluginArgument' => 'action request']);
$expectedResult = ['pluginArgument' => 'action request'];
$this->assertSame($expectedResult, $this->actionRequest->getPluginArguments());
}
/**
* Get a new RequestMatcher for the Request's MainRequest
*
* @return RequestMatcher
* @api
*/
public function getMainRequest()
{
$this->addWeight(100000);
return new RequestMatcher($this->request->getMainRequest(), $this);
}
/**
* Set the default controller and action names if none has been specified.
*
* @param ActionRequest $actionRequest
* @return void
*/
protected function setDefaultControllerAndActionNameIfNoneSpecified(ActionRequest $actionRequest)
{
if ($actionRequest->getControllerName() === null) {
$actionRequest->setControllerName('Standard');
}
if ($actionRequest->getControllerActionName() === null) {
$actionRequest->setControllerActionName('index');
}
}
/**
* Get the path of the argument namespaces of all parent requests.
* Example: mainrequest.subrequest.subsubrequest
*
* @param ActionRequest $request
* @return string
*/
protected function getRequestNamespacePath($request)
{
if (!$request instanceof Request) {
$parentPath = $this->getRequestNamespacePath($request->getParentRequest());
return $parentPath . ($parentPath !== '' && $request->getArgumentNamespace() !== '' ? '.' : '') . $request->getArgumentNamespace();
}
return '';
}
/**
* @test
* @expectedException \Neos\Flow\Security\Exception\AccessDeniedException
*/
public function dispatchRethrowsAccessDeniedException()
{
$this->mockActionRequest->expects($this->any())->method('isDispatched')->will($this->returnValue(true));
$this->mockFirewall->expects($this->once())->method('blockIllegalRequests')->will($this->throwException(new AccessDeniedException()));
$this->dispatcher->dispatch($this->mockActionRequest, $this->mockHttpResponse);
}
/**
* Pass the arguments of the widget to the sub request.
*
* @param ActionRequest $subRequest
* @return void
*/
private function passArgumentsToSubRequest(ActionRequest $subRequest)
{
$arguments = $this->controllerContext->getRequest()->getPluginArguments();
$widgetIdentifier = $this->widgetContext->getWidgetIdentifier();
$controllerActionName = 'index';
if (isset($arguments[$widgetIdentifier])) {
if (isset($arguments[$widgetIdentifier]['@action'])) {
$controllerActionName = $arguments[$widgetIdentifier]['@action'];
unset($arguments[$widgetIdentifier]['@action']);
}
$subRequest->setArguments($arguments[$widgetIdentifier]);
}
if ($subRequest->getControllerActionName() === null) {
$subRequest->setControllerActionName($controllerActionName);
}
}
/**
* Prepares a Fluid view for rendering the custom error page.
*
* @param object $exception \Exception or \Throwable
* @param array $renderingOptions Rendering options as defined in the settings
* @return ViewInterface
*/
protected function buildView($exception, array $renderingOptions)
{
$statusCode = 500;
$referenceCode = null;
if ($exception instanceof FlowException) {
$statusCode = $exception->getStatusCode();
$referenceCode = $exception->getReferenceCode();
}
$statusMessage = Response::getStatusMessageByCode($statusCode);
$viewClassName = $renderingOptions['viewClassName'];
/** @var ViewInterface $view */
$view = $viewClassName::createWithOptions($renderingOptions['viewOptions']);
$view = $this->applyLegacyViewOptions($view, $renderingOptions);
$httpRequest = Request::createFromEnvironment();
$request = new ActionRequest($httpRequest);
$request->setControllerPackageKey('Neos.Flow');
$uriBuilder = new UriBuilder();
$uriBuilder->setRequest($request);
$view->setControllerContext(new ControllerContext($request, new Response(), new Arguments([]), $uriBuilder));
if (isset($renderingOptions['variables'])) {
$view->assignMultiple($renderingOptions['variables']);
}
$view->assignMultiple(['exception' => $exception, 'renderingOptions' => $renderingOptions, 'statusCode' => $statusCode, 'statusMessage' => $statusMessage, 'referenceCode' => $referenceCode]);
return $view;
}
/**
* Pass the arguments which were addressed to the plugin to its own request
*
* @param ActionRequest $pluginRequest The plugin request
* @return void
*/
protected function passArgumentsToPluginRequest(ActionRequest $pluginRequest)
{
$arguments = $pluginRequest->getMainRequest()->getPluginArguments();
$pluginNamespace = $this->getPluginNamespace();
if (isset($arguments[$pluginNamespace])) {
$pluginRequest->setArguments($arguments[$pluginNamespace]);
}
}
/**
* Tests the wrong interceptor behavior described in ticket FLOW-430
* Basically the rendering should be consistent regardless of cache flushes,
* but due to the way the interceptor configuration was build the second second
* rendering was bound to fail, this should never happen.
*
* @test
*/
public function interceptorsWorkInPartialRenderedInStandaloneSection()
{
$httpRequest = Request::create(new Uri('http://localhost'));
$actionRequest = new ActionRequest($httpRequest);
$actionRequest->setFormat('html');
$standaloneView = new StandaloneView($actionRequest, $this->standaloneViewNonce);
$standaloneView->assign('hack', '<h1>HACK</h1>');
$standaloneView->setTemplatePathAndFilename(__DIR__ . '/Fixtures/NestedRenderingConfiguration/TemplateWithSection.txt');
$expected = 'Christian uses <h1>HACK</h1>';
$actual = trim($standaloneView->renderSection('test'));
$this->assertSame($expected, $actual, 'First rendering was not escaped.');
$partialCacheIdentifier = $standaloneView->getTemplatePaths()->getPartialIdentifier('Test');
$templateCache = $this->objectManager->get(CacheManager::class)->getCache('Fluid_TemplateCache');
$templateCache->remove($partialCacheIdentifier);
$standaloneView = new StandaloneView($actionRequest, $this->standaloneViewNonce);
$standaloneView->assign('hack', '<h1>HACK</h1>');
$standaloneView->setTemplatePathAndFilename(__DIR__ . '/Fixtures/NestedRenderingConfiguration/TemplateWithSection.txt');
$expected = 'Christian uses <h1>HACK</h1>';
$actual = trim($standaloneView->renderSection('test'));
$this->assertSame($expected, $actual, 'Second rendering was not escaped.');
}
/**
* Returns an ActionRequest which referred to this request, if any.
*
* The referring request is not set or determined automatically but must be
* explicitly set through the corresponding internal argument "__referrer".
* This mechanism is used by Flow's form and validation mechanisms.
*
* @return ActionRequest the referring request, or NULL if no referrer found
*/
public function getReferringRequest()
{
if ($this->referringRequest !== null) {
return $this->referringRequest;
}
if (!isset($this->internalArguments['__referrer'])) {
return null;
}
if (is_array($this->internalArguments['__referrer'])) {
$referrerArray = $this->internalArguments['__referrer'];
$referringRequest = new ActionRequest($this->getHttpRequest());
$arguments = [];
if (isset($referrerArray['arguments'])) {
$serializedArgumentsWithHmac = $referrerArray['arguments'];
$serializedArguments = $this->hashService->validateAndStripHmac($serializedArgumentsWithHmac);
$arguments = unserialize(base64_decode($serializedArguments));
unset($referrerArray['arguments']);
}
$referringRequest->setArguments(Arrays::arrayMergeRecursiveOverrule($arguments, $referrerArray));
return $referringRequest;
} else {
$this->referringRequest = $this->internalArguments['__referrer'];
}
return $this->referringRequest;
}
