/**
* Before advice for all methods annotated with "@Flow\Session(autoStart=true)".
* Those methods will trigger a session initialization if a session does not exist
* yet.
*
* @param \TYPO3\Flow\Aop\JoinPointInterface $joinPoint The current join point
* @return void
* @fixme The pointcut expression below does not consider the options of the session annotation – needs adjustments in the AOP framework
* @Flow\Before("methodAnnotatedWith(TYPO3\Flow\Annotations\Session)")
*/
public function initializeSession(\TYPO3\Flow\Aop\JoinPointInterface $joinPoint)
{
if ($this->session->isStarted() === TRUE) {
return;
}
$objectName = $this->objectManager->getObjectNameByClassName(get_class($joinPoint->getProxy()));
$methodName = $joinPoint->getMethodName();
$this->systemLogger->log(sprintf('Session initialization triggered by %s->%s.', $objectName, $methodName), LOG_DEBUG);
$this->session->start();
}
/**
* @param \Peytz\Vote\Domain\Model\Vote $newVote
* @return void
*/
public function registerAction(Vote $newVote)
{
if (!$this->session->isStarted()) {
$this->session->start();
}
/** @var \Peytz\Vote\Domain\Model\Vote $vote */
if ($vote = $this->voteRepository->findOneBySession($this->session->getId())) {
$vote->setDate(new \DateTime());
$vote->setValue($newVote->getValue());
$this->voteRepository->update($vote);
} else {
$newVote->setDate(new \DateTime());
$newVote->setSession($this->session->getId());
$this->voteRepository->add($newVote);
}
$this->session->putData('hasVoted', true);
$this->addFlashMessage('Vote registered.');
$this->redirect('index');
}
/**
* Tries to authenticate the tokens in the security context (in the given order)
* with the available authentication providers, if needed.
* If the authentication strategy is set to "allTokens", all tokens have to be authenticated.
* If the strategy is set to "oneToken", only one token needs to be authenticated, but the
* authentication will stop after the first authenticated token. The strategy
* "atLeastOne" will try to authenticate at least one and as many tokens as possible.
*
* @return void
* @throws \TYPO3\Flow\Security\Exception
* @throws \TYPO3\Flow\Security\Exception\AuthenticationRequiredException
*/
public function authenticate()
{
$this->isAuthenticated = false;
$anyTokenAuthenticated = false;
if ($this->securityContext === null) {
throw new Exception('Cannot authenticate because no security context has been set.', 1232978667);
}
$tokens = $this->securityContext->getAuthenticationTokens();
if (count($tokens) === 0) {
throw new NoTokensAuthenticatedException('The security context contained no tokens which could be authenticated.', 1258721059);
}
/** @var $token TokenInterface */
foreach ($tokens as $token) {
/** @var $provider AuthenticationProviderInterface */
foreach ($this->providers as $provider) {
if ($provider->canAuthenticate($token) && $token->getAuthenticationStatus() === TokenInterface::AUTHENTICATION_NEEDED) {
$provider->authenticate($token);
if ($token->isAuthenticated()) {
$this->emitAuthenticatedToken($token);
}
break;
}
}
if ($token->isAuthenticated()) {
if (!$token instanceof SessionlessTokenInterface) {
if (!$this->session->isStarted()) {
$this->session->start();
}
$account = $token->getAccount();
if ($account !== null) {
$this->securityContext->withoutAuthorizationChecks(function () use($account) {
$this->session->addTag('TYPO3-Flow-Security-Account-' . md5($account->getAccountIdentifier()));
});
}
}
if ($this->securityContext->getAuthenticationStrategy() === Context::AUTHENTICATE_ONE_TOKEN) {
$this->isAuthenticated = true;
$this->securityContext->refreshRoles();
return;
}
$anyTokenAuthenticated = true;
} else {
if ($this->securityContext->getAuthenticationStrategy() === Context::AUTHENTICATE_ALL_TOKENS) {
throw new AuthenticationRequiredException('Could not authenticate all tokens, but authenticationStrategy was set to "all".', 1222203912);
}
}
}
if (!$anyTokenAuthenticated && $this->securityContext->getAuthenticationStrategy() !== Context::AUTHENTICATE_ANY_TOKEN) {
throw new NoTokensAuthenticatedException('Could not authenticate any token. Might be missing or wrong credentials or no authentication provider matched.', 1222204027);
}
$this->isAuthenticated = $anyTokenAuthenticated;
$this->securityContext->refreshRoles();
}
/**
* Validate the Captcha in the current request by asking the recaptcha server.
* For this to work, the form of the current request has to contain the <x:recaptcha /> template
* function.
* @param string $challenge The challenge that was given by recaptcha
* @param string $response The response the user put in
* @param boolean $remember Optional. If true, the correctly solved captcha is remembered and the
* user does not have to fill it out again. Remember to use invalidate() in this case!
* @return mixed Boolean true on success, the localized error string on failure (check with ===).
*/
public function validate($challenge, $response, $remember = false)
{
if (!$this->session->isStarted()) {
$this->session->start();
}
if ($remember && $this->isRemembered()) {
return true;
}
if (empty($response)) {
return "Please type in the confirmation code!";
}
// Check via recaptcha lib
require_once "resource://TYPO3.Recaptcha/PHP/recaptchalib.php";
$remoteAddress = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : NULL;
$resp = Ext\recaptcha_check_answer($this->settings["security"]["privateKey"], $remoteAddress, $challenge, $response);
if (!$resp->is_valid) {
return $this->decodeError($resp->error);
}
// remember if we want to remember
if ($remember) {
$this->session->putData("recaptcha_timestamp", time());
}
return true;
}
/**
* Tries to authenticate the tokens in the security context (in the given order)
* with the available authentication providers, if needed.
* If the authentication strategy is set to "allTokens", all tokens have to be authenticated.
* If the strategy is set to "oneToken", only one token needs to be authenticated, but the
* authentication will stop after the first authenticated token. The strategy
* "atLeastOne" will try to authenticate at least one and as many tokens as possible.
*
* @return void
* @throws \TYPO3\Flow\Security\Exception
* @throws \TYPO3\Flow\Security\Exception\AuthenticationRequiredException
*/
public function authenticate()
{
$this->isAuthenticated = FALSE;
$anyTokenAuthenticated = FALSE;
if ($this->securityContext === NULL) {
throw new Exception('Cannot authenticate because no security context has been set.', 1232978667);
}
$tokens = $this->securityContext->getAuthenticationTokens();
if (count($tokens) === 0) {
throw new NoTokensAuthenticatedException('The security context contained no tokens which could be authenticated.', 1258721059);
}
/** @var $token TokenInterface */
foreach ($tokens as $token) {
/** @var $provider \TYPO3\Flow\Security\Authentication\AuthenticationProviderInterface */
foreach ($this->providers as $providerName => $provider) {
if ($provider->canAuthenticate($token) && $token->getAuthenticationStatus() === TokenInterface::AUTHENTICATION_NEEDED) {
$provider->authenticate($token);
if ($token->isAuthenticated()) {
$this->emitAuthenticatedToken($token);
}
break;
}
}
if ($token->isAuthenticated()) {
if (!$token instanceof SessionlessTokenInterface && !$this->session->isStarted()) {
$this->session->start();
}
if ($this->securityContext->getAuthenticationStrategy() === Context::AUTHENTICATE_ONE_TOKEN) {
$this->isAuthenticated = TRUE;
return;
}
$anyTokenAuthenticated = TRUE;
} else {
if ($this->securityContext->getAuthenticationStrategy() === Context::AUTHENTICATE_ALL_TOKENS) {
throw new AuthenticationRequiredException('Could not authenticate all tokens, but authenticationStrategy was set to "all".', 1222203912);
}
}
}
if (!$anyTokenAuthenticated && $this->securityContext->getAuthenticationStrategy() !== Context::AUTHENTICATE_ANY_TOKEN) {
throw new NoTokensAuthenticatedException('Could not authenticate any token. Might be missing or wrong credentials or no authentication provider matched.', 1222204027);
}
$this->isAuthenticated = $anyTokenAuthenticated;
}
/**
* Displays the backend interface
*
* @param NodeInterface $node The node that will be displayed on the first tab
* @return void
*/
public function indexAction(NodeInterface $node = null)
{
$this->contentCache->flush();
$this->session->start();
$this->session->putData('__cheEnabled__', true);
if ($user = $this->userService->getBackendUser()) {
$workspaceName = $this->userService->getPersonalWorkspaceName();
$contentContext = $this->createContext($workspaceName);
$contentContext->getWorkspace();
$this->persistenceManager->persistAll();
$siteNode = $contentContext->getCurrentSiteNode();
if ($node === null) {
$node = $siteNode;
}
$this->view->assign('user', $user);
$this->view->assign('documentNode', $node);
$this->view->assign('site', $node);
$this->view->assign('translations', $this->xliffService->getCachedJson(new Locale($this->userService->getInterfaceLanguage())));
return;
}
$this->redirectToUri($this->uriBuilder->uriFor('index', array(), 'Login', 'TYPO3.Neos'));
}
/**
* @Flow\Before("method(TYPO3\Neos\Controller\Backend\BackendController->indexAction())")
* @param JoinPointInterface $joinPoint the join point
* @return mixed
*/
public function disableNewUserInterface(JoinPointInterface $joinPoint)
{
$this->contentCache->flush();
$this->session->start();
$this->session->putData('__cheEnabled__', false);
}
/**
* @return void
*/
public function indexAction()
{
$this->session->start();
}
