public function interceptRequest(HttpRequest $request) { if ($this->secure && !$request->isSecure()) { $response = new HttpResponse(Http::REDIRECT_IDENTICAL); $response->setHeader('Location', $request->getUri()->setScheme('https')); return $response; } if (!$this->secure && $request->isSecure()) { $response = new HttpResponse(Http::REDIRECT_IDENTICAL); $response->setHeader('Location', $request->getUri()->setScheme('http')); return $response; } }
/** * {@inheritdoc} */ public function startAuthentication(TokenInterface $token, HttpRequest $request, HttpResponse $response) { if (!$token instanceof FormAuthToken) { throw new SecurityException(sprintf('Invalid token %s passed to %s', get_class($token), get_class($this))); } $loginUri = new Uri($this->auth->getLoginUri()); $path = trim($request->getUri()->getPath(false), '/'); $loginPath = trim($loginUri->getPath(false), '/'); $session = $this->securityContext->getSession(); $data = (array) $session->get($this->auth->getKey(), NULL); // Save the current URI when it is not the login URI. if ($path !== $loginPath && !array_key_exists(FormAuthenticationProvider::SESSION_URI, $data)) { $data[FormAuthenticationProvider::SESSION_URI] = (string) $request->getUri(); } $session->set($this->auth->getKey(), $data); $response->setStatus(Http::REDIRECT_TEMPORARY); $response->setReason(Http::getReason(Http::REDIRECT_TEMPORARY)); $response->setHeader('Location', $loginUri); }
protected function sendRequestLine(StreamInterface $stream, HttpRequest $request) { $uri = $request->getUri(); $buffer = $uri->getPath(); if ($buffer === '' || substr($buffer, 0, 1) != '/') { $buffer = '/' . $buffer; } if ('' !== ($query = $buffer->getQueryString())) { $buffer .= '?' . $query; } $stream->write(sprintf("%s %s %s\r\n", $request->getMethod(false), $buffer, $request->getProtocol())); }
/** * Dispatch the given request and return the generated HTTP response. * * HINT: This method will transform the response entity into a StringEntity populated with the contents of * the original entity, HTTP headers of the original entity will be preserved. * * NOTE: If you do not specify a host in the URL it will be set to test.me! * * @param HttpRequest $request * @return HttpResponse * * @throws \RuntimeException When the dispatcher did not return an HTTP response and no other exception was thrown. */ public function dispatch(HttpRequest $request) { $uri = $request->getUri(); if (NULL === $uri->getHost()) { $request->setUri($uri->setHost('test.me')->setPort(Http::PORT)); } $dispatcher = $this->container->get(DispatcherInterface::class); $chain = $this->container->get(MiddlewareChain::class); $response = $dispatcher->handleRequest($request, $chain, true); if (!$response instanceof HttpResponse) { $type = is_object($response) ? get_class($response) : gettype($response); throw new \RuntimeException(sprintf('Expecting an HttpResponse object, given %s', $type)); } return $response; }
/** * {@inheritdoc} */ public function updateCredentials(HttpRequest $request) { $this->setStatus(self::AUTHENTICATION_NEEDED); $path = trim($request->getUri()->getPath(false), '/'); $logoutPath = trim((new Uri($this->auth->getLogoutUri()))->getPath(false), '/'); if ($path === $logoutPath) { return; } $session = $this->securityContext->getSession(); if ($session->isInitialized()) { $data = (array) $session->get($this->auth->getKey(), NULL); $identity = NULL; if (isset($data[FormAuthenticationProvider::SESSION_IDENTITY])) { $identity = (string) $data[FormAuthenticationProvider::SESSION_IDENTITY]; } if ($identity !== NULL) { $principal = $this->auth->getPrincipalProvider()->findPrincipal($identity); if ($principal !== NULL) { $this->setPrincipal($principal); return $this->setStatus(self::AUTHENTICATION_SUCCESSFUL); } } } if ($request->isPost(false) && $request->getMediaType()->is(Http::FORM_ENCODED)) { $fields = $request->getEntity()->getFields(); $data = isset($fields['auth']) ? (array) $fields['auth'] : []; $data = isset($data[$this->auth->getKey()]) ? (array) $data[$this->auth->getKey()] : []; if (array_key_exists(FormAuthenticationProvider::FIELD_USERNAME, $data)) { $this->username = (string) $data[FormAuthenticationProvider::FIELD_USERNAME]; } if (array_key_exists(FormAuthenticationProvider::FIELD_PASSWORD, $data)) { $this->password = (string) $data[FormAuthenticationProvider::FIELD_PASSWORD]; } if (array_key_exists(FormAuthenticationProvider::FIELD_GUARD, $data)) { $guard = (string) $data[FormAuthenticationProvider::FIELD_GUARD]; $data = (array) $session->get($this->auth->getKey(), NULL); if (array_key_exists(FormAuthenticationProvider::SESSION_GUARD, $data)) { if ((string) $data[FormAuthenticationProvider::SESSION_GUARD] == $guard) { $this->guarded = true; } } } return $this->setStatus(self::AUTHENTICATION_NEEDED); } }
protected function refreshLock(ResourceInterface $resource, Uri $baseUri, HttpRequest $request, LockStorageInterface $storage) { if (!$resource instanceof LockableResourceInterface || !$resource->isLockSupported()) { throw new MethodNotAllowedException(); } if (!$resource->isLocked()) { throw new LockTokenMatchesRequestUriException(WebDav::CODE_PRECONDITION_FAILED); } $if = trim($request->getHeader('If', '')); $m = NULL; if (!preg_match("'^\\(\\s*<urn:webdav:lock:([a-f0-9\\-]{36})>\\s*\\)\$'i", $if, $m)) { throw new BadRequestException(); } try { $token = new UUID($m[1]); } catch (\InvalidArgumentException $e) { throw new BadRequestException($e); } if ($token != $resource->getLockInfo()->getToken()) { throw new NoConflictingLockException([$request->getUri()]); } $storage->beginTransaction(); try { $lock = $storage->refreshLock($resource, $token, $this->computeExpires($request)); } catch (\Exception $e) { $storage->rollBack(); throw new LockTokenMatchesRequestUriException(WebDav::CODE_PRECONDITION_FAILED, $e); } $storage->commit(); return $this->createLockResponse(WebDav::CODE_OK, $lock, $baseUri, false); }
protected function buildProppatchResponse(ProppatchRequest $proppatch, HttpRequest $request, StorageInterface $storage) { $builder = new PatchResponseBuilder($request->getUri(), $proppatch); return $builder->buildResponse(WebDav::CODE_MULTI_STATUS); }
/** * {@inheritdoc} */ public function authenticate(SecurityContextInterface $context, TokenInterface $token, HttpRequest $request) { if (!$token instanceof FormAuthToken) { throw new SecurityException(sprintf('Token %s not supported by provider %s', get_class($token), get_class($this))); } $this->failedLogin = false; $this->username = $token->getUsername(); $this->guard = bin2hex(random_bytes($this->guardByteCount)); $path = trim($request->getUri()->getPath(false), '/'); $loginPath = trim((new Uri($this->getLoginUri()))->getPath(false), '/'); $logoutPath = trim((new Uri($this->getLogoutUri()))->getPath(false), '/'); $isLogin = $path === $loginPath; $isLogout = $path === $logoutPath; $session = $context->getSession(); if ($isLogout) { $session->remove($this->getKey()); $token->setPrincipal(new AnonymousPrincipal()); $token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); return; } if ($isLogin) { try { if ($request->isPost(false)) { $identity = $token->getUsername(); $password = $token->getPassword(); // Fetch user independent of guard in order to prevent leakage of timing information. $principal = $this->getPrincipalProvider()->findPrincipalUsingPassword($identity, $password); // Invalidate when guard fails. if (!$token->isGuarded()) { $principal = NULL; } if ($principal !== NULL) { $session = $context->getSession(); $data = (array) $session->get($this->getKey(), NULL); $data[self::SESSION_IDENTITY] = (string) $principal->getIdentity(); $session->set($this->getKey(), $data); if (array_key_exists(self::SESSION_URI, $data)) { $uri = $data[self::SESSION_URI]; unset($data[self::SESSION_URI]); $session->set($this->getKey(), $data); $response = new HttpResponse(Http::REDIRECT_TEMPORARY); $response->setHeader('Location', $uri); return $response; } $token->setPrincipal($principal); $token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); return; } $this->failedLogin = true; } $token->setPrincipal(new AnonymousPrincipal()); $token->setStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); return; } finally { $data = (array) $session->get($this->getKey(), []); $data[self::SESSION_GUARD] = $this->guard; $session->set($this->getKey(), $data); } } }