/** * Before advice for all methods annotated with "@Flow\Session(autoStart=true)". * Those methods will trigger a session initialization if a session does not exist * yet. * * @param JoinPointInterface $joinPoint The current join point * @return void * @fixme The pointcut expression below does not consider the options of the session annotation – needs adjustments in the AOP framework * @Flow\Before("methodAnnotatedWith(Neos\Flow\Annotations\Session)") */ public function initializeSession(JoinPointInterface $joinPoint) { if ($this->session->isStarted() === true) { return; } $objectName = $this->objectManager->getObjectNameByClassName(get_class($joinPoint->getProxy())); $methodName = $joinPoint->getMethodName(); $this->systemLogger->log(sprintf('Session initialization triggered by %s->%s.', $objectName, $methodName), LOG_DEBUG); $this->session->start(); }
/** * Tries to authenticate the tokens in the security context (in the given order) * with the available authentication providers, if needed. * If the authentication strategy is set to "allTokens", all tokens have to be authenticated. * If the strategy is set to "oneToken", only one token needs to be authenticated, but the * authentication will stop after the first authenticated token. The strategy * "atLeastOne" will try to authenticate at least one and as many tokens as possible. * * @return void * @throws Exception * @throws AuthenticationRequiredException */ public function authenticate() { $this->isAuthenticated = false; $anyTokenAuthenticated = false; if ($this->securityContext === null) { throw new Exception('Cannot authenticate because no security context has been set.', 1232978667); } $tokens = $this->securityContext->getAuthenticationTokens(); if (count($tokens) === 0) { throw new NoTokensAuthenticatedException('The security context contained no tokens which could be authenticated.', 1258721059); } /** @var $token TokenInterface */ foreach ($tokens as $token) { /** @var $provider AuthenticationProviderInterface */ foreach ($this->providers as $provider) { if ($provider->canAuthenticate($token) && $token->getAuthenticationStatus() === TokenInterface::AUTHENTICATION_NEEDED) { $provider->authenticate($token); if ($token->isAuthenticated()) { $this->emitAuthenticatedToken($token); } break; } } if ($token->isAuthenticated()) { if (!$token instanceof SessionlessTokenInterface) { if (!$this->session->isStarted()) { $this->session->start(); } $account = $token->getAccount(); if ($account !== null) { $this->securityContext->withoutAuthorizationChecks(function () use($account) { $this->session->addTag('TYPO3-Flow-Security-Account-' . md5($account->getAccountIdentifier())); }); } } if ($this->securityContext->getAuthenticationStrategy() === Context::AUTHENTICATE_ONE_TOKEN) { $this->isAuthenticated = true; $this->securityContext->refreshRoles(); return; } $anyTokenAuthenticated = true; } else { if ($this->securityContext->getAuthenticationStrategy() === Context::AUTHENTICATE_ALL_TOKENS) { throw new AuthenticationRequiredException('Could not authenticate all tokens, but authenticationStrategy was set to "all".', 1222203912); } } } if (!$anyTokenAuthenticated && $this->securityContext->getAuthenticationStrategy() !== Context::AUTHENTICATE_ANY_TOKEN) { throw new NoTokensAuthenticatedException('Could not authenticate any token. Might be missing or wrong credentials or no authentication provider matched.', 1222204027); } $this->isAuthenticated = $anyTokenAuthenticated; $this->securityContext->refreshRoles(); }