public function isAuthenticated($request)
{
if (Security::isAuthenticated()) {
return true;
}
// Token kann im Header oder in einem Parameter stehen
$token = 'XYZ';
if (isset($_SERVER['HTTP_X_TOKEN'])) {
$token = $_SERVER['HTTP_X_TOKEN'];
} elseif (isset($request->token)) {
$token = $request->token;
}
$user = User::loadByToken($token);
if ($user !== null) {
Security::loginUser($user);
return true;
} else {
return false;
}
}
use NewFrontiers\Framework\Core\Application;
use NewFrontiers\Framework\Events\FrameworkEvents;
use Nostromo\Contracts\Facades\Events;
use Nostromo\Contracts\Facades\Logging;
use Nostromo\Contracts\Facades\Profiler;
use Nostromo\Contracts\Facades\Security;
use Symfony\Component\EventDispatcher\Event;
Profiler::startSection('initApplication');
// Listener, der als Login-Gate fungiert
// TODO: In eigene Klasse
Events::addListener(FrameworkEvents::REQUEST_BEFORE, function (\NewFrontiers\Framework\Events\RequestEvent $event) {
$request = $event->getRequest();
// Nur Admin schützen
if (!$request->admin) {
return;
}
// API ausnhemen (pauschal)
if ($request->module == 'api' || $request->module == 'Api') {
return;
}
$allowedActions = array('showLogin', 'login', 'loginFailure', 'logout', 'password', 'doPassword', 'reset', 'doReset');
if (!Security::isAuthenticated() && !in_array($request->action, $allowedActions)) {
$request->followUpModule = $request->module;
$request->followUpAction = $request->action;
$request->module = 'defaultMod';
$request->action = 'showLogin';
Logging::warning('Action not allowed. User was sent to Login-Screen');
} else {
}
});
Profiler::endSection('initApplication');
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="//oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="//oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
<script src="//code.jquery.com/jquery-1.11.2.min.js"></script>
</head>
<body style="padding-top: 70px;">
<!-- Navbar -->
<?php
if (Security::isAuthenticated()) {
?>
<nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse"
data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<!--<a class="navbar-brand" href="#"><img src="http://pixw.net/p3/themes/p3-bootstrap/img/p3.png" style="margin-top: -4px"></a>-->
</div>
/**
* Prüft, ob der aktuell angemeldete Benutzer berechtigt für diese Aktion ist
* @return bool
*/
public function isBerechtigt()
{
Logging::debug("Prüfe Berechtigung für {$this->name} : {$this->securityLevel}");
if ($this->securityLevel === Action::LEVEL_ALL) {
return true;
} elseif ($this->securityLevel === Action::LEVEL_LOGGEDIN) {
return Security::isAuthenticated();
} elseif ($this->securityLevel === Action::LEVEL_CONFIG) {
return Security::hatBerechtigung($this->getSecurityToken());
} else {
// TODO: Hier könnte man jetzt auch den Rückgriff auf
// andere Module einbauen. Wäre kein Problem
$module = $this->module;
$action = $module->getAction($this->securityLevel);
if ($action !== null) {
return $action->isBerechtigt();
}
}
return false;
}
