2017-05-07 21:11:00 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace SilverStripe\Security;
|
|
|
|
|
2017-05-20 06:32:25 +02:00
|
|
|
use Exception;
|
|
|
|
use SilverStripe\Control\HTTPResponse_Exception;
|
2017-05-07 21:11:00 +02:00
|
|
|
use SilverStripe\Control\RequestFilter;
|
|
|
|
use SilverStripe\Control\HTTPRequest;
|
|
|
|
use SilverStripe\Control\HTTPResponse;
|
|
|
|
use SilverStripe\Control\Session;
|
|
|
|
use SilverStripe\ORM\DataModel;
|
|
|
|
use SilverStripe\Core\Config\Configurable;
|
|
|
|
use SilverStripe\Core\Injector\Injector;
|
|
|
|
|
|
|
|
class AuthenticationRequestFilter implements RequestFilter, IdentityStore
|
|
|
|
{
|
|
|
|
|
|
|
|
use Configurable;
|
|
|
|
|
2017-05-20 06:32:25 +02:00
|
|
|
/**
|
|
|
|
* @return array|IdentityStore[]
|
|
|
|
*/
|
2017-05-07 21:11:00 +02:00
|
|
|
protected function getHandlers()
|
|
|
|
{
|
|
|
|
return array_map(
|
|
|
|
function ($identifier) {
|
|
|
|
return Injector::inst()->get($identifier);
|
|
|
|
},
|
2017-05-20 06:32:25 +02:00
|
|
|
static::config()->get('handlers')
|
2017-05-07 21:11:00 +02:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Identify the current user from the request
|
|
|
|
*/
|
|
|
|
public function preRequest(HTTPRequest $request, Session $session, DataModel $model)
|
|
|
|
{
|
|
|
|
try {
|
2017-05-20 06:32:25 +02:00
|
|
|
/** @var AuthenticationHandler $handler */
|
2017-05-07 21:11:00 +02:00
|
|
|
foreach ($this->getHandlers() as $handler) {
|
|
|
|
// @todo Update requestfilter logic to allow modification of initial response
|
|
|
|
// in order to add cookies, etc
|
|
|
|
$member = $handler->authenticateRequest($request, new HTTPResponse());
|
|
|
|
if ($member) {
|
|
|
|
// @todo Remove the static coupling here
|
|
|
|
Security::setCurrentUser($member);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2017-05-20 06:32:25 +02:00
|
|
|
} catch (Exception $e) { // There's no valid exception currently. I would say AuthenticationException?
|
2017-05-07 21:11:00 +02:00
|
|
|
throw new HTTPResponse_Exception(
|
|
|
|
"Bad log-in details: " . $e->getMessage(),
|
|
|
|
400
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* No-op
|
|
|
|
*/
|
|
|
|
public function postRequest(HTTPRequest $request, HTTPResponse $response, DataModel $model)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Log into the identity-store handlers attached to this request filter
|
|
|
|
*
|
|
|
|
* @inherit
|
|
|
|
*/
|
|
|
|
public function logIn(Member $member, $persistent, HTTPRequest $request)
|
|
|
|
{
|
|
|
|
// @todo Coupling here isn't ideal.
|
|
|
|
$member->beforeMemberLoggedIn();
|
|
|
|
|
|
|
|
foreach ($this->getHandlers() as $handler) {
|
|
|
|
if ($handler instanceof IdentityStore) {
|
|
|
|
$handler->logIn($member, $persistent, $request);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// @todo Coupling here isn't ideal.
|
|
|
|
Security::setCurrentUser($member);
|
|
|
|
$member->afterMemberLoggedIn();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Log out of all the identity-store handlers attached to this request filter
|
|
|
|
*
|
|
|
|
* @inherit
|
|
|
|
*/
|
|
|
|
public function logOut(HTTPRequest $request)
|
|
|
|
{
|
|
|
|
foreach ($this->getHandlers() as $handler) {
|
|
|
|
if ($handler instanceof IdentityStore) {
|
|
|
|
$handler->logOut($request);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// @todo Coupling here isn't ideal.
|
|
|
|
Security::setCurrentUser(null);
|
|
|
|
}
|
|
|
|
}
|