NEW: Replace AuthenticationRequestFilter with AuthenticationMiddleware

2024-06-28 15:39:40 +02:00 · 2017-06-23 12:32:43 +12:00 · 2017-06-23 12:32:43 +12:00 · 254204a3a6
commit 254204a3a6
parent e855622890
3 changed files with 20 additions and 32 deletions
--- a/_config/security.yml
+++ b/_config/security.yml
@ -19,14 +19,13 @@ SilverStripe\Core\Injector\Injector:
 ---
 Name: coresecurity
 ---
+SilverStripe\Control\Director:
+  middlewares:
+    - %$SilverStripe\Security\AuthenticationMiddleware
 SilverStripe\Core\Injector\Injector:
-  SilverStripe\Security\AuthenticationRequestFilter:
+  SilverStripe\Security\AuthenticationMiddleware:
    properties:
      AuthenticationHandler: %$SilverStripe\Security\AuthenticationHandler
-  SilverStripe\Control\RequestProcessor:
-    properties:
-      filters:
-        - %$SilverStripe\Security\AuthenticationRequestFilter
  SilverStripe\Security\Security:
    properties:
      Authenticators:
--- a/src/Security/AuthenticationRequestFilter.php
+++ b/src/Security/AuthenticationRequestFilter.php
@ -5,11 +5,11 @@ namespace SilverStripe\Security;
 use SilverStripe\Control\HTTPRequest;
 use SilverStripe\Control\HTTPResponse;
 use SilverStripe\Control\HTTPResponse_Exception;
-use SilverStripe\Control\RequestFilter;
+use SilverStripe\Control\HTTPMiddleware;
 use SilverStripe\Core\Config\Configurable;
 use SilverStripe\ORM\ValidationException;

-class AuthenticationRequestFilter implements RequestFilter
+class AuthenticationMiddleware implements HTTPMiddleware
 {
    use Configurable;

@ -43,32 +43,21 @@ class AuthenticationRequestFilter implements RequestFilter
     * @return bool|void
     * @throws HTTPResponse_Exception
     */
-    public function preRequest(HTTPRequest $request)
+    public function process(HTTPRequest $request, callable $delegate)
    {
-        if (!Security::database_is_ready()) {
-            return;
+        if (Security::database_is_ready()) {
+            try {
+                $this
+                    ->getAuthenticationHandler()
+                    ->authenticateRequest($request);
+            } catch (ValidationException $e) {
+                return new HTTPResponse(
+                    "Bad log-in details: " . $e->getMessage(),
+                    400
+                );
+            }
        }

-        try {
-            $this
-                ->getAuthenticationHandler()
-                ->authenticateRequest($request);
-        } catch (ValidationException $e) {
-            throw new HTTPResponse_Exception(
-                "Bad log-in details: " . $e->getMessage(),
-                400
-            );
-        }
+        return $delegate($request);
    }
-
-    /**
-     * No-op
-     *
-     * @param HTTPRequest $request
-     * @param HTTPResponse $response
-     * @return bool|void
-     */
-    public function postRequest(HTTPRequest $request, HTTPResponse $response)
-    {
    }
-}
--- a/src/Security/Member.php
+++ b/src/Security/Member.php
@ -415,7 +415,7 @@ class Member extends DataObject
     */
    public function beforeMemberLoggedIn()
    {
-        // @todo Move to middleware on the AuthenticationRequestFilter IdentityStore
+        // @todo Move to middleware on the AuthenticationMiddleware IdentityStore
        $this->extend('beforeMemberLoggedIn');
    }