silverstripe-framework/src/Security/AuthenticationMiddleware.php
Sam Minnee 8c15e451c6 FIX: Removed unnecessary database_is_ready call.
This shaves about 45ms from every request (PHP 7.1 on a 2013 rMBP), 
cutting down execution time of a “hello world” controller by about 33%.

database_is_ready is still used in dev/build and ?flush=1 to stop people
from people bypassing security by DOSing the database or otherwise
forcing a DatabaseException
2017-08-25 13:06:12 +12:00

64 lines
1.6 KiB
PHP

<?php
namespace SilverStripe\Security;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\HTTPResponse;
use SilverStripe\Control\Middleware\HTTPMiddleware;
use SilverStripe\Core\Config\Configurable;
use SilverStripe\ORM\ValidationException;
use SilverStripe\ORM\Connect\DatabaseException;
class AuthenticationMiddleware implements HTTPMiddleware
{
use Configurable;
/**
* @var AuthenticationHandler
*/
protected $authenticationHandler;
/**
* @return AuthenticationHandler
*/
public function getAuthenticationHandler()
{
return $this->authenticationHandler;
}
/**
* @param AuthenticationHandler $authenticationHandler
* @return $this
*/
public function setAuthenticationHandler(AuthenticationHandler $authenticationHandler)
{
$this->authenticationHandler = $authenticationHandler;
return $this;
}
/**
* Identify the current user from the request
*
* @param HTTPRequest $request
* @param callable $delegate
* @return HTTPResponse
*/
public function process(HTTPRequest $request, callable $delegate)
{
try {
$this
->getAuthenticationHandler()
->authenticateRequest($request);
} catch (ValidationException $e) {
return new HTTPResponse(
"Bad log-in details: " . $e->getMessage(),
400
);
} catch (DatabaseException $e) {
// Database isn't ready, carry on.
}
return $delegate($request);
}
}