class DummyContext extends Context (View source)

This is dummy implementation of a security context, which holds security information like roles oder details of authenticated users.

These information can be set manually on the context as needed.

Constants

AUTHENTICATE_ANY_TOKEN

Authenticate as many tokens as possible but do not require an authenticated token (e.g. for guest users with role Neos.Flow:Everybody).

AUTHENTICATE_ONE_TOKEN

Stop authentication of tokens after first successful authentication of a token.

AUTHENTICATE_ALL_TOKENS

Authenticate all active tokens and throw an exception if an active token could not be authenticated.

AUTHENTICATE_AT_LEAST_ONE_TOKEN

Authenticate as many tokens as possible but do not fail if a token could not be authenticated and at least one token could be authenticated.

CSRF_ONE_PER_SESSION

Creates one csrf token per session

CSRF_ONE_PER_URI

Creates one csrf token per uri

CSRF_ONE_PER_REQUEST

Creates one csrf token per request

CONTEXT_HASH_UNINITIALIZED

If the security context isn't initialized (or authorization checks are disabled) this constant will be returned by getContextHash()

Properties

protected int $authenticationStrategy

One of the AUTHENTICATE_* constants to set the authentication strategy.

from  Context
protected int $csrfProtectionStrategy

One of the CSRF_* constants to set the csrf protection strategy

from  Context
protected array $tokenStatusLabels from  Context
protected bool $initialized

true if the context is initialized in the current request, false or NULL otherwise.

protected TokenInterface[] $activeTokens

Array of tokens currently active

from  Context
protected TokenInterface[] $inactiveTokens

Array of tokens currently inactive

from  Context
protected ActionRequest $request from  Context
protected Role[] $roles
protected bool $authorizationChecksDisabled

Whether authorization is disabled areAuthorizationChecksDisabled()

from  Context
protected string $contextHash

A hash for this security context that is unique to the currently authenticated roles.

from  Context
protected array $csrfTokensRemovedAfterCurrentRequest

CSRF tokens that are valid during this request but will be gone after.

from  Context
protected string $requestCsrfToken

CSRF token created in the current request.

from  Context
protected TokenAndProviderFactoryInterface $tokenAndProviderFactory from  Context
protected SessionManagerInterface $sessionManager from  Context
protected LoggerInterface $securityLogger from  Context
protected PolicyService $policyService from  Context
protected ObjectManagerInterface $objectManager from  Context
protected array $globalObjects

Array of registered global objects that can be accessed as operands

from  Context
protected array $tokens

Array of configured tokens (might have request patterns)

protected string $csrfProtectionToken
protected ActionRequest $interceptedRequest

Methods

void
withoutAuthorizationChecks(Closure $callback)

Lets you switch off authorization checks (CSRF token, policies, content security, ...) for the runtime of $callback

from  Context
bool
areAuthorizationChecksDisabled()

Returns true if authorization should be ignored, otherwise false This is mainly useful to fetch records without Content Security to kick in (e.g. for AuthenticationProviders)

from  Context
void
setRequest(ActionRequest $request)

Set the current action request

from  Context
void
injectSettings(array $settings)

Injects the configuration settings

from  Context
void
initialize()

Initializes the security context for the given request.

from  Context
bool
isInitialized()

No description

int
getAuthenticationStrategy()

Get the token authentication strategy

getAuthenticationTokens()

Returns all Authentication\Tokens of the security context which are active for the current request. If a token has a request pattern that cannot match against the current request it is determined as not active.

getAuthenticationTokensOfType(string $className)

Returns all Authentication\Tokens of the security context which are active for the current request and of the given type. If a token has a request pattern that cannot match against the current request it is determined as not active.

Role[]
getRoles()

Returns the roles of all authenticated accounts, including inherited roles.

bool
hasRole(string $roleIdentifier)

Returns true, if at least one of the currently authenticated accounts holds a role with the given identifier, also recursively.

getAccount()

Returns the account of the first authenticated authentication token.

from  Context
getAccountByAuthenticationProviderName(string $authenticationProviderName)

Returns an authenticated account for the given provider or NULL if no account was authenticated or no token was registered for the given authentication provider name.

from  Context
string
getCsrfProtectionToken()

Returns the current CSRF protection token. A new one is created when needed, depending on the configured CSRF protection strategy.

bool
hasCsrfProtectionTokens()

Returns true if the context has CSRF protection tokens.

bool
isCsrfProtectionTokenValid(string $csrfToken)

Returns true if the given string is a valid CSRF protection token. The token will be removed if the configured csrf strategy is 'onePerUri'.

void
setInterceptedRequest(ActionRequest $interceptedRequest = null)

Sets an action request, to be stored for later resuming after it has been intercepted by a security exception.

getInterceptedRequest()

Returns the request, that has been stored for later resuming after it has been intercepted by a security exception, NULL if there is none.

void
clearContext()

Clears the security context.

array
from  Context
array
collectParentRoles(Role $role)

No description

from  Context
void
separateActiveAndInactiveTokens(array $tokens)

Stores all active tokens in $this->activeTokens, all others in $this->inactiveTokens

from  Context
bool
isTokenActive(TokenInterface $token)

Evaluates any RequestPatterns of the given token to determine whether it is active for the current request

  • If no RequestPattern is configured for this token, it is active
  • Otherwise it is active only if at least one configured RequestPattern per type matches the request

from  Context
array
mergeTokens(array $managerTokens, array $sessionTokens)

Merges the session and manager tokens. All manager tokens types will be in the result array If a specific type is found in the session this token replaces the one (of the same type) given by the manager.

from  Context
findBestMatchingToken(TokenInterface $managerToken, array $sessionTokens)

Tries to find a token matchting the given manager token in the session tokens, will return that or the manager token.

from  Context
void
updateTokens(array $tokens)

Updates the token credentials for all tokens in the given array.

from  Context
void
refreshTokens()

Refreshes all active tokens by updating the credentials.

from  Context
void
refreshRoles()

Refreshes the currently effective roles. In fact the roles first level cache is reset and the effective roles get recalculated by calling getRoles().

from  Context
bool
canBeInitialized()

Check if the securityContext is ready to be initialized. Only after that security will be active.

from  Context
string
getContextHash()

Returns a hash that is unique for the current context, depending on hash components, setContextHashComponent()

from  Context
string
getSessionTagForAccount(Account $account)

returns the tag to use for sessions belonging to the given $account

from  Context
void
destroySessionsForAccount(Account $account, string $reason = '')

destroys all sessions belonging to the given $account

from  Context
void
setInitialized(bool $initialized)

No description

array
setAuthenticationTokens(array $tokens)

Sets the Authentication\Tokens of the security context which should be active.

void
setRoles(Role[] $roles)

Set an array of role objects.

void
setCsrfProtectionToken(string $csrfProtectionToken)

No description

Details

void withoutAuthorizationChecks(Closure $callback)

Lets you switch off authorization checks (CSRF token, policies, content security, ...) for the runtime of $callback

Usage: $this->securityContext->withoutAuthorizationChecks(function () use ($accountRepository, $username, $providerName, &$account) { // this will disable the PersistenceQueryRewritingAspect for this one call $account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($username, $providerName) });

Parameters

Closure $callback

Return Value

void

Exceptions

Exception

bool areAuthorizationChecksDisabled()

Returns true if authorization should be ignored, otherwise false This is mainly useful to fetch records without Content Security to kick in (e.g. for AuthenticationProviders)

Return Value

bool

See also

withoutAuthorizationChecks()

void setRequest(ActionRequest $request)

Set the current action request

This method is called manually by the request handler which created the HTTP request.

Parameters

ActionRequest $request

The current ActionRequest

Return Value

void

void injectSettings(array $settings)

Injects the configuration settings

Parameters

array $settings

Return Value

void

Exceptions

Exception

void initialize()

Initializes the security context for the given request.

Return Value

void

Exceptions

Exception

bool isInitialized()

No description

Return Value

bool

true if the Context is initialized, false otherwise.

int getAuthenticationStrategy()

Get the token authentication strategy

Return Value

int

One of the AUTHENTICATE_* constants

TokenInterface[] getAuthenticationTokens()

Returns all Authentication\Tokens of the security context which are active for the current request. If a token has a request pattern that cannot match against the current request it is determined as not active.

Return Value

TokenInterface[]

Array of set tokens

TokenInterface[] getAuthenticationTokensOfType(string $className)

Returns all Authentication\Tokens of the security context which are active for the current request and of the given type. If a token has a request pattern that cannot match against the current request it is determined as not active.

Parameters

string $className

The class name

Return Value

TokenInterface[]

Array of set tokens of the specified type

Role[] getRoles()

Returns the roles of all authenticated accounts, including inherited roles.

If no authenticated roles could be found the "Anonymous" role is returned.

The "Neos.Flow:Everybody" roles is always returned.

Return Value

Role[]

bool hasRole(string $roleIdentifier)

Returns true, if at least one of the currently authenticated accounts holds a role with the given identifier, also recursively.

Parameters

string $roleIdentifier

The string representation of the role to search for

Return Value

bool

true, if a role with the given string representation was found

Account getAccount()

Returns the account of the first authenticated authentication token.

Note: There might be a more currently authenticated account in the remaining tokens. If you need them you'll have to fetch them directly from the tokens. (getAuthenticationTokens())

Return Value

Account

The authenticated account

Account getAccountByAuthenticationProviderName(string $authenticationProviderName)

Returns an authenticated account for the given provider or NULL if no account was authenticated or no token was registered for the given authentication provider name.

Parameters

string $authenticationProviderName

Authentication provider name of the account to find

Return Value

Account

The authenticated account

string getCsrfProtectionToken()

Returns the current CSRF protection token. A new one is created when needed, depending on the configured CSRF protection strategy.

Return Value

string

bool hasCsrfProtectionTokens()

Returns true if the context has CSRF protection tokens.

Return Value

bool

true, if the token is valid. false otherwise.

bool isCsrfProtectionTokenValid(string $csrfToken)

Returns true if the given string is a valid CSRF protection token. The token will be removed if the configured csrf strategy is 'onePerUri'.

Parameters

string $csrfToken

The token string to be validated

Return Value

bool

true, if the token is valid. false otherwise.

void setInterceptedRequest(ActionRequest $interceptedRequest = null)

Sets an action request, to be stored for later resuming after it has been intercepted by a security exception.

Parameters

ActionRequest $interceptedRequest

Return Value

void

ActionRequest|null getInterceptedRequest()

Returns the request, that has been stored for later resuming after it has been intercepted by a security exception, NULL if there is none.

Return Value

ActionRequest|null

TODO: Revisit type (ActionRequest / HTTP request)

void clearContext()

Clears the security context.

Return Value

void

protected array collectRolesAndParentRolesFromAccount(Account $account)

No description

Parameters

Account $account

Return Value

array

protected array collectParentRoles(Role $role)

No description

Parameters

Role $role

Return Value

array

protected void separateActiveAndInactiveTokens(array $tokens)

Stores all active tokens in $this->activeTokens, all others in $this->inactiveTokens

Parameters

array $tokens

Return Value

void

protected bool isTokenActive(TokenInterface $token)

Evaluates any RequestPatterns of the given token to determine whether it is active for the current request

  • If no RequestPattern is configured for this token, it is active
  • Otherwise it is active only if at least one configured RequestPattern per type matches the request

Parameters

TokenInterface $token

Return Value

bool

true if the given token is active, otherwise false

protected array mergeTokens(array $managerTokens, array $sessionTokens)

Merges the session and manager tokens. All manager tokens types will be in the result array If a specific type is found in the session this token replaces the one (of the same type) given by the manager.

Parameters

array $managerTokens

Array of tokens provided by the authentication manager

array $sessionTokens

Array of tokens restored from the session

Return Value

array

Array of Authentication\TokenInterface objects

protected TokenInterface findBestMatchingToken(TokenInterface $managerToken, array $sessionTokens)

Tries to find a token matchting the given manager token in the session tokens, will return that or the manager token.

Parameters

TokenInterface $managerToken
array $sessionTokens

Return Value

TokenInterface

Exceptions

SessionNotStartedException

protected void updateTokens(array $tokens)

Updates the token credentials for all tokens in the given array.

Parameters

array $tokens

Array of authentication tokens the credentials should be updated for

Return Value

void

void refreshTokens()

Refreshes all active tokens by updating the credentials.

This is useful when doing an explicit authentication inside a request.

Return Value

void

void refreshRoles()

Refreshes the currently effective roles. In fact the roles first level cache is reset and the effective roles get recalculated by calling getRoles().

Return Value

void

bool canBeInitialized()

Check if the securityContext is ready to be initialized. Only after that security will be active.

To be able to initialize, there needs to be an ActionRequest available, usually that is provided by the MVC router.

Return Value

bool

string getContextHash()

Returns a hash that is unique for the current context, depending on hash components, setContextHashComponent()

Return Value

string

string getSessionTagForAccount(Account $account)

returns the tag to use for sessions belonging to the given $account

Parameters

Account $account

Return Value

string

void destroySessionsForAccount(Account $account, string $reason = '')

destroys all sessions belonging to the given $account

Parameters

Account $account
string $reason

Return Value

void

void setInitialized(bool $initialized)

No description

Parameters

bool $initialized

Return Value

void

array setAuthenticationTokens(array $tokens)

Sets the Authentication\Tokens of the security context which should be active.

Parameters

array $tokens

Array of set tokens

Return Value

array

void setRoles(Role[] $roles)

Set an array of role objects.

Parameters

Role[] $roles

Return Value

void

void setCsrfProtectionToken(string $csrfProtectionToken)

No description

Parameters

string $csrfProtectionToken

Return Value

void