DummyContext
class DummyContext extends Context (View source)
This is dummy implementation of a security context, which holds security information like roles oder details of authenticated users.
These information can be set manually on the context as needed.
Constants
AUTHENTICATE_ANY_TOKEN |
Authenticate as many tokens as possible but do not require
an authenticated token (e.g. for guest users with role Neos.Flow:Everybody). |
AUTHENTICATE_ONE_TOKEN |
Stop authentication of tokens after first successful
authentication of a token. |
AUTHENTICATE_ALL_TOKENS |
Authenticate all active tokens and throw an exception if
an active token could not be authenticated. |
AUTHENTICATE_AT_LEAST_ONE_TOKEN |
Authenticate as many tokens as possible but do not fail if
a token could not be authenticated and at least one token
could be authenticated. |
CSRF_ONE_PER_SESSION |
Creates one csrf token per session |
CSRF_ONE_PER_URI |
Creates one csrf token per uri |
CSRF_ONE_PER_REQUEST |
Creates one csrf token per request |
CONTEXT_HASH_UNINITIALIZED |
If the security context isn't initialized (or authorization checks are disabled)
this constant will be returned by getContextHash() |
Properties
protected int | $authenticationStrategy | One of the AUTHENTICATE_* constants to set the authentication strategy. |
from Context |
protected int | $csrfProtectionStrategy | One of the CSRF_* constants to set the csrf protection strategy |
from Context |
protected array | $tokenStatusLabels | from Context | |
protected bool | $initialized | true if the context is initialized in the current request, false or NULL otherwise. |
|
protected TokenInterface[] | $activeTokens | Array of tokens currently active |
from Context |
protected TokenInterface[] | $inactiveTokens | Array of tokens currently inactive |
from Context |
protected ActionRequest | $request | from Context | |
protected Role[] | $roles | ||
protected bool | $authorizationChecksDisabled | Whether authorization is disabled areAuthorizationChecksDisabled() |
from Context |
protected string | $contextHash | A hash for this security context that is unique to the currently authenticated roles. |
from Context |
protected array | $csrfTokensRemovedAfterCurrentRequest | CSRF tokens that are valid during this request but will be gone after. |
from Context |
protected string | $requestCsrfToken | CSRF token created in the current request. |
from Context |
protected TokenAndProviderFactoryInterface | $tokenAndProviderFactory | from Context | |
protected SessionManagerInterface | $sessionManager | from Context | |
protected LoggerInterface | $securityLogger | from Context | |
protected PolicyService | $policyService | from Context | |
protected ObjectManagerInterface | $objectManager | from Context | |
protected array | $globalObjects | Array of registered global objects that can be accessed as operands |
from Context |
protected array | $tokens | Array of configured tokens (might have request patterns) |
|
protected string | $csrfProtectionToken | ||
protected ActionRequest | $interceptedRequest |
Methods
Lets you switch off authorization checks (CSRF token, policies, content security, ...) for the runtime of $callback
Returns true if authorization should be ignored, otherwise false This is mainly useful to fetch records without Content Security to kick in (e.g. for AuthenticationProviders)
No description
Get the token authentication strategy
Returns all Authentication\Tokens of the security context which are active for the current request. If a token has a request pattern that cannot match against the current request it is determined as not active.
Returns all Authentication\Tokens of the security context which are active for the current request and of the given type. If a token has a request pattern that cannot match against the current request it is determined as not active.
Returns true, if at least one of the currently authenticated accounts holds a role with the given identifier, also recursively.
Returns the account of the first authenticated authentication token.
Returns an authenticated account for the given provider or NULL if no account was authenticated or no token was registered for the given authentication provider name.
Returns the current CSRF protection token. A new one is created when needed, depending on the configured CSRF protection strategy.
Returns true if the context has CSRF protection tokens.
Returns true if the given string is a valid CSRF protection token. The token will be removed if the configured csrf strategy is 'onePerUri'.
Sets an action request, to be stored for later resuming after it has been intercepted by a security exception.
Returns the request, that has been stored for later resuming after it has been intercepted by a security exception, NULL if there is none.
Clears the security context.
Stores all active tokens in $this->activeTokens, all others in $this->inactiveTokens
Evaluates any RequestPatterns of the given token to determine whether it is active for the current request
- If no RequestPattern is configured for this token, it is active
- Otherwise it is active only if at least one configured RequestPattern per type matches the request
Merges the session and manager tokens. All manager tokens types will be in the result array If a specific type is found in the session this token replaces the one (of the same type) given by the manager.
Tries to find a token matchting the given manager token in the session tokens, will return that or the manager token.
Updates the token credentials for all tokens in the given array.
Refreshes the currently effective roles. In fact the roles first level cache is reset and the effective roles get recalculated by calling getRoles().
Check if the securityContext is ready to be initialized. Only after that security will be active.
Returns a hash that is unique for the current context, depending on hash components, setContextHashComponent()
returns the tag to use for sessions belonging to the given $account
destroys all sessions belonging to the given $account
No description
Sets the Authentication\Tokens of the security context which should be active.
No description
Details
void
withoutAuthorizationChecks(Closure $callback)
Lets you switch off authorization checks (CSRF token, policies, content security, ...) for the runtime of $callback
Usage: $this->securityContext->withoutAuthorizationChecks(function () use ($accountRepository, $username, $providerName, &$account) { // this will disable the PersistenceQueryRewritingAspect for this one call $account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($username, $providerName) });
bool
areAuthorizationChecksDisabled()
Returns true if authorization should be ignored, otherwise false This is mainly useful to fetch records without Content Security to kick in (e.g. for AuthenticationProviders)
void
setRequest(ActionRequest $request)
Set the current action request
This method is called manually by the request handler which created the HTTP request.
void
injectSettings(array $settings)
Injects the configuration settings
void
initialize()
Initializes the security context for the given request.
bool
isInitialized()
No description
int
getAuthenticationStrategy()
Get the token authentication strategy
TokenInterface[]
getAuthenticationTokens()
Returns all Authentication\Tokens of the security context which are active for the current request. If a token has a request pattern that cannot match against the current request it is determined as not active.
TokenInterface[]
getAuthenticationTokensOfType(string $className)
Returns all Authentication\Tokens of the security context which are active for the current request and of the given type. If a token has a request pattern that cannot match against the current request it is determined as not active.
Role[]
getRoles()
Returns the roles of all authenticated accounts, including inherited roles.
If no authenticated roles could be found the "Anonymous" role is returned.
The "Neos.Flow:Everybody" roles is always returned.
bool
hasRole(string $roleIdentifier)
Returns true, if at least one of the currently authenticated accounts holds a role with the given identifier, also recursively.
Account
getAccount()
Returns the account of the first authenticated authentication token.
Note: There might be a more currently authenticated account in the remaining tokens. If you need them you'll have to fetch them directly from the tokens. (getAuthenticationTokens())
Account
getAccountByAuthenticationProviderName(string $authenticationProviderName)
Returns an authenticated account for the given provider or NULL if no account was authenticated or no token was registered for the given authentication provider name.
string
getCsrfProtectionToken()
Returns the current CSRF protection token. A new one is created when needed, depending on the configured CSRF protection strategy.
bool
hasCsrfProtectionTokens()
Returns true if the context has CSRF protection tokens.
bool
isCsrfProtectionTokenValid(string $csrfToken)
Returns true if the given string is a valid CSRF protection token. The token will be removed if the configured csrf strategy is 'onePerUri'.
void
setInterceptedRequest(ActionRequest $interceptedRequest = null)
Sets an action request, to be stored for later resuming after it has been intercepted by a security exception.
ActionRequest|null
getInterceptedRequest()
Returns the request, that has been stored for later resuming after it has been intercepted by a security exception, NULL if there is none.
void
clearContext()
Clears the security context.
protected array
collectRolesAndParentRolesFromAccount(Account $account)
No description
protected array
collectParentRoles(Role $role)
No description
protected void
separateActiveAndInactiveTokens(array $tokens)
Stores all active tokens in $this->activeTokens, all others in $this->inactiveTokens
protected bool
isTokenActive(TokenInterface $token)
Evaluates any RequestPatterns of the given token to determine whether it is active for the current request
- If no RequestPattern is configured for this token, it is active
- Otherwise it is active only if at least one configured RequestPattern per type matches the request
protected array
mergeTokens(array $managerTokens, array $sessionTokens)
Merges the session and manager tokens. All manager tokens types will be in the result array If a specific type is found in the session this token replaces the one (of the same type) given by the manager.
protected TokenInterface
findBestMatchingToken(TokenInterface $managerToken, array $sessionTokens)
Tries to find a token matchting the given manager token in the session tokens, will return that or the manager token.
protected void
updateTokens(array $tokens)
Updates the token credentials for all tokens in the given array.
void
refreshTokens()
Refreshes all active tokens by updating the credentials.
This is useful when doing an explicit authentication inside a request.
void
refreshRoles()
Refreshes the currently effective roles. In fact the roles first level cache is reset and the effective roles get recalculated by calling getRoles().
bool
canBeInitialized()
Check if the securityContext is ready to be initialized. Only after that security will be active.
To be able to initialize, there needs to be an ActionRequest available, usually that is provided by the MVC router.
string
getContextHash()
Returns a hash that is unique for the current context, depending on hash components, setContextHashComponent()
string
getSessionTagForAccount(Account $account)
returns the tag to use for sessions belonging to the given $account
void
destroySessionsForAccount(Account $account, string $reason = '')
destroys all sessions belonging to the given $account
void
setInitialized(bool $initialized)
No description
array
setAuthenticationTokens(array $tokens)
Sets the Authentication\Tokens of the security context which should be active.
void
setRoles(Role[] $roles)
Set an array of role objects.
void
setCsrfProtectionToken(string $csrfProtectionToken)
No description