1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
<?php
/*
* Xibo - Digital Signage - http://www.xibo.org.uk
* Copyright (C) 2015 Spring Signage Ltd
*
* This file (WebAuthentication.php) is part of Xibo.
*
* Xibo is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* any later version.
*
* Xibo is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Xibo. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Xibo\Middleware;
use Slim\Middleware;
use Xibo\Factory\UserFactory;
use Xibo\Helper\ApplicationState;
use Xibo\Helper\Log;
class WebAuthentication extends Middleware
{
/**
* Uses a Hook to check every call for authorization
* Will redirect to the login route if the user is unauthorized
*
* @throws \RuntimeException if there isn't a login route
*/
public function call()
{
$app = $this->app;
// Create a user
$app->user = new \Xibo\Entity\User();
// Create a function which we will call should the request be for a protected page
// and the user not yet be logged in.
$redirectToLogin = function () use ($app) {
Log::debug('Request to redirect to login. Ajax = %d', $app->request->isAjax());
if ($app->request->isAjax()) {
$state = $app->state;
/* @var ApplicationState $state */
// Return a JSON response which tells the App to redirect to the login page
$app->response()->header('Content-Type', 'application/json');
$state->Login();
echo $state->asJson();
$app->stop();
}
else {
// Redirect to login
$app->redirect($app->urlFor('login'));
}
};
// Define a callable to check the route requested in before.dispatch
$isAuthorised = function () use ($app, $redirectToLogin) {
$user = $app->user;
/* @var \Xibo\Entity\User $user */
// Get the current route pattern
$resource = $app->router->getCurrentRoute()->getPattern();
// Check to see if this is a public resource (there are only a few, so we have them in an array)
if (!in_array($resource, $app->publicRoutes)) {
$app->public = false;
// Need to check
if ($user->hasIdentity() && !$app->session->isExpired()) {
// Replace our user with a fully loaded one
$user = UserFactory::loadById($user->userId);
// Do they have permission?
$user->routeAuthentication($resource);
$app->user = $user;
// We are authenticated
}
else {
// Store the current route so we can come back to it after login
$app->flash('priorRoute', $resource);
$app->flash('priorRouteParams', $app->environment['slim.request.query_hash']);
$redirectToLogin();
}
}
else {
$app->public = true;
// If we are expired and come from ping/clock, then we redirect
if ($app->session->isExpired() && ($resource == '/login/ping' || $resource == 'clock')) {
$redirectToLogin();
}
}
};
$updateUser = function () use ($app) {
$user = $app->user;
/* @var \Xibo\Entity\User $user */
if (!$app->public && $user->hasIdentity()) {
$user->touch();
}
};
$app->hook('slim.before.dispatch', $isAuthorised);
$app->hook('slim.after.dispatch', $updateUser);
$this->next->call();
}
}
|