Last active
June 6, 2019 12:49
-
-
Save bwaidelich/768b224b008a0326ea3f7778e7625a59 to your computer and use it in GitHub Desktop.
Neos Flow Authentication Provider Request Pattern matching Neos Sites by their node name
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
declare(strict_types=1); | |
namespace Some\Package; | |
use Neos\Flow\Annotations as Flow; | |
use Neos\Flow\Mvc\ActionRequest; | |
use Neos\Flow\Mvc\RequestInterface; | |
use Neos\Flow\Security\Context; | |
use Neos\Flow\Security\Exception as SecurityException; | |
use Neos\Flow\Security\Exception\InvalidRequestPatternException; | |
use Neos\Flow\Security\RequestPatternInterface; | |
use Neos\Neos\Domain\Model\Domain; | |
use Neos\Neos\Domain\Repository\DomainRepository; | |
/** | |
* Request Pattern to match Neos Sites | |
*/ | |
final class SiteRequestPattern implements RequestPatternInterface | |
{ | |
/** | |
* @Flow\Inject | |
* @var DomainRepository | |
*/ | |
protected $domainRepository; | |
/** | |
* @Flow\Inject | |
* @var Context | |
*/ | |
protected $securityContext; | |
/** | |
* @var string | |
*/ | |
private $siteNodeName; | |
/** | |
* @param array $options | |
* @throws InvalidRequestPatternException | |
*/ | |
public function __construct(array $options) | |
{ | |
if (!isset($options['siteNodeName'])) { | |
throw new InvalidRequestPatternException('Missing option "siteNodeName" in the Host request pattern configuration', 1559744836); | |
} | |
$this->siteNodeName = $options['siteNodeName']; | |
} | |
/** | |
* @param RequestInterface $request | |
* @return bool | |
* @throws SecurityException | |
*/ | |
public function matchRequest(RequestInterface $request): bool | |
{ | |
if (!$request instanceof ActionRequest) { | |
throw new SecurityException('This pattern can only act on instances of ActionRequest', 1559747092); | |
} | |
$hostName = $request->getHttpRequest()->getUri()->getHost(); | |
/** @var Domain|null $domain */ | |
$domain = null; | |
try { | |
$this->securityContext->withoutAuthorizationChecks(function () use ($hostName, &$domain) { | |
$domain = $this->domainRepository->findOneByHost($hostName, true); | |
}); | |
} catch (\Exception $e) { | |
throw new SecurityException(sprintf('Exception while trying to determine active host: %s', $e->getMessage()), 1559747092, $e); | |
} | |
if ($domain === null) { | |
throw new SecurityException(sprintf('No active domain could be found for the current host ("%s")', $hostName), 1559747092); | |
} | |
$site = $domain->getSite(); | |
// HACK the provider is currently triggered twice - the first time doctrine is not initialized properly.. | |
if ($site->getNodeName() === null) { | |
return false; | |
} | |
return $domain->getSite()->getNodeName() === $this->siteNodeName; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Usage: