Magento Extensions Rating 2024
Magento 2 Documentation  2.3
Documentation for Magento 2 CMS v2.3 (December 2018)
Authentication.php
Go to the documentation of this file.
1 <?php
6 namespace Magento\Backend\App\Action\Plugin;
7 
8 use Magento\Framework\Exception\AuthenticationException;
9 
13 class Authentication
14 {
18  protected $_auth;
19 
23  protected $_openActions = [
24  'forgotpassword',
25  'resetpassword',
26  'resetpasswordpost',
27  'logout',
28  'refresh', // captcha refresh
29  ];
30 
34  protected $_url;
35 
39  protected $_response;
40 
44  protected $_actionFlag;
45 
49  protected $messageManager;
50 
54  protected $backendUrl;
55 
59  protected $backendAppList;
60 
64  protected $resultRedirectFactory;
65 
69  protected $formKeyValidator;
70 
82  public function __construct(
83  \Magento\Backend\Model\Auth $auth,
84  \Magento\Backend\Model\UrlInterface $url,
85  \Magento\Framework\App\ResponseInterface $response,
86  \Magento\Framework\App\ActionFlag $actionFlag,
87  \Magento\Framework\Message\ManagerInterface $messageManager,
88  \Magento\Backend\Model\UrlInterface $backendUrl,
89  \Magento\Framework\Controller\Result\RedirectFactory $resultRedirectFactory,
90  \Magento\Backend\App\BackendAppList $backendAppList,
91  \Magento\Framework\Data\Form\FormKey\Validator $formKeyValidator
92  ) {
93  $this->_auth = $auth;
94  $this->_url = $url;
95  $this->_response = $response;
96  $this->_actionFlag = $actionFlag;
97  $this->messageManager = $messageManager;
98  $this->backendUrl = $backendUrl;
99  $this->resultRedirectFactory = $resultRedirectFactory;
100  $this->backendAppList = $backendAppList;
101  $this->formKeyValidator = $formKeyValidator;
102  }
103 
112  public function aroundDispatch(
113  \Magento\Backend\App\AbstractAction $subject,
114  \Closure $proceed,
115  \Magento\Framework\App\RequestInterface $request
116  ) {
117  $requestedActionName = $request->getActionName();
118  if (in_array($requestedActionName, $this->_openActions)) {
119  $request->setDispatched(true);
120  } else {
121  if ($this->_auth->getUser()) {
122  $this->_auth->getUser()->reload();
123  }
124  if (!$this->_auth->isLoggedIn()) {
125  $this->_processNotLoggedInUser($request);
126  } else {
127  $this->_auth->getAuthStorage()->prolong();
128 
129  $backendApp = null;
130  if ($request->getParam('app')) {
131  $backendApp = $this->backendAppList->getCurrentApp();
132  }
133 
134  if ($backendApp) {
135  $resultRedirect = $this->resultRedirectFactory->create();
136  $baseUrl = \Magento\Framework\App\Request\Http::getUrlNoScript($this->backendUrl->getBaseUrl());
137  $baseUrl = $baseUrl . $backendApp->getStartupPage();
138  return $resultRedirect->setUrl($baseUrl);
139  }
140  }
141  }
142  $this->_auth->getAuthStorage()->refreshAcl();
143  return $proceed($request);
144  }
145 
152  protected function _processNotLoggedInUser(\Magento\Framework\App\RequestInterface $request)
153  {
154  $isRedirectNeeded = false;
155  if ($request->getPost('login')) {
156  if ($this->formKeyValidator->validate($request)) {
157  if ($this->_performLogin($request)) {
158  $isRedirectNeeded = $this->_redirectIfNeededAfterLogin($request);
159  }
160  } else {
161  $this->_actionFlag->set('', \Magento\Framework\App\ActionInterface::FLAG_NO_DISPATCH, true);
162  $this->_response->setRedirect($this->_url->getCurrentUrl());
163  $this->messageManager->addErrorMessage(__('Invalid Form Key. Please refresh the page.'));
164  $isRedirectNeeded = true;
165  }
166  }
167  if (!$isRedirectNeeded && !$request->isForwarded()) {
168  if ($request->getParam('isIframe')) {
169  $request->setForwarded(true)
170  ->setRouteName('adminhtml')
171  ->setControllerName('auth')
172  ->setActionName('deniedIframe')
173  ->setDispatched(false);
174  } elseif ($request->getParam('isAjax')) {
175  $request->setForwarded(true)
176  ->setRouteName('adminhtml')
177  ->setControllerName('auth')
178  ->setActionName('deniedJson')
179  ->setDispatched(false);
180  } else {
181  $request->setForwarded(true)
182  ->setRouteName('adminhtml')
183  ->setControllerName('auth')
184  ->setActionName('login')
185  ->setDispatched(false);
186  }
187  }
188  }
189 
196  protected function _performLogin(\Magento\Framework\App\RequestInterface $request)
197  {
198  $outputValue = true;
199  $postLogin = $request->getPost('login');
200  $username = isset($postLogin['username']) ? $postLogin['username'] : '';
201  $password = isset($postLogin['password']) ? $postLogin['password'] : '';
202  $request->setPostValue('login', null);
203 
204  try {
205  $this->_auth->login($username, $password);
206  } catch (AuthenticationException $e) {
207  if (!$request->getParam('messageSent')) {
208  $this->messageManager->addErrorMessage($e->getMessage());
209  $request->setParam('messageSent', true);
210  $outputValue = false;
211  }
212  }
213  return $outputValue;
214  }
215 
222  protected function _redirectIfNeededAfterLogin(\Magento\Framework\App\RequestInterface $request)
223  {
224  $requestUri = null;
225 
226  // Checks, whether secret key is required for admin access or request uri is explicitly set
227  if ($this->_url->useSecretKey()) {
228  $requestUri = $this->_url->getUrl('*/*/*', ['_current' => true]);
229  } elseif ($request) {
230  $requestUri = $request->getRequestUri();
231  }
232 
233  if (!$requestUri) {
234  return false;
235  }
236 
237  $this->_response->setRedirect($requestUri);
238  $this->_actionFlag->set('', \Magento\Framework\App\ActionInterface::FLAG_NO_DISPATCH, true);
239  return true;
240  }
241 }
Magento\Backend\App\Action\Plugin\Authentication\__construct
__construct(\Magento\Backend\Model\Auth $auth, \Magento\Backend\Model\UrlInterface $url, \Magento\Framework\App\ResponseInterface $response, \Magento\Framework\App\ActionFlag $actionFlag, \Magento\Framework\Message\ManagerInterface $messageManager, \Magento\Backend\Model\UrlInterface $backendUrl, \Magento\Framework\Controller\Result\RedirectFactory $resultRedirectFactory, \Magento\Backend\App\BackendAppList $backendAppList, \Magento\Framework\Data\Form\FormKey\Validator $formKeyValidator)
Definition: Authentication.php:82
$response
$response
Definition: 404.php:11
$url
$url
Definition: query_redirect.php:14
elseif
elseif(isset( $params[ 'redirect_parent']))
Definition: iframe.phtml:17
Magento\Backend\App\Action\Plugin\Authentication\_performLogin
_performLogin(\Magento\Framework\App\RequestInterface $request)
Definition: Authentication.php:196
__
__()
Definition: __.php:13
Magento\Backend\App\Action\Plugin\Authentication\aroundDispatch
aroundDispatch(\Magento\Backend\App\AbstractAction $subject, \Closure $proceed, \Magento\Framework\App\RequestInterface $request)
Definition: Authentication.php:112
Magento\Backend\App\Action\Plugin\Authentication\_redirectIfNeededAfterLogin
_redirectIfNeededAfterLogin(\Magento\Framework\App\RequestInterface $request)
Definition: Authentication.php:222
$request
$request
Definition: quote_with_configurable_product_last_variation.php:22
Magento\Backend\App\Action\Plugin\Authentication\_processNotLoggedInUser
_processNotLoggedInUser(\Magento\Framework\App\RequestInterface $request)
Definition: Authentication.php:152