diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Collection.php b/lib/Alchemy/Phrasea/Controller/Admin/Collection.php index efc8ee60aa..7781dd3766 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Collection.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Collection.php @@ -25,6 +25,8 @@ class Collection implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireAccessToModule('admin') ->requireRightOnBase($app['request']->attributes->get('bas_id'), 'canadmin'); diff --git a/lib/Alchemy/Phrasea/Controller/Admin/ConnectedUsers.php b/lib/Alchemy/Phrasea/Controller/Admin/ConnectedUsers.php index e39d71679b..004acb997d 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/ConnectedUsers.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/ConnectedUsers.php @@ -23,6 +23,8 @@ class ConnectedUsers implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireAccessToModule('Admin'); }); diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Databox.php b/lib/Alchemy/Phrasea/Controller/Admin/Databox.php index 66fa0f84a3..be414f3a90 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Databox.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Databox.php @@ -30,6 +30,8 @@ class Databox implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireAccessToModule('admin') ->requireAccessToSbas($request->attributes->get('databox_id')); diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Databoxes.php b/lib/Alchemy/Phrasea/Controller/Admin/Databoxes.php index 1f721826ae..71215a19d1 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Databoxes.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Databoxes.php @@ -29,6 +29,8 @@ class Databoxes implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireAccessToModule('admin'); }); diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Fields.php b/lib/Alchemy/Phrasea/Controller/Admin/Fields.php index 2b0692ab36..679168d90f 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Fields.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Fields.php @@ -27,6 +27,8 @@ class Fields implements ControllerProviderInterface $app['admin.fields.controller'] = $this; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall'] ->requireAccessToModule('admin') diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Publications.php b/lib/Alchemy/Phrasea/Controller/Admin/Publications.php index d542ca28e0..8c70055d29 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Publications.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Publications.php @@ -29,6 +29,8 @@ class Publications implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireAccessToModule('admin') ->requireRight('bas_chupub'); diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Root.php b/lib/Alchemy/Phrasea/Controller/Admin/Root.php index d2b11ee42c..b3f66692e5 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Root.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Root.php @@ -29,6 +29,8 @@ class Root implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireAccessToModule('admin'); }); diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Subdefs.php b/lib/Alchemy/Phrasea/Controller/Admin/Subdefs.php index df7b246aee..0a022afe59 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Subdefs.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Subdefs.php @@ -28,6 +28,8 @@ class Subdefs implements ControllerProviderInterface $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireAccessToModule('admin') ->requireRightOnSbas($request->attributes->get('sbas_id'), 'bas_modify_struct'); diff --git a/lib/Alchemy/Phrasea/Controller/Admin/TaskManager.php b/lib/Alchemy/Phrasea/Controller/Admin/TaskManager.php index f724aae978..3fffafd476 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/TaskManager.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/TaskManager.php @@ -25,6 +25,8 @@ class TaskManager implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireRight('taskmanager'); }); diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Users.php b/lib/Alchemy/Phrasea/Controller/Admin/Users.php index 8492a83d03..8769e3a82d 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Users.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Users.php @@ -31,6 +31,8 @@ class Users implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireAccessToModule('admin') ->requireRight('manageusers'); diff --git a/lib/Alchemy/Phrasea/Controller/Client/Baskets.php b/lib/Alchemy/Phrasea/Controller/Client/Baskets.php index b0488569d2..901c458b13 100644 --- a/lib/Alchemy/Phrasea/Controller/Client/Baskets.php +++ b/lib/Alchemy/Phrasea/Controller/Client/Baskets.php @@ -25,9 +25,7 @@ class Baskets implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function () use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); /** * Gets client baskets diff --git a/lib/Alchemy/Phrasea/Controller/Client/Root.php b/lib/Alchemy/Phrasea/Controller/Client/Root.php index 2032c89ad2..4bc7d76c22 100644 --- a/lib/Alchemy/Phrasea/Controller/Client/Root.php +++ b/lib/Alchemy/Phrasea/Controller/Client/Root.php @@ -30,7 +30,9 @@ class Root implements ControllerProviderInterface if (!$app['authentication']->isAuthenticated() && null !== $request->query->get('nolog')) { return $app->redirectPath('login_authenticate_as_guest', array('redirect' => 'client')); } - $app['firewall']->requireAuthentication(); + if (null !== $response = $app['firewall']->requireAuthentication()) { + return $response; + } }); /** diff --git a/lib/Alchemy/Phrasea/Controller/Lightbox.php b/lib/Alchemy/Phrasea/Controller/Lightbox.php index c25ac6d688..2ed4f3fb05 100644 --- a/lib/Alchemy/Phrasea/Controller/Lightbox.php +++ b/lib/Alchemy/Phrasea/Controller/Lightbox.php @@ -58,9 +58,7 @@ class Lightbox implements ControllerProviderInterface } }); - $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); $controllers->get('/', function (SilexApplication $app) { try { diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Basket.php b/lib/Alchemy/Phrasea/Controller/Prod/Basket.php index d071e40141..89b1660637 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Basket.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Basket.php @@ -33,9 +33,7 @@ class Basket implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); /** * Get a basket diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Bridge.php b/lib/Alchemy/Phrasea/Controller/Prod/Bridge.php index 6f052daa3a..bbac9e3c31 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Bridge.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Bridge.php @@ -23,6 +23,8 @@ class Bridge implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireRight('bas_chupub'); }); diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Download.php b/lib/Alchemy/Phrasea/Controller/Prod/Download.php index fc02e8e3ca..51ee91017a 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Download.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Download.php @@ -26,9 +26,7 @@ class Download implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); /** * Download a set of documents diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Edit.php b/lib/Alchemy/Phrasea/Controller/Prod/Edit.php index 6a4c15f9b9..0177670ac9 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Edit.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Edit.php @@ -30,6 +30,8 @@ class Edit implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall'] ->requireNotGuest() diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Export.php b/lib/Alchemy/Phrasea/Controller/Prod/Export.php index ba881d432b..c8528d4977 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Export.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Export.php @@ -32,6 +32,8 @@ class Export implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireNotGuest(); }); diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Feed.php b/lib/Alchemy/Phrasea/Controller/Prod/Feed.php index caa3c3028c..7bfd4098ca 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Feed.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Feed.php @@ -31,9 +31,7 @@ class Feed implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); /** * I got a selection of docs, which publications are available forthese docs ? diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Lazaret.php b/lib/Alchemy/Phrasea/Controller/Prod/Lazaret.php index ff2dd0bfe7..78c45d47ee 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Lazaret.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Lazaret.php @@ -42,9 +42,10 @@ class Lazaret implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication() - ->requireRight('addrecord'); + $app['firewall']->requireRight('addrecord'); }); /** diff --git a/lib/Alchemy/Phrasea/Controller/Prod/MoveCollection.php b/lib/Alchemy/Phrasea/Controller/Prod/MoveCollection.php index 8bcc0e5dce..f7bb526cf2 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/MoveCollection.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/MoveCollection.php @@ -28,9 +28,10 @@ class MoveCollection implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication() - ->requireRight('addrecord') + $app['firewall']->requireRight('addrecord') ->requireRight('deleterecord'); }); diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Order.php b/lib/Alchemy/Phrasea/Controller/Prod/Order.php index d269a954d5..dc8a319f11 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Order.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Order.php @@ -35,9 +35,10 @@ class Order implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication() - ->requireRight('order'); + $app['firewall']->requireRight('order'); }); /** diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Property.php b/lib/Alchemy/Phrasea/Controller/Prod/Property.php index cc6b9f550b..1cd991b716 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Property.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Property.php @@ -28,6 +28,8 @@ class Property implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireNotGuest(); }); diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Push.php b/lib/Alchemy/Phrasea/Controller/Prod/Push.php index 4042e50589..3a2c21de39 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Push.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Push.php @@ -99,9 +99,10 @@ class Push implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication() - ->requireRight('push'); + $app['firewall']->requireRight('push'); }); $userFormatter = $this->getUserFormatter(); diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Query.php b/lib/Alchemy/Phrasea/Controller/Prod/Query.php index 056d432351..51fac55d98 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Query.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Query.php @@ -30,9 +30,7 @@ class Query implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); /** * Query Phraseanet diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Records.php b/lib/Alchemy/Phrasea/Controller/Prod/Records.php index d9c353761d..ecd35008ba 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Records.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Records.php @@ -28,6 +28,8 @@ class Records implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireNotGuest(); }); diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Root.php b/lib/Alchemy/Phrasea/Controller/Prod/Root.php index 8d81ca9f97..d484f2a6d1 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Root.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Root.php @@ -36,7 +36,9 @@ class Root implements ControllerProviderInterface return $app->redirectPath('login_authenticate_as_guest'); } - $app['firewall']->requireAuthentication(); + if (null !== $response = $app['firewall']->requireAuthentication()) { + return $response; + } }); $controllers->get('/', function (Application $app) { diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Share.php b/lib/Alchemy/Phrasea/Controller/Prod/Share.php index 56d0b58af3..c3e3e09f6f 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Share.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Share.php @@ -26,6 +26,8 @@ class Share implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireNotGuest(); }); diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Story.php b/lib/Alchemy/Phrasea/Controller/Prod/Story.php index 4b59081714..1075fc4dfc 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Story.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Story.php @@ -31,9 +31,7 @@ class Story implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); $controllers->get('/create/', function (Application $app) { return $app['twig']->render('prod/Story/Create.html.twig', array()); diff --git a/lib/Alchemy/Phrasea/Controller/Prod/TOU.php b/lib/Alchemy/Phrasea/Controller/Prod/TOU.php index 0093c682c6..7c294e7be1 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/TOU.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/TOU.php @@ -42,11 +42,9 @@ class TOU implements ControllerProviderInterface * * return : JSON Response */ - $controllers->post('/deny/{sbas_id}/', $this->call('denyTermsOfUse')) - ->bind('deny_tou') - ->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - }); + $controller = $controllers->post('/deny/{sbas_id}/', $this->call('denyTermsOfUse')) + ->bind('deny_tou'); + $app['firewall']->addMandatoryAuthentication($controller); /** * Display Terms of use diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Tools.php b/lib/Alchemy/Phrasea/Controller/Prod/Tools.php index e87ff58ee0..b7919f9b62 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Tools.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Tools.php @@ -30,9 +30,10 @@ class Tools implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication() - ->requireRight('doctools'); + $app['firewall']->requireRight('doctools'); }); $controllers->get('/', function (Application $app, Request $request) { diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Tooltip.php b/lib/Alchemy/Phrasea/Controller/Prod/Tooltip.php index a2339eaed3..a79a2e394b 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Tooltip.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Tooltip.php @@ -28,9 +28,7 @@ class Tooltip implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); $controllers->post('/basket/{basket_id}/', $this->call('displayBasket')) ->assert('basket_id', '\d+') diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Upload.php b/lib/Alchemy/Phrasea/Controller/Prod/Upload.php index a5034ec8f6..6d1472b4cc 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Upload.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Upload.php @@ -45,9 +45,10 @@ class Upload implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication() - ->requireRight('addrecord'); + $app['firewall']->requireRight('addrecord'); }); /** diff --git a/lib/Alchemy/Phrasea/Controller/Prod/UsrLists.php b/lib/Alchemy/Phrasea/Controller/Prod/UsrLists.php index 87a1191ed1..d27f4b589d 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/UsrLists.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/UsrLists.php @@ -33,9 +33,7 @@ class UsrLists implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); /** * Get all lists diff --git a/lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php b/lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php index 62bea98094..c4e18867c5 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php @@ -32,9 +32,7 @@ class WorkZone implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); $controllers->get('/', $this->call('displayWorkzone')) ->bind('prod_workzone_show'); diff --git a/lib/Alchemy/Phrasea/Controller/Report/Activity.php b/lib/Alchemy/Phrasea/Controller/Report/Activity.php index 77490984f1..448cffd8b3 100644 --- a/lib/Alchemy/Phrasea/Controller/Report/Activity.php +++ b/lib/Alchemy/Phrasea/Controller/Report/Activity.php @@ -23,8 +23,9 @@ class Activity implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function () use ($app) { - $app['firewall']->requireAuthentication(); $app['firewall']->requireAccessToModule('report'); }); diff --git a/lib/Alchemy/Phrasea/Controller/Report/Export.php b/lib/Alchemy/Phrasea/Controller/Report/Export.php index 6a3b611298..75a5c24f00 100644 --- a/lib/Alchemy/Phrasea/Controller/Report/Export.php +++ b/lib/Alchemy/Phrasea/Controller/Report/Export.php @@ -23,8 +23,9 @@ class Export implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function () use ($app) { - $app['firewall']->requireAuthentication(); $app['firewall']->requireAccessToModule('report'); }); diff --git a/lib/Alchemy/Phrasea/Controller/Report/Informations.php b/lib/Alchemy/Phrasea/Controller/Report/Informations.php index 4392601537..003e2a6eec 100644 --- a/lib/Alchemy/Phrasea/Controller/Report/Informations.php +++ b/lib/Alchemy/Phrasea/Controller/Report/Informations.php @@ -22,8 +22,9 @@ class Informations implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function () use ($app) { - $app['firewall']->requireAuthentication(); $app['firewall']->requireAccessToModule('report'); }); diff --git a/lib/Alchemy/Phrasea/Controller/Report/Root.php b/lib/Alchemy/Phrasea/Controller/Report/Root.php index bce8a85616..d38a8d82e3 100644 --- a/lib/Alchemy/Phrasea/Controller/Report/Root.php +++ b/lib/Alchemy/Phrasea/Controller/Report/Root.php @@ -23,8 +23,9 @@ class Root implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function () use ($app) { - $app['firewall']->requireAuthentication(); $app['firewall']->requireAccessToModule('report'); }); diff --git a/lib/Alchemy/Phrasea/Controller/Root/Account.php b/lib/Alchemy/Phrasea/Controller/Root/Account.php index d4d1a7eaab..3077be9d7a 100644 --- a/lib/Alchemy/Phrasea/Controller/Root/Account.php +++ b/lib/Alchemy/Phrasea/Controller/Root/Account.php @@ -33,9 +33,7 @@ class Account implements ControllerProviderInterface $app['account.controller'] = $this; - $controllers->before(function () use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); // Displays current logged in user account $controllers->get('/', 'account.controller:displayAccount') diff --git a/lib/Alchemy/Phrasea/Controller/Root/Developers.php b/lib/Alchemy/Phrasea/Controller/Root/Developers.php index 8763492e63..edcc3428fe 100644 --- a/lib/Alchemy/Phrasea/Controller/Root/Developers.php +++ b/lib/Alchemy/Phrasea/Controller/Root/Developers.php @@ -30,9 +30,7 @@ class Developers implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function () use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); /** * List of apps created by the user diff --git a/lib/Alchemy/Phrasea/Controller/Root/Login.php b/lib/Alchemy/Phrasea/Controller/Root/Login.php index ddf6afb362..aa933b52ae 100644 --- a/lib/Alchemy/Phrasea/Controller/Root/Login.php +++ b/lib/Alchemy/Phrasea/Controller/Root/Login.php @@ -162,10 +162,10 @@ class Login implements ControllerProviderInterface })->bind('login_authentication_provider_callback'); // Logout end point - $controllers->get('/logout/', 'login.controller:logout') - ->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - })->bind('logout'); + $logoutController = $controllers->get('/logout/', 'login.controller:logout') + ->bind('logout'); + + $app['firewall']->addMandatoryAuthentication($logoutController); // Registration end point ; redirects to classic registration or AuthProvider registration $controllers->get('/register/', 'login.controller:displayRegisterForm') diff --git a/lib/Alchemy/Phrasea/Controller/Root/Session.php b/lib/Alchemy/Phrasea/Controller/Root/Session.php index 1b9c4a2a48..5e95c608bb 100644 --- a/lib/Alchemy/Phrasea/Controller/Root/Session.php +++ b/lib/Alchemy/Phrasea/Controller/Root/Session.php @@ -38,11 +38,11 @@ class Session implements ControllerProviderInterface $controllers->post('/update/', $this->call('updateSession')) ->bind('update_session'); - $controllers->post('/delete/{id}', $this->call('deleteSession')) - ->before(function () use ($app) { - $app['firewall']->requireAuthentication(); - }) - ->bind('delete_session'); + + $controller = $controllers->post('/delete/{id}', $this->call('deleteSession')) + ->bind('delete_session'); + + $app['firewall']->addMandatoryAuthentication($controller); return $controllers; } diff --git a/lib/Alchemy/Phrasea/Controller/Thesaurus/Thesaurus.php b/lib/Alchemy/Phrasea/Controller/Thesaurus/Thesaurus.php index 041d1ff9bf..ef80f534e3 100644 --- a/lib/Alchemy/Phrasea/Controller/Thesaurus/Thesaurus.php +++ b/lib/Alchemy/Phrasea/Controller/Thesaurus/Thesaurus.php @@ -22,8 +22,9 @@ class Thesaurus implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function () use ($app) { - $app['firewall']->requireAuthentication(); $app['firewall']->requireAccessToModule('thesaurus'); }); diff --git a/lib/Alchemy/Phrasea/Controller/Thesaurus/Xmlhttp.php b/lib/Alchemy/Phrasea/Controller/Thesaurus/Xmlhttp.php index 3176a160a7..e4b5b75f0d 100644 --- a/lib/Alchemy/Phrasea/Controller/Thesaurus/Xmlhttp.php +++ b/lib/Alchemy/Phrasea/Controller/Thesaurus/Xmlhttp.php @@ -24,9 +24,7 @@ class Xmlhttp implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function () use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); $controllers->match('acceptcandidates.j.php', $this->call('AcceptCandidatesJson')) ->before(function () use ($app) { diff --git a/lib/Alchemy/Phrasea/Controller/User/Notifications.php b/lib/Alchemy/Phrasea/Controller/User/Notifications.php index 77c7c84c9f..1d2cb1b1ea 100644 --- a/lib/Alchemy/Phrasea/Controller/User/Notifications.php +++ b/lib/Alchemy/Phrasea/Controller/User/Notifications.php @@ -26,6 +26,8 @@ class Notifications implements ControllerProviderInterface { $controllers = $app['controllers_factory']; + $app['firewall']->addMandatoryAuthentication($controllers); + $controllers->before(function (Request $request) use ($app) { $app['firewall']->requireNotGuest(); }); diff --git a/lib/Alchemy/Phrasea/Controller/User/Preferences.php b/lib/Alchemy/Phrasea/Controller/User/Preferences.php index 7cb0be1cc4..c3372249d7 100644 --- a/lib/Alchemy/Phrasea/Controller/User/Preferences.php +++ b/lib/Alchemy/Phrasea/Controller/User/Preferences.php @@ -26,9 +26,7 @@ class Preferences implements ControllerProviderInterface { $controllers = $app['controllers_factory']; - $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireAuthentication(); - }); + $app['firewall']->addMandatoryAuthentication($controllers); /** * Save preferences diff --git a/lib/Alchemy/Phrasea/Security/Firewall.php b/lib/Alchemy/Phrasea/Security/Firewall.php index 793e8fa555..66343cd9a6 100644 --- a/lib/Alchemy/Phrasea/Security/Firewall.php +++ b/lib/Alchemy/Phrasea/Security/Firewall.php @@ -3,7 +3,10 @@ namespace Alchemy\Phrasea\Security; use Silex\Application; +use Silex\Controller; +use Silex\ControllerCollection; use Symfony\Component\HttpFoundation\RedirectResponse; +use Symfony\Component\HttpFoundation\Request; class Firewall { @@ -38,8 +41,6 @@ class Firewall public function requireAccessToModule($module) { - $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_access_to_module($module)) { $this->app->abort(403, 'You do not have required rights'); } @@ -49,8 +50,6 @@ class Firewall public function requireAccessToSbas($sbas_id) { - $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_access_to_sbas($sbas_id)) { $this->app->abort(403, 'You do not have required rights'); } @@ -60,8 +59,6 @@ class Firewall public function requireAccessToBase($base_id) { - $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_access_to_base($base_id)) { $this->app->abort(403, 'You do not have required rights'); } @@ -71,8 +68,6 @@ class Firewall public function requireRight($right) { - $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_right($right)) { $this->app->abort(403, 'You do not have required rights'); } @@ -82,8 +77,6 @@ class Firewall public function requireRightOnBase($base_id, $right) { - $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_right_on_base($base_id, $right)) { $this->app->abort(403, 'You do not have required rights'); } @@ -93,8 +86,6 @@ class Firewall public function requireRightOnSbas($sbas_id, $right) { - $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, $right)) { $this->app->abort(403, 'You do not have required rights'); } @@ -104,8 +95,6 @@ class Firewall public function requireNotGuest() { - $this->requireAuthentication(); - if ($this->app['authentication']->getUser()->is_guest()) { $this->app->abort(403, 'Guests do not have admin role'); } @@ -116,12 +105,23 @@ class Firewall public function requireAuthentication() { if (!$this->app['authentication']->isAuthenticated()) { - $this->app->abort(302, 'You are not authenticated', array( - 'X-Phraseanet-Redirect' => $this->app->path('homepage') - )); + return new RedirectResponse($this->app->path('homepage')); + } + } + + public function addMandatoryAuthentication($controllers) + { + if (!$controllers instanceof ControllerCollection && !$controllers instanceof Controller) { + throw new \InvalidArgumentException('Controllers must be either a Controller or a ControllerCollection.'); } - return $this; + $app = $this->app; + + $controllers->before(function (Request $request) use ($app) { + if (null !== $response = $app['firewall']->requireAuthentication()) { + return $response; + } + }); } public function requireNotAuthenticated() diff --git a/tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php b/tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php index b4d25280a0..9d45e581ed 100644 --- a/tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php +++ b/tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php @@ -2,24 +2,18 @@ namespace Alchemy\Tests\Phrasea\Security; -use Alchemy\Phrasea\Security\Firewall; - class FirewallTest extends \PhraseanetWebTestCaseAuthenticatedAbstract { protected $client; public function testRequiredAuth() { - $res = self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']); - $this->assertInstanceOf('\\Alchemy\\Phrasea\\Security\\Firewall', $res); + $this->assertNull(self::$DI['app']['firewall']->requireAuthentication(self::$DI['app'])); } - /** - * @expectedException Symfony\Component\HttpKernel\Exception\HttpException - */ public function testRequiredAuthNotAuthenticated() { $this->logout(self::$DI['app']); - self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']); + $this->assertInstanceOf('Symfony\Component\HttpFoundation\RedirectResponse', self::$DI['app']['firewall']->requireAuthentication(self::$DI['app'])); } }