Merge pull request #2 from yeebase/feature/flow-53-compatibility

FEATURE: Flow 5.3 compatibility

Author: bwaidelich

Classes/Http/RedirectComponent.php

@@ -0,0 +1,96 @@
+<?php
+declare(strict_types=1);
+namespace Yeebase\TwoFactorAuthentication\Http;
+
+use Neos\Flow\Annotations as Flow;
+use Neos\Flow\Http\Component\ComponentChain;
+use Neos\Flow\Http\Component\ComponentContext;
+use Neos\Flow\Http\Component\ComponentInterface;
+use Neos\Flow\Http\Request as HttpRequest;
+use Neos\Flow\Mvc\ActionRequest;
+use Neos\Flow\Mvc\Routing\UriBuilder;
+
+/**
+ * A HTTP component that redirects to the configured 2FA login/setup routes if requested
+ */
+final class RedirectComponent implements ComponentInterface
+{
+    public const REDIRECT_LOGIN = 'login';
+    public const REDIRECT_SETUP = 'setup';
+
+    /**
+     * @Flow\InjectConfiguration(path="routes.login")
+     * @var array
+     */
+    protected $loginRouteValues;
+
+    /**
+     * @Flow\InjectConfiguration(path="routes.setup")
+     * @var array
+     */
+    protected $setupRouteValue;
+
+    public function handle(ComponentContext $componentContext)
+    {
+        $redirectTarget = $componentContext->getParameter(static::class, 'redirect');
+        if ($redirectTarget === null) {
+            return;
+        }
+        if ($redirectTarget === self::REDIRECT_LOGIN) {
+            $this->redirectToLogin($componentContext);
+        } elseif ($redirectTarget === self::REDIRECT_SETUP) {
+            $this->redirectToSetup($componentContext);
+        } else {
+            throw new \RuntimeException(sprintf('Invalid redirect target "%s"', $redirectTarget), 1568189192);
+        }
+    }
+
+    /**
+     * Triggers a redirect to the 2FA login route configured at routes.login or throws an exception if the configuration is missing/incorrect
+     */
+    private function redirectToLogin(ComponentContext $componentContext): void
+    {
+        try {
+            $this->validateRouteValues($this->loginRouteValues);
+        } catch (\InvalidArgumentException $exception) {
+            throw new \RuntimeException('Missing/invalid routes.login configuration: ' . $exception->getMessage(), 1550660144, $exception);
+        }
+        $this->redirect($componentContext, $this->loginRouteValues);
+    }
+
+    /**
+     * Triggers a redirect to the 2FA setup route configured at routes.setup or throws an exception if the configuration is missing/incorrect
+     */
+    private function redirectToSetup(ComponentContext $componentContext): void
+    {
+        try {
+            $this->validateRouteValues($this->setupRouteValue);
+        } catch (\InvalidArgumentException $exception) {
+            throw new \RuntimeException('Missing/invalid routes.setup configuration: ' . $exception->getMessage(), 1550660178, $exception);
+        }
+        $this->redirect($componentContext, $this->setupRouteValue);
+    }
+
+    private function validateRouteValues(array $routeValues): void
+    {
+        $requiredRouteValues = ['@package', '@controller', '@action'];
+        foreach ($requiredRouteValues as $routeValue) {
+            if (!array_key_exists($routeValue, $routeValues)) {
+                throw new \InvalidArgumentException(sprintf('Missing "%s" route value', $routeValue), 1550660039);
+            }
+        }
+    }
+
+    private  function redirect(ComponentContext $componentContext, array $routeValues): void
+    {
+        /** @var HttpRequest $httpRequest */
+        $httpRequest = $componentContext->getHttpRequest();
+        $actionRequest = new ActionRequest($httpRequest);
+        $uriBuilder = new UriBuilder();
+        $uriBuilder->setRequest($actionRequest);
+        $redirectUrl = $uriBuilder->setCreateAbsoluteUri(true)->setFormat('html')->build($routeValues);
+
+        $componentContext->replaceHttpResponse($componentContext->getHttpResponse()->withStatus(303)->withHeader('Location', $redirectUrl));
+        $componentContext->setParameter(ComponentChain::class, 'cancel', true);
+    }
+}

Classes/Security/Authentication/Provider/TwoFactorAuthenticationProvider.php

@@ -4,13 +4,17 @@
 
 use Neos\Flow\Annotations as Flow;
 use Neos\Flow\Core\Bootstrap;
+use Neos\Flow\Http\Component\ComponentContext;
 use Neos\Flow\Http\HttpRequestHandlerInterface;
-use Neos\Flow\Security\Authentication\EntryPoint\WebRedirect;
 use Neos\Flow\Security\Authentication\Provider\AbstractProvider;
 use Neos\Flow\Security\Authentication\TokenInterface;
 use Neos\Flow\Security\Context as SecurityContext;
 use Neos\Flow\Security\Exception\AuthenticationRequiredException;
 use Neos\Flow\Security\Exception\UnsupportedAuthenticationTokenException;
+use Neos\Flow\Session\SessionManagerInterface;
+use Neos\Utility\Exception\PropertyNotAccessibleException;
+use Neos\Utility\ObjectAccess;
+use Yeebase\TwoFactorAuthentication\Http\RedirectComponent;
 use Yeebase\TwoFactorAuthentication\Security\Authentication\Token\OtpToken;
 use Yeebase\TwoFactorAuthentication\Service\TwoFactorAuthenticationService;
 
@@ -38,18 +42,6 @@ final class TwoFactorAuthenticationProvider extends AbstractProvider
      */
     protected $twoFactorAuthenticationService;
 
-    /**
-     * @Flow\InjectConfiguration(path="routes.login")
-     * @var array
-     */
-    protected $loginRouteValues;
-
-    /**
-     * @Flow\InjectConfiguration(path="routes.setup")
-     * @var array
-     */
-    protected $setupRouteValue;
-
     /**
      * @Flow\InjectConfiguration(path="requireTwoFactorAuthentication")
      * @var bool
@@ -76,7 +68,7 @@ public function authenticate(TokenInterface $authenticationToken): void
         }
         if ($this->twoFactorAuthenticationService->isTwoFactorAuthenticationEnabledFor($account)) {
             if (!$authenticationToken->hasOtp()) {
-                $this->redirectToLogin();
+                $this->requestRedirect(RedirectComponent::REDIRECT_LOGIN);
                 return;
             }
             if ($this->twoFactorAuthenticationService->validateOtp($account, $authenticationToken->getOtp())) {
@@ -90,7 +82,7 @@ public function authenticate(TokenInterface $authenticationToken): void
             return;
         }
         if ($this->requireTwoFactorAuthentication) {
-            $this->redirectToSetup();
+            $this->requestRedirect(RedirectComponent::REDIRECT_SETUP);
         } else {
             /** @noinspection PhpUnhandledExceptionInspection */
             $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
@@ -99,49 +91,24 @@ public function authenticate(TokenInterface $authenticationToken): void
     }
 
     /**
-     * Triggers a redirect to the 2FA login route configured at routes.login or throws an exception if the configuration is missing/incorrect
-     */
-    private function redirectToLogin(): void
-    {
-        try {
-            $this->validateRouteValues($this->loginRouteValues);
-        } catch (\InvalidArgumentException $exception) {
-            throw new \RuntimeException('Missing/invalid routes.login configuration: ' . $exception->getMessage(), 1550660144, $exception);
-        }
-        $this->redirect($this->loginRouteValues);
-    }
-
-    /**
-     * Triggers a redirect to the 2FA setup route configured at routes.setup or throws an exception if the configuration is missing/incorrect
+     * Triggers a redirect by setting the corresponding HTTP component parameter for the @see RedirectComponent to pick up
+     *
+     * @param string $target one of the RedirectComponent::REDIRECT_* constants
      */
-    private function redirectToSetup(): void
+    private function requestRedirect(string $target): void
     {
-        try {
-            $this->validateRouteValues($this->setupRouteValue);
-        } catch (\InvalidArgumentException $exception) {
-            throw new \RuntimeException('Missing/invalid routes.setup configuration: ' . $exception->getMessage(), 1550660178, $exception);
-        }
-        $this->redirect($this->setupRouteValue);
-    }
-
-    private function validateRouteValues(array $routeValues): void
-    {
-        $requiredRouteValues = ['@package', '@controller', '@action'];
-        foreach ($requiredRouteValues as $routeValue) {
-            if (!array_key_exists($routeValue, $routeValues)) {
-                throw new \InvalidArgumentException(sprintf('Missing "%s" route value', $routeValue), 1550660039);
-            }
-        }
-    }
-
-    private  function redirect(array $routeValues): void {
         $requestHandler = $this->bootstrap->getActiveRequestHandler();
         if (!$requestHandler instanceof HttpRequestHandlerInterface) {
             throw new \RuntimeException('This provider only supports HTTP requests', 1549985779);
         }
-        $webRedirect = new WebRedirect();
-        $webRedirect->setOptions(['routeValues' => $routeValues]);
-        /** @noinspection PhpUnhandledExceptionInspection */
-        $webRedirect->startAuthentication($requestHandler->getHttpRequest(), $requestHandler->getHttpResponse());
+        try {
+            $componentContext = ObjectAccess::getProperty($requestHandler, 'componentContext', true);
+        } catch (PropertyNotAccessibleException $e) {
+            throw new \RuntimeException('Faild to extract ComponentContext from RequestHandler', 1568188386, $e);
+        }
+        if (!$componentContext instanceof ComponentContext) {
+            throw new \RuntimeException('Faild to extract ComponentContext from RequestHandler', 1568188387);
+        }
+        $componentContext->setParameter(RedirectComponent::class, 'redirect', $target);
     }
 }

Configuration/Settings.yaml

@@ -28,6 +28,13 @@ Yeebase:
 
 Neos:
   Flow:
+    http:
+      chain:
+        'process':
+          chain:
+            'Yeebase.TwoFactorAuthentication:Redirect':
+              position: 'after dispatching'
+              component: 'Yeebase\TwoFactorAuthentication\Http\RedirectComponent'
     persistence:
       doctrine:
         migrations:

composer.json

@@ -4,7 +4,7 @@
   "description": "Two-Factor-Authentication (2FA) for Neos Flow",
   "license": "MIT",
   "require": {
-    "neos/flow": "^5.2",
+    "neos/flow": "^5.3",
     "pragmarx/google2fa": "^4.0",
     "bacon/bacon-qr-code": "^2.0"
   },