1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | |||
5 | namespace Yiisoft\Auth\Middleware; |
||
6 | |||
7 | use Psr\Http\Message\ResponseFactoryInterface; |
||
8 | use Psr\Http\Message\ResponseInterface; |
||
9 | use Psr\Http\Message\ServerRequestInterface; |
||
10 | use Psr\Http\Server\MiddlewareInterface; |
||
11 | use Psr\Http\Server\RequestHandlerInterface; |
||
12 | use Yiisoft\Auth\AuthenticationMethodInterface; |
||
13 | use Yiisoft\Auth\Handler\AuthenticationFailureHandler; |
||
14 | use Yiisoft\Strings\StringHelper; |
||
15 | use Yiisoft\Strings\WildcardPattern; |
||
0 ignored issues
–
show
|
|||
16 | |||
17 | /** |
||
18 | * Authentication middleware tries to authenticate and identity using request data. |
||
19 | * If identity is found, it is set to request attribute allowing further middleware to obtain and use it. |
||
20 | * If identity is not found failure handler is called. By default it is {@see AuthenticationFailureHandler}. |
||
21 | */ |
||
22 | final class Authentication implements MiddlewareInterface |
||
23 | { |
||
24 | private AuthenticationMethodInterface $authenticationMethod; |
||
25 | |||
26 | /** |
||
27 | * @var RequestHandlerInterface A handler that is called when there is a failure authenticating an identity. |
||
28 | */ |
||
29 | private RequestHandlerInterface $failureHandler; |
||
30 | |||
31 | /** |
||
32 | * @var array Patterns to match to consider the given request URI path optional. |
||
33 | */ |
||
34 | private array $optionalPatterns = []; |
||
35 | |||
36 | 5 | public function __construct( |
|
37 | AuthenticationMethodInterface $authenticationMethod, |
||
38 | ResponseFactoryInterface $responseFactory, |
||
39 | RequestHandlerInterface $authenticationFailureHandler = null |
||
40 | ) { |
||
41 | 5 | $this->authenticationMethod = $authenticationMethod; |
|
42 | 5 | $this->failureHandler = $authenticationFailureHandler ?? new AuthenticationFailureHandler( |
|
43 | 4 | $responseFactory |
|
44 | ); |
||
45 | 5 | } |
|
46 | |||
47 | 4 | public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface |
|
48 | { |
||
49 | 4 | $identity = $this->authenticationMethod->authenticate($request); |
|
50 | 4 | $request = $request->withAttribute(self::class, $identity); |
|
51 | |||
52 | 4 | if ($identity === null && !$this->isOptional($request)) { |
|
53 | 2 | return $this->authenticationMethod->challenge( |
|
54 | 2 | $this->failureHandler->handle($request) |
|
55 | ); |
||
56 | } |
||
57 | |||
58 | 2 | return $handler->handle($request); |
|
59 | } |
||
60 | |||
61 | /** |
||
62 | * @param array $optional Patterns to match to consider the given request URI path optional. |
||
63 | * @return self |
||
64 | */ |
||
65 | 2 | public function withOptionalPatterns(array $optional): self |
|
66 | { |
||
67 | 2 | $new = clone $this; |
|
68 | 2 | $new->optionalPatterns = $optional; |
|
69 | 2 | return $new; |
|
70 | } |
||
71 | |||
72 | /** |
||
73 | * Checks, whether authentication is optional for the given request URI path. |
||
74 | */ |
||
75 | 3 | private function isOptional(ServerRequestInterface $request): bool |
|
76 | { |
||
77 | 3 | $path = $request->getUri()->getPath(); |
|
78 | 3 | foreach ($this->optionalPatterns as $pattern) { |
|
79 | 1 | $wildcardPattern = new WildcardPattern($pattern); |
|
80 | 1 | if ($wildcardPattern->match($path)) { |
|
81 | 1 | return true; |
|
82 | } |
||
83 | } |
||
84 | 2 | return false; |
|
85 | } |
||
86 | } |
||
87 |
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"]
, you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths