SingleSignOnController
extends HttpViewController
in package
Class HttpViewController
This class contains some helper methods for handling view requests. Be careful always when outputting raw user data to HTML or when handling POST requests because insufficient protection will lead to XSS and CSRF vulnerabilities.
Table of Contents
- $assets : AssetCollectionInterface
- $contentView : ContentViewInterface
- $httpContextReader : HttpContextReaderInterface
- $httpResponseProcessor : HttpResponseProcessorInterface
- $postDataArray : array<string|int, mixed>
- $queryParametersArray : array<string|int, mixed>
- $serverDataArray : array<string|int, mixed>
- $validServices : array<string|int, mixed>
- Mapping of symbolic service names to issuer keys.
- __construct() : mixed
- actionDefault() : array<string|int, mixed>|bool|RedirectHttpControllerResponse
- Default action redirects to login page.
- actionDeleteSsoConnection() : array<string|int, mixed>|bool|RedirectHttpControllerResponse
- Deletes a connection between a customer and an SSO identity.
- actionLogin() : array<string|int, mixed>|bool|RedirectHttpControllerResponse
- Login action (SSO redirect target) processes authorization code and redirects accordingly.
- actionRedirect() : array<string|int, mixed>|bool
- Redirect action redirects to SSO service.
- init() : mixed
- proceed() : mixed
- Processes a http response object which is get by invoking an action method.
- _callActionMethod() : HttpControllerResponseInterface
- Invokes an action method by the given action name.
- _getPostData() : string|null
- Returns the expected $_POST value by the given key name.
- _getPostDataCollection() : KeyValueCollection
- Creates and returns a key value collection which represent the global $_POST array.
- _getQueryParameter() : mixed|null
- Returns the expected $_GET value by the given key name.
- _getQueryParametersCollection() : KeyValueCollection
- Creates and returns a key value collection which represent the global $_GET array.
- _getServerData() : string|null
- Returns the expected $_SERVER value by the given key name.
- _render() : string
- Renders and returns a template file.
- _validatePageToken() : mixed
- Check if the $_POST['pageToken'] or $_GET['pageToken'] variable is provided and if it's valid.
- createSingleSignonService() : AmazonSingleSignonService|array<string|int, mixed>|bool|FacebookSingleSignonService|GoogleSingleSignonService|PaypalSingleSignonService
- Creates instance of SSO service implementation.
- findCustomerByEmail() : bool
- Finds customer by e-mail address.
- findCustomerByIssuerAndSubject() : bool|int
- Looks up customers_id by SSO issuer and subject values; returns false if SSO connection not found.
- getTemplateFile() : ExistingFile
- Searches the GXModules directory and admin/html directory for a template file, wich can be useed inside the AdminLayoutHttpControllerResponse object for the template parameter.
- renderTemplate() : string
- Renders template.
- storeSSOData() : mixed
- Stores SSO data to create customer’s SSO connection
Properties
$assets
protected
AssetCollectionInterface
$assets
$contentView
protected
ContentViewInterface
$contentView
$httpContextReader
protected
HttpContextReaderInterface
$httpContextReader
$httpResponseProcessor
protected
HttpResponseProcessorInterface
$httpResponseProcessor
$postDataArray
protected
array<string|int, mixed>
$postDataArray
$queryParametersArray
protected
array<string|int, mixed>
$queryParametersArray
$serverDataArray
protected
array<string|int, mixed>
$serverDataArray
$validServices
Mapping of symbolic service names to issuer keys.
protected
array<string|int, mixed>
$validServices
= ['google' => 'https://accounts.google.com', 'paypal' => 'paypal.com', 'facebook' => 'facebook.com', 'amazon' => 'amazon.com']
Methods
__construct()
public
__construct(HttpContextReaderInterface $httpContextReader, HttpResponseProcessorInterface $httpResponseProcessor, ContentViewInterface $defaultContentView) : mixed
Parameters
- $httpContextReader : HttpContextReaderInterface
- $httpResponseProcessor : HttpResponseProcessorInterface
- $defaultContentView : ContentViewInterface
Return values
mixed —actionDefault()
Default action redirects to login page.
public
actionDefault() : array<string|int, mixed>|bool|RedirectHttpControllerResponse
Return values
array<string|int, mixed>|bool|RedirectHttpControllerResponse —actionDeleteSsoConnection()
Deletes a connection between a customer and an SSO identity.
public
actionDeleteSsoConnection() : array<string|int, mixed>|bool|RedirectHttpControllerResponse
Tags
Return values
array<string|int, mixed>|bool|RedirectHttpControllerResponse —actionLogin()
Login action (SSO redirect target) processes authorization code and redirects accordingly.
public
actionLogin() : array<string|int, mixed>|bool|RedirectHttpControllerResponse
Tags
Return values
array<string|int, mixed>|bool|RedirectHttpControllerResponse —actionRedirect()
Redirect action redirects to SSO service.
public
actionRedirect() : array<string|int, mixed>|bool
Tags
Return values
array<string|int, mixed>|bool —init()
public
init() : mixed
Return values
mixed —proceed()
Processes a http response object which is get by invoking an action method.
public
proceed(HttpContextInterface $context) : mixed
The action method is determined by the http context reader instance and the current request context. Re-implement this method in child classes to enable XSS and CSRF protection on demand.
Parameters
- $context : HttpContextInterface
Return values
mixed —_callActionMethod()
Invokes an action method by the given action name.
protected
_callActionMethod(string $actionName) : HttpControllerResponseInterface
Parameters
- $actionName : string
-
Name of action method to call, without 'action'-Suffix.
Tags
Return values
HttpControllerResponseInterface —Response message.
_getPostData()
Returns the expected $_POST value by the given key name.
protected
_getPostData(string $keyName) : string|null
This method is the object oriented layer for $_POST[$keyName].
Parameters
- $keyName : string
-
Expected key of post parameter.
Return values
string|null —Either the expected value or null, of not found.
_getPostDataCollection()
Creates and returns a key value collection which represent the global $_POST array.
protected
_getPostDataCollection() : KeyValueCollection
Return values
KeyValueCollection —_getQueryParameter()
Returns the expected $_GET value by the given key name.
protected
_getQueryParameter(string $keyName) : mixed|null
This method is the object oriented layer for $_GET[$keyName].
Parameters
- $keyName : string
-
Expected key of query parameter.
Return values
mixed|null —Either the expected value or null, of not found.
_getQueryParametersCollection()
Creates and returns a key value collection which represent the global $_GET array.
protected
_getQueryParametersCollection() : KeyValueCollection
Return values
KeyValueCollection —_getServerData()
Returns the expected $_SERVER value by the given key name.
protected
_getServerData(string $keyName) : string|null
This method is the object oriented layer for $_SERVER[$keyName].
Parameters
- $keyName : string
-
Expected key of server parameter.
Return values
string|null —Either the expected value or null, of not found.
_render()
Renders and returns a template file.
protected
_render(string $templateFile, array<string|int, mixed> $contentArray) : string
Parameters
- $templateFile : string
-
Template file to render.
- $contentArray : array<string|int, mixed>
-
Content array which represent the variables of the template.
Return values
string —Rendered template.
_validatePageToken()
Check if the $_POST['pageToken'] or $_GET['pageToken'] variable is provided and if it's valid.
protected
_validatePageToken([string $customExceptionMessage = null ]) : mixed
Example: public function proceed(HttpContextInterface $httpContext) { parent::proceed($httpContext); // proceed http context from parent class if($_SERVER['REQUEST_METHOD'] === 'POST') { $this->_validatePageToken(); // CSRF Protection } }
Parameters
- $customExceptionMessage : string = null
-
(optional) You can specify a custom exception message.
Tags
Return values
mixed —createSingleSignonService()
Creates instance of SSO service implementation.
protected
createSingleSignonService(string $service) : AmazonSingleSignonService|array<string|int, mixed>|bool|FacebookSingleSignonService|GoogleSingleSignonService|PaypalSingleSignonService
Parameters
- $service : string
-
(google|facebook|paypal|amazon)
Tags
Return values
AmazonSingleSignonService|array<string|int, mixed>|bool|FacebookSingleSignonService|GoogleSingleSignonService|PaypalSingleSignonService —findCustomerByEmail()
Finds customer by e-mail address.
protected
findCustomerByEmail( $emailAddress) : bool
Parameters
Return values
bool —findCustomerByIssuerAndSubject()
Looks up customers_id by SSO issuer and subject values; returns false if SSO connection not found.
protected
findCustomerByIssuerAndSubject( $issuer, $subject) : bool|int
Parameters
Return values
bool|int —getTemplateFile()
Searches the GXModules directory and admin/html directory for a template file, wich can be useed inside the AdminLayoutHttpControllerResponse object for the template parameter.
protected
getTemplateFile(string $templateFile) : ExistingFile
Parameters
- $templateFile : string
-
The relative path and filename to search for
Tags
Return values
ExistingFile —containing absolute file path to the given template file
renderTemplate()
Renders template.
protected
renderTemplate( $templateFile[, array<string|int, mixed> $content = [] ]) : string
Parameters
Tags
Return values
string —storeSSOData()
Stores SSO data to create customer’s SSO connection
protected
storeSSOData( $customersId, $issuer, $subject) : mixed