You are here

public function DefaultController::wardenAccess in Warden 8

Same name and namespace in other branches
  1. 8.2 src/Controller/DefaultController.php \Drupal\warden\Controller\DefaultController::wardenAccess()
  2. 3.x src/Controller/DefaultController.php \Drupal\warden\Controller\DefaultController::wardenAccess()

Access control to ensure authorised requests to get system data.

Return value

AccessResult

Throws

\Exception

1 string reference to 'DefaultController::wardenAccess'
warden.routing.yml in ./warden.routing.yml
warden.routing.yml

File

src/Controller/DefaultController.php, line 125

Class

DefaultController
Default controller for the warden module.

Namespace

Drupal\warden\Controller

Code

public function wardenAccess() {
  $allow_requests = $this
    ->getWardenConfig()
    ->get('warden_allow_requests');
  if (empty($allow_requests)) {
    \Drupal::logger('warden')
      ->warning('Update request denied: warden_allow_requests is set to FALSE', []);
    return AccessResult::forbidden();
  }
  if (empty($_POST) || empty($_POST['token'])) {
    \Drupal::logger('warden')
      ->warning('Update request denied: request body is empty or missing the security token', []);
    return AccessResult::forbidden();
  }
  if (!$this
    ->getWardenManager()
    ->isValidWardenToken($_POST['token'], REQUEST_TIME)) {
    \Drupal::logger('warden')
      ->warning('Update request denied: Failed to validate security token in request at timestamp @time', [
      '@time' => REQUEST_TIME,
    ]);
    return AccessResult::forbidden();
  }
  $allowed_ips = $this
    ->getWardenConfig()
    ->get('warden_public_allow_ips');
  if (!empty($allowed_ips)) {
    $ip_address = \Drupal::request()
      ->getClientIp();
    $allowed_ips = explode(',', $this
      ->getWardenConfig()
      ->get('warden_public_allow_ips'));
    foreach ($allowed_ips as &$address) {
      if ($ip_address === $address) {
        return AccessResult::allowed();
      }
    }

    // No IP addresses match.
    \Drupal::logger('warden')
      ->warning('Update request denied: The requesting IP is not in the warden_public_allow_ips whitelist - @ip', [
      '@ip' => $ip_address,
    ]);
    return AccessResult::forbidden();
  }
  return AccessResult::allowed();
}