public function DefaultController::wardenAccess in Warden 8
Same name and namespace in other branches
- 8.2 src/Controller/DefaultController.php \Drupal\warden\Controller\DefaultController::wardenAccess()
- 3.x src/Controller/DefaultController.php \Drupal\warden\Controller\DefaultController::wardenAccess()
Access control to ensure authorised requests to get system data.
Return value
Throws
\Exception
1 string reference to 'DefaultController::wardenAccess'
File
- src/
Controller/ DefaultController.php, line 125
Class
- DefaultController
- Default controller for the warden module.
Namespace
Drupal\warden\ControllerCode
public function wardenAccess() {
$allow_requests = $this
->getWardenConfig()
->get('warden_allow_requests');
if (empty($allow_requests)) {
\Drupal::logger('warden')
->warning('Update request denied: warden_allow_requests is set to FALSE', []);
return AccessResult::forbidden();
}
if (empty($_POST) || empty($_POST['token'])) {
\Drupal::logger('warden')
->warning('Update request denied: request body is empty or missing the security token', []);
return AccessResult::forbidden();
}
if (!$this
->getWardenManager()
->isValidWardenToken($_POST['token'], REQUEST_TIME)) {
\Drupal::logger('warden')
->warning('Update request denied: Failed to validate security token in request at timestamp @time', [
'@time' => REQUEST_TIME,
]);
return AccessResult::forbidden();
}
$allowed_ips = $this
->getWardenConfig()
->get('warden_public_allow_ips');
if (!empty($allowed_ips)) {
$ip_address = \Drupal::request()
->getClientIp();
$allowed_ips = explode(',', $this
->getWardenConfig()
->get('warden_public_allow_ips'));
foreach ($allowed_ips as &$address) {
if ($ip_address === $address) {
return AccessResult::allowed();
}
}
// No IP addresses match.
\Drupal::logger('warden')
->warning('Update request denied: The requesting IP is not in the warden_public_allow_ips whitelist - @ip', [
'@ip' => $ip_address,
]);
return AccessResult::forbidden();
}
return AccessResult::allowed();
}