ConfirmationMiddleware
class ConfirmationMiddleware implements HTTPMiddleware (View source)
Checks whether user manual confirmation is required for HTTPRequest depending on the rules given.
How it works:
- Gives the request to every single rule
- If no confirmation items are found by the rules, then move on to the next middleware
- initialize the Confirmation\Storage with all the confirmation items found
- Check whether the storage has them confirmed already and if yes, move on to the next middleware
- Otherwise redirect to the confirmation URL
Properties
protected | string | $confirmationId | The confirmation storage identifier |
|
protected | string | $confirmationFormUrl | Confirmation form URL WARNING: excluding SS_BASE_URL |
|
protected | Rule[] | $rules | The list of rules to check requests against |
|
protected | Bypass[] | $bypasses | The list of bypasses |
Methods
The URL of the confirmation form ("Security/confirm/middleware" by default)
Returns the URL where the user to be redirected when declining the action (on the confirmation form)
Extract the confirmation items from the request and return
Initialize the confirmation session storage with the confirmation items and return an HTTPResponse redirecting to the according confirmation form.
Process the confirmation items and either perform the confirmedEffect and pass the request to the next middleware, or return a redirect to the confirmation form
The middleware own effects that should be performed on confirmation
Details
__construct(Rule[] ...$rules)
Init the middleware with the rules
protected string
getConfirmationUrl(HTTPRequest $request, string $confirmationStorageId)
The URL of the confirmation form ("Security/confirm/middleware" by default)
protected string
generateDeclineUrlForRequest(HTTPRequest $request)
Returns the URL where the user to be redirected when declining the action (on the confirmation form)
$this
setDeclineUrl(string $url)
Override the default decline url
bool
canBypass(HTTPRequest $request)
Check whether the rules can be bypassed without user confirmation
Item[]
getConfirmationItems(HTTPRequest $request)
Extract the confirmation items from the request and return
protected HTTPResponse
buildConfirmationRedirect(HTTPRequest $request, Storage $storage, array $confirmationItems)
Initialize the confirmation session storage with the confirmation items and return an HTTPResponse redirecting to the according confirmation form.
protected HTTPResponse
processItems(HTTPRequest $request, callable $delegate, Item[] $items)
Process the confirmation items and either perform the confirmedEffect and pass the request to the next middleware, or return a redirect to the confirmation form
protected null|HTTPResponse
confirmedEffect(HTTPRequest $request)
The middleware own effects that should be performed on confirmation
This method is getting called before the confirmation storage cleanup so that any responses returned here don't trigger a new confirmtation for the same request traits
HTTPResponse
process(HTTPRequest $request, callable $delegate)
Generate response for the given request
$this
setConfirmationStorageId(string $id)
Override the confirmation storage ID
$this
setConfirmationFormUrl(string $url)
Override the confirmation form url
$this
setBypasses(Bypass[] $bypasses)
Set the list of bypasses for the confirmation