class ConfirmationMiddleware implements HTTPMiddleware (View source)

Checks whether user manual confirmation is required for HTTPRequest depending on the rules given.

How it works:

  • Gives the request to every single rule
  • If no confirmation items are found by the rules, then move on to the next middleware
  • initialize the Confirmation\Storage with all the confirmation items found
  • Check whether the storage has them confirmed already and if yes, move on to the next middleware
  • Otherwise redirect to the confirmation URL

Properties

protected string $confirmationId

The confirmation storage identifier

protected string $confirmationFormUrl

Confirmation form URL WARNING: excluding SS_BASE_URL

protected Rule[] $rules

The list of rules to check requests against

protected Bypass[] $bypasses

The list of bypasses

Methods

public
__construct(Rule[] ...$rules)

Init the middleware with the rules

protected
string
getConfirmationUrl(HTTPRequest $request, string $confirmationStorageId)

The URL of the confirmation form ("Security/confirm/middleware" by default)

protected
string
generateDeclineUrlForRequest(HTTPRequest $request)

Returns the URL where the user to be redirected when declining the action (on the confirmation form)

public
$this
setDeclineUrl(string $url)

Override the default decline url

public
bool
canBypass(HTTPRequest $request)

Check whether the rules can be bypassed without user confirmation

public
Item[]
getConfirmationItems(HTTPRequest $request)

Extract the confirmation items from the request and return

protected
buildConfirmationRedirect(HTTPRequest $request, Storage $storage, array $confirmationItems)

Initialize the confirmation session storage with the confirmation items and return an HTTPResponse redirecting to the according confirmation form.

protected
processItems(HTTPRequest $request, callable $delegate, Item[] $items)

Process the confirmation items and either perform the confirmedEffect and pass the request to the next middleware, or return a redirect to the confirmation form

protected
confirmedEffect(HTTPRequest $request)

The middleware own effects that should be performed on confirmation

public
process(HTTPRequest $request, callable $delegate)

Generate response for the given request

public
$this
setConfirmationStorageId(string $id)

Override the confirmation storage ID

public
$this
setConfirmationFormUrl(string $url)

Override the confirmation form url

public
$this
setBypasses(Bypass[] $bypasses)

Set the list of bypasses for the confirmation

Details

__construct(Rule[] ...$rules)

Init the middleware with the rules

Parameters

Rule[] ...$rules

Rules to check requests against

protected string getConfirmationUrl(HTTPRequest $request, string $confirmationStorageId)

The URL of the confirmation form ("Security/confirm/middleware" by default)

Parameters

HTTPRequest $request

Active request

string $confirmationStorageId

ID of the confirmation storage to be used

Return Value

string

URL of the confirmation form

protected string generateDeclineUrlForRequest(HTTPRequest $request)

Returns the URL where the user to be redirected when declining the action (on the confirmation form)

Parameters

HTTPRequest $request

Active request

Return Value

string URL

$this setDeclineUrl(string $url)

Override the default decline url

Parameters

string $url

Return Value

$this

bool canBypass(HTTPRequest $request)

Check whether the rules can be bypassed without user confirmation

Parameters

HTTPRequest $request

Return Value

bool

Item[] getConfirmationItems(HTTPRequest $request)

Extract the confirmation items from the request and return

Parameters

HTTPRequest $request

Return Value

Item[]

list of confirmation items

protected HTTPResponse buildConfirmationRedirect(HTTPRequest $request, Storage $storage, array $confirmationItems)

Initialize the confirmation session storage with the confirmation items and return an HTTPResponse redirecting to the according confirmation form.

Parameters

HTTPRequest $request
Storage $storage
array $confirmationItems

Return Value

HTTPResponse

protected HTTPResponse processItems(HTTPRequest $request, callable $delegate, Item[] $items)

Process the confirmation items and either perform the confirmedEffect and pass the request to the next middleware, or return a redirect to the confirmation form

Parameters

HTTPRequest $request
callable $delegate
Item[] $items

Return Value

HTTPResponse

protected null|HTTPResponse confirmedEffect(HTTPRequest $request)

The middleware own effects that should be performed on confirmation

This method is getting called before the confirmation storage cleanup so that any responses returned here don't trigger a new confirmtation for the same request traits

Parameters

HTTPRequest $request

Return Value

null|HTTPResponse

HTTPResponse process(HTTPRequest $request, callable $delegate)

Generate response for the given request

Parameters

HTTPRequest $request
callable $delegate

Return Value

HTTPResponse

$this setConfirmationStorageId(string $id)

Override the confirmation storage ID

Parameters

string $id

Return Value

$this

$this setConfirmationFormUrl(string $url)

Override the confirmation form url

Parameters

string $url

Return Value

$this

$this setBypasses(Bypass[] $bypasses)

Set the list of bypasses for the confirmation

Parameters

Bypass[] $bypasses

Return Value

$this