Merge branch 'develop'

Author: Admin

Middleware/README.markdown

@@ -0,0 +1,58 @@
+# Slim Authentication and XSS Middlewares
+
+## CsrfGuard
+
+This is used to protect your website from CSRF attacks. 
+
+### How to use
+
+    use \Slim\Slim;
+    use \Slim\Extras\Middleware\CsrfGuard;
+
+	$app = new Slim();
+	$app->add(new CsrfGuard());
+
+In your view template add this to any web forms you have created.
+
+	<input type="hidden" name="<?php echo $csrf_key; ?>" value="<?php echo $csrf_token; ?>">
+
+## HttpBasic
+
+This will provide you with basic user Authentication based on username and password set.
+
+### How to use
+
+    use \Slim\Slim;
+    use \Slim\Extras\Middleware\HttpBasicAuth;
+
+	$app = new Slim();
+	$app->add(new HttpBasicAuth('theUsername', 'thePassword'));
+
+
+## Strong
+
+### How to use
+
+You will need to pass Strong a config with all your secured routes and any information that is needed
+for your Provider.
+
+Here is some sample code for using PDO provider and securing some routes using regex.
+
+    use \Slim\Slim;
+    use \Slim\Extras\Middleware\StrongAuth;
+
+    $app = new Slim();
+	$config = array(
+	    'provider' => 'PDO',
+	    'dsn' => 'mysql:host=localhost;dbname=slimdev',
+	    'dbuser' => 'serverside',
+	    'dbpass' => 'password',
+	    'auth.type' => 'form',
+	    'login.url' => '/',
+	    'security.urls' => array(
+	        array('path' => '/test'),
+	        array('path' => '/about/.+'),
+	    ),
+	);
+
+	$app->add(new StrongAuth($config));

Middleware/StrongAuth.php

@@ -11,6 +11,9 @@
  *
  * USAGE
  *
+ * use Slim\Slim;
+ * use Slim\Extras\Middleware\StrongAuth;
+ * 
  * $app = new Slim();
  * $app->add(new StrongAuth(array('provider' => 'PDO', 'dsn' => 'sqlite:memory')));
  *
@@ -39,11 +42,6 @@
 
 class StrongAuth extends \Slim\Middleware
 {
-    /**
-     * @var string
-     */
-    protected $realm;
-
     /**
      * @var string
      */
@@ -59,18 +57,20 @@ class StrongAuth extends \Slim\Middleware
      */
     protected $settings = array(
         'login.url' => '/',
-        'auth_type' => 'http',
+        'auth.type' => 'http',
     );
 
     /**
      * Constructor
      *
      * @param   array  $config   Configuration for Strong and Login Details
+     * @param   \Strong $strong
      * @return  void
      */
-    public function __construct(array $config = array())
+    public function __construct(array $config = array(), \Strong $strong = null)
     {
         $this->config = array_merge($this->settings, $config);
+        $this->auth = (!empty($strong)) ? $strong : \Strong::factory($this->config);
     }
 
     /**
@@ -80,29 +80,26 @@ public function __construct(array $config = array())
      */
     public function call()
     {
-        $app = $this->app;
-        $config = $this->config;
         $req = $this->app->request();
 
         // Authentication Initialised
-        $auth = Strong::factory($this->config);
-        switch ($this->config['auth_type']) {
+        switch ($this->config['auth.type']) {
             case 'form':
-                $this->formauth($auth, $req);
+                $this->formauth($this->auth, $req);
                 break;
             default:
-                $this->httpauth($auth, $req);
+                $this->httpauth($this->auth, $req);
                 break;
         }
     }
 
     /**
      * Form based authentication
      *
-     * @param Strong $auth
+     * @param \Strong $auth
      * @param object $req
      */
-    private function formauth(Strong $auth, $req)
+    private function formauth(\Strong $auth, $req)
     {
         $app = $this->app;
         $config = $this->config;
@@ -135,10 +132,10 @@ private function formauth(Strong $auth, $req)
      * the request has already authenticated, the next middleware is called. Otherwise,
      * a 401 Authentication Required response is returned to the client.
      *
-     * @param Strong $auth
+     * @param \Strong $auth
      * @param object $req
      */
-    private function httpauth(Strong $auth, $req)
+    private function httpauth(\Strong $auth, $req)
     {
         $res = $this->app->response();
         $authUser = $req->headers('PHP_AUTH_USER');
@@ -148,7 +145,7 @@ private function httpauth(Strong $auth, $req)
             $this->next->call();
         } else {
             $res->status(401);
-            $res->header('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realm));
+            $res->header('WWW-Authenticate', sprintf('Basic realm="%s"', $this->config['realm']));
         }
     }
 }

Views/README.markdown

@@ -17,8 +17,37 @@ library. You can use the Twig custom view in your Slim Framework application lik
 If you are not using Composer to autoload project dependencies, you must also set the Twig view's public static
 `$twigDirectory` property; this is the relative or absolute path to the directory that conatins the Twig library.
 
-You may also set the public static `$twigOptions` property; this is an array of settings that customize the Twig
-library behavior.
+### Twig configuration
+
+There are several public static properties you can use to customize the Twig library behavior.
+
+####$twigOptions
+
+An array of options to pass to the underlying Twig environment ([Twig docs](http://twig.sensiolabs.org/doc/api.html#environment-options)):
+
+	\Slim\Extras\Views\Twig::$twigOptions = array(
+		'debug' => true
+	);
+
+
+####$twigExtensions
+
+An array contianing Twig extensions to load ([Twig docs](http://twig.sensiolabs.org/doc/advanced.html)):
+
+	\Slim\Extras\Views\Twig::$twigExtensions = array(
+		new MyCustomExtension(),
+		new ThirdPartyExtension()
+	);
+
+
+####$twigTemplateDirs
+
+An array of paths to directories containing Twig templates ([Twig docs](http://twig.sensiolabs.org/doc/api.html#twig-loader-filesystem)):
+
+	\Slim\Extras\Views\Twig::$twigTemplateDirs = array(
+		realpath(PROJECT_DIR . '/templates'),
+		realpath(PROJECT_DIR . '/some/other/templates')
+	);
 
 ## Mustache
 

Views/Twig.php

@@ -46,6 +46,11 @@ class Twig extends \Slim\View
      */
     public static $twigDirectory = null;
 
+    /**
+     * @var array Paths to directories to attempt to load Twig template from
+     */
+    public static $twigTemplateDirs = array();
+
     /**
      * @var array The options for the Twig environment, see
      * http://www.twig-project.org/book/03-Twig-for-Developers
@@ -62,6 +67,22 @@ class Twig extends \Slim\View
      */
     private $twigEnvironment = null;
 
+    /**
+     * Get a list of template directories
+     *
+     * Returns an array of templates defined by self::$twigTemplateDirs, falls
+     * back to Slim\View's built-in getTemplatesDirectory method.
+     *
+     * @return array
+     **/
+    private function getTemplateDirs()
+    {
+        if (empty(self::$twigTemplateDirs)) {
+            return array($this->getTemplatesDirectory());
+        }
+        return self::$twigTemplateDirs;
+    }
+
     /**
      * Render Twig Template
      *
@@ -92,7 +113,7 @@ public function getEnvironment()
             }
 
             \Twig_Autoloader::register();
-            $loader = new \Twig_Loader_Filesystem($this->getTemplatesDirectory());
+            $loader = new \Twig_Loader_Filesystem($this->getTemplateDirs());
             $this->twigEnvironment = new \Twig_Environment(
                 $loader,
                 self::$twigOptions