From 00d2e24dd270c6a0b0565dd3cc0e044dd820df22 Mon Sep 17 00:00:00 2001
From: Art4 <art4@wlabs.de>
Date: Wed, 6 Nov 2024 13:21:57 +0100
Subject: [PATCH] Refactor Security\Authentication class, remove dependency for
 App instance

---
 src/App.php                                |  2 +-
 src/Module/Security/Login.php              |  1 -
 src/Module/Security/OpenID.php             |  2 +-
 src/Module/Security/TwoFactor/Recovery.php |  2 +-
 src/Module/Security/TwoFactor/Trust.php    |  4 ++--
 src/Module/User/Delegation.php             |  2 +-
 src/Security/Authentication.php            | 28 +++++++++++-----------
 src/Security/BasicAuth.php                 |  2 +-
 8 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/src/App.php b/src/App.php
index 7d495298de..66a7fb0309 100644
--- a/src/App.php
+++ b/src/App.php
@@ -601,7 +601,7 @@ class App
 			}
 
 			if (!$this->mode->isBackend()) {
-				$auth->withSession($this);
+				$auth->withSession();
 			}
 
 			if ($this->session->isUnauthenticated()) {
diff --git a/src/Module/Security/Login.php b/src/Module/Security/Login.php
index 6ee72dde4d..39fa9035ac 100644
--- a/src/Module/Security/Login.php
+++ b/src/Module/Security/Login.php
@@ -76,7 +76,6 @@ class Login extends BaseModule
 
 		if (!empty($request['auth-params']) && $request['auth-params'] === 'login') {
 			$this->auth->withPassword(
-				DI::app(),
 				trim($request['username']),
 				trim($request['password']),
 				!empty($request['remember']),
diff --git a/src/Module/Security/OpenID.php b/src/Module/Security/OpenID.php
index d84f86030e..c8b8f9a95c 100644
--- a/src/Module/Security/OpenID.php
+++ b/src/Module/Security/OpenID.php
@@ -57,7 +57,7 @@ class OpenID extends BaseModule
 					// successful OpenID login
 					$session->remove('openid');
 
-					DI::auth()->setForUser(DI::app(), $user, true, true);
+					DI::auth()->setForUser($user, true, true);
 
 					$this->baseUrl->redirect(DI::session()->pop('return_path', ''));
 				}
diff --git a/src/Module/Security/TwoFactor/Recovery.php b/src/Module/Security/TwoFactor/Recovery.php
index 504c51f395..e557068001 100644
--- a/src/Module/Security/TwoFactor/Recovery.php
+++ b/src/Module/Security/TwoFactor/Recovery.php
@@ -59,7 +59,7 @@ class Recovery extends BaseModule
 				$this->session->set('2fa', true);
 				DI::sysmsg()->addInfo($this->t('Remaining recovery codes: %d', RecoveryCode::countValidForUser($this->session->getLocalUserId())));
 
-				$this->auth->setForUser($this->app, User::getById($this->session->getLocalUserId()), true, true);
+				$this->auth->setForUser(User::getById($this->session->getLocalUserId()), true, true);
 
 				$this->baseUrl->redirect($this->session->pop('return_path', ''));
 			} else {
diff --git a/src/Module/Security/TwoFactor/Trust.php b/src/Module/Security/TwoFactor/Trust.php
index ce6b370bef..153a615a5e 100644
--- a/src/Module/Security/TwoFactor/Trust.php
+++ b/src/Module/Security/TwoFactor/Trust.php
@@ -88,7 +88,7 @@ class Trust extends BaseModule
 			}
 
 			try {
-				$this->auth->setForUser($this->app, User::getById($this->session->getLocalUserId()), true, true);
+				$this->auth->setForUser(User::getById($this->session->getLocalUserId()), true, true);
 				$this->baseUrl->redirect($this->session->pop('return_path', ''));
 			} catch (FoundException | TemporaryRedirectException | MovedPermanentlyException $e) {
 				// exception wanted!
@@ -109,7 +109,7 @@ class Trust extends BaseModule
 			try {
 				$trustedBrowser = $this->trustedBrowserRepository->selectOneByHash($this->cookie->get('2fa_cookie_hash'));
 				if (!$trustedBrowser->trusted) {
-					$this->auth->setForUser($this->app, User::getById($this->session->getLocalUserId()), true, true);
+					$this->auth->setForUser(User::getById($this->session->getLocalUserId()), true, true);
 					$this->baseUrl->redirect($this->session->pop('return_path', ''));
 				}
 			} catch (TrustedBrowserNotFoundException $exception) {
diff --git a/src/Module/User/Delegation.php b/src/Module/User/Delegation.php
index d43bfd1fd7..71c5c60644 100644
--- a/src/Module/User/Delegation.php
+++ b/src/Module/User/Delegation.php
@@ -120,7 +120,7 @@ class Delegation extends BaseModule
 
 		$this->session->clear();
 
-		$this->auth->setForUser($this->app, $user, true, true);
+		$this->auth->setForUser($user, true, true);
 
 		if ($limited_id) {
 			$this->session->setSubManagedUserId($original_id);
diff --git a/src/Security/Authentication.php b/src/Security/Authentication.php
index 9e1b7956a6..719873390f 100644
--- a/src/Security/Authentication.php
+++ b/src/Security/Authentication.php
@@ -8,10 +8,10 @@
 namespace Friendica\Security;
 
 use Exception;
-use Friendica\App;
 use Friendica\App\BaseURL;
 use Friendica\App\Mode;
 use Friendica\App\Request;
+use Friendica\AppHelper;
 use Friendica\Core\Config\Capability\IManageConfigValues;
 use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
 use Friendica\Core\Hook;
@@ -55,6 +55,8 @@ class Authentication
 	private $session;
 	/** @var IManagePersonalConfigValues */
 	private $pConfig;
+	/** @var AppHelper */
+	private $appHelper;
 	/** @var string */
 	private $remoteAddress;
 
@@ -94,6 +96,7 @@ class Authentication
 		Cookie $cookie,
 		IHandleUserSessions $session,
 		IManagePersonalConfigValues $pConfig,
+		AppHelper $appHelper,
 		Request $request
 	) {
 		$this->config        = $config;
@@ -105,18 +108,17 @@ class Authentication
 		$this->cookie        = $cookie;
 		$this->session       = $session;
 		$this->pConfig       = $pConfig;
+		$this->appHelper     = $appHelper;
 		$this->remoteAddress = $request->getRemoteAddress();
 	}
 
 	/**
 	 * Tries to auth the user from the cookie or session
 	 *
-	 * @param App $app The Friendica Application context
-	 *
 	 * @throws HttpException\InternalServerErrorException In case of Friendica internal exceptions
 	 * @throws Exception In case of general exceptions (like SQL Grammar)
 	 */
-	public function withSession(App $app)
+	public function withSession()
 	{
 		// When the "Friendica" cookie is set, take the value to authenticate and renew the cookie.
 		if ($this->cookie->get('uid')) {
@@ -147,7 +149,7 @@ class Authentication
 
 				// Do the authentication if not done by now
 				if (!$this->session->isAuthenticated()) {
-					$this->setForUser($app, $user);
+					$this->setForUser($user);
 
 					if ($this->config->get('system', 'paranoia')) {
 						$this->session->set('addr', $this->cookie->get('ip'));
@@ -159,7 +161,7 @@ class Authentication
 		if ($this->session->isVisitor()) {
 			$contact = $this->dba->selectFirst('contact', ['id'], ['id' => $this->session->get('visitor_id')]);
 			if ($this->dba->isResult($contact)) {
-				$app->setContactId($contact['id']);
+				$this->appHelper->setContactId($contact['id']);
 			}
 		}
 
@@ -193,7 +195,7 @@ class Authentication
 				$this->baseUrl->redirect();
 			}
 
-			$this->setForUser($app, $user);
+			$this->setForUser($user);
 		}
 	}
 
@@ -232,7 +234,6 @@ class Authentication
 	/**
 	 * Attempts to authenticate using login/password
 	 *
-	 * @param App    $app         The Friendica Application context
 	 * @param string $username
 	 * @param string $password    Clear password
 	 * @param bool   $remember    Whether to set the session remember flag
@@ -244,7 +245,7 @@ class Authentication
 	 * @throws HTTPException\MovedPermanentlyException
 	 * @throws HTTPException\TemporaryRedirectException
 	 */
-	public function withPassword(App $app, string $username, string $password, bool $remember, string $return_path = '')
+	public function withPassword(string $username, string $password, bool $remember, string $return_path = '')
 	{
 		$record = null;
 
@@ -285,7 +286,7 @@ class Authentication
 			$return_path = '/security/password_too_long?' . http_build_query(['return_path' => $return_path]);
 		}
 
-		$this->setForUser($app, $record, true, true);
+		$this->setForUser($record, true, true);
 
 		$this->baseUrl->redirect($return_path);
 	}
@@ -293,7 +294,6 @@ class Authentication
 	/**
 	 * Sets the provided user's authenticated session
 	 *
-	 * @param App   $app         The Friendica application context
 	 * @param array $user_record The current "user" record
 	 * @param bool  $login_initial
 	 * @param bool  $interactive
@@ -307,7 +307,7 @@ class Authentication
 	 * @throws HTTPException\InternalServerErrorException In case of Friendica specific exceptions
 	 *
 	 */
-	public function setForUser(App $app, array $user_record, bool $login_initial = false, bool $interactive = false, bool $refresh_login = true)
+	public function setForUser(array $user_record, bool $login_initial = false, bool $interactive = false, bool $refresh_login = true)
 	{
 		$my_url = $this->baseUrl . '/profile/' . $user_record['nickname'];
 
@@ -329,12 +329,12 @@ class Authentication
 		$this->session->set('new_member', time() < ($member_since + (60 * 60 * 24 * 14)));
 
 		if (strlen($user_record['timezone'])) {
-			$app->setTimeZone($user_record['timezone']);
+			$this->appHelper->setTimeZone($user_record['timezone']);
 		}
 
 		$contact = $this->dba->selectFirst('contact', ['id'], ['uid' => $user_record['uid'], 'self' => true]);
 		if ($this->dba->isResult($contact)) {
-			$app->setContactId($contact['id']);
+			$this->appHelper->setContactId($contact['id']);
 			$this->session->set('cid', $contact['id']);
 		}
 
diff --git a/src/Security/BasicAuth.php b/src/Security/BasicAuth.php
index dc37a4c555..5de8e8780e 100644
--- a/src/Security/BasicAuth.php
+++ b/src/Security/BasicAuth.php
@@ -169,7 +169,7 @@ class BasicAuth
 			throw new UnauthorizedException("This API requires login");
 		}
 
-		DI::auth()->setForUser($a, $record, false, false, false);
+		DI::auth()->setForUser($record, false, false, false);
 
 		Hook::callAll('logged_in', $record);