Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-02-22 11:58:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

Refactor Security\Authentication class, remove dependency for App instance

Browse source
This commit is contained in:
Art4 2024-11-06 13:21:57 +01:00
parent c0bd3b5ff0
commit 00d2e24dd2
8 changed files with 21 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/App.php
View file

@ -601,7 +601,7 @@ class App
} }
if (!$this->mode->isBackend()) { if (!$this->mode->isBackend()) {
$auth->withSession($this); $auth->withSession();
} }
if ($this->session->isUnauthenticated()) { if ($this->session->isUnauthenticated()) {

1
src/Module/Security/Login.php
View file

@ -76,7 +76,6 @@ class Login extends BaseModule
if (!empty($request['auth-params']) && $request['auth-params'] === 'login') { if (!empty($request['auth-params']) && $request['auth-params'] === 'login') {
$this->auth->withPassword( $this->auth->withPassword(
DI::app(),
trim($request['username']), trim($request['username']),
trim($request['password']), trim($request['password']),
!empty($request['remember']), !empty($request['remember']),

2
src/Module/Security/OpenID.php
View file

@ -57,7 +57,7 @@ class OpenID extends BaseModule
// successful OpenID login // successful OpenID login
$session->remove('openid'); $session->remove('openid');
DI::auth()->setForUser(DI::app(), $user, true, true); DI::auth()->setForUser($user, true, true);
$this->baseUrl->redirect(DI::session()->pop('return_path', '')); $this->baseUrl->redirect(DI::session()->pop('return_path', ''));
} }

2
src/Module/Security/TwoFactor/Recovery.php
View file

@ -59,7 +59,7 @@ class Recovery extends BaseModule
$this->session->set('2fa', true); $this->session->set('2fa', true);
DI::sysmsg()->addInfo($this->t('Remaining recovery codes: %d', RecoveryCode::countValidForUser($this->session->getLocalUserId()))); DI::sysmsg()->addInfo($this->t('Remaining recovery codes: %d', RecoveryCode::countValidForUser($this->session->getLocalUserId())));
$this->auth->setForUser($this->app, User::getById($this->session->getLocalUserId()), true, true); $this->auth->setForUser(User::getById($this->session->getLocalUserId()), true, true);
$this->baseUrl->redirect($this->session->pop('return_path', '')); $this->baseUrl->redirect($this->session->pop('return_path', ''));
} else { } else {

4
src/Module/Security/TwoFactor/Trust.php
View file

@ -88,7 +88,7 @@ class Trust extends BaseModule
} }
try { try {
$this->auth->setForUser($this->app, User::getById($this->session->getLocalUserId()), true, true); $this->auth->setForUser(User::getById($this->session->getLocalUserId()), true, true);
$this->baseUrl->redirect($this->session->pop('return_path', '')); $this->baseUrl->redirect($this->session->pop('return_path', ''));
} catch (FoundException | TemporaryRedirectException | MovedPermanentlyException $e) { } catch (FoundException | TemporaryRedirectException | MovedPermanentlyException $e) {
// exception wanted! // exception wanted!
@ -109,7 +109,7 @@ class Trust extends BaseModule
try { try {
$trustedBrowser = $this->trustedBrowserRepository->selectOneByHash($this->cookie->get('2fa_cookie_hash')); $trustedBrowser = $this->trustedBrowserRepository->selectOneByHash($this->cookie->get('2fa_cookie_hash'));
if (!$trustedBrowser->trusted) { if (!$trustedBrowser->trusted) {
$this->auth->setForUser($this->app, User::getById($this->session->getLocalUserId()), true, true); $this->auth->setForUser(User::getById($this->session->getLocalUserId()), true, true);
$this->baseUrl->redirect($this->session->pop('return_path', '')); $this->baseUrl->redirect($this->session->pop('return_path', ''));
} }
} catch (TrustedBrowserNotFoundException $exception) { } catch (TrustedBrowserNotFoundException $exception) {

2
src/Module/User/Delegation.php
View file

@ -120,7 +120,7 @@ class Delegation extends BaseModule
$this->session->clear(); $this->session->clear();
$this->auth->setForUser($this->app, $user, true, true); $this->auth->setForUser($user, true, true);
if ($limited_id) { if ($limited_id) {
$this->session->setSubManagedUserId($original_id); $this->session->setSubManagedUserId($original_id);

28
src/Security/Authentication.php
View file

@ -8,10 +8,10 @@
namespace Friendica\Security; namespace Friendica\Security;
use Exception; use Exception;
use Friendica\App;
use Friendica\App\BaseURL; use Friendica\App\BaseURL;
use Friendica\App\Mode; use Friendica\App\Mode;
use Friendica\App\Request; use Friendica\App\Request;
use Friendica\AppHelper;
use Friendica\Core\Config\Capability\IManageConfigValues; use Friendica\Core\Config\Capability\IManageConfigValues;
use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues; use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
use Friendica\Core\Hook; use Friendica\Core\Hook;
@ -55,6 +55,8 @@ class Authentication
private $session; private $session;
/** @var IManagePersonalConfigValues */ /** @var IManagePersonalConfigValues */
private $pConfig; private $pConfig;
/** @var AppHelper */
private $appHelper;
/** @var string */ /** @var string */
private $remoteAddress; private $remoteAddress;
@ -94,6 +96,7 @@ class Authentication
Cookie $cookie, Cookie $cookie,
IHandleUserSessions $session, IHandleUserSessions $session,
IManagePersonalConfigValues $pConfig, IManagePersonalConfigValues $pConfig,
AppHelper $appHelper,
Request $request Request $request
) { ) {
$this->config = $config; $this->config = $config;
@ -105,18 +108,17 @@ class Authentication
$this->cookie = $cookie; $this->cookie = $cookie;
$this->session = $session; $this->session = $session;
$this->pConfig = $pConfig; $this->pConfig = $pConfig;
$this->appHelper = $appHelper;
$this->remoteAddress = $request->getRemoteAddress(); $this->remoteAddress = $request->getRemoteAddress();
} }
/** /**
* Tries to auth the user from the cookie or session * Tries to auth the user from the cookie or session
* *
* @param App $app The Friendica Application context
*
* @throws HttpException\InternalServerErrorException In case of Friendica internal exceptions * @throws HttpException\InternalServerErrorException In case of Friendica internal exceptions
* @throws Exception In case of general exceptions (like SQL Grammar) * @throws Exception In case of general exceptions (like SQL Grammar)
*/ */
public function withSession(App $app) public function withSession()
{ {
// When the "Friendica" cookie is set, take the value to authenticate and renew the cookie. // When the "Friendica" cookie is set, take the value to authenticate and renew the cookie.
if ($this->cookie->get('uid')) { if ($this->cookie->get('uid')) {
@ -147,7 +149,7 @@ class Authentication
// Do the authentication if not done by now // Do the authentication if not done by now
if (!$this->session->isAuthenticated()) { if (!$this->session->isAuthenticated()) {
$this->setForUser($app, $user); $this->setForUser($user);
if ($this->config->get('system', 'paranoia')) { if ($this->config->get('system', 'paranoia')) {
$this->session->set('addr', $this->cookie->get('ip')); $this->session->set('addr', $this->cookie->get('ip'));
@ -159,7 +161,7 @@ class Authentication
if ($this->session->isVisitor()) { if ($this->session->isVisitor()) {
$contact = $this->dba->selectFirst('contact', ['id'], ['id' => $this->session->get('visitor_id')]); $contact = $this->dba->selectFirst('contact', ['id'], ['id' => $this->session->get('visitor_id')]);
if ($this->dba->isResult($contact)) { if ($this->dba->isResult($contact)) {
$app->setContactId($contact['id']); $this->appHelper->setContactId($contact['id']);
} }
} }
@ -193,7 +195,7 @@ class Authentication
$this->baseUrl->redirect(); $this->baseUrl->redirect();
} }
$this->setForUser($app, $user); $this->setForUser($user);
} }
} }
@ -232,7 +234,6 @@ class Authentication
/** /**
* Attempts to authenticate using login/password * Attempts to authenticate using login/password
* *
* @param App $app The Friendica Application context
* @param string $username * @param string $username
* @param string $password Clear password * @param string $password Clear password
* @param bool $remember Whether to set the session remember flag * @param bool $remember Whether to set the session remember flag
@ -244,7 +245,7 @@ class Authentication
* @throws HTTPException\MovedPermanentlyException * @throws HTTPException\MovedPermanentlyException
* @throws HTTPException\TemporaryRedirectException * @throws HTTPException\TemporaryRedirectException
*/ */
public function withPassword(App $app, string $username, string $password, bool $remember, string $return_path = '') public function withPassword(string $username, string $password, bool $remember, string $return_path = '')
{ {
$record = null; $record = null;
@ -285,7 +286,7 @@ class Authentication
$return_path = '/security/password_too_long?' . http_build_query(['return_path' => $return_path]); $return_path = '/security/password_too_long?' . http_build_query(['return_path' => $return_path]);
} }
$this->setForUser($app, $record, true, true); $this->setForUser($record, true, true);
$this->baseUrl->redirect($return_path); $this->baseUrl->redirect($return_path);
} }
@ -293,7 +294,6 @@ class Authentication
/** /**
* Sets the provided user's authenticated session * Sets the provided user's authenticated session
* *
* @param App $app The Friendica application context
* @param array $user_record The current "user" record * @param array $user_record The current "user" record
* @param bool $login_initial * @param bool $login_initial
* @param bool $interactive * @param bool $interactive
@ -307,7 +307,7 @@ class Authentication
* @throws HTTPException\InternalServerErrorException In case of Friendica specific exceptions * @throws HTTPException\InternalServerErrorException In case of Friendica specific exceptions
* *
*/ */
public function setForUser(App $app, array $user_record, bool $login_initial = false, bool $interactive = false, bool $refresh_login = true) public function setForUser(array $user_record, bool $login_initial = false, bool $interactive = false, bool $refresh_login = true)
{ {
$my_url = $this->baseUrl . '/profile/' . $user_record['nickname']; $my_url = $this->baseUrl . '/profile/' . $user_record['nickname'];
@ -329,12 +329,12 @@ class Authentication
$this->session->set('new_member', time() < ($member_since + (60 * 60 * 24 * 14))); $this->session->set('new_member', time() < ($member_since + (60 * 60 * 24 * 14)));
if (strlen($user_record['timezone'])) { if (strlen($user_record['timezone'])) {
$app->setTimeZone($user_record['timezone']); $this->appHelper->setTimeZone($user_record['timezone']);
} }
$contact = $this->dba->selectFirst('contact', ['id'], ['uid' => $user_record['uid'], 'self' => true]); $contact = $this->dba->selectFirst('contact', ['id'], ['uid' => $user_record['uid'], 'self' => true]);
if ($this->dba->isResult($contact)) { if ($this->dba->isResult($contact)) {
$app->setContactId($contact['id']); $this->appHelper->setContactId($contact['id']);
$this->session->set('cid', $contact['id']); $this->session->set('cid', $contact['id']);
} }

2
src/Security/BasicAuth.php
View file

@ -169,7 +169,7 @@ class BasicAuth
throw new UnauthorizedException("This API requires login"); throw new UnauthorizedException("This API requires login");
} }
DI::auth()->setForUser($a, $record, false, false, false); DI::auth()->setForUser($record, false, false, false);
Hook::callAll('logged_in', $record); Hook::callAll('logged_in', $record);