Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-01-31 02:59:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

Replace Logger with DI::logger() in Security classes

Browse source
This commit is contained in:
Art4 2025-01-13 12:47:34 +00:00
parent bc53c9b208
commit 9306a56da0
3 changed files with 18 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/Security/BasicAuth.php
View file

@ -9,12 +9,10 @@ namespace Friendica\Security;
use Exception; use Exception;
use Friendica\Core\Hook; use Friendica\Core\Hook;
use Friendica\Core\Logger;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\DI; use Friendica\DI;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Network\HTTPException\UnauthorizedException; use Friendica\Network\HTTPException\UnauthorizedException;
use Friendica\Util\DateTimeFormat;
/** /**
* Authentication via the basic auth method * Authentication via the basic auth method
@ -75,9 +73,9 @@ class BasicAuth
$source = 'Twidere'; $source = 'Twidere';
} }
Logger::info('Unrecognized user-agent', ['http_user_agent' => $_SERVER['HTTP_USER_AGENT']]); DI::logger()->info('Unrecognized user-agent', ['http_user_agent' => $_SERVER['HTTP_USER_AGENT']]);
} else { } else {
Logger::info('Empty user-agent'); DI::logger()->info('Empty user-agent');
} }
if (empty($source)) { if (empty($source)) {
@ -160,7 +158,7 @@ class BasicAuth
if (!$do_login) { if (!$do_login) {
return 0; return 0;
} }
Logger::debug('Access denied', ['parameters' => $_SERVER]); DI::logger()->debug('Access denied', ['parameters' => $_SERVER]);
// Checking for commandline for the tests, we have to avoid to send a header // Checking for commandline for the tests, we have to avoid to send a header
if (DI::config()->get('system', 'basicauth') && (php_sapi_name() !== 'cli')) { if (DI::config()->get('system', 'basicauth') && (php_sapi_name() !== 'cli')) {
header('WWW-Authenticate: Basic realm="Friendica"'); header('WWW-Authenticate: Basic realm="Friendica"');

12
src/Security/OAuth.php
View file

@ -7,10 +7,10 @@
namespace Friendica\Security; namespace Friendica\Security;
use Friendica\Core\Logger;
use Friendica\Core\Worker; use Friendica\Core\Worker;
use Friendica\Database\Database; use Friendica\Database\Database;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model\Contact; use Friendica\Model\Contact;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Module\BaseApi; use Friendica\Module\BaseApi;
@ -85,10 +85,10 @@ class OAuth
$token = DBA::selectFirst('application-view', ['uid', 'id', 'name', 'website', 'created_at', 'read', 'write', 'follow', 'push'], $condition); $token = DBA::selectFirst('application-view', ['uid', 'id', 'name', 'website', 'created_at', 'read', 'write', 'follow', 'push'], $condition);
if (!DBA::isResult($token)) { if (!DBA::isResult($token)) {
Logger::notice('Token not found', $condition); DI::logger()->notice('Token not found', $condition);
return []; return [];
} }
Logger::debug('Token found', $token); DI::logger()->debug('Token found', $token);
$user = User::getById($token['uid'], ['uid', 'parent-uid', 'last-activity', 'login_date']); $user = User::getById($token['uid'], ['uid', 'parent-uid', 'last-activity', 'login_date']);
if (!empty($user)) { if (!empty($user)) {
@ -125,14 +125,14 @@ class OAuth
$application = DBA::selectFirst('application', [], $condition); $application = DBA::selectFirst('application', [], $condition);
if (!DBA::isResult($application)) { if (!DBA::isResult($application)) {
Logger::warning('Application not found', $condition); DI::logger()->warning('Application not found', $condition);
return []; return [];
} }
// The redirect_uri could contain several URI that are separated by spaces or new lines. // The redirect_uri could contain several URI that are separated by spaces or new lines.
$uris = explode(' ', str_replace(["\n", "\r", "\t"], ' ', $application['redirect_uri'])); $uris = explode(' ', str_replace(["\n", "\r", "\t"], ' ', $application['redirect_uri']));
if (!in_array($redirect_uri, $uris)) { if (!in_array($redirect_uri, $uris)) {
Logger::warning('Redirection uri does not match', ['redirect_uri' => $redirect_uri, 'application-redirect_uri' => $application['redirect_uri']]); DI::logger()->warning('Redirection uri does not match', ['redirect_uri' => $redirect_uri, 'application-redirect_uri' => $application['redirect_uri']]);
return []; return [];
} }
@ -191,7 +191,7 @@ class OAuth
foreach ([BaseApi::SCOPE_READ, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_FOLLOW, BaseApi::SCOPE_PUSH] as $scope) { foreach ([BaseApi::SCOPE_READ, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_FOLLOW, BaseApi::SCOPE_PUSH] as $scope) {
if ($fields[$scope] && !$application[$scope]) { if ($fields[$scope] && !$application[$scope]) {
Logger::warning('Requested token scope is not allowed for the application', ['token' => $fields, 'application' => $application]); DI::logger()->warning('Requested token scope is not allowed for the application', ['token' => $fields, 'application' => $application]);
} }
} }

19
src/Security/OpenWebAuth.php
View file

@ -9,7 +9,6 @@ namespace Friendica\Security;
use Friendica\Core\Cache\Enum\Duration; use Friendica\Core\Cache\Enum\Duration;
use Friendica\Core\Hook; use Friendica\Core\Hook;
use Friendica\Core\Logger;
use Friendica\Core\System; use Friendica\Core\System;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\DI; use Friendica\DI;
@ -61,31 +60,31 @@ class OpenWebAuth
// Try to find the public contact entry of the visitor. // Try to find the public contact entry of the visitor.
$contact = Contact::getByURL($my_url, null, ['id', 'url', 'gsid']); $contact = Contact::getByURL($my_url, null, ['id', 'url', 'gsid']);
if (empty($contact)) { if (empty($contact)) {
Logger::info('No contact record found', ['url' => $my_url]); DI::logger()->info('No contact record found', ['url' => $my_url]);
return; return;
} }
if (DI::userSession()->getRemoteUserId() && DI::userSession()->getRemoteUserId() == $contact['id']) { if (DI::userSession()->getRemoteUserId() && DI::userSession()->getRemoteUserId() == $contact['id']) {
Logger::info('The visitor is already authenticated', ['url' => $my_url]); DI::logger()->info('The visitor is already authenticated', ['url' => $my_url]);
return; return;
} }
$gserver = DBA::selectFirst('gserver', ['url', 'authredirect'], ['id' => $contact['gsid']]); $gserver = DBA::selectFirst('gserver', ['url', 'authredirect'], ['id' => $contact['gsid']]);
if (empty($gserver) || empty($gserver['authredirect'])) { if (empty($gserver) || empty($gserver['authredirect'])) {
Logger::info('No server record found or magic path not defined for server', ['id' => $contact['gsid'], 'gserver' => $gserver]); DI::logger()->info('No server record found or magic path not defined for server', ['id' => $contact['gsid'], 'gserver' => $gserver]);
return; return;
} }
// Avoid endless loops // Avoid endless loops
$cachekey = 'zrlInit:' . $my_url; $cachekey = 'zrlInit:' . $my_url;
if (DI::cache()->get($cachekey)) { if (DI::cache()->get($cachekey)) {
Logger::info('URL ' . $my_url . ' already tried to authenticate.'); DI::logger()->info('URL ' . $my_url . ' already tried to authenticate.');
return; return;
} else { } else {
DI::cache()->set($cachekey, true, Duration::MINUTE); DI::cache()->set($cachekey, true, Duration::MINUTE);
} }
Logger::info('Not authenticated. Invoking reverse magic-auth', ['url' => $my_url]); DI::logger()->info('Not authenticated. Invoking reverse magic-auth', ['url' => $my_url]);
// Remove the "addr" parameter from the destination. It is later added as separate parameter again. // Remove the "addr" parameter from the destination. It is later added as separate parameter again.
$addr_request = 'addr=' . urlencode($addr); $addr_request = 'addr=' . urlencode($addr);
@ -97,7 +96,7 @@ class OpenWebAuth
if ($gserver['url'] != DI::baseUrl() && !strstr($dest, '/magic')) { if ($gserver['url'] != DI::baseUrl() && !strstr($dest, '/magic')) {
$magic_path = $gserver['authredirect'] . '?f=&rev=1&owa=1&dest=' . $dest . '&' . $addr_request; $magic_path = $gserver['authredirect'] . '?f=&rev=1&owa=1&dest=' . $dest . '&' . $addr_request;
Logger::info('Doing magic auth for visitor ' . $my_url . ' to ' . $magic_path); DI::logger()->info('Doing magic auth for visitor ' . $my_url . ' to ' . $magic_path);
System::externalRedirect($magic_path); System::externalRedirect($magic_path);
} }
} }
@ -149,7 +148,7 @@ class OpenWebAuth
DI::sysmsg()->addInfo(DI::l10n()->t('OpenWebAuth: %1$s welcomes %2$s', DI::baseUrl()->getHost(), $visitor['name'])); DI::sysmsg()->addInfo(DI::l10n()->t('OpenWebAuth: %1$s welcomes %2$s', DI::baseUrl()->getHost(), $visitor['name']));
Logger::info('OpenWebAuth: auth success from ' . $visitor['addr']); DI::logger()->info('OpenWebAuth: auth success from ' . $visitor['addr']);
} }
/** /**
@ -166,7 +165,7 @@ class OpenWebAuth
// Try to find the public contact entry of the visitor. // Try to find the public contact entry of the visitor.
$cid = Contact::getIdForURL($handle); $cid = Contact::getIdForURL($handle);
if (!$cid) { if (!$cid) {
Logger::info('Handle not found', ['handle' => $handle]); DI::logger()->info('Handle not found', ['handle' => $handle]);
return []; return [];
} }
@ -186,7 +185,7 @@ class OpenWebAuth
$appHelper->setContactId($visitor['id']); $appHelper->setContactId($visitor['id']);
Logger::info('Authenticated visitor', ['url' => $visitor['url']]); DI::logger()->info('Authenticated visitor', ['url' => $visitor['url']]);
return $visitor; return $visitor;
} }