diff options
author | ArthurHoaro <arthur@hoa.ro> | 2020-08-27 10:27:34 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-27 10:27:34 +0200 |
commit | af41d5ab5d2bd3ba64d052c997bc6afa6966a63c (patch) | |
tree | 8fad2829c55f94022e359fa8914e11f80a2afc2a /application/security | |
parent | b8e3630f2ecd142d397b1b062a346a667bb78595 (diff) | |
parent | 0c6fdbe12bbbb336348666b14b82096f24d5858b (diff) | |
download | Shaarli-af41d5ab5d2bd3ba64d052c997bc6afa6966a63c.tar.gz Shaarli-af41d5ab5d2bd3ba64d052c997bc6afa6966a63c.tar.zst Shaarli-af41d5ab5d2bd3ba64d052c997bc6afa6966a63c.zip |
Merge pull request #1511 from ArthurHoaro/wip-slim-routing
Diffstat (limited to 'application/security')
-rw-r--r-- | application/security/CookieManager.php | 33 | ||||
-rw-r--r-- | application/security/LoginManager.php | 16 | ||||
-rw-r--r-- | application/security/SessionManager.php | 107 |
3 files changed, 144 insertions, 12 deletions
diff --git a/application/security/CookieManager.php b/application/security/CookieManager.php new file mode 100644 index 00000000..cde4746e --- /dev/null +++ b/application/security/CookieManager.php | |||
@@ -0,0 +1,33 @@ | |||
1 | <?php | ||
2 | |||
3 | declare(strict_types=1); | ||
4 | |||
5 | namespace Shaarli\Security; | ||
6 | |||
7 | class CookieManager | ||
8 | { | ||
9 | /** @var string Name of the cookie set after logging in **/ | ||
10 | public const STAY_SIGNED_IN = 'shaarli_staySignedIn'; | ||
11 | |||
12 | /** @var mixed $_COOKIE set by reference */ | ||
13 | protected $cookies; | ||
14 | |||
15 | public function __construct(array &$cookies) | ||
16 | { | ||
17 | $this->cookies = $cookies; | ||
18 | } | ||
19 | |||
20 | public function setCookieParameter(string $key, string $value, int $expires, string $path): self | ||
21 | { | ||
22 | $this->cookies[$key] = $value; | ||
23 | |||
24 | setcookie($key, $value, $expires, $path); | ||
25 | |||
26 | return $this; | ||
27 | } | ||
28 | |||
29 | public function getCookieParameter(string $key, string $default = null): ?string | ||
30 | { | ||
31 | return $this->cookies[$key] ?? $default; | ||
32 | } | ||
33 | } | ||
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 39ec9b2e..d74c3118 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
@@ -9,9 +9,6 @@ use Shaarli\Config\ConfigManager; | |||
9 | */ | 9 | */ |
10 | class LoginManager | 10 | class LoginManager |
11 | { | 11 | { |
12 | /** @var string Name of the cookie set after logging in **/ | ||
13 | public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn'; | ||
14 | |||
15 | /** @var array A reference to the $_GLOBALS array */ | 12 | /** @var array A reference to the $_GLOBALS array */ |
16 | protected $globals = []; | 13 | protected $globals = []; |
17 | 14 | ||
@@ -32,17 +29,21 @@ class LoginManager | |||
32 | 29 | ||
33 | /** @var string User sign-in token depending on remote IP and credentials */ | 30 | /** @var string User sign-in token depending on remote IP and credentials */ |
34 | protected $staySignedInToken = ''; | 31 | protected $staySignedInToken = ''; |
32 | /** @var CookieManager */ | ||
33 | protected $cookieManager; | ||
35 | 34 | ||
36 | /** | 35 | /** |
37 | * Constructor | 36 | * Constructor |
38 | * | 37 | * |
39 | * @param ConfigManager $configManager Configuration Manager instance | 38 | * @param ConfigManager $configManager Configuration Manager instance |
40 | * @param SessionManager $sessionManager SessionManager instance | 39 | * @param SessionManager $sessionManager SessionManager instance |
40 | * @param CookieManager $cookieManager CookieManager instance | ||
41 | */ | 41 | */ |
42 | public function __construct($configManager, $sessionManager) | 42 | public function __construct($configManager, $sessionManager, $cookieManager) |
43 | { | 43 | { |
44 | $this->configManager = $configManager; | 44 | $this->configManager = $configManager; |
45 | $this->sessionManager = $sessionManager; | 45 | $this->sessionManager = $sessionManager; |
46 | $this->cookieManager = $cookieManager; | ||
46 | $this->banManager = new BanManager( | 47 | $this->banManager = new BanManager( |
47 | $this->configManager->get('security.trusted_proxies', []), | 48 | $this->configManager->get('security.trusted_proxies', []), |
48 | $this->configManager->get('security.ban_after'), | 49 | $this->configManager->get('security.ban_after'), |
@@ -86,10 +87,9 @@ class LoginManager | |||
86 | /** | 87 | /** |
87 | * Check user session state and validity (expiration) | 88 | * Check user session state and validity (expiration) |
88 | * | 89 | * |
89 | * @param array $cookie The $_COOKIE array | ||
90 | * @param string $clientIpId Client IP address identifier | 90 | * @param string $clientIpId Client IP address identifier |
91 | */ | 91 | */ |
92 | public function checkLoginState($cookie, $clientIpId) | 92 | public function checkLoginState($clientIpId) |
93 | { | 93 | { |
94 | if (! $this->configManager->exists('credentials.login')) { | 94 | if (! $this->configManager->exists('credentials.login')) { |
95 | // Shaarli is not configured yet | 95 | // Shaarli is not configured yet |
@@ -97,9 +97,7 @@ class LoginManager | |||
97 | return; | 97 | return; |
98 | } | 98 | } |
99 | 99 | ||
100 | if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE]) | 100 | if ($this->staySignedInToken === $this->cookieManager->getCookieParameter(CookieManager::STAY_SIGNED_IN)) { |
101 | && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken | ||
102 | ) { | ||
103 | // The user client has a valid stay-signed-in cookie | 101 | // The user client has a valid stay-signed-in cookie |
104 | // Session information is updated with the current client information | 102 | // Session information is updated with the current client information |
105 | $this->sessionManager->storeLoginInfo($clientIpId); | 103 | $this->sessionManager->storeLoginInfo($clientIpId); |
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 994fcbe5..76b0afe8 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php | |||
@@ -8,6 +8,14 @@ use Shaarli\Config\ConfigManager; | |||
8 | */ | 8 | */ |
9 | class SessionManager | 9 | class SessionManager |
10 | { | 10 | { |
11 | public const KEY_LINKS_PER_PAGE = 'LINKS_PER_PAGE'; | ||
12 | public const KEY_VISIBILITY = 'visibility'; | ||
13 | public const KEY_UNTAGGED_ONLY = 'untaggedonly'; | ||
14 | |||
15 | public const KEY_SUCCESS_MESSAGES = 'successes'; | ||
16 | public const KEY_WARNING_MESSAGES = 'warnings'; | ||
17 | public const KEY_ERROR_MESSAGES = 'errors'; | ||
18 | |||
11 | /** @var int Session expiration timeout, in seconds */ | 19 | /** @var int Session expiration timeout, in seconds */ |
12 | public static $SHORT_TIMEOUT = 3600; // 1 hour | 20 | public static $SHORT_TIMEOUT = 3600; // 1 hour |
13 | 21 | ||
@@ -23,16 +31,35 @@ class SessionManager | |||
23 | /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ | 31 | /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ |
24 | protected $staySignedIn = false; | 32 | protected $staySignedIn = false; |
25 | 33 | ||
34 | /** @var string */ | ||
35 | protected $savePath; | ||
36 | |||
26 | /** | 37 | /** |
27 | * Constructor | 38 | * Constructor |
28 | * | 39 | * |
29 | * @param array $session The $_SESSION array (reference) | 40 | * @param array $session The $_SESSION array (reference) |
30 | * @param ConfigManager $conf ConfigManager instance | 41 | * @param ConfigManager $conf ConfigManager instance |
42 | * @param string $savePath Session save path returned by builtin function session_save_path() | ||
31 | */ | 43 | */ |
32 | public function __construct(& $session, $conf) | 44 | public function __construct(&$session, $conf, string $savePath) |
33 | { | 45 | { |
34 | $this->session = &$session; | 46 | $this->session = &$session; |
35 | $this->conf = $conf; | 47 | $this->conf = $conf; |
48 | $this->savePath = $savePath; | ||
49 | } | ||
50 | |||
51 | /** | ||
52 | * Initialize XSRF token and links per page session variables. | ||
53 | */ | ||
54 | public function initialize(): void | ||
55 | { | ||
56 | if (!isset($this->session['tokens'])) { | ||
57 | $this->session['tokens'] = []; | ||
58 | } | ||
59 | |||
60 | if (!isset($this->session['LINKS_PER_PAGE'])) { | ||
61 | $this->session['LINKS_PER_PAGE'] = $this->conf->get('general.links_per_page', 20); | ||
62 | } | ||
36 | } | 63 | } |
37 | 64 | ||
38 | /** | 65 | /** |
@@ -202,4 +229,78 @@ class SessionManager | |||
202 | { | 229 | { |
203 | return $this->session; | 230 | return $this->session; |
204 | } | 231 | } |
232 | |||
233 | /** | ||
234 | * @param mixed $default value which will be returned if the $key is undefined | ||
235 | * | ||
236 | * @return mixed Content stored in session | ||
237 | */ | ||
238 | public function getSessionParameter(string $key, $default = null) | ||
239 | { | ||
240 | return $this->session[$key] ?? $default; | ||
241 | } | ||
242 | |||
243 | /** | ||
244 | * Store a variable in user session. | ||
245 | * | ||
246 | * @param string $key Session key | ||
247 | * @param mixed $value Session value to store | ||
248 | * | ||
249 | * @return $this | ||
250 | */ | ||
251 | public function setSessionParameter(string $key, $value): self | ||
252 | { | ||
253 | $this->session[$key] = $value; | ||
254 | |||
255 | return $this; | ||
256 | } | ||
257 | |||
258 | /** | ||
259 | * Store a variable in user session. | ||
260 | * | ||
261 | * @param string $key Session key | ||
262 | * | ||
263 | * @return $this | ||
264 | */ | ||
265 | public function deleteSessionParameter(string $key): self | ||
266 | { | ||
267 | unset($this->session[$key]); | ||
268 | |||
269 | return $this; | ||
270 | } | ||
271 | |||
272 | public function getSavePath(): string | ||
273 | { | ||
274 | return $this->savePath; | ||
275 | } | ||
276 | |||
277 | /* | ||
278 | * Next public functions wrapping native PHP session API. | ||
279 | */ | ||
280 | |||
281 | public function destroy(): bool | ||
282 | { | ||
283 | $this->session = []; | ||
284 | |||
285 | return session_destroy(); | ||
286 | } | ||
287 | |||
288 | public function start(): bool | ||
289 | { | ||
290 | if (session_status() === PHP_SESSION_ACTIVE) { | ||
291 | $this->destroy(); | ||
292 | } | ||
293 | |||
294 | return session_start(); | ||
295 | } | ||
296 | |||
297 | public function cookieParameters(int $lifeTime, string $path, string $domain): bool | ||
298 | { | ||
299 | return session_set_cookie_params($lifeTime, $path, $domain); | ||
300 | } | ||
301 | |||
302 | public function regenerateId(bool $deleteOldSession = false): bool | ||
303 | { | ||
304 | return session_regenerate_id($deleteOldSession); | ||
305 | } | ||
205 | } | 306 | } |