diff options
| author | ArthurHoaro <arthur.hoareau@wizacha.com> | 2020-07-07 10:15:56 +0200 |
|---|---|---|
| committer | ArthurHoaro <arthur@hoa.ro> | 2020-07-23 21:19:21 +0200 |
| commit | c4ad3d4f061d05a01db25aa54dda830ba776792d (patch) | |
| tree | 691d91a5b0bbac62cee41f7b95ad1daa38d610b3 /application/security | |
| parent | 1a8ac737e52cb25a5c346232ee398f5908cee7d7 (diff) | |
| download | Shaarli-c4ad3d4f061d05a01db25aa54dda830ba776792d.tar.gz Shaarli-c4ad3d4f061d05a01db25aa54dda830ba776792d.tar.zst Shaarli-c4ad3d4f061d05a01db25aa54dda830ba776792d.zip | |
Process Shaarli install through Slim controller
Diffstat (limited to 'application/security')
| -rw-r--r-- | application/security/CookieManager.php | 33 | ||||
| -rw-r--r-- | application/security/LoginManager.php | 16 | ||||
| -rw-r--r-- | application/security/SessionManager.php | 16 |
3 files changed, 53 insertions, 12 deletions
diff --git a/application/security/CookieManager.php b/application/security/CookieManager.php new file mode 100644 index 00000000..cde4746e --- /dev/null +++ b/application/security/CookieManager.php | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | <?php | ||
| 2 | |||
| 3 | declare(strict_types=1); | ||
| 4 | |||
| 5 | namespace Shaarli\Security; | ||
| 6 | |||
| 7 | class CookieManager | ||
| 8 | { | ||
| 9 | /** @var string Name of the cookie set after logging in **/ | ||
| 10 | public const STAY_SIGNED_IN = 'shaarli_staySignedIn'; | ||
| 11 | |||
| 12 | /** @var mixed $_COOKIE set by reference */ | ||
| 13 | protected $cookies; | ||
| 14 | |||
| 15 | public function __construct(array &$cookies) | ||
| 16 | { | ||
| 17 | $this->cookies = $cookies; | ||
| 18 | } | ||
| 19 | |||
| 20 | public function setCookieParameter(string $key, string $value, int $expires, string $path): self | ||
| 21 | { | ||
| 22 | $this->cookies[$key] = $value; | ||
| 23 | |||
| 24 | setcookie($key, $value, $expires, $path); | ||
| 25 | |||
| 26 | return $this; | ||
| 27 | } | ||
| 28 | |||
| 29 | public function getCookieParameter(string $key, string $default = null): ?string | ||
| 30 | { | ||
| 31 | return $this->cookies[$key] ?? $default; | ||
| 32 | } | ||
| 33 | } | ||
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 39ec9b2e..d74c3118 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
| @@ -9,9 +9,6 @@ use Shaarli\Config\ConfigManager; | |||
| 9 | */ | 9 | */ |
| 10 | class LoginManager | 10 | class LoginManager |
| 11 | { | 11 | { |
| 12 | /** @var string Name of the cookie set after logging in **/ | ||
| 13 | public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn'; | ||
| 14 | |||
| 15 | /** @var array A reference to the $_GLOBALS array */ | 12 | /** @var array A reference to the $_GLOBALS array */ |
| 16 | protected $globals = []; | 13 | protected $globals = []; |
| 17 | 14 | ||
| @@ -32,17 +29,21 @@ class LoginManager | |||
| 32 | 29 | ||
| 33 | /** @var string User sign-in token depending on remote IP and credentials */ | 30 | /** @var string User sign-in token depending on remote IP and credentials */ |
| 34 | protected $staySignedInToken = ''; | 31 | protected $staySignedInToken = ''; |
| 32 | /** @var CookieManager */ | ||
| 33 | protected $cookieManager; | ||
| 35 | 34 | ||
| 36 | /** | 35 | /** |
| 37 | * Constructor | 36 | * Constructor |
| 38 | * | 37 | * |
| 39 | * @param ConfigManager $configManager Configuration Manager instance | 38 | * @param ConfigManager $configManager Configuration Manager instance |
| 40 | * @param SessionManager $sessionManager SessionManager instance | 39 | * @param SessionManager $sessionManager SessionManager instance |
| 40 | * @param CookieManager $cookieManager CookieManager instance | ||
| 41 | */ | 41 | */ |
| 42 | public function __construct($configManager, $sessionManager) | 42 | public function __construct($configManager, $sessionManager, $cookieManager) |
| 43 | { | 43 | { |
| 44 | $this->configManager = $configManager; | 44 | $this->configManager = $configManager; |
| 45 | $this->sessionManager = $sessionManager; | 45 | $this->sessionManager = $sessionManager; |
| 46 | $this->cookieManager = $cookieManager; | ||
| 46 | $this->banManager = new BanManager( | 47 | $this->banManager = new BanManager( |
| 47 | $this->configManager->get('security.trusted_proxies', []), | 48 | $this->configManager->get('security.trusted_proxies', []), |
| 48 | $this->configManager->get('security.ban_after'), | 49 | $this->configManager->get('security.ban_after'), |
| @@ -86,10 +87,9 @@ class LoginManager | |||
| 86 | /** | 87 | /** |
| 87 | * Check user session state and validity (expiration) | 88 | * Check user session state and validity (expiration) |
| 88 | * | 89 | * |
| 89 | * @param array $cookie The $_COOKIE array | ||
| 90 | * @param string $clientIpId Client IP address identifier | 90 | * @param string $clientIpId Client IP address identifier |
| 91 | */ | 91 | */ |
| 92 | public function checkLoginState($cookie, $clientIpId) | 92 | public function checkLoginState($clientIpId) |
| 93 | { | 93 | { |
| 94 | if (! $this->configManager->exists('credentials.login')) { | 94 | if (! $this->configManager->exists('credentials.login')) { |
| 95 | // Shaarli is not configured yet | 95 | // Shaarli is not configured yet |
| @@ -97,9 +97,7 @@ class LoginManager | |||
| 97 | return; | 97 | return; |
| 98 | } | 98 | } |
| 99 | 99 | ||
| 100 | if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE]) | 100 | if ($this->staySignedInToken === $this->cookieManager->getCookieParameter(CookieManager::STAY_SIGNED_IN)) { |
| 101 | && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken | ||
| 102 | ) { | ||
| 103 | // The user client has a valid stay-signed-in cookie | 101 | // The user client has a valid stay-signed-in cookie |
| 104 | // Session information is updated with the current client information | 102 | // Session information is updated with the current client information |
| 105 | $this->sessionManager->storeLoginInfo($clientIpId); | 103 | $this->sessionManager->storeLoginInfo($clientIpId); |
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 0ac17d9a..82771c24 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php | |||
| @@ -31,16 +31,21 @@ class SessionManager | |||
| 31 | /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ | 31 | /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ |
| 32 | protected $staySignedIn = false; | 32 | protected $staySignedIn = false; |
| 33 | 33 | ||
| 34 | /** @var string */ | ||
| 35 | protected $savePath; | ||
| 36 | |||
| 34 | /** | 37 | /** |
| 35 | * Constructor | 38 | * Constructor |
| 36 | * | 39 | * |
| 37 | * @param array $session The $_SESSION array (reference) | 40 | * @param array $session The $_SESSION array (reference) |
| 38 | * @param ConfigManager $conf ConfigManager instance | 41 | * @param ConfigManager $conf ConfigManager instance |
| 42 | * @param string $savePath Session save path returned by builtin function session_save_path() | ||
| 39 | */ | 43 | */ |
| 40 | public function __construct(& $session, $conf) | 44 | public function __construct(&$session, $conf, string $savePath) |
| 41 | { | 45 | { |
| 42 | $this->session = &$session; | 46 | $this->session = &$session; |
| 43 | $this->conf = $conf; | 47 | $this->conf = $conf; |
| 48 | $this->savePath = $savePath; | ||
| 44 | } | 49 | } |
| 45 | 50 | ||
| 46 | /** | 51 | /** |
| @@ -249,4 +254,9 @@ class SessionManager | |||
| 249 | 254 | ||
| 250 | return $this; | 255 | return $this; |
| 251 | } | 256 | } |
| 257 | |||
| 258 | public function getSavePath(): string | ||
| 259 | { | ||
| 260 | return $this->savePath; | ||
| 261 | } | ||
| 252 | } | 262 | } |