aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2017-10-22 18:44:46 +0200
committerVirtualTam <virtualtam@flibidi.net>2017-10-22 19:19:46 +0200
commitebd650c06c67a67da2a0d099f625b6a7ec62ab2b (patch)
tree913f91672adbb9805432b356760187dc78e2a80b /application
parente648f62b4ffee16a89619815eb3e7ee7a4dff87f (diff)
downloadShaarli-ebd650c06c67a67da2a0d099f625b6a7ec62ab2b.tar.gz
Shaarli-ebd650c06c67a67da2a0d099f625b6a7ec62ab2b.tar.zst
Shaarli-ebd650c06c67a67da2a0d099f625b6a7ec62ab2b.zip
Refactor session token management
Relates to https://github.com/shaarli/Shaarli/issues/324 Added: - `SessionManager` class to group session-related features - unit tests Changed: - `getToken()` -> `SessionManager->generateToken()` - `tokenOk()` -> `SessionManager->checkToken()` - inject a `$token` parameter to `PageBuilder`'s constructor Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application')
-rw-r--r--application/PageBuilder.php6
-rw-r--r--application/SessionManager.php53
2 files changed, 57 insertions, 2 deletions
diff --git a/application/PageBuilder.php b/application/PageBuilder.php
index af290671..468f144b 100644
--- a/application/PageBuilder.php
+++ b/application/PageBuilder.php
@@ -32,12 +32,14 @@ class PageBuilder
32 * 32 *
33 * @param ConfigManager $conf Configuration Manager instance (reference). 33 * @param ConfigManager $conf Configuration Manager instance (reference).
34 * @param LinkDB $linkDB instance. 34 * @param LinkDB $linkDB instance.
35 * @param string $token Session token
35 */ 36 */
36 public function __construct(&$conf, $linkDB = null) 37 public function __construct(&$conf, $linkDB = null, $token = null)
37 { 38 {
38 $this->tpl = false; 39 $this->tpl = false;
39 $this->conf = $conf; 40 $this->conf = $conf;
40 $this->linkDB = $linkDB; 41 $this->linkDB = $linkDB;
42 $this->token = $token;
41 } 43 }
42 44
43 /** 45 /**
@@ -92,7 +94,7 @@ class PageBuilder
92 $this->tpl->assign('showatom', $this->conf->get('feed.show_atom', true)); 94 $this->tpl->assign('showatom', $this->conf->get('feed.show_atom', true));
93 $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss'); 95 $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss');
94 $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false)); 96 $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false));
95 $this->tpl->assign('token', getToken($this->conf)); 97 $this->tpl->assign('token', $this->token);
96 98
97 if ($this->linkDB !== null) { 99 if ($this->linkDB !== null) {
98 $this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); 100 $this->tpl->assign('tags', $this->linkDB->linksCountPerTag());
diff --git a/application/SessionManager.php b/application/SessionManager.php
new file mode 100644
index 00000000..2083df42
--- /dev/null
+++ b/application/SessionManager.php
@@ -0,0 +1,53 @@
1<?php
2namespace Shaarli;
3
4/**
5 * Manages the server-side session
6 */
7class SessionManager
8{
9 protected $session = [];
10
11 /**
12 * Constructor
13 *
14 * @param array $session The $_SESSION array (reference)
15 * @param ConfigManager $conf ConfigManager instance (reference)
16 */
17 public function __construct(& $session, & $conf)
18 {
19 $this->session = &$session;
20 $this->conf = &$conf;
21 }
22
23 /**
24 * Generates a session token
25 *
26 * @return string token
27 */
28 public function generateToken()
29 {
30 $token = sha1(uniqid('', true) .'_'. mt_rand() . $this->conf->get('credentials.salt'));
31 $this->session['tokens'][$token] = 1;
32 return $token;
33 }
34
35 /**
36 * Checks the validity of a session token, and destroys it afterwards
37 *
38 * @param string $token The token to check
39 *
40 * @return bool true if the token is valid, else false
41 */
42 public function checkToken($token)
43 {
44 if (! isset($this->session['tokens'][$token])) {
45 // the token is wrong, or has already been used
46 return false;
47 }
48
49 // destroy the token to prevent future use
50 unset($this->session['tokens'][$token]);
51 return true;
52 }
53}