diff options
author | VirtualTam <virtualtam@flibidi.net> | 2017-10-22 18:44:46 +0200 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2017-10-22 19:19:46 +0200 |
commit | ebd650c06c67a67da2a0d099f625b6a7ec62ab2b (patch) | |
tree | 913f91672adbb9805432b356760187dc78e2a80b /application | |
parent | e648f62b4ffee16a89619815eb3e7ee7a4dff87f (diff) | |
download | Shaarli-ebd650c06c67a67da2a0d099f625b6a7ec62ab2b.tar.gz Shaarli-ebd650c06c67a67da2a0d099f625b6a7ec62ab2b.tar.zst Shaarli-ebd650c06c67a67da2a0d099f625b6a7ec62ab2b.zip |
Refactor session token management
Relates to https://github.com/shaarli/Shaarli/issues/324
Added:
- `SessionManager` class to group session-related features
- unit tests
Changed:
- `getToken()` -> `SessionManager->generateToken()`
- `tokenOk()` -> `SessionManager->checkToken()`
- inject a `$token` parameter to `PageBuilder`'s constructor
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application')
-rw-r--r-- | application/PageBuilder.php | 6 | ||||
-rw-r--r-- | application/SessionManager.php | 53 |
2 files changed, 57 insertions, 2 deletions
diff --git a/application/PageBuilder.php b/application/PageBuilder.php index af290671..468f144b 100644 --- a/application/PageBuilder.php +++ b/application/PageBuilder.php | |||
@@ -32,12 +32,14 @@ class PageBuilder | |||
32 | * | 32 | * |
33 | * @param ConfigManager $conf Configuration Manager instance (reference). | 33 | * @param ConfigManager $conf Configuration Manager instance (reference). |
34 | * @param LinkDB $linkDB instance. | 34 | * @param LinkDB $linkDB instance. |
35 | * @param string $token Session token | ||
35 | */ | 36 | */ |
36 | public function __construct(&$conf, $linkDB = null) | 37 | public function __construct(&$conf, $linkDB = null, $token = null) |
37 | { | 38 | { |
38 | $this->tpl = false; | 39 | $this->tpl = false; |
39 | $this->conf = $conf; | 40 | $this->conf = $conf; |
40 | $this->linkDB = $linkDB; | 41 | $this->linkDB = $linkDB; |
42 | $this->token = $token; | ||
41 | } | 43 | } |
42 | 44 | ||
43 | /** | 45 | /** |
@@ -92,7 +94,7 @@ class PageBuilder | |||
92 | $this->tpl->assign('showatom', $this->conf->get('feed.show_atom', true)); | 94 | $this->tpl->assign('showatom', $this->conf->get('feed.show_atom', true)); |
93 | $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss'); | 95 | $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss'); |
94 | $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false)); | 96 | $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false)); |
95 | $this->tpl->assign('token', getToken($this->conf)); | 97 | $this->tpl->assign('token', $this->token); |
96 | 98 | ||
97 | if ($this->linkDB !== null) { | 99 | if ($this->linkDB !== null) { |
98 | $this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); | 100 | $this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); |
diff --git a/application/SessionManager.php b/application/SessionManager.php new file mode 100644 index 00000000..2083df42 --- /dev/null +++ b/application/SessionManager.php | |||
@@ -0,0 +1,53 @@ | |||
1 | <?php | ||
2 | namespace Shaarli; | ||
3 | |||
4 | /** | ||
5 | * Manages the server-side session | ||
6 | */ | ||
7 | class SessionManager | ||
8 | { | ||
9 | protected $session = []; | ||
10 | |||
11 | /** | ||
12 | * Constructor | ||
13 | * | ||
14 | * @param array $session The $_SESSION array (reference) | ||
15 | * @param ConfigManager $conf ConfigManager instance (reference) | ||
16 | */ | ||
17 | public function __construct(& $session, & $conf) | ||
18 | { | ||
19 | $this->session = &$session; | ||
20 | $this->conf = &$conf; | ||
21 | } | ||
22 | |||
23 | /** | ||
24 | * Generates a session token | ||
25 | * | ||
26 | * @return string token | ||
27 | */ | ||
28 | public function generateToken() | ||
29 | { | ||
30 | $token = sha1(uniqid('', true) .'_'. mt_rand() . $this->conf->get('credentials.salt')); | ||
31 | $this->session['tokens'][$token] = 1; | ||
32 | return $token; | ||
33 | } | ||
34 | |||
35 | /** | ||
36 | * Checks the validity of a session token, and destroys it afterwards | ||
37 | * | ||
38 | * @param string $token The token to check | ||
39 | * | ||
40 | * @return bool true if the token is valid, else false | ||
41 | */ | ||
42 | public function checkToken($token) | ||
43 | { | ||
44 | if (! isset($this->session['tokens'][$token])) { | ||
45 | // the token is wrong, or has already been used | ||
46 | return false; | ||
47 | } | ||
48 | |||
49 | // destroy the token to prevent future use | ||
50 | unset($this->session['tokens'][$token]); | ||
51 | return true; | ||
52 | } | ||
53 | } | ||