Process password change controller through Slim

author: ArthurHoaro <arthur@hoa.ro> 2020-05-27 13:35:48 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2020-07-23 21:19:21 +0200
commit: ef00f9d2033f6de11e71bf3a909399cae6f73a9f (patch)
tree: 96f47312084bab73be34495eed4280110a8ff258 /application
parent: ba43064ddb7771fc97df135a32f9b0d5e373dd36 (diff)
download: Shaarli-ef00f9d2033f6de11e71bf3a909399cae6f73a9f.tar.gz
Shaarli-ef00f9d2033f6de11e71bf3a909399cae6f73a9f.tar.zst
Shaarli-ef00f9d2033f6de11e71bf3a909399cae6f73a9f.zip
8 files changed, 230 insertions, 7 deletions
diff --git a/application/front/controller/admin/PasswordController.php b/application/front/controller/admin/PasswordController.php
new file mode 100644
index 00000000..6e8f0bcb
--- /dev/null
+++ b/application/front/controller/admin/PasswordController.php
@@ -0,0 +1,100 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Container\ShaarliContainer;
+use Shaarli\Front\Exception\OpenShaarliPasswordException;
+use Shaarli\Front\Exception\ShaarliFrontException;
+use Slim\Http\Request;
+use Slim\Http\Response;
+use Throwable;
+/**
+ * Class PasswordController
+ *
+ * Slim controller used to handle passwords update.
+ */
+class PasswordController extends ShaarliAdminController
+{
+    public function __construct(ShaarliContainer $container)
+    {
+        parent::__construct($container);
+        $this->assignView(
+            'pagetitle',
+            t('Change password') .' - '. $this->container->conf->get('general.title', 'Shaarli')
+        );
+    }
+    /**
+     * GET /password - Displays the change password template
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        return $response->write($this->render('changepassword'));
+    }
+    /**
+     * POST /password - Change admin password - existing and new passwords need to be provided.
+     */
+    public function change(Request $request, Response $response): Response
+    {
+        $this->checkToken($request);
+        if ($this->container->conf->get('security.open_shaarli', false)) {
+            throw new OpenShaarliPasswordException();
+        }
+        $oldPassword = $request->getParam('oldpassword');
+        $newPassword = $request->getParam('setpassword');
+        if (empty($newPassword) || empty($oldPassword)) {
+            $this->saveErrorMessage(t('You must provide the current and new password to change it.'));
+            return $response
+                ->withStatus(400)
+                ->write($this->render('changepassword'))
+            ;
+        }
+        // Make sure old password is correct.
+        $oldHash = sha1(
+            $oldPassword .
+            $this->container->conf->get('credentials.login') .
+            $this->container->conf->get('credentials.salt')
+        );
+        if ($oldHash !== $this->container->conf->get('credentials.hash')) {
+            $this->saveErrorMessage(t('The old password is not correct.'));
+            return $response
+                ->withStatus(400)
+                ->write($this->render('changepassword'))
+            ;
+        }
+        // Save new password
+        // Salt renders rainbow-tables attacks useless.
+        $this->container->conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
+        $this->container->conf->set(
+            'credentials.hash',
+            sha1(
+                $newPassword
+                . $this->container->conf->get('credentials.login')
+                . $this->container->conf->get('credentials.salt')
+            )
+        );
+        try {
+            $this->container->conf->write($this->container->loginManager->isLoggedIn());
+        } catch (Throwable $e) {
+            throw new ShaarliFrontException($e->getMessage(), 500, $e);
+        }
+        $this->saveSuccessMessage(t('Your password has been changed'));
+        return $response->write($this->render('changepassword'));
+    }
+}
diff --git a/application/front/controller/admin/ShaarliAdminController.php b/application/front/controller/admin/ShaarliAdminController.php
index ea703f62..3385006c 100644
--- a/application/front/controller/admin/ShaarliAdminController.php
+++ b/application/front/controller/admin/ShaarliAdminController.php
@@ -7,7 +7,19 @@ namespace Shaarli\Front\Controller\Admin;
 use Shaarli\Container\ShaarliContainer;
 use Shaarli\Front\Controller\Visitor\ShaarliVisitorController;
 use Shaarli\Front\Exception\UnauthorizedException;
+use Shaarli\Front\Exception\WrongTokenException;
+use Shaarli\Security\SessionManager;
+use Slim\Http\Request;
+/**
+ * Class ShaarliAdminController
+ *
+ * All admin controllers (for logged in users) MUST extend this abstract class.
+ * It makes sure that the user is properly logged in, and otherwise throw an exception
+ * which will redirect to the login page.
+ *
+ * @package Shaarli\Front\Controller\Admin
+ */
 abstract class ShaarliAdminController extends ShaarliVisitorController
 {
    public function __construct(ShaarliContainer $container)
@@ -18,4 +30,51 @@ abstract class ShaarliAdminController extends ShaarliVisitorController
            throw new UnauthorizedException();
        }
    }
+    /**
+     * Any persistent action to the config or data store must check the XSRF token validity.
+     */
+    protected function checkToken(Request $request): void
+    {
+        if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
+            throw new WrongTokenException();
+        }
+    }
+    /**
+     * Save a SUCCESS message in user session, which will be displayed on any template page.
+     */
+    protected function saveSuccessMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_SUCCESS_MESSAGES, $message);
+    }
+    /**
+     * Save a WARNING message in user session, which will be displayed on any template page.
+     */
+    protected function saveWarningMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_WARNING_MESSAGES, $message);
+    }
+    /**
+     * Save an ERROR message in user session, which will be displayed on any template page.
+     */
+    protected function saveErrorMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_ERROR_MESSAGES, $message);
+    }
+    /**
+     * Use the sessionManager to save the provided message using the proper type.
+     *
+     * @param string $type successed/warnings/errors
+     */
+    protected function saveMessage(string $type, string $message): void
+    {
+        $messages = $this->container->sessionManager->getSessionParameter($type) ?? [];
+        $messages[] = $message;
+        $this->container->sessionManager->setSessionParameter($type, $messages);
+    }
 }
diff --git a/application/front/controller/visitor/ShaarliVisitorController.php b/application/front/controller/visitor/ShaarliVisitorController.php
index 655b3baa..f12915c1 100644
--- a/application/front/controller/visitor/ShaarliVisitorController.php
+++ b/application/front/controller/visitor/ShaarliVisitorController.php
@@ -9,6 +9,14 @@ use Shaarli\Container\ShaarliContainer;
 use Slim\Http\Request;
 use Slim\Http\Response;
+/**
+ * Class ShaarliVisitorController
+ *
+ * All controllers accessible by visitors (non logged in users) should extend this abstract class.
+ * Contains a few helper function for template rendering, plugins, etc.
+ *
+ * @package Shaarli\Front\Controller\Visitor
+ */
 abstract class ShaarliVisitorController
 {
    /** @var ShaarliContainer */
diff --git a/application/front/exceptions/OpenShaarliPasswordException.php b/application/front/exceptions/OpenShaarliPasswordException.php
new file mode 100644
index 00000000..a6f0b3ae
--- /dev/null
+++ b/application/front/exceptions/OpenShaarliPasswordException.php
@@ -0,0 +1,18 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Exception;
+/**
+ * Class OpenShaarliPasswordException
+ *
+ * Raised if the user tries to change the admin password on an open shaarli instance.
+ */
+class OpenShaarliPasswordException extends ShaarliFrontException
+{
+    public function __construct()
+    {
+        parent::__construct(t('You are not supposed to change a password on an Open Shaarli.'), 403);
+    }
+}
diff --git a/application/front/exceptions/ShaarliFrontException.php b/application/front/exceptions/ShaarliFrontException.php
index fc8eb92b..73847e6d 100644
--- a/application/front/exceptions/ShaarliFrontException.php
+++ b/application/front/exceptions/ShaarliFrontException.php
@@ -9,11 +9,11 @@ use Throwable;
 /**
 * Class ShaarliException
 *
- * Abstract exception class used to defined any custom exception thrown during front rendering.
+ * Exception class used to defined any custom exception thrown during front rendering.
 *
 * @package Front\Exception
 */
-abstract class ShaarliFrontException extends \Exception
+class ShaarliFrontException extends \Exception
 {
    /** Override parent constructor to force $message and $httpCode parameters to be set. */
    public function __construct(string $message, int $httpCode, Throwable $previous = null)
diff --git a/application/front/exceptions/WrongTokenException.php b/application/front/exceptions/WrongTokenException.php
new file mode 100644
index 00000000..42002720
--- /dev/null
+++ b/application/front/exceptions/WrongTokenException.php
@@ -0,0 +1,18 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Exception;
+/**
+ * Class OpenShaarliPasswordException
+ *
+ * Raised if the user tries to perform an action with an invalid XSRF token.
+ */
+class WrongTokenException extends ShaarliFrontException
+{
+    public function __construct()
+    {
+        parent::__construct(t('Wrong token.'), 403);
+    }
+}
diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php
index f4fefda8..264cd33b 100644
--- a/application/render/PageBuilder.php
+++ b/application/render/PageBuilder.php
@@ -7,6 +7,7 @@ use RainTPL;
 use Shaarli\ApplicationUtils;
 use Shaarli\Bookmark\BookmarkServiceInterface;
 use Shaarli\Config\ConfigManager;
+use Shaarli\Security\SessionManager;
 use Shaarli\Thumbnailer;
 /**
@@ -136,17 +137,28 @@ class PageBuilder
        $this->tpl->assign('thumbnails_width', $this->conf->get('thumbnails.width'));
        $this->tpl->assign('thumbnails_height', $this->conf->get('thumbnails.height'));
-        if (!empty($_SESSION['warnings'])) {
-            $this->tpl->assign('global_warnings', $_SESSION['warnings']);
-            unset($_SESSION['warnings']);
-        }
        $this->tpl->assign('formatter', $this->conf->get('formatter', 'default'));
        // To be removed with a proper theme configuration.
        $this->tpl->assign('conf', $this->conf);
    }
+    protected function finalize(): void
+    {
+        // TODO: use the SessionManager
+        $messageKeys = [
+            SessionManager::KEY_SUCCESS_MESSAGES,
+            SessionManager::KEY_WARNING_MESSAGES,
+            SessionManager::KEY_ERROR_MESSAGES
+        ];
+        foreach ($messageKeys as $messageKey) {
+            if (!empty($_SESSION[$messageKey])) {
+                $this->tpl->assign('global_' . $messageKey, $_SESSION[$messageKey]);
+                unset($_SESSION[$messageKey]);
+            }
+        }
+    }
    /**
     * The following assign() method is basically the same as RainTPL (except lazy loading)
     *
@@ -196,6 +208,8 @@ class PageBuilder
            $this->initialize();
        }
+        $this->finalize();
        $this->tpl->draw($page);
    }
@@ -213,6 +227,8 @@ class PageBuilder
            $this->initialize();
        }
+        $this->finalize();
        return $this->tpl->draw($page, true);
    }
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php
index 8b77d362..0ac17d9a 100644
--- a/application/security/SessionManager.php
+++ b/application/security/SessionManager.php
@@ -12,6 +12,10 @@ class SessionManager
    public const KEY_VISIBILITY = 'visibility';
    public const KEY_UNTAGGED_ONLY = 'untaggedonly';
+    public const KEY_SUCCESS_MESSAGES = 'successes';
+    public const KEY_WARNING_MESSAGES = 'warnings';
+    public const KEY_ERROR_MESSAGES = 'errors';
    /** @var int Session expiration timeout, in seconds */
    public static $SHORT_TIMEOUT = 3600;    // 1 hour
author	ArthurHoaro <arthur@hoa.ro>	2020-05-27 13:35:48 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2020-07-23 21:19:21 +0200
commit	ef00f9d2033f6de11e71bf3a909399cae6f73a9f (patch)
tree	96f47312084bab73be34495eed4280110a8ff258 /application
parent	ba43064ddb7771fc97df135a32f9b0d5e373dd36 (diff)
download	Shaarli-ef00f9d2033f6de11e71bf3a909399cae6f73a9f.tar.gz Shaarli-ef00f9d2033f6de11e71bf3a909399cae6f73a9f.tar.zst Shaarli-ef00f9d2033f6de11e71bf3a909399cae6f73a9f.zip

diff --git a/application/front/controller/admin/PasswordController.php b/application/front/controller/admin/PasswordController.php new file mode 100644 index 00000000..6e8f0bcb --- /dev/null +++ b/application/front/controller/admin/PasswordController.php
@@ -0,0 +1,100 @@
		1	<?php
		2
		3	declare(strict_types=1);
		4
		5	namespace Shaarli\Front\Controller\Admin;
		6
		7	use Shaarli\Container\ShaarliContainer;
		8	use Shaarli\Front\Exception\OpenShaarliPasswordException;
		9	use Shaarli\Front\Exception\ShaarliFrontException;
		10	use Slim\Http\Request;
		11	use Slim\Http\Response;
		12	use Throwable;
		13
		14	/**
		15	* Class PasswordController
		16	*
		17	* Slim controller used to handle passwords update.
		18	*/
		19	class PasswordController extends ShaarliAdminController
		20	{
		21	public function __construct(ShaarliContainer $container)
		22	{
		23	parent::__construct($container);
		24
		25	$this->assignView(
		26	'pagetitle',
		27	t('Change password') .' - '. $this->container->conf->get('general.title', 'Shaarli')
		28	);
		29	}
		30
		31	/**
		32	* GET /password - Displays the change password template
		33	*/
		34	public function index(Request $request, Response $response): Response
		35	{
		36	return $response->write($this->render('changepassword'));
		37	}
		38
		39	/**
		40	* POST /password - Change admin password - existing and new passwords need to be provided.
		41	*/
		42	public function change(Request $request, Response $response): Response
		43	{
		44	$this->checkToken($request);
		45
		46	if ($this->container->conf->get('security.open_shaarli', false)) {
		47	throw new OpenShaarliPasswordException();
		48	}
		49
		50	$oldPassword = $request->getParam('oldpassword');
		51	$newPassword = $request->getParam('setpassword');
		52
		53	if (empty($newPassword) \|\| empty($oldPassword)) {
		54	$this->saveErrorMessage(t('You must provide the current and new password to change it.'));
		55
		56	return $response
		57	->withStatus(400)
		58	->write($this->render('changepassword'))
		59	;
		60	}
		61
		62	// Make sure old password is correct.
		63	$oldHash = sha1(
		64	$oldPassword .
		65	$this->container->conf->get('credentials.login') .
		66	$this->container->conf->get('credentials.salt')
		67	);
		68
		69	if ($oldHash !== $this->container->conf->get('credentials.hash')) {
		70	$this->saveErrorMessage(t('The old password is not correct.'));
		71
		72	return $response
		73	->withStatus(400)
		74	->write($this->render('changepassword'))
		75	;
		76	}
		77
		78	// Save new password
		79	// Salt renders rainbow-tables attacks useless.
		80	$this->container->conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
		81	$this->container->conf->set(
		82	'credentials.hash',
		83	sha1(
		84	$newPassword
		85	. $this->container->conf->get('credentials.login')
		86	. $this->container->conf->get('credentials.salt')
		87	)
		88	);
		89
		90	try {
		91	$this->container->conf->write($this->container->loginManager->isLoggedIn());
		92	} catch (Throwable $e) {
		93	throw new ShaarliFrontException($e->getMessage(), 500, $e);
		94	}
		95
		96	$this->saveSuccessMessage(t('Your password has been changed'));
		97
		98	return $response->write($this->render('changepassword'));
		99	}
		100	}


diff --git a/application/front/controller/admin/ShaarliAdminController.php b/application/front/controller/admin/ShaarliAdminController.php index ea703f62..3385006c 100644 --- a/application/front/controller/admin/ShaarliAdminController.php +++ b/application/front/controller/admin/ShaarliAdminController.php
@@ -7,7 +7,19 @@ namespace Shaarli\Front\Controller\Admin;
7	use Shaarli\Container\ShaarliContainer;	7	use Shaarli\Container\ShaarliContainer;
8	use Shaarli\Front\Controller\Visitor\ShaarliVisitorController;	8	use Shaarli\Front\Controller\Visitor\ShaarliVisitorController;
9	use Shaarli\Front\Exception\UnauthorizedException;	9	use Shaarli\Front\Exception\UnauthorizedException;
		10	use Shaarli\Front\Exception\WrongTokenException;
		11	use Shaarli\Security\SessionManager;
		12	use Slim\Http\Request;
10		13
		14	/**
		15	* Class ShaarliAdminController
		16	*
		17	* All admin controllers (for logged in users) MUST extend this abstract class.
		18	* It makes sure that the user is properly logged in, and otherwise throw an exception
		19	* which will redirect to the login page.
		20	*
		21	* @package Shaarli\Front\Controller\Admin
		22	*/
11	abstract class ShaarliAdminController extends ShaarliVisitorController	23	abstract class ShaarliAdminController extends ShaarliVisitorController
12	{	24	{
13	public function __construct(ShaarliContainer $container)	25	public function __construct(ShaarliContainer $container)
@@ -18,4 +30,51 @@ abstract class ShaarliAdminController extends ShaarliVisitorController
18	throw new UnauthorizedException();	30	throw new UnauthorizedException();
19	}	31	}
20	}	32	}
		33
		34	/**
		35	* Any persistent action to the config or data store must check the XSRF token validity.
		36	*/
		37	protected function checkToken(Request $request): void
		38	{
		39	if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
		40	throw new WrongTokenException();
		41	}
		42	}
		43
		44	/**
		45	* Save a SUCCESS message in user session, which will be displayed on any template page.
		46	*/
		47	protected function saveSuccessMessage(string $message): void
		48	{
		49	$this->saveMessage(SessionManager::KEY_SUCCESS_MESSAGES, $message);
		50	}
		51
		52	/**
		53	* Save a WARNING message in user session, which will be displayed on any template page.
		54	*/
		55	protected function saveWarningMessage(string $message): void
		56	{
		57	$this->saveMessage(SessionManager::KEY_WARNING_MESSAGES, $message);
		58	}
		59
		60	/**
		61	* Save an ERROR message in user session, which will be displayed on any template page.
		62	*/
		63	protected function saveErrorMessage(string $message): void
		64	{
		65	$this->saveMessage(SessionManager::KEY_ERROR_MESSAGES, $message);
		66	}
		67
		68	/**
		69	* Use the sessionManager to save the provided message using the proper type.
		70	*
		71	* @param string $type successed/warnings/errors
		72	*/
		73	protected function saveMessage(string $type, string $message): void
		74	{
		75	$messages = $this->container->sessionManager->getSessionParameter($type) ?? [];
		76	$messages[] = $message;
		77
		78	$this->container->sessionManager->setSessionParameter($type, $messages);
		79	}
21	}	80	}


diff --git a/application/front/controller/visitor/ShaarliVisitorController.php b/application/front/controller/visitor/ShaarliVisitorController.php index 655b3baa..f12915c1 100644 --- a/application/front/controller/visitor/ShaarliVisitorController.php +++ b/application/front/controller/visitor/ShaarliVisitorController.php
@@ -9,6 +9,14 @@ use Shaarli\Container\ShaarliContainer;
9	use Slim\Http\Request;	9	use Slim\Http\Request;
10	use Slim\Http\Response;	10	use Slim\Http\Response;
11		11
		12	/**
		13	* Class ShaarliVisitorController
		14	*
		15	* All controllers accessible by visitors (non logged in users) should extend this abstract class.
		16	* Contains a few helper function for template rendering, plugins, etc.
		17	*
		18	* @package Shaarli\Front\Controller\Visitor
		19	*/
12	abstract class ShaarliVisitorController	20	abstract class ShaarliVisitorController
13	{	21	{
14	/** @var ShaarliContainer */	22	/** @var ShaarliContainer */


diff --git a/application/front/exceptions/OpenShaarliPasswordException.php b/application/front/exceptions/OpenShaarliPasswordException.php new file mode 100644 index 00000000..a6f0b3ae --- /dev/null +++ b/application/front/exceptions/OpenShaarliPasswordException.php
@@ -0,0 +1,18 @@
		1	<?php
		2
		3	declare(strict_types=1);
		4
		5	namespace Shaarli\Front\Exception;
		6
		7	/**
		8	* Class OpenShaarliPasswordException
		9	*
		10	* Raised if the user tries to change the admin password on an open shaarli instance.
		11	*/
		12	class OpenShaarliPasswordException extends ShaarliFrontException
		13	{
		14	public function __construct()
		15	{
		16	parent::__construct(t('You are not supposed to change a password on an Open Shaarli.'), 403);
		17	}
		18	}


diff --git a/application/front/exceptions/ShaarliFrontException.php b/application/front/exceptions/ShaarliFrontException.php index fc8eb92b..73847e6d 100644 --- a/application/front/exceptions/ShaarliFrontException.php +++ b/application/front/exceptions/ShaarliFrontException.php
@@ -9,11 +9,11 @@ use Throwable;
9	/**	9	/**
10	* Class ShaarliException	10	* Class ShaarliException
11	*	11	*
12	* Abstract exception class used to defined any custom exception thrown during front rendering.	12	* Exception class used to defined any custom exception thrown during front rendering.
13	*	13	*
14	* @package Front\Exception	14	* @package Front\Exception
15	*/	15	*/
16	abstract class ShaarliFrontException extends \Exception	16	class ShaarliFrontException extends \Exception
17	{	17	{
18	/** Override parent constructor to force $message and $httpCode parameters to be set. */	18	/** Override parent constructor to force $message and $httpCode parameters to be set. */
19	public function __construct(string $message, int $httpCode, Throwable $previous = null)	19	public function __construct(string $message, int $httpCode, Throwable $previous = null)


diff --git a/application/front/exceptions/WrongTokenException.php b/application/front/exceptions/WrongTokenException.php new file mode 100644 index 00000000..42002720 --- /dev/null +++ b/application/front/exceptions/WrongTokenException.php
@@ -0,0 +1,18 @@
		1	<?php
		2
		3	declare(strict_types=1);
		4
		5	namespace Shaarli\Front\Exception;
		6
		7	/**
		8	* Class OpenShaarliPasswordException
		9	*
		10	* Raised if the user tries to perform an action with an invalid XSRF token.
		11	*/
		12	class WrongTokenException extends ShaarliFrontException
		13	{
		14	public function __construct()
		15	{
		16	parent::__construct(t('Wrong token.'), 403);
		17	}
		18	}


diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index f4fefda8..264cd33b 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php
@@ -7,6 +7,7 @@ use RainTPL;
7	use Shaarli\ApplicationUtils;	7	use Shaarli\ApplicationUtils;
8	use Shaarli\Bookmark\BookmarkServiceInterface;	8	use Shaarli\Bookmark\BookmarkServiceInterface;
9	use Shaarli\Config\ConfigManager;	9	use Shaarli\Config\ConfigManager;
		10	use Shaarli\Security\SessionManager;
10	use Shaarli\Thumbnailer;	11	use Shaarli\Thumbnailer;
11		12
12	/**	13	/**
@@ -136,17 +137,28 @@ class PageBuilder
136	$this->tpl->assign('thumbnails_width', $this->conf->get('thumbnails.width'));	137	$this->tpl->assign('thumbnails_width', $this->conf->get('thumbnails.width'));
137	$this->tpl->assign('thumbnails_height', $this->conf->get('thumbnails.height'));	138	$this->tpl->assign('thumbnails_height', $this->conf->get('thumbnails.height'));
138		139
139	if (!empty($_SESSION['warnings'])) {
140	$this->tpl->assign('global_warnings', $_SESSION['warnings']);
141	unset($_SESSION['warnings']);
142	}
143
144	$this->tpl->assign('formatter', $this->conf->get('formatter', 'default'));	140	$this->tpl->assign('formatter', $this->conf->get('formatter', 'default'));
145		141
146	// To be removed with a proper theme configuration.	142	// To be removed with a proper theme configuration.
147	$this->tpl->assign('conf', $this->conf);	143	$this->tpl->assign('conf', $this->conf);
148	}	144	}
149		145
		146	protected function finalize(): void
		147	{
		148	// TODO: use the SessionManager
		149	$messageKeys = [
		150	SessionManager::KEY_SUCCESS_MESSAGES,
		151	SessionManager::KEY_WARNING_MESSAGES,
		152	SessionManager::KEY_ERROR_MESSAGES
		153	];
		154	foreach ($messageKeys as $messageKey) {
		155	if (!empty($_SESSION[$messageKey])) {
		156	$this->tpl->assign('global_' . $messageKey, $_SESSION[$messageKey]);
		157	unset($_SESSION[$messageKey]);
		158	}
		159	}
		160	}
		161
150	/**	162	/**
151	* The following assign() method is basically the same as RainTPL (except lazy loading)	163	* The following assign() method is basically the same as RainTPL (except lazy loading)
152	*	164	*
@@ -196,6 +208,8 @@ class PageBuilder
196	$this->initialize();	208	$this->initialize();
197	}	209	}
198		210
		211	$this->finalize();
		212
199	$this->tpl->draw($page);	213	$this->tpl->draw($page);
200	}	214	}
201		215
@@ -213,6 +227,8 @@ class PageBuilder
213	$this->initialize();	227	$this->initialize();
214	}	228	}
215		229
		230	$this->finalize();
		231
216	return $this->tpl->draw($page, true);	232	return $this->tpl->draw($page, true);
217	}	233	}
218		234


diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 8b77d362..0ac17d9a 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php
@@ -12,6 +12,10 @@ class SessionManager
12	public const KEY_VISIBILITY = 'visibility';	12	public const KEY_VISIBILITY = 'visibility';
13	public const KEY_UNTAGGED_ONLY = 'untaggedonly';	13	public const KEY_UNTAGGED_ONLY = 'untaggedonly';
14		14
		15	public const KEY_SUCCESS_MESSAGES = 'successes';
		16	public const KEY_WARNING_MESSAGES = 'warnings';
		17	public const KEY_ERROR_MESSAGES = 'errors';
		18
15	/** @var int Session expiration timeout, in seconds */	19	/** @var int Session expiration timeout, in seconds */
16	public static $SHORT_TIMEOUT = 3600; // 1 hour	20	public static $SHORT_TIMEOUT = 3600; // 1 hour
17		21