From 6c50a6ccceecf54850e62c312ab2397b84d89ab4 Mon Sep 17 00:00:00 2001
From: ArthurHoaro <arthur@hoa.ro>
Date: Sat, 18 Jan 2020 17:50:11 +0100
Subject: Render login page through Slim controller

---
 application/front/ShaarliMiddleware.php            | 57 ++++++++++++++++++++++
 application/front/controllers/LoginController.php  | 46 +++++++++++++++++
 .../front/controllers/ShaarliController.php        | 31 ++++++++++++
 .../front/exceptions/LoginBannedException.php      | 15 ++++++
 application/front/exceptions/ShaarliException.php  | 23 +++++++++
 5 files changed, 172 insertions(+)
 create mode 100644 application/front/ShaarliMiddleware.php
 create mode 100644 application/front/controllers/LoginController.php
 create mode 100644 application/front/controllers/ShaarliController.php
 create mode 100644 application/front/exceptions/LoginBannedException.php
 create mode 100644 application/front/exceptions/ShaarliException.php

(limited to 'application/front')

diff --git a/application/front/ShaarliMiddleware.php b/application/front/ShaarliMiddleware.php
new file mode 100644
index 00000000..fa6c6467
--- /dev/null
+++ b/application/front/ShaarliMiddleware.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace Shaarli\Front;
+
+use Shaarli\Container\ShaarliContainer;
+use Shaarli\Front\Exception\ShaarliException;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+/**
+ * Class ShaarliMiddleware
+ *
+ * This will be called before accessing any Shaarli controller.
+ */
+class ShaarliMiddleware
+{
+    /** @var ShaarliContainer contains all Shaarli DI */
+    protected $container;
+
+    public function __construct(ShaarliContainer $container)
+    {
+        $this->container = $container;
+    }
+
+    /**
+     * Middleware execution:
+     *   - execute the controller
+     *   - return the response
+     *
+     * In case of error, the error template will be displayed with the exception message.
+     *
+     * @param  Request  $request  Slim request
+     * @param  Response $response Slim response
+     * @param  callable $next     Next action
+     *
+     * @return Response response.
+     */
+    public function __invoke(Request $request, Response $response, callable $next)
+    {
+        try {
+            $response = $next($request, $response);
+        } catch (ShaarliException $e) {
+            $this->container->pageBuilder->assign('message', $e->getMessage());
+            if ($this->container->conf->get('dev.debug', false)) {
+                $this->container->pageBuilder->assign(
+                    'stacktrace',
+                    nl2br(get_class($this) .': '. $e->getTraceAsString())
+                );
+            }
+
+            $response = $response->withStatus($e->getCode());
+            $response = $response->write($this->container->pageBuilder->render('error'));
+        }
+
+        return $response;
+    }
+}
diff --git a/application/front/controllers/LoginController.php b/application/front/controllers/LoginController.php
new file mode 100644
index 00000000..47fa3ee3
--- /dev/null
+++ b/application/front/controllers/LoginController.php
@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller;
+
+use Shaarli\Front\Exception\LoginBannedException;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+/**
+ * Class LoginController
+ *
+ * Slim controller used to render the login page.
+ *
+ * The login page is not available if the user is banned
+ * or if open shaarli setting is enabled.
+ *
+ * @package Front\Controller
+ */
+class LoginController extends ShaarliController
+{
+    public function index(Request $request, Response $response): Response
+    {
+        if ($this->ci->loginManager->isLoggedIn() || $this->ci->conf->get('security.open_shaarli', false)) {
+            return $response->withRedirect('./');
+        }
+
+        $userCanLogin = $this->ci->loginManager->canLogin($request->getServerParams());
+        if ($userCanLogin !== true) {
+            throw new LoginBannedException();
+        }
+
+        if ($request->getParam('username') !== null) {
+            $this->assignView('username', escape($request->getParam('username')));
+        }
+
+        $this
+            ->assignView('returnurl', escape($request->getServerParam('HTTP_REFERER')))
+            ->assignView('remember_user_default', $this->ci->conf->get('privacy.remember_user_default', true))
+            ->assignView('pagetitle', t('Login') .' - '. $this->ci->conf->get('general.title', 'Shaarli'))
+        ;
+
+        return $response->write($this->ci->pageBuilder->render('loginform'));
+    }
+}
diff --git a/application/front/controllers/ShaarliController.php b/application/front/controllers/ShaarliController.php
new file mode 100644
index 00000000..2a166c3c
--- /dev/null
+++ b/application/front/controllers/ShaarliController.php
@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller;
+
+use Shaarli\Container\ShaarliContainer;
+
+abstract class ShaarliController
+{
+    /** @var ShaarliContainer */
+    protected $ci;
+
+    /** @param ShaarliContainer $ci Slim container (extended for attribute completion). */
+    public function __construct(ShaarliContainer $ci)
+    {
+        $this->ci = $ci;
+    }
+
+    /**
+     * Assign variables to RainTPL template through the PageBuilder.
+     *
+     * @param mixed $value Value to assign to the template
+     */
+    protected function assignView(string $name, $value): self
+    {
+        $this->ci->pageBuilder->assign($name, $value);
+
+        return $this;
+    }
+}
diff --git a/application/front/exceptions/LoginBannedException.php b/application/front/exceptions/LoginBannedException.php
new file mode 100644
index 00000000..b31a4a14
--- /dev/null
+++ b/application/front/exceptions/LoginBannedException.php
@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Exception;
+
+class LoginBannedException extends ShaarliException
+{
+    public function __construct()
+    {
+        $message = t('You have been banned after too many failed login attempts. Try again later.');
+
+        parent::__construct($message, 401);
+    }
+}
diff --git a/application/front/exceptions/ShaarliException.php b/application/front/exceptions/ShaarliException.php
new file mode 100644
index 00000000..800bfbec
--- /dev/null
+++ b/application/front/exceptions/ShaarliException.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Exception;
+
+use Throwable;
+
+/**
+ * Class ShaarliException
+ *
+ * Abstract exception class used to defined any custom exception thrown during front rendering.
+ *
+ * @package Front\Exception
+ */
+abstract class ShaarliException extends \Exception
+{
+    /** Override parent constructor to force $message and $httpCode parameters to be set. */
+    public function __construct(string $message, int $httpCode, Throwable $previous = null)
+    {
+        parent::__construct($message, $httpCode, $previous);
+    }
+}
-- 
cgit v1.2.3