From c266a89d0fbb0d60d2d7df0ec171b7cb022224f6 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 26 Jan 2020 14:35:25 +0100 Subject: Process tag cloud page through Slim controller --- application/security/SessionManager.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'application/security') diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 994fcbe5..4ae99168 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php @@ -202,4 +202,14 @@ class SessionManager { return $this->session; } + + /** + * @param mixed $default value which will be returned if the $key is undefined + * + * @return mixed Content stored in session + */ + public function getSessionParameter(string $key, $default = null) + { + return $this->session[$key] ?? $default; + } } -- cgit v1.2.3 From af290059d10319e76d1e7d78b592cab99c26d91a Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Fri, 22 May 2020 11:02:56 +0200 Subject: Process session filters through Slim controllers Including: - visibility - links per page - untagged only --- application/security/SessionManager.php | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'application/security') diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 4ae99168..8b77d362 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php @@ -8,6 +8,10 @@ use Shaarli\Config\ConfigManager; */ class SessionManager { + public const KEY_LINKS_PER_PAGE = 'LINKS_PER_PAGE'; + public const KEY_VISIBILITY = 'visibility'; + public const KEY_UNTAGGED_ONLY = 'untaggedonly'; + /** @var int Session expiration timeout, in seconds */ public static $SHORT_TIMEOUT = 3600; // 1 hour @@ -212,4 +216,33 @@ class SessionManager { return $this->session[$key] ?? $default; } + + /** + * Store a variable in user session. + * + * @param string $key Session key + * @param mixed $value Session value to store + * + * @return $this + */ + public function setSessionParameter(string $key, $value): self + { + $this->session[$key] = $value; + + return $this; + } + + /** + * Store a variable in user session. + * + * @param string $key Session key + * + * @return $this + */ + public function deleteSessionParameter(string $key): self + { + unset($this->session[$key]); + + return $this; + } } -- cgit v1.2.3 From ef00f9d2033f6de11e71bf3a909399cae6f73a9f Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 27 May 2020 13:35:48 +0200 Subject: Process password change controller through Slim --- application/security/SessionManager.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'application/security') diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 8b77d362..0ac17d9a 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php @@ -12,6 +12,10 @@ class SessionManager public const KEY_VISIBILITY = 'visibility'; public const KEY_UNTAGGED_ONLY = 'untaggedonly'; + public const KEY_SUCCESS_MESSAGES = 'successes'; + public const KEY_WARNING_MESSAGES = 'warnings'; + public const KEY_ERROR_MESSAGES = 'errors'; + /** @var int Session expiration timeout, in seconds */ public static $SHORT_TIMEOUT = 3600; // 1 hour -- cgit v1.2.3 From c4ad3d4f061d05a01db25aa54dda830ba776792d Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 7 Jul 2020 10:15:56 +0200 Subject: Process Shaarli install through Slim controller --- application/security/CookieManager.php | 33 +++++++++++++++++++++++++++++++++ application/security/LoginManager.php | 16 +++++++--------- application/security/SessionManager.php | 16 +++++++++++++--- 3 files changed, 53 insertions(+), 12 deletions(-) create mode 100644 application/security/CookieManager.php (limited to 'application/security') diff --git a/application/security/CookieManager.php b/application/security/CookieManager.php new file mode 100644 index 00000000..cde4746e --- /dev/null +++ b/application/security/CookieManager.php @@ -0,0 +1,33 @@ +cookies = $cookies; + } + + public function setCookieParameter(string $key, string $value, int $expires, string $path): self + { + $this->cookies[$key] = $value; + + setcookie($key, $value, $expires, $path); + + return $this; + } + + public function getCookieParameter(string $key, string $default = null): ?string + { + return $this->cookies[$key] ?? $default; + } +} diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 39ec9b2e..d74c3118 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php @@ -9,9 +9,6 @@ use Shaarli\Config\ConfigManager; */ class LoginManager { - /** @var string Name of the cookie set after logging in **/ - public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn'; - /** @var array A reference to the $_GLOBALS array */ protected $globals = []; @@ -32,17 +29,21 @@ class LoginManager /** @var string User sign-in token depending on remote IP and credentials */ protected $staySignedInToken = ''; + /** @var CookieManager */ + protected $cookieManager; /** * Constructor * * @param ConfigManager $configManager Configuration Manager instance * @param SessionManager $sessionManager SessionManager instance + * @param CookieManager $cookieManager CookieManager instance */ - public function __construct($configManager, $sessionManager) + public function __construct($configManager, $sessionManager, $cookieManager) { $this->configManager = $configManager; $this->sessionManager = $sessionManager; + $this->cookieManager = $cookieManager; $this->banManager = new BanManager( $this->configManager->get('security.trusted_proxies', []), $this->configManager->get('security.ban_after'), @@ -86,10 +87,9 @@ class LoginManager /** * Check user session state and validity (expiration) * - * @param array $cookie The $_COOKIE array * @param string $clientIpId Client IP address identifier */ - public function checkLoginState($cookie, $clientIpId) + public function checkLoginState($clientIpId) { if (! $this->configManager->exists('credentials.login')) { // Shaarli is not configured yet @@ -97,9 +97,7 @@ class LoginManager return; } - if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE]) - && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken - ) { + if ($this->staySignedInToken === $this->cookieManager->getCookieParameter(CookieManager::STAY_SIGNED_IN)) { // The user client has a valid stay-signed-in cookie // Session information is updated with the current client information $this->sessionManager->storeLoginInfo($clientIpId); diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 0ac17d9a..82771c24 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php @@ -31,16 +31,21 @@ class SessionManager /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ protected $staySignedIn = false; + /** @var string */ + protected $savePath; + /** * Constructor * - * @param array $session The $_SESSION array (reference) - * @param ConfigManager $conf ConfigManager instance + * @param array $session The $_SESSION array (reference) + * @param ConfigManager $conf ConfigManager instance + * @param string $savePath Session save path returned by builtin function session_save_path() */ - public function __construct(& $session, $conf) + public function __construct(&$session, $conf, string $savePath) { $this->session = &$session; $this->conf = $conf; + $this->savePath = $savePath; } /** @@ -249,4 +254,9 @@ class SessionManager return $this; } + + public function getSavePath(): string + { + return $this->savePath; + } } -- cgit v1.2.3 From a8c11451e8d885a243c1ad52012093ba8d121e2c Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 21 Jul 2020 20:33:33 +0200 Subject: Process login through Slim controller --- application/security/SessionManager.php | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'application/security') diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 82771c24..46219a3d 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php @@ -259,4 +259,34 @@ class SessionManager { return $this->savePath; } + + /* + * Next public functions wrapping native PHP session API. + */ + + public function destroy(): bool + { + $this->session = []; + + return session_destroy(); + } + + public function start(): bool + { + if (session_status() === PHP_SESSION_ACTIVE) { + $this->destroy(); + } + + return session_start(); + } + + public function cookieParameters(int $lifeTime, string $path, string $domain): bool + { + return session_set_cookie_params($lifeTime, $path, $domain); + } + + public function regenerateId(bool $deleteOldSession = false): bool + { + return session_regenerate_id($deleteOldSession); + } } -- cgit v1.2.3 From fabff3835da26e6c95cea56b2a01a03749dec7c8 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 22 Jul 2020 18:12:10 +0200 Subject: Move PHP and config init to dedicated file in order to keep index.php as minimal as possible --- application/security/SessionManager.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'application/security') diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 46219a3d..76b0afe8 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php @@ -48,6 +48,20 @@ class SessionManager $this->savePath = $savePath; } + /** + * Initialize XSRF token and links per page session variables. + */ + public function initialize(): void + { + if (!isset($this->session['tokens'])) { + $this->session['tokens'] = []; + } + + if (!isset($this->session['LINKS_PER_PAGE'])) { + $this->session['LINKS_PER_PAGE'] = $this->conf->get('general.links_per_page', 20); + } + } + /** * Define whether the user should stay signed in across browser sessions * -- cgit v1.2.3