From 6c50a6ccceecf54850e62c312ab2397b84d89ab4 Mon Sep 17 00:00:00 2001
From: ArthurHoaro <arthur@hoa.ro>
Date: Sat, 18 Jan 2020 17:50:11 +0100
Subject: Render login page through Slim controller

---
 application/container/ContainerBuilder.php         | 77 ++++++++++++++++++++++
 application/container/ShaarliContainer.php         | 28 ++++++++
 application/front/ShaarliMiddleware.php            | 57 ++++++++++++++++
 application/front/controllers/LoginController.php  | 46 +++++++++++++
 .../front/controllers/ShaarliController.php        | 31 +++++++++
 .../front/exceptions/LoginBannedException.php      | 15 +++++
 application/front/exceptions/ShaarliException.php  | 23 +++++++
 application/render/PageBuilder.php                 | 17 +++++
 application/security/SessionManager.php            |  6 ++
 9 files changed, 300 insertions(+)
 create mode 100644 application/container/ContainerBuilder.php
 create mode 100644 application/container/ShaarliContainer.php
 create mode 100644 application/front/ShaarliMiddleware.php
 create mode 100644 application/front/controllers/LoginController.php
 create mode 100644 application/front/controllers/ShaarliController.php
 create mode 100644 application/front/exceptions/LoginBannedException.php
 create mode 100644 application/front/exceptions/ShaarliException.php

(limited to 'application')

diff --git a/application/container/ContainerBuilder.php b/application/container/ContainerBuilder.php
new file mode 100644
index 00000000..ff29825c
--- /dev/null
+++ b/application/container/ContainerBuilder.php
@@ -0,0 +1,77 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Container;
+
+use Shaarli\Bookmark\BookmarkFileService;
+use Shaarli\Bookmark\BookmarkServiceInterface;
+use Shaarli\Config\ConfigManager;
+use Shaarli\History;
+use Shaarli\Plugin\PluginManager;
+use Shaarli\Render\PageBuilder;
+use Shaarli\Security\LoginManager;
+use Shaarli\Security\SessionManager;
+
+/**
+ * Class ContainerBuilder
+ *
+ * Helper used to build a Slim container instance with Shaarli's object dependencies.
+ * Note that most injected objects MUST be added as closures, to let the container instantiate
+ * only the objects it requires during the execution.
+ *
+ * @package Container
+ */
+class ContainerBuilder
+{
+    /** @var ConfigManager */
+    protected $conf;
+
+    /** @var SessionManager */
+    protected $session;
+
+    /** @var LoginManager */
+    protected $login;
+
+    public function __construct(ConfigManager $conf, SessionManager $session, LoginManager $login)
+    {
+        $this->conf = $conf;
+        $this->session = $session;
+        $this->login = $login;
+    }
+
+    public function build(): ShaarliContainer
+    {
+        $container = new ShaarliContainer();
+        $container['conf'] = $this->conf;
+        $container['sessionManager'] = $this->session;
+        $container['loginManager'] = $this->login;
+        $container['plugins'] = function (ShaarliContainer $container): PluginManager {
+            return new PluginManager($container->conf);
+        };
+
+        $container['history'] = function (ShaarliContainer $container): History {
+            return new History($container->conf->get('resource.history'));
+        };
+
+        $container['bookmarkService'] = function (ShaarliContainer $container): BookmarkServiceInterface {
+            return new BookmarkFileService(
+                $container->conf,
+                $container->history,
+                $container->loginManager->isLoggedIn()
+            );
+        };
+
+        $container['pageBuilder'] = function (ShaarliContainer $container): PageBuilder {
+            return new PageBuilder(
+                $container->conf,
+                $container->sessionManager->getSession(),
+                $container->bookmarkService,
+                $container->sessionManager->generateToken(),
+                $container->loginManager->isLoggedIn()
+            );
+        };
+
+        return $container;
+    }
+}
diff --git a/application/container/ShaarliContainer.php b/application/container/ShaarliContainer.php
new file mode 100644
index 00000000..f5483d5e
--- /dev/null
+++ b/application/container/ShaarliContainer.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Container;
+
+use Shaarli\Bookmark\BookmarkServiceInterface;
+use Shaarli\Config\ConfigManager;
+use Shaarli\History;
+use Shaarli\Render\PageBuilder;
+use Shaarli\Security\LoginManager;
+use Shaarli\Security\SessionManager;
+use Slim\Container;
+
+/**
+ * Extension of Slim container to document the injected objects.
+ *
+ * @property ConfigManager            $conf
+ * @property SessionManager           $sessionManager
+ * @property LoginManager             $loginManager
+ * @property History                  $history
+ * @property BookmarkServiceInterface $bookmarkService
+ * @property PageBuilder              $pageBuilder
+ */
+class ShaarliContainer extends Container
+{
+
+}
diff --git a/application/front/ShaarliMiddleware.php b/application/front/ShaarliMiddleware.php
new file mode 100644
index 00000000..fa6c6467
--- /dev/null
+++ b/application/front/ShaarliMiddleware.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace Shaarli\Front;
+
+use Shaarli\Container\ShaarliContainer;
+use Shaarli\Front\Exception\ShaarliException;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+/**
+ * Class ShaarliMiddleware
+ *
+ * This will be called before accessing any Shaarli controller.
+ */
+class ShaarliMiddleware
+{
+    /** @var ShaarliContainer contains all Shaarli DI */
+    protected $container;
+
+    public function __construct(ShaarliContainer $container)
+    {
+        $this->container = $container;
+    }
+
+    /**
+     * Middleware execution:
+     *   - execute the controller
+     *   - return the response
+     *
+     * In case of error, the error template will be displayed with the exception message.
+     *
+     * @param  Request  $request  Slim request
+     * @param  Response $response Slim response
+     * @param  callable $next     Next action
+     *
+     * @return Response response.
+     */
+    public function __invoke(Request $request, Response $response, callable $next)
+    {
+        try {
+            $response = $next($request, $response);
+        } catch (ShaarliException $e) {
+            $this->container->pageBuilder->assign('message', $e->getMessage());
+            if ($this->container->conf->get('dev.debug', false)) {
+                $this->container->pageBuilder->assign(
+                    'stacktrace',
+                    nl2br(get_class($this) .': '. $e->getTraceAsString())
+                );
+            }
+
+            $response = $response->withStatus($e->getCode());
+            $response = $response->write($this->container->pageBuilder->render('error'));
+        }
+
+        return $response;
+    }
+}
diff --git a/application/front/controllers/LoginController.php b/application/front/controllers/LoginController.php
new file mode 100644
index 00000000..47fa3ee3
--- /dev/null
+++ b/application/front/controllers/LoginController.php
@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller;
+
+use Shaarli\Front\Exception\LoginBannedException;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+/**
+ * Class LoginController
+ *
+ * Slim controller used to render the login page.
+ *
+ * The login page is not available if the user is banned
+ * or if open shaarli setting is enabled.
+ *
+ * @package Front\Controller
+ */
+class LoginController extends ShaarliController
+{
+    public function index(Request $request, Response $response): Response
+    {
+        if ($this->ci->loginManager->isLoggedIn() || $this->ci->conf->get('security.open_shaarli', false)) {
+            return $response->withRedirect('./');
+        }
+
+        $userCanLogin = $this->ci->loginManager->canLogin($request->getServerParams());
+        if ($userCanLogin !== true) {
+            throw new LoginBannedException();
+        }
+
+        if ($request->getParam('username') !== null) {
+            $this->assignView('username', escape($request->getParam('username')));
+        }
+
+        $this
+            ->assignView('returnurl', escape($request->getServerParam('HTTP_REFERER')))
+            ->assignView('remember_user_default', $this->ci->conf->get('privacy.remember_user_default', true))
+            ->assignView('pagetitle', t('Login') .' - '. $this->ci->conf->get('general.title', 'Shaarli'))
+        ;
+
+        return $response->write($this->ci->pageBuilder->render('loginform'));
+    }
+}
diff --git a/application/front/controllers/ShaarliController.php b/application/front/controllers/ShaarliController.php
new file mode 100644
index 00000000..2a166c3c
--- /dev/null
+++ b/application/front/controllers/ShaarliController.php
@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller;
+
+use Shaarli\Container\ShaarliContainer;
+
+abstract class ShaarliController
+{
+    /** @var ShaarliContainer */
+    protected $ci;
+
+    /** @param ShaarliContainer $ci Slim container (extended for attribute completion). */
+    public function __construct(ShaarliContainer $ci)
+    {
+        $this->ci = $ci;
+    }
+
+    /**
+     * Assign variables to RainTPL template through the PageBuilder.
+     *
+     * @param mixed $value Value to assign to the template
+     */
+    protected function assignView(string $name, $value): self
+    {
+        $this->ci->pageBuilder->assign($name, $value);
+
+        return $this;
+    }
+}
diff --git a/application/front/exceptions/LoginBannedException.php b/application/front/exceptions/LoginBannedException.php
new file mode 100644
index 00000000..b31a4a14
--- /dev/null
+++ b/application/front/exceptions/LoginBannedException.php
@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Exception;
+
+class LoginBannedException extends ShaarliException
+{
+    public function __construct()
+    {
+        $message = t('You have been banned after too many failed login attempts. Try again later.');
+
+        parent::__construct($message, 401);
+    }
+}
diff --git a/application/front/exceptions/ShaarliException.php b/application/front/exceptions/ShaarliException.php
new file mode 100644
index 00000000..800bfbec
--- /dev/null
+++ b/application/front/exceptions/ShaarliException.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Exception;
+
+use Throwable;
+
+/**
+ * Class ShaarliException
+ *
+ * Abstract exception class used to defined any custom exception thrown during front rendering.
+ *
+ * @package Front\Exception
+ */
+abstract class ShaarliException extends \Exception
+{
+    /** Override parent constructor to force $message and $httpCode parameters to be set. */
+    public function __construct(string $message, int $httpCode, Throwable $previous = null)
+    {
+        parent::__construct($message, $httpCode, $previous);
+    }
+}
diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php
index 65e85aaf..f4fefda8 100644
--- a/application/render/PageBuilder.php
+++ b/application/render/PageBuilder.php
@@ -199,6 +199,23 @@ class PageBuilder
         $this->tpl->draw($page);
     }
 
+    /**
+     * Render a specific page as string (using a template file).
+     * e.g. $pb->render('picwall');
+     *
+     * @param string $page Template filename (without extension).
+     *
+     * @return string Processed template content
+     */
+    public function render(string $page): string
+    {
+        if ($this->tpl === false) {
+            $this->initialize();
+        }
+
+        return $this->tpl->draw($page, true);
+    }
+
     /**
      * Render a 404 page (uses the template : tpl/404.tpl)
      * usage: $PAGE->render404('The link was deleted')
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php
index b8b8ab8d..994fcbe5 100644
--- a/application/security/SessionManager.php
+++ b/application/security/SessionManager.php
@@ -196,4 +196,10 @@ class SessionManager
         }
         return true;
     }
+
+    /** @return array Local reference to the global $_SESSION array */
+    public function getSession(): array
+    {
+        return $this->session;
+    }
 }
-- 
cgit v1.2.3