X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FSecurity%2FAuthentication.php;h=0b2fc9f9cf3d15850b7c88cd053b6608fe98cf3b;hb=2e05dac7dae0a3d028b442a2d5afbd4176a32e99;hp=6c846e9dc1ca303a9e7709e8d2b903e27ffcf1db;hpb=30aad250df30a9c65192d8f2d952597b28676871;p=friendica.git diff --git a/src/Security/Authentication.php b/src/Security/Authentication.php index 6c846e9dc1..0b2fc9f9cf 100644 --- a/src/Security/Authentication.php +++ b/src/Security/Authentication.php @@ -23,10 +23,11 @@ namespace Friendica\Security; use Exception; use Friendica\App; -use Friendica\Core\Config\IConfig; -use Friendica\Core\PConfig\IPConfig; +use Friendica\Core\Config\Capability\IManageConfigValues; +use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues; use Friendica\Core\Hook; use Friendica\Core\Session; +use Friendica\Core\Session\Capability\IHandleSessions; use Friendica\Core\System; use Friendica\Database\Database; use Friendica\Database\DBA; @@ -36,10 +37,8 @@ use Friendica\Network\HTTPException; use Friendica\Security\TwoFactor\Repository\TrustedBrowser; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; -use Friendica\Util\Strings; use LightOpenID; use Friendica\Core\L10n; -use Friendica\Core\Logger; use Psr\Log\LoggerInterface; /** @@ -47,7 +46,7 @@ use Psr\Log\LoggerInterface; */ class Authentication { - /** @var IConfig */ + /** @var IManageConfigValues */ private $config; /** @var App\Mode */ private $mode; @@ -61,25 +60,37 @@ class Authentication private $logger; /** @var User\Cookie */ private $cookie; - /** @var Session\ISession */ + /** @var IHandleSessions */ private $session; - /** @var IPConfig */ + /** @var IManagePersonalConfigValues */ private $pConfig; + /** + * Sets the X-Account-Management-Status header + * + * mainly extracted to make it overridable for tests + * + * @param array $user_record + */ + protected function setXAccMgmtStatusHeader(array $user_record) + { + header('X-Account-Management-Status: active; name="' . $user_record['username'] . '"; id="' . $user_record['nickname'] . '"'); + } + /** * Authentication constructor. * - * @param IConfig $config - * @param App\Mode $mode - * @param App\BaseURL $baseUrl - * @param L10n $l10n - * @param Database $dba - * @param LoggerInterface $logger - * @param User\Cookie $cookie - * @param Session\ISession $session - * @param IPConfig $pConfig + * @param IManageConfigValues $config + * @param App\Mode $mode + * @param App\BaseURL $baseUrl + * @param L10n $l10n + * @param Database $dba + * @param LoggerInterface $logger + * @param User\Cookie $cookie + * @param IHandleSessions $session + * @param IManagePersonalConfigValues $pConfig */ - public function __construct(IConfig $config, App\Mode $mode, App\BaseURL $baseUrl, L10n $l10n, Database $dba, LoggerInterface $logger, User\Cookie $cookie, Session\ISession $session, IPConfig $pConfig) + public function __construct(IManageConfigValues $config, App\Mode $mode, App\BaseURL $baseUrl, L10n $l10n, Database $dba, LoggerInterface $logger, User\Cookie $cookie, IHandleSessions $session, IManagePersonalConfigValues $pConfig) { $this->config = $config; $this->mode = $mode; @@ -144,7 +155,7 @@ class Authentication if ($this->session->get('visitor_id') && !$this->session->get('uid')) { $contact = $this->dba->selectFirst('contact', ['id'], ['id' => $this->session->get('visitor_id')]); if ($this->dba->isResult($contact)) { - $a->contact_id = $contact['id']; + $a->setContactId($contact['id']); } } @@ -247,7 +258,7 @@ class Authentication ['uid' => User::getIdFromPasswordAuthentication($username, $password)] ); } catch (Exception $e) { - $this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => Strings::escapeTags($username), 'ip' => $_SERVER['REMOTE_ADDR']]); + $this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => $username, 'ip' => $_SERVER['REMOTE_ADDR']]); notice($this->l10n->t('Login failed. Please check your credentials.')); $this->baseUrl->redirect(); } @@ -306,35 +317,23 @@ class Authentication $this->session->set('new_member', time() < ($member_since + (60 * 60 * 24 * 14))); if (strlen($user_record['timezone'])) { - date_default_timezone_set($user_record['timezone']); - $a->timezone = $user_record['timezone']; - } - - $masterUid = $user_record['uid']; - - if ($this->session->get('submanage')) { - $user = $this->dba->selectFirst('user', ['uid'], ['uid' => $this->session->get('submanage')]); - if ($this->dba->isResult($user)) { - $masterUid = $user['uid']; - } + $a->setTimeZone($user_record['timezone']); } $contact = $this->dba->selectFirst('contact', ['id'], ['uid' => $user_record['uid'], 'self' => true]); if ($this->dba->isResult($contact)) { - $a->contact_id = $contact['id']; + $a->setContactId($contact['id']); $this->session->set('cid', $contact['id']); } - header('X-Account-Management-Status: active; name="' . $user_record['username'] . '"; id="' . $user_record['nickname'] . '"'); + $this->setXAccMgmtStatusHeader($user_record); if ($login_initial || $login_refresh) { $this->dba->update('user', ['login_date' => DateTimeFormat::utcNow()], ['uid' => $user_record['uid']]); // Set the login date for all identities of the user - if (!empty($masterUid)) { - $this->dba->update('user', ['login_date' => DateTimeFormat::utcNow()], - ['parent-uid' => $masterUid, 'account_removed' => false]); - } + $this->dba->update('user', ['login_date' => DateTimeFormat::utcNow()], + ['parent-uid' => $user_record['uid'], 'account_removed' => false]); } if ($login_initial) { @@ -354,7 +353,7 @@ class Authentication } } - $this->redirectForTwoFactorAuthentication($user_record['uid'], $a); + $this->redirectForTwoFactorAuthentication($user_record['uid']); if ($interactive) { if ($user_record['login_date'] <= DBA::NULL_DATETIME) { @@ -364,10 +363,11 @@ class Authentication } } - $a->user = $user_record; + $a->setLoggedInUserId($user_record['uid']); + $a->setLoggedInUserNickname($user_record['nickname']); if ($login_initial) { - Hook::callAll('logged_in', $a->user); + Hook::callAll('logged_in', $user_record); if (DI::module()->getName() !== 'home' && $this->session->exists('return_path')) { $this->baseUrl->redirect($this->session->get('return_path')); @@ -380,12 +380,11 @@ class Authentication * All return calls in this method skip two-factor authentication * * @param int $uid The User Identified - * @param App $a The Friendica Application context * * @throws HTTPException\ForbiddenException In case the two factor authentication is forbidden (e.g. for AJAX calls) * @throws HTTPException\InternalServerErrorException */ - private function redirectForTwoFactorAuthentication(int $uid, App $a) + private function redirectForTwoFactorAuthentication(int $uid) { // Check user setting, if 2FA disabled return if (!$this->pConfig->get($uid, '2fa', 'verified')) { @@ -393,7 +392,7 @@ class Authentication } // Check current path, if public or 2fa module return - if ($a->argc > 0 && in_array($a->argv[0], ['2fa', 'view', 'help', 'api', 'proxy', 'logout'])) { + if (DI::args()->getArgc() > 0 && in_array(DI::args()->getArgv()[0], ['2fa', 'view', 'help', 'api', 'proxy', 'logout'])) { return; }