]> git.mxchange.org Git - friendica.git/commitdiff
projects / friendica.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 55365aa)
Move settings/oauth to src/Module
authorHypolite Petovan <hypolite@mrpetovan.com>
Sat, 5 Nov 2022 02:15:32 +0000 (22:15 -0400)
committerHypolite Petovan <hypolite@mrpetovan.com>
Wed, 9 Nov 2022 11:25:22 +0000 (06:25 -0500)
- Add settings_content() permission checks to Module\BaseSettings
- Transform application token deletion GET links to POST forms to keep a single OAuth module class

mod/settings.php patch | blob | history
src/Module/BaseSettings.php patch | blob | history
src/Module/Settings/OAuth.php [new file with mode: 0644] patch | blob
static/routes.config.php patch | blob | history
view/templates/settings/oauth.tpl patch | blob | history
view/theme/frio/templates/settings/oauth.tpl patch | blob | history

diff --git a/mod/settings.php b/mod/settings.php
index 259981541b7dc2777c76878fd1e92f25d46d3bae..1935c17091ce01610428734087eb9fa81a6aa986 100644 (file)
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -157,31 +157,6 @@ function settings_content(App $a)
                return '';
        }
 
-       if ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'oauth')) {
-               if ((DI::args()->getArgc() > 3) && (DI::args()->getArgv()[2] === 'delete')) {
-                       BaseModule::checkFormSecurityTokenRedirectOnError('/settings/oauth', 'settings_oauth', 't');
-
-                       DBA::delete('application-token', ['application-id' => DI::args()->getArgv()[3], 'uid' => DI::userSession()->getLocalUserId()]);
-                       DI::baseUrl()->redirect('settings/oauth/', true);
-                       return '';
-               }
-
-               $applications = DBA::selectToArray('application-view', ['id', 'uid', 'name', 'website', 'scopes', 'created_at'], ['uid' => DI::userSession()->getLocalUserId()]);
-
-               $tpl = Renderer::getMarkupTemplate('settings/oauth.tpl');
-               $o .= Renderer::replaceMacros($tpl, [
-                       '$form_security_token' => BaseModule::getFormSecurityToken("settings_oauth"),
-                       '$baseurl'             => DI::baseUrl()->get(true),
-                       '$title'               => DI::l10n()->t('Connected Apps'),
-                       '$name'                => DI::l10n()->t('Name'),
-                       '$website'             => DI::l10n()->t('Home Page'),
-                       '$created_at'          => DI::l10n()->t('Created'),
-                       '$delete'              => DI::l10n()->t('Remove authorization'),
-                       '$apps'                => $applications,
-               ]);
-               return $o;
-       }
-
        if ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'addon')) {
                $addon_settings_forms = [];
                foreach (DI::dba()->selectToArray('hook', ['file', 'function'], ['hook' => 'addon_settings']) as $hook) {
diff --git a/src/Module/BaseSettings.php b/src/Module/BaseSettings.php
index 013783c0aba83449d2e0a2fea143866562b04824..89dc8d86730ef7004f18f5599bfa938b0b47c52e 100644 (file)
--- a/src/Module/BaseSettings.php
+++ b/src/Module/BaseSettings.php
@@ -21,116 +21,156 @@
 
 namespace Friendica\Module;
 
+use Friendica\App;
 use Friendica\BaseModule;
 use Friendica\Content\Feature;
+use Friendica\Content\Nav;
+use Friendica\Core\L10n;
 use Friendica\Core\Renderer;
-use Friendica\DI;
+use Friendica\Core\Session\Capability\IHandleUserSessions;
+use Friendica\Core\System;
+use Friendica\Module\Security\Login;
+use Friendica\Network\HTTPException\ForbiddenException;
+use Friendica\Util\Profiler;
+use Psr\Log\LoggerInterface;
 
 class BaseSettings extends BaseModule
 {
-       public static function createAside()
+       /** @var App\Page */
+       protected $page;
+       /** @var IHandleUserSessions */
+       protected $session;
+
+       public function __construct(IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
+       {
+               parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
+
+               $this->page    = $page;
+               $this->session = $session;
+
+               if ($this->session->getSubManagedUserId()) {
+                       throw new ForbiddenException($this->t('Permission denied.'));
+               }
+       }
+
+       protected function content(array $request = []): string
+       {
+               Nav::setSelected('settings');
+
+               if (!$this->session->getLocalUserId()) {
+                       $this->session->set('return_path', $this->args->getCommand());
+                       $this->baseUrl->redirect('login');
+               }
+
+               $this->createAside();
+
+               return '';
+       }
+
+       public function createAside()
        {
                $tpl = Renderer::getMarkupTemplate('settings/head.tpl');
-               DI::page()['htmlhead'] .= Renderer::replaceMacros($tpl, [
-                       '$ispublic' => DI::l10n()->t('everybody')
+               $this->page['htmlhead'] .= Renderer::replaceMacros($tpl, [
+                       '$ispublic' => $this->t('everybody')
                ]);
 
                $tabs = [];
 
                $tabs[] = [
-                       'label' => DI::l10n()->t('Account'),
-                       'url' => 'settings',
-                       'selected' => ((DI::args()->getArgc() == 1) && (DI::args()->getArgv() === 'settings') ? 'active' : ''),
+                       'label'     => $this->t('Account'),
+                       'url'       => 'settings',
+                       'selected'  => static::class == Settings\Account::class ? 'active' : '',
                        'accesskey' => 'o',
                ];
 
                $tabs[] = [
-                       'label' => DI::l10n()->t('Two-factor authentication'),
-                       'url' => 'settings/2fa',
-                       'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === '2fa') ? 'active' : ''),
+                       'label'     => $this->t('Two-factor authentication'),
+                       'url'       => 'settings/2fa',
+                       'selected'  => in_array(static::class, [
+                               Settings\TwoFactor\AppSpecific::class,
+                               Settings\TwoFactor\Index::class,
+                               Settings\TwoFactor\Recovery::class,
+                               Settings\TwoFactor\Trusted::class,
+                               Settings\TwoFactor\Verify::class
+                       ]) ? 'active' : '',
                        'accesskey' => '2',
                ];
 
                $tabs[] = [
-                       'label' => DI::l10n()->t('Profile'),
-                       'url' => 'settings/profile',
-                       'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'profile') ? 'active' : ''),
+                       'label'     => $this->t('Profile'),
+                       'url'       => 'settings/profile',
+                       'selected'  => in_array(static::class, [
+                               Settings\Profile\Index::class,
+                               Settings\Profile\Photo\Crop::class,
+                               Settings\Profile\Photo\Index::class,
+                       ]) ? 'active' : '',
                        'accesskey' => 'p',
                ];
 
                if (Feature::get()) {
                        $tabs[] = [
-                               'label' => DI::l10n()->t('Additional features'),
-                               'url' => 'settings/features',
-                               'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'features') ? 'active' : ''),
+                               'label'     => $this->t('Additional features'),
+                               'url'       => 'settings/features',
+                               'selected'  => static::class == Settings\Features::class ? 'active' : '',
                                'accesskey' => 't',
                        ];
                }
 
                $tabs[] = [
-                       'label' => DI::l10n()->t('Display'),
-                       'url' => 'settings/display',
-                       'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'display') ? 'active' : ''),
+                       'label'     => $this->t('Display'),
+                       'url'       => 'settings/display',
+                       'selected'  => static::class == Settings\Display::class ? 'active' : '',
                        'accesskey' => 'i',
                ];
 
                $tabs[] = [
-                       'label' => DI::l10n()->t('Social Networks'),
-                       'url' => 'settings/connectors',
-                       'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'connectors') ? 'active' : ''),
+                       'label'     => $this->t('Social Networks'),
+                       'url'       => 'settings/connectors',
+                       'selected'  => static::class == Settings\SocialNetworks::class ? 'active' : '',
                        'accesskey' => 'w',
                ];
 
                $tabs[] = [
-                       'label' => DI::l10n()->t('Addons'),
-                       'url' => 'settings/addon',
-                       'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'addon') ? 'active' : ''),
+                       'label'     => $this->t('Addons'),
+                       'url'       => 'settings/addon',
+                       'selected'  => static::class == Settings\Addons::class ? 'active' : '',
                        'accesskey' => 'l',
                ];
 
                $tabs[] = [
-                       'label' => DI::l10n()->t('Manage Accounts'),
-                       'url' => 'settings/delegation',
-                       'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'delegation') ? 'active' : ''),
+                       'label'     => $this->t('Manage Accounts'),
+                       'url'       => 'settings/delegation',
+                       'selected'  => static::class == Settings\Delegation::class ? 'active' : '',
                        'accesskey' => 'd',
                ];
 
                $tabs[] = [
-                       'label' => DI::l10n()->t('Connected apps'),
-                       'url' => 'settings/oauth',
-                       'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'oauth') ? 'active' : ''),
+                       'label'     => $this->t('Connected apps'),
+                       'url'       => 'settings/oauth',
+                       'selected'  => static::class == Settings\OAuth::class ? 'active' : '',
                        'accesskey' => 'b',
                ];
 
                $tabs[] = [
-                       'label' => DI::l10n()->t('Export personal data'),
-                       'url' => 'settings/userexport',
-                       'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'userexport') ? 'active' : ''),
+                       'label'     => $this->t('Export personal data'),
+                       'url'       => 'settings/userexport',
+                       'selected'  => static::class == Settings\UserExport::class ? 'active' : '',
                        'accesskey' => 'e',
                ];
 
                $tabs[] = [
-                       'label' => DI::l10n()->t('Remove account'),
-                       'url' => 'settings/removeme',
-                       'selected' => static::class === Settings\RemoveMe::class ? 'active' : '',
+                       'label'     => $this->t('Remove account'),
+                       'url'       => 'settings/removeme',
+                       'selected'  => static::class === Settings\RemoveMe::class ? 'active' : '',
                        'accesskey' => 'r',
                ];
 
 
-               $tabtpl = Renderer::getMarkupTemplate("generic_links_widget.tpl");
-               DI::page()['aside'] = Renderer::replaceMacros($tabtpl, [
-                       '$title' => DI::l10n()->t('Settings'),
+               $tabtpl              = Renderer::getMarkupTemplate('generic_links_widget.tpl');
+               $this->page['aside'] = Renderer::replaceMacros($tabtpl, [
+                       '$title' => $this->t('Settings'),
                        '$class' => 'settings-widget',
                        '$items' => $tabs,
                ]);
        }
-
-       protected function content(array $request = []): string
-       {
-               $a = DI::app();
-
-               static::createAside();
-
-               return '';
-       }
 }
diff --git a/src/Module/Settings/OAuth.php b/src/Module/Settings/OAuth.php
new file mode 100644 (file)
index 0000000..d14fb05
--- /dev/null
+++ b/src/Module/Settings/OAuth.php
@@ -0,0 +1,80 @@
+<?php
+/**
+ * @copyright Copyright (C) 2010-2022, the Friendica project
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace Friendica\Module\Settings;
+
+use Friendica\App;
+use Friendica\Core\L10n;
+use Friendica\Core\Renderer;
+use Friendica\Core\Session\Capability\IHandleUserSessions;
+use Friendica\Database\Database;
+use Friendica\Module\BaseSettings;
+use Friendica\Module\Response;
+use Friendica\Util\Profiler;
+use Psr\Log\LoggerInterface;
+
+class OAuth extends BaseSettings
+{
+       /** @var Database */
+       private $database;
+
+       public function __construct(Database $database, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
+       {
+               parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
+
+               $this->database = $database;
+       }
+
+       protected function post(array $request = [])
+       {
+               if (!$this->session->getLocalUserId()) {
+                       return;
+               }
+
+               if (!isset($request['delete'])) {
+                       return;
+               }
+
+               BaseSettings::checkFormSecurityTokenRedirectOnError('/settings/oauth', 'settings_oauth');
+
+               $this->database->delete('application-token', ['application-id' => $request['delete'], 'uid' => $this->session->getLocalUserId()]);
+               $this->baseUrl->redirect('settings/oauth', true);
+       }
+
+       protected function content(array $request = []): string
+       {
+               parent::content($request);
+
+               $applications = $this->database->selectToArray('application-view', ['id', 'uid', 'name', 'website', 'scopes', 'created_at'], ['uid' => $this->session->getLocalUserId()]);
+
+               $tpl = Renderer::getMarkupTemplate('settings/oauth.tpl');
+               return Renderer::replaceMacros($tpl, [
+                       '$form_security_token' => BaseSettings::getFormSecurityToken('settings_oauth'),
+                       '$baseurl'             => $this->baseUrl->get(true),
+                       '$title'               => $this->t('Connected Apps'),
+                       '$name'                => $this->t('Name'),
+                       '$website'             => $this->t('Home Page'),
+                       '$created_at'          => $this->t('Created'),
+                       '$delete'              => $this->t('Remove authorization'),
+                       '$apps'                => $applications,
+               ]);
+       }
+}
diff --git a/static/routes.config.php b/static/routes.config.php
index d281f252b95da05c253d2534bc083184b8846ca1..c69a1515af3faab60bccaebb15feeb7525e112fc 100644 (file)
--- a/static/routes.config.php
+++ b/static/routes.config.php
@@ -600,7 +600,8 @@ return [
                        '/trusted'      => [Module\Settings\TwoFactor\Trusted::class, [R::GET, R::POST]],
                ],
                '/delegation[/{action}/{user_id}]' => [Module\Settings\Delegation::class,       [R::GET, R::POST]],
-               '/display'                 => [Module\Settings\Display::class,             [R::GET, R::POST]],
+               '/display'                         => [Module\Settings\Display::class,          [R::GET, R::POST]],
+               '/oauth'                           => [Module\Settings\OAuth::class,            [R::GET, R::POST]],
                '/profile' => [
                        '[/]'                  => [Module\Settings\Profile\Index::class,       [R::GET, R::POST]],
                        '/photo[/new]'         => [Module\Settings\Profile\Photo\Index::class, [R::GET, R::POST]],
diff --git a/view/templates/settings/oauth.tpl b/view/templates/settings/oauth.tpl
index 955b5754dcb7e087e68db25a13b11fc7d9e87e52..ad8407fb174db0ea148a840b599d0e75fe033ecb 100644 (file)
--- a/view/templates/settings/oauth.tpl
+++ b/view/templates/settings/oauth.tpl
@@ -1,13 +1,14 @@
 <div class="generic-page-wrapper">
        <h1>{{$title}}</h1>
        <form action="settings/oauth" method="post" autocomplete="off">
-               <input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
+               <input type="hidden" name="form_security_token" value="{{$form_security_token}}">
                <table id='application-block' class='table table-condensed table-striped'>
                        <thead>
                                <tr>
                                        <th>{{$name}}</th>
                                        <th>{{$website}}</th>
                                        <th>{{$created_at}}</th>
+                                       <th></th>
                                </tr>
                        </thead>
                        <tbody>
@@ -16,7 +17,11 @@
                                        <td>{{$app.name}}</td>
                                        <td>{{$app.website}}</td>
                                        <td>{{$app.created_at}}</td>
-                                       <td><a href="{{$baseurl}}/settings/oauth/delete/{{$app.id}}?t={{$form_security_token}}" class="icon s22 delete" title="{{$delete}}">&nbsp;</a></td>
+                                       <td>
+                                               <button type="submit" class="btn" title="{{$delete}}" name="delete" value="{{$app.id}}">
+                                                       <i class="icon s22 delete" aria-hidden="true"></i>
+                                               </button>
+                                       </td>
                                </tr>
                                {{/foreach}}
                        </tbody>
diff --git a/view/theme/frio/templates/settings/oauth.tpl b/view/theme/frio/templates/settings/oauth.tpl
index 98cb96a3f8a9dd8e7b6b5ce1f015de434eb50232..547203a7b0a07473233f16dd9ea2650679325779 100644 (file)
--- a/view/theme/frio/templates/settings/oauth.tpl
+++ b/view/theme/frio/templates/settings/oauth.tpl
@@ -2,13 +2,14 @@
        {{* include the title template for the settings title *}}
        {{include file="section_title.tpl" title=$title}}
        <form action="settings/oauth" method="post" autocomplete="off">
-               <input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
+               <input type="hidden" name="form_security_token" value="{{$form_security_token}}">
                <table id='application-block' class='table table-condensed table-striped'>
                        <thead>
                                <tr>
                                        <th>{{$name}}</th>
                                        <th>{{$website}}</th>
                                        <th>{{$created_at}}</th>
+                                       <th></th>
                                </tr>
                        </thead>
                        <tbody>
@@ -17,7 +18,11 @@
                                        <td>{{$app.name}}</td>
                                        <td>{{$app.website}}</td>
                                        <td>{{$app.created_at}}</td>
-                                       <td><a href="{{$baseurl}}/settings/oauth/delete/{{$app.id}}?t={{$form_security_token}}" class="btn" title="{{$delete}}"><i class="fa fa-trash" aria-hidden="true"></i></a></td>
+                                       <td>
+                                               <button type="submit" class="btn" title="{{$delete}}" name="delete" value="{{$app.id}}">
+                                                       <i class="fa fa-trash" aria-hidden="true"></i>
+                                               </button>
+                                       </td>
                                </tr>
                                {{/foreach}}
                        </tbody>
Unnamed repository; edit this file 'description' to name the repository.