From c751352d608b683c4dd0e986ba6a84a8f1336750 Mon Sep 17 00:00:00 2001
From: nupplaPhil <admin+github@philipp.info>
Date: Sun, 1 Mar 2020 13:44:02 +0100
Subject: [PATCH] Add Login form in case of notification links

---
 src/Module/Notifications/Notification.php | 50 ++++++++++++++++-------
 1 file changed, 35 insertions(+), 15 deletions(-)

diff --git a/src/Module/Notifications/Notification.php b/src/Module/Notifications/Notification.php
index 2f5cfa8695..2d0c7c9748 100644
--- a/src/Module/Notifications/Notification.php
+++ b/src/Module/Notifications/Notification.php
@@ -24,6 +24,7 @@ namespace Friendica\Module\Notifications;
 use Friendica\BaseModule;
 use Friendica\Core\System;
 use Friendica\DI;
+use Friendica\Module\Security\Login;
 use Friendica\Network\HTTPException;
 
 /**
@@ -31,15 +32,21 @@ use Friendica\Network\HTTPException;
  */
 class Notification extends BaseModule
 {
-	public static function init(array $parameters = [])
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @throws HTTPException\InternalServerErrorException
+	 * @throws HTTPException\NotFoundException
+	 * @throws HTTPException\UnauthorizedException
+	 * @throws \ImagickException
+	 * @throws \Exception
+	 */
+	public static function post(array $parameters = [])
 	{
 		if (!local_user()) {
 			throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
 		}
-	}
 
-	public static function post(array $parameters = [])
-	{
 		$request_id = $parameters['id'] ?? false;
 
 		if ($request_id) {
@@ -58,9 +65,17 @@ class Notification extends BaseModule
 		}
 	}
 
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @throws HTTPException\UnauthorizedException
+	 */
 	public static function rawContent(array $parameters = [])
 	{
-		// @TODO: Replace with parameter from router
+		if (!local_user()) {
+			throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
+		}
+
 		if (DI::args()->get(1) === 'mark' && DI::args()->get(2) === 'all') {
 			try {
 				$success = DI::notify()->setSeen();
@@ -74,31 +89,36 @@ class Notification extends BaseModule
 	}
 
 	/**
+	 * {@inheritDoc}
+	 *
 	 * Redirect to the notifications main page or to the url for the chosen notifications
 	 *
-	 * @return string|void
+	 * @throws HTTPException\NotFoundException In case the notification is either not existing or is not for this user
 	 * @throws HTTPException\InternalServerErrorException
+	 * @throws \Exception
 	 */
 	public static function content(array $parameters = [])
 	{
+		if (!local_user()) {
+			notice(DI::l10n()->t('Permission denied.'));
+			return Login::form();
+		}
+
 		$request_id = $parameters['id'] ?? false;
 
 		if ($request_id) {
-			try {
-				$notify = DI::notify()->getByID($request_id);
-				DI::notify()->setSeen(true, $notify);
+			$notify = DI::notify()->getByID($request_id);
+			DI::notify()->setSeen(true, $notify);
 
-				if (!empty($notify->link)) {
-					System::externalRedirect($notify->link);
-				}
-
-			} catch (HTTPException\NotFoundException $e) {
-				info(DI::l10n()->t('Invalid notification.'));
+			if (!empty($notify->link)) {
+				System::externalRedirect($notify->link);
 			}
 
 			DI::baseUrl()->redirect();
 		}
 
 		DI::baseUrl()->redirect('notifications/system');
+
+		throw new HTTPException\InternalServerErrorException('Invalid situation.');
 	}
 }
-- 
2.39.5