From cb4950a3beb4e0e628582daf53d55f2a1ea95b28 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 6 Oct 2019 11:17:30 -0400 Subject: [PATCH] Replace duplicated authentication code in FKOAuth1 with Session::setAuthenticatedForUser --- include/api.php | 5 ++--- src/Network/FKOAuth1.php | 35 +++++------------------------------ 2 files changed, 7 insertions(+), 33 deletions(-) diff --git a/include/api.php b/include/api.php index 8b938508bd..3cadb485de 100644 --- a/include/api.php +++ b/include/api.php @@ -162,6 +162,7 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY * @brief Login API user * * @param App $a App + * @throws ForbiddenException * @throws InternalServerErrorException * @throws UnauthorizedException * @hook 'authenticate' @@ -170,8 +171,6 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY * 'password' => password from login form * 'authenticated' => return status, * 'user_record' => return authenticated user record - * @hook 'logged_in' - * array $user logged user record */ function api_login(App $a) { @@ -182,7 +181,7 @@ function api_login(App $a) list($consumer, $token) = $oauth1->verify_request($request); if (!is_null($token)) { $oauth1->loginUser($token->uid); - Hook::callAll('logged_in', $a->user); + Session::set('allow_api', true); return; } echo __FILE__.__LINE__.__FUNCTION__ . "
";
diff --git a/src/Network/FKOAuth1.php b/src/Network/FKOAuth1.php
index 33fdf0ac22..eb13290577 100644
--- a/src/Network/FKOAuth1.php
+++ b/src/Network/FKOAuth1.php
@@ -4,12 +4,10 @@
  */
 namespace Friendica\Network;
 
-use Friendica\Core\Hook;
+use Friendica\BaseObject;
 use Friendica\Core\Logger;
-use Friendica\Core\PConfig;
-use Friendica\Core\System;
+use Friendica\Core\Session;
 use Friendica\Database\DBA;
-use Friendica\Util\DateTimeFormat;
 use OAuthServer;
 use OAuthSignatureMethod_HMAC_SHA1;
 use OAuthSignatureMethod_PLAINTEXT;
@@ -32,12 +30,13 @@ class FKOAuth1 extends OAuthServer
 	/**
 	 * @param string $uid user id
 	 * @return void
+	 * @throws HTTPException\ForbiddenException
 	 * @throws HTTPException\InternalServerErrorException
 	 */
 	public function loginUser($uid)
 	{
 		Logger::log("FKOAuth1::loginUser $uid");
-		$a = \get_app();
+		$a = BaseObject::getApp();
 		$record = DBA::selectFirst('user', [], ['uid' => $uid, 'blocked' => 0, 'account_expired' => 0, 'account_removed' => 0, 'verified' => 1]);
 
 		if (!DBA::isResult($record)) {
@@ -45,31 +44,7 @@ class FKOAuth1 extends OAuthServer
 			header('HTTP/1.0 401 Unauthorized');
 			die('This api requires login');
 		}
-		$_SESSION['uid'] = $record['uid'];
-		$_SESSION['theme'] = $record['theme'];
-		$_SESSION['mobile-theme'] = PConfig::get($record['uid'], 'system', 'mobile_theme');
-		$_SESSION['authenticated'] = 1;
-		$_SESSION['page_flags'] = $record['page-flags'];
-		$_SESSION['my_url'] = System::baseUrl() . '/profile/' . $record['nickname'];
-		$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
-		$_SESSION["allow_api"] = true;
 
-		$a->user = $record;
-
-		if (strlen($a->user['timezone'])) {
-			date_default_timezone_set($a->user['timezone']);
-			$a->timezone = $a->user['timezone'];
-		}
-
-		$contact = DBA::selectFirst('contact', [], ['uid' => $_SESSION['uid'], 'self' => 1]);
-		if (DBA::isResult($contact)) {
-			$a->contact = $contact;
-			$a->cid = $contact['id'];
-			$_SESSION['cid'] = $a->cid;
-		}
-
-		DBA::update('user', ['login_date' => DateTimeFormat::utcNow()], ['uid' => $_SESSION['uid']]);
-
-		Hook::callAll('logged_in', $a->user);
+		Session::setAuthenticatedForUser($a, $record, true);
 	}
 }
-- 
2.39.5