miklo
/
friendica
sforkowany z mirror/friendica
1
0
Forkuj 0
Kod Zgłoszenia Oczekujące zmiany Packages Projekty Wydania Wiki Aktywność

Replace duplicated authentication code in FKOAuth1 with Session::setAuthenticatedForUser

2022.09-rc
Hypolite Petovan 2019-10-06 11:17:30 -04:00
rodzic 7959b9bbed
commit cb4950a3be
2 zmienionych plików z 7 dodań i 33 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

5
include/api.php
Wyświetl plik

@ -162,6 +162,7 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY
* @brief Login API user * @brief Login API user
* *
* @param App $a App * @param App $a App
* @throws ForbiddenException
* @throws InternalServerErrorException * @throws InternalServerErrorException
* @throws UnauthorizedException * @throws UnauthorizedException
* @hook 'authenticate' * @hook 'authenticate'
@ -170,8 +171,6 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY
* 'password' => password from login form * 'password' => password from login form
* 'authenticated' => return status, * 'authenticated' => return status,
* 'user_record' => return authenticated user record * 'user_record' => return authenticated user record
* @hook 'logged_in'
* array $user logged user record
*/ */
function api_login(App $a) function api_login(App $a)
{ {
@ -182,7 +181,7 @@ function api_login(App $a)
list($consumer, $token) = $oauth1->verify_request($request); list($consumer, $token) = $oauth1->verify_request($request);
if (!is_null($token)) { if (!is_null($token)) {
$oauth1->loginUser($token->uid); $oauth1->loginUser($token->uid);
Hook::callAll('logged_in', $a->user); Session::set('allow_api', true);
return; return;
} }
echo __FILE__.__LINE__.__FUNCTION__ . "<pre>"; echo __FILE__.__LINE__.__FUNCTION__ . "<pre>";

35
src/Network/FKOAuth1.php
Wyświetl plik

@ -4,12 +4,10 @@
*/ */
namespace Friendica\Network; namespace Friendica\Network;
use Friendica\Core\Hook; use Friendica\BaseObject;
use Friendica\Core\Logger; use Friendica\Core\Logger;
use Friendica\Core\PConfig; use Friendica\Core\Session;
use Friendica\Core\System;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Util\DateTimeFormat;
use OAuthServer; use OAuthServer;
use OAuthSignatureMethod_HMAC_SHA1; use OAuthSignatureMethod_HMAC_SHA1;
use OAuthSignatureMethod_PLAINTEXT; use OAuthSignatureMethod_PLAINTEXT;
@ -32,12 +30,13 @@ class FKOAuth1 extends OAuthServer
/** /**
* @param string $uid user id * @param string $uid user id
* @return void * @return void
* @throws HTTPException\ForbiddenException
* @throws HTTPException\InternalServerErrorException * @throws HTTPException\InternalServerErrorException
*/ */
public function loginUser($uid) public function loginUser($uid)
{ {
Logger::log("FKOAuth1::loginUser $uid"); Logger::log("FKOAuth1::loginUser $uid");
$a = \get_app(); $a = BaseObject::getApp();
$record = DBA::selectFirst('user', [], ['uid' => $uid, 'blocked' => 0, 'account_expired' => 0, 'account_removed' => 0, 'verified' => 1]); $record = DBA::selectFirst('user', [], ['uid' => $uid, 'blocked' => 0, 'account_expired' => 0, 'account_removed' => 0, 'verified' => 1]);
if (!DBA::isResult($record)) { if (!DBA::isResult($record)) {
@ -45,31 +44,7 @@ class FKOAuth1 extends OAuthServer
header('HTTP/1.0 401 Unauthorized'); header('HTTP/1.0 401 Unauthorized');
die('This api requires login'); die('This api requires login');
} }
$_SESSION['uid'] = $record['uid'];
$_SESSION['theme'] = $record['theme'];
$_SESSION['mobile-theme'] = PConfig::get($record['uid'], 'system', 'mobile_theme');
$_SESSION['authenticated'] = 1;
$_SESSION['page_flags'] = $record['page-flags'];
$_SESSION['my_url'] = System::baseUrl() . '/profile/' . $record['nickname'];
$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
$_SESSION["allow_api"] = true;
$a->user = $record; Session::setAuthenticatedForUser($a, $record, true);
if (strlen($a->user['timezone'])) {
date_default_timezone_set($a->user['timezone']);
$a->timezone = $a->user['timezone'];
}
$contact = DBA::selectFirst('contact', [], ['uid' => $_SESSION['uid'], 'self' => 1]);
if (DBA::isResult($contact)) {
$a->contact = $contact;
$a->cid = $contact['id'];
$_SESSION['cid'] = $a->cid;
}
DBA::update('user', ['login_date' => DateTimeFormat::utcNow()], ['uid' => $_SESSION['uid']]);
Hook::callAll('logged_in', $a->user);
} }
} }