Added better error handling For Re Authentication

For #1037 Also added ssl check when using HTTP_Request2
Geeklog-Core · Feb 19, 2020 · c326840 · c326840
1 parent 4123cfd
commit c326840
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 17 deletions.
diff --git a/language/english.php b/language/english.php
@@ -2092,6 +2092,7 @@
     'token_expired' => 'The security token for this operation has expired. Please authenticate again to continue.',
     'reauth_msg'    => 'The security token for this operation has expired. If you want to continue with this operation, then please authenticate again below. This will ensure that the changes you just made will not be lost.',
     'token_expired_remote_user' => 'The security token for this operation has expired. Since you are a remote user you cannot re-authenticate, so you have lost your changes.',
+    'token_re_authentication_error' => 'There was an error after your account was re-authenticated. It is unclear if the operation you were performing was executed or not.',
     'authenticate'  => 'Authenticate',
     'approve'       => 'Approve',
     'device'        => 'Device',

diff --git a/language/english_utf-8.php b/language/english_utf-8.php
@@ -2092,6 +2092,7 @@
     'token_expired' => 'The security token for this operation has expired. Please authenticate again to continue.',
     'reauth_msg'    => 'The security token for this operation has expired. If you want to continue with this operation, then please authenticate again below. This will ensure that the changes you just made will not be lost.',
     'token_expired_remote_user' => 'The security token for this operation has expired. Since you are a remote user you cannot re-authenticate, so you have lost your changes.',
+    'token_re_authentication_error' => 'There was an error after your account was re-authenticated. It is unclear if the operation you were performing was executed or not.',
     'authenticate'  => 'Authenticate',
     'approve'       => 'Approve',
     'device'        => 'Device',

diff --git a/language/japanese_utf-8.php b/language/japanese_utf-8.php
@@ -1989,7 +1989,7 @@
 
 ###############################################################################
 # "What's New" Time Strings
-# 
+#
 # This here determines the order of the sentence "No new articles in 2 hrs"
 # order it so it makes sense in your language:
 # %i    item, "Articles"
@@ -2047,7 +2047,7 @@
 
 ###############################################################################
 # Admin - Strings
-# 
+#
 # These are some standard strings used by core functions as well as plugins to
 # display administration lists and edit pages
 
@@ -2091,6 +2091,7 @@
     'token_expired' => 'この操作のセキュリティトークンは期限切れになりました。続けるには再度認証してください。',
     'reauth_msg' => 'この操作のセキュリティトークンは期限切れになりました。続けるには下の認証を行ってください。そうすれば今回の編集作業を失うことはありません。',
     'token_expired_remote_user' => 'この操作のセキュリティトークンは期限切れになりました。リモートユーザーの再認証はできないため、編集内容は失われました。',
+    'token_re_authentication_error' => 'There was an error after your account was re-authenticated. It is unclear if the operation you were performing was executed or not.',
     'authenticate' => '認証する',
     'approve' => '承認する',
     'device' => 'デバイス',
@@ -2737,4 +2738,3 @@
     'config_setting_lang_array' => 'それぞれのキーには他と異なるユニークな言語ショートカット(\'en\', \'de\', \'ja\'など)を指定し、対応するフィールドには言語ファイル名から .php を除いたものを指定してください',
     'config_setting_lang_array_element_req' => '少なくとも1つキーを指定してください。それぞれのキーには他と異なるユニークな言語ショートカット(\'en\', \'de\', \'ja\'など)を指定し、対応するフィールドには言語ファイル名から .php を除いたものを指定してください'
 );
-
diff --git a/public_html/users.php b/public_html/users.php
@@ -479,7 +479,7 @@ function USER_displayLoginErrorAndAbort($msg, $message_title, $message_text)
  */
 function USER_resendRequest()
 {
-    global $_CONF;
+    global $_CONF, $LANG_ADMIN;
 
     $method = Geeklog\Input::fRequest('token_requestmethod', '');
     $returnUrl = Geeklog\Input::fRequest('token_returnurl', '');
@@ -511,15 +511,15 @@ function USER_resendRequest()
             (($method === 'GET') && !empty($getData)))
     ) {
         if ($method === 'POST') {
-            $request = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_POST);
+            $req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_POST);
 
             $data = unserialize($postData);
             foreach ($data as $key => &$value) {
                 if ($key == CSRF_TOKEN) {
-                    $request->addPostParameter($key, SEC_createToken());
+                    $req->addPostParameter($key, SEC_createToken());
                     $value = SEC_createToken();
                 } else {
-                    $request->addPostParameter($key, $value);
+                    $req->addPostParameter($key, $value);
                 }
             }
 
@@ -528,7 +528,7 @@ function USER_resendRequest()
             }
             if (!empty($files)) {
                 foreach ($files as $key => $value) {
-                    $request->addPostParameter('_files_' . $key, $value);
+                    $req->addPostParameter('_files_' . $key, $value);
                 }
             }
         } else { // $method === 'GET'
@@ -541,35 +541,46 @@ function USER_resendRequest()
                 }
             }
 
-            $request = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_GET);
-            $url = $request->getUrl();
+            $req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_GET);
+            $url = $req->getUrl();
             $url->setQueryVariables($data);
         }
 
-        $request->setConfig(array(
+        $options = array(
             'adapter' => 'curl',
             'connect_timeout' => 15,
             'timeout' => 30,
             'follow_redirects' => TRUE,
             'max_redirects' => 1,
-        ));
+        );
+        if (stripos($returnUrl, 'https:') === 0) {
+            $options['ssl_verify_peer'] = true;
 
-        $request->setHeader('User-Agent', 'Geeklog/' . VERSION);
+            $hasCaFile = is_readable(@ini_get('openssl.cafile')) ||
+                is_dir(@ini_get('openssl.capath'));
+
+            if ($hasCaFile !== true) {
+                $options['ssl_cafile'] = $_CONF['path_data'] . 'cacert.pem';
+            }
+        }
+        $req->setConfig($options);
+
+        $req->setHeader('User-Agent', 'Geeklog/' . VERSION);
         // need to fake the referrer so the new token matches
-        $request->setHeader('Referer', COM_getCurrentUrl());
+        $req->setHeader('Referer', COM_getCurrentUrl());
 
         foreach ($_COOKIE as $name => $value) {
             $cookie = $name . '=' . $value;
 
             if (preg_match(HTTP_Request2::REGEXP_INVALID_COOKIE, $cookie)) {
                 COM_errorLog(__FUNCTION__ . " detected invalid cookie: {$cookie}", 1);
             } else {
-                $request->addCookie($name, $value);
+                $req->addCookie($name, $value);
             }
         }
 
         try {
-            $response = $request->send();
+            $response = $req->send();
             $status = $response->getStatus();
 
             if ($status == 200) {
@@ -582,7 +593,9 @@ function USER_resendRequest()
                 SECINT_cleanupFiles($files);
             }
 
-            trigger_error("Resending $method request failed: " . $e->getMessage());
+            COM_errorLog(__METHOD__ . ': ' . $e->getMessage());
+            COM_setSystemMessage($LANG_ADMIN['token_re_authentication_error']);
+            COM_redirect($_CONF['site_url'] . '/index.php');
         }
     } else {
         if (!empty($files)) {