Move and Split include/security #5946
Conversation
|
Under the previous |
src/Core/Authentication.php
Outdated
| * | ||
| * @return string Hashed data | ||
| */ | ||
| public static function cookie_hash($user) |
There was a problem hiding this comment.
When you move global functions to a class, please rename the methods to camelCase. You can also add details on the method behavior.
For example, I would rename this method to getCookieHashForUser since it returns data (get- prefix) and has a mandatory User record parameter (-ForUser suffix).
src/Core/Authentication.php
Outdated
| * @param int $time | ||
| * @param array $user Record from "user" table | ||
| */ | ||
| public static function new_cookie($time, $user = []) |
There was a problem hiding this comment.
Please rename this method to setCookie.
src/Core/Authentication.php
Outdated
| * @param type $interactive | ||
| * @param type $login_refresh | ||
| */ | ||
| public static function success($user_record, $login_initial = false, $interactive = false, $login_refresh = false) |
There was a problem hiding this comment.
Please rename this method to setAuthenticatedSessionForUser.
src/Core/Authentication.php
Outdated
| /** | ||
| * @brief Kills the "Friendica" cookie and all session data | ||
| */ | ||
| public static function nuke_session() |
There was a problem hiding this comment.
Please rename this method to deleteSession.
| Addon::callHooks('logged_in', $a->user); | ||
|
|
||
| if (($a->module !== 'home') && isset($_SESSION['return_url'])) { | ||
| goaway($a->getbaseUrl() . '/' . $_SESSION['return_url']); |
There was a problem hiding this comment.
This probably should be the object of a future PR, but please keep in mind in your refactoring that goaway() or any other HTTP redirection function/method should only be called from within a module, in this case the Login module.
src/Util/Security.php
Outdated
|
|
||
| public static function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') | ||
| { | ||
| if (!check_form_security_token($typename, $formname)) { |
There was a problem hiding this comment.
Watch out for this lone call to a non-existent function once you removed include/security.php.
src/Util/Security.php
Outdated
| } | ||
| } | ||
|
|
||
| ?> |
There was a problem hiding this comment.
Please remove the closing PHP tag and leave a single new line at the end of the file.
| if ($user) { | ||
| $value = json_encode(["uid" => $user["uid"], | ||
| "hash" => self::cookie_hash($user), | ||
| "ip" => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0')]); |
There was a problem hiding this comment.
Watch out for global functions, their corresponding file should be require_once by this file until we move them to classes.
| } | ||
|
|
||
| if ($login_initial) { | ||
| logger('auth_identities: ' . print_r($a->identities, true), LOGGER_DEBUG); |
There was a problem hiding this comment.
Watch out for global functions, their corresponding file should be require_once by this file until we move them to classes.
src/Util/Security.php
Outdated
| $local_user = local_user(); | ||
| $remote_user = remote_user(); | ||
|
|
||
| /** |
There was a problem hiding this comment.
/**is used to indicate doxygen documentation. Please use /* for inline comments
src/Util/Security.php
Outdated
| AND deny_gid = '' | ||
| "; | ||
|
|
||
| /** |
There was a problem hiding this comment.
/**is used to indicate doxygen documentation. Please use /* for inline comments
src/Util/Security.php
Outdated
| */ | ||
| if ($local_user && $local_user == $owner_id) { | ||
| $sql = ''; | ||
| /** |
There was a problem hiding this comment.
/**is used to indicate doxygen documentation. Please use /* for inline comments
… BaseModule + fix multiline comments
|
I'm sorry you have some conflicts to solve after the last merge. |
…nflict with develop
|
Have you checked for any remaining instances of the global function names you removed in the whole repo ( |
|
Do you mean the function names from |
|
Yes I do. There were a couple remaining when you first submitted the PR, so I just want to make sure you double-checked everywhere. Watch out for function references as callbacks, some IDEs (like NetBeans) will miss those function references because it's a simple string. |
|
I had a typo and not all files were changed by refactoring. |
|
Please update comments and logging strings as well. |
|
Thank you for your work once again! |
|
@jonnytischbein There's a problem:
|
|
I'm on it. |
|
Please have a look at src/Protocol/DFRN.php as well. |
|
Yup. |
|
This seems to have broken my system. The system chokes and throws an error 500; so far I could not find anything in the logs. |
|
At which page do you get this error? Or at any page? I can't reproduce am error 500 at current develop. |
|
Addons is a good hint yes. Maybe it is the projects addon I'll have a look. |
|
Jupp pinging @fabrixxm so he can check ;-) |
|
There were a couple of addons that required the |
|
Yes in friendica/friendica-addons#756 But since I missed some in the base repo, I'm not trusting my methods with grep and IDE :/ |
|
I can confirm there aren't any more instances of |
|
Related discussion: https://forum.friendi.ca/display/f3ad7b1c-155b-cab3-e4d8-7ab744885399 |
|
Seems to be an addon |
|
Sorry for the tone of my comment @jonnytischbein I really appreciate your efforts of support in that issue. Since the @MrPetovan you as well sorry! |
|
It's all good! |
To issue #3878 I did
include/security.phpas proposed in the ethercalc into/src/Core/Authentication.php/src/Util/Security.phpAuthentication::authenticate_successtoAuthentication::successrequire_onces(security.php)(sometimes the file wasn't even needed)Authentication.phpoldSystem::baseUrl()with$a = self::getApp()and$a->getBaseUrl()Strange thing was:
/include/security.phpbut norequire_onces(security.php)use Friendica\...call ?usecallAlso needed PR in addon friendica/friendica-addons#756