New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move and Split include/security #5946
Move and Split include/security #5946
Conversation
Under the previous |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your work, I have several requests, mainly about names/locations.
src/Core/Authentication.php
Outdated
* | ||
* @return string Hashed data | ||
*/ | ||
public static function cookie_hash($user) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When you move global functions to a class, please rename the methods to camelCase
. You can also add details on the method behavior.
For example, I would rename this method to getCookieHashForUser
since it returns data (get-
prefix) and has a mandatory User record parameter (-ForUser
suffix).
src/Core/Authentication.php
Outdated
* @param int $time | ||
* @param array $user Record from "user" table | ||
*/ | ||
public static function new_cookie($time, $user = []) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please rename this method to setCookie
.
src/Core/Authentication.php
Outdated
* @param type $interactive | ||
* @param type $login_refresh | ||
*/ | ||
public static function success($user_record, $login_initial = false, $interactive = false, $login_refresh = false) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please rename this method to setAuthenticatedSessionForUser
.
src/Core/Authentication.php
Outdated
/** | ||
* @brief Kills the "Friendica" cookie and all session data | ||
*/ | ||
public static function nuke_session() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please rename this method to deleteSession
.
Addon::callHooks('logged_in', $a->user); | ||
|
||
if (($a->module !== 'home') && isset($_SESSION['return_url'])) { | ||
goaway($a->getbaseUrl() . '/' . $_SESSION['return_url']); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This probably should be the object of a future PR, but please keep in mind in your refactoring that goaway()
or any other HTTP redirection function/method should only be called from within a module, in this case the Login module.
src/Util/Security.php
Outdated
|
||
public static function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') | ||
{ | ||
if (!check_form_security_token($typename, $formname)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Watch out for this lone call to a non-existent function once you removed include/security.php
.
src/Util/Security.php
Outdated
} | ||
} | ||
|
||
?> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove the closing PHP tag and leave a single new line at the end of the file.
if ($user) { | ||
$value = json_encode(["uid" => $user["uid"], | ||
"hash" => self::cookie_hash($user), | ||
"ip" => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0')]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Watch out for global functions, their corresponding file should be require_once
by this file until we move them to classes.
} | ||
|
||
if ($login_initial) { | ||
logger('auth_identities: ' . print_r($a->identities, true), LOGGER_DEBUG); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Watch out for global functions, their corresponding file should be require_once
by this file until we move them to classes.
src/Util/Security.php
Outdated
$local_user = local_user(); | ||
$remote_user = remote_user(); | ||
|
||
/** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/**
is used to indicate doxygen documentation. Please use /*
for inline comments
src/Util/Security.php
Outdated
AND deny_gid = '' | ||
"; | ||
|
||
/** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/**
is used to indicate doxygen documentation. Please use /*
for inline comments
src/Util/Security.php
Outdated
*/ | ||
if ($local_user && $local_user == $owner_id) { | ||
$sql = ''; | ||
/** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/**
is used to indicate doxygen documentation. Please use /*
for inline comments
… BaseModule + fix multiline comments
I'm sorry you have some conflicts to solve after the last merge. |
…nflict with develop
Have you checked for any remaining instances of the global function names you removed in the whole repo ( |
Do you mean the function names from |
Yes I do. There were a couple remaining when you first submitted the PR, so I just want to make sure you double-checked everywhere. Watch out for function references as callbacks, some IDEs (like NetBeans) will miss those function references because it's a simple string. |
I had a typo and not all files were changed by refactoring. |
Please update comments and logging strings as well. |
Thank you for your work once again! |
@jonnytischbein There's a problem:
|
I'm on it. |
Please have a look at src/Protocol/DFRN.php as well. |
Yup. |
This seems to have broken my system. The system chokes and throws an error 500; so far I could not find anything in the logs. |
At which page do you get this error? Or at any page? I can't reproduce am error 500 at current develop. |
Addons is a good hint yes. Maybe it is the projects addon I'll have a look. |
Jupp pinging @fabrixxm so he can check ;-) |
There were a couple of addons that required the |
Yes in friendica/friendica-addons#756 But since I missed some in the base repo, I'm not trusting my methods with grep and IDE :/ |
I can confirm there aren't any more instances of |
Related discussion: https://forum.friendi.ca/display/f3ad7b1c-155b-cab3-e4d8-7ab744885399 |
Seems to be an addon |
Sorry for the tone of my comment @jonnytischbein I really appreciate your efforts of support in that issue. Since the @MrPetovan you as well sorry! |
It's all good! |
To issue #3878 I did
include/security.php
as proposed in the ethercalc into/src/Core/Authentication.php
/src/Util/Security.php
Authentication::authenticate_success
toAuthentication::success
require_onces(security.php)
(sometimes the file wasn't even needed)Authentication.php
oldSystem::baseUrl()
with$a = self::getApp()
and$a->getBaseUrl()
Strange thing was:
/include/security.php
but norequire_onces(security.php)
use Friendica\...
call ?use
callAlso needed PR in addon friendica/friendica-addons#756