Remove callExit() from AuthenticationPlugin::checkTwoFactor()

Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
phpmyadmin · May 9, 2024 · 02044f2 · 02044f2
1 parent 70757ce
commit 02044f2
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 22 deletions.
diff --git a/src/Http/Middleware/Authentication.php b/src/Http/Middleware/Authentication.php
@@ -99,7 +99,10 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
             }
 
             assert($request instanceof ServerRequest);
-            $authPlugin->checkTwoFactor($request);
+            $response = $authPlugin->checkTwoFactor($request);
+            if ($response !== null) {
+                return $response;
+            }
         } catch (ExitException) {
             return ResponseRenderer::getInstance()->response();
         }

diff --git a/src/Plugins/AuthenticationPlugin.php b/src/Plugins/AuthenticationPlugin.php
@@ -10,7 +10,6 @@
 use PhpMyAdmin\Config;
 use PhpMyAdmin\DatabaseInterface;
 use PhpMyAdmin\Exceptions\AuthenticationFailure;
-use PhpMyAdmin\Exceptions\ExitException;
 use PhpMyAdmin\Exceptions\SessionHandlerException;
 use PhpMyAdmin\Http\Response;
 use PhpMyAdmin\Http\ServerRequest;
@@ -306,35 +305,33 @@ public function checkRules(): void
     }
 
     /**
-     * Checks whether two factor authentication is active
-     * for given user and performs it.
-     *
-     * @throws ExitException
+     * Checks whether two-factor authentication is active for given user and performs it.
      */
-    public function checkTwoFactor(ServerRequest $request): void
+    public function checkTwoFactor(ServerRequest $request): Response|null
     {
         $twofactor = new TwoFactor($this->user);
 
         /* Do we need to show the form? */
         if ($twofactor->check($request)) {
-            return;
+            return null;
         }
 
-        $response = ResponseRenderer::getInstance();
-        if ($response->loginPage()) {
-            $response->callExit();
+        $responseRenderer = ResponseRenderer::getInstance();
+        if ($responseRenderer->loginPage()) {
+            return $responseRenderer->response();
         }
 
-        $response->addHTML($this->template->render('login/header', ['session_expired' => false]));
-        $response->addHTML(Message::rawNotice(
+        $responseRenderer->addHTML($this->template->render('login/header', ['session_expired' => false]));
+        $responseRenderer->addHTML(Message::rawNotice(
             __('You have enabled two factor authentication, please confirm your login.'),
         )->getDisplay());
-        $response->addHTML($this->template->render('login/twofactor', [
+        $responseRenderer->addHTML($this->template->render('login/twofactor', [
             'form' => $twofactor->render($request),
             'show_submit' => $twofactor->showSubmit(),
         ]));
-        $response->addHTML($this->template->render('login/footer'));
-        $response->addHTML(Config::renderFooter());
-        $response->callExit();
+        $responseRenderer->addHTML($this->template->render('login/footer'));
+        $responseRenderer->addHTML(Config::renderFooter());
+
+        return $responseRenderer->response();
     }
 }
diff --git a/tests/unit/Plugins/AuthenticationPluginTest.php b/tests/unit/Plugins/AuthenticationPluginTest.php
@@ -53,12 +53,9 @@ public function showFailure(AuthenticationFailure $failure): Response
         $request = ServerRequestFactory::create()->createServerRequest('GET', 'http://example.com/');
 
         $object->user = 'test_user';
-        try {
-            $object->checkTwoFactor($request);
-        } catch (ExitException) {
-        }
+        $response = $object->checkTwoFactor($request);
 
-        $response = $responseRenderer->response();
+        self::assertNotNull($response);
         self::assertStringContainsString(
             'You have enabled two factor authentication, please confirm your login.',
             (string) $response->getBody(),