Remove callExit() from AuthenticationPlugin::readCredentials()

Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
phpmyadmin · May 9, 2024 · bc00b69 · bc00b69
1 parent e435bb7
commit bc00b69
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 40 deletions.
diff --git a/src/Http/Middleware/Authentication.php b/src/Http/Middleware/Authentication.php
@@ -26,6 +26,7 @@
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\MiddlewareInterface;
 use Psr\Http\Server\RequestHandlerInterface;
+use Throwable;
 
 use function assert;
 use function define;
@@ -67,6 +68,14 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                 }
             } catch (AuthenticationFailure $exception) {
                 return $authPlugin->showFailure($exception);
+            } catch (Throwable $exception) {
+                $response = $this->responseFactory->createResponse(StatusCodeInterface::STATUS_INTERNAL_SERVER_ERROR);
+
+                return $response->write($this->template->render('error/generic', [
+                    'lang' => $GLOBALS['lang'] ?? 'en',
+                    'dir' => LanguageManager::$textDir,
+                    'error_message' => $exception->getMessage(),
+                ]));
             }
 
             $currentServer = new Server(Config::getInstance()->selectedServer);

diff --git a/src/Plugins/Auth/AuthenticationCookie.php b/src/Plugins/Auth/AuthenticationCookie.php
@@ -20,7 +20,6 @@
 use PhpMyAdmin\ResponseRenderer;
 use PhpMyAdmin\Server\Select;
 use PhpMyAdmin\Session;
-use PhpMyAdmin\Template;
 use PhpMyAdmin\Url;
 use PhpMyAdmin\Util;
 use PhpMyAdmin\Utils\SessionCache;
@@ -210,6 +209,7 @@ public function showLoginForm(): Response
      * it directly switches to showFailure() if user inactivity timeout is reached
      *
      * @throws AuthenticationFailure
+     * @throws SessionHandlerException
      */
     public function readCredentials(): bool
     {
@@ -313,19 +313,8 @@ public function readCredentials(): bool
                 $GLOBALS['pma_auth_server'] = Core::sanitizeMySQLHost($_REQUEST['pma_servername']);
             }
 
-            try {
-                /* Secure current session on login to avoid session fixation */
-                Session::secure();
-            } catch (SessionHandlerException $exception) {
-                $responseRenderer = ResponseRenderer::getInstance();
-                $responseRenderer->addHTML((new Template())->render('error/generic', [
-                    'lang' => $GLOBALS['lang'] ?? 'en',
-                    'dir' => LanguageManager::$textDir,
-                    'error_message' => $exception->getMessage(),
-                ]));
-
-                $responseRenderer->callExit();
-            }
+            /* Secure current session on login to avoid session fixation */
+            Session::secure();
 
             return true;
         }

diff --git a/src/Plugins/Auth/AuthenticationSignon.php b/src/Plugins/Auth/AuthenticationSignon.php
@@ -14,6 +14,7 @@
 use PhpMyAdmin\Plugins\AuthenticationPlugin;
 use PhpMyAdmin\ResponseRenderer;
 use PhpMyAdmin\Util;
+use RuntimeException;
 
 use function __;
 use function array_merge;
@@ -26,6 +27,7 @@
 use function session_set_cookie_params;
 use function session_start;
 use function session_write_close;
+use function sprintf;
 
 /**
  * Handles the SignOn authentication method
@@ -92,6 +94,8 @@ public function setCookieParams(array|null $sessionCookieParams = null): void
 
     /**
      * Gets authentication credentials
+     *
+     * @throws RuntimeException
      */
     public function readCredentials(): bool
     {
@@ -120,13 +124,10 @@ public function readCredentials(): bool
         /* Handle script based auth */
         if ($scriptName !== '') {
             if (! @file_exists($scriptName)) {
-                echo $this->template->render('error/generic', [
-                    'lang' => $GLOBALS['lang'] ?? 'en',
-                    'dir' => LanguageManager::$textDir,
-                    'error_message' => __('Can not find signon authentication script:') . ' ' . $scriptName,
-                ]);
-
-                ResponseRenderer::getInstance()->callExit();
+                throw new RuntimeException(sprintf(
+                    __('Can not find signon authentication script: %s'),
+                    '$cfg[\'Servers\'][$i][\'SignonScript\']',
+                ));
             }
 
             include $scriptName;

diff --git a/src/Plugins/AuthenticationPlugin.php b/src/Plugins/AuthenticationPlugin.php
@@ -1,20 +1,16 @@
 <?php
-/**
- * Abstract class for the authentication plugins
- */
 
 declare(strict_types=1);
 
 namespace PhpMyAdmin\Plugins;
 
+use Exception;
 use PhpMyAdmin\Config;
 use PhpMyAdmin\DatabaseInterface;
 use PhpMyAdmin\Exceptions\AuthenticationFailure;
-use PhpMyAdmin\Exceptions\SessionHandlerException;
 use PhpMyAdmin\Http\Response;
 use PhpMyAdmin\Http\ServerRequest;
 use PhpMyAdmin\IpAllowDeny;
-use PhpMyAdmin\LanguageManager;
 use PhpMyAdmin\Logging;
 use PhpMyAdmin\Message;
 use PhpMyAdmin\ResponseRenderer;
@@ -36,8 +32,7 @@
 use function time;
 
 /**
- * Provides a common interface that will have to be implemented by all of the
- * authentication plugins.
+ * Provides a common interface that will have to be implemented by all the authentication plugins.
  */
 abstract class AuthenticationPlugin
 {
@@ -70,6 +65,7 @@ abstract public function showLoginForm(): Response|null;
      * Gets authentication credentials
      *
      * @throws AuthenticationFailure
+     * @throws Exception
      */
     abstract public function readCredentials(): bool;
 
@@ -228,6 +224,7 @@ public function setSessionAccessTime(): void
      * Gets the credentials or shows login form if necessary
      *
      * @throws AuthenticationFailure
+     * @throws Exception
      */
     public function authenticate(): Response|null
     {
@@ -236,18 +233,7 @@ public function authenticate(): Response|null
         /* Show login form (this exits) */
         if (! $success) {
             /* Force generating of new session */
-            try {
-                Session::secure();
-            } catch (SessionHandlerException $exception) {
-                $responseRenderer = ResponseRenderer::getInstance();
-                $responseRenderer->addHTML((new Template())->render('error/generic', [
-                    'lang' => $GLOBALS['lang'] ?? 'en',
-                    'dir' => LanguageManager::$textDir,
-                    'error_message' => $exception->getMessage(),
-                ]));
-
-                return $responseRenderer->response();
-            }
+            Session::secure();
 
             $response = $this->showLoginForm();
             if ($response !== null) {