3.3.9 misc issues (#2260)

* DataSet Column : Fix saving column with listContent with changed heading. xibosignage/xibo#3261 * API : Fix issues with access and refresh tokens cache. xibosignage/xibo#3231 * Image : use upsize constraint to avoid possible memory issues.
xibosignage · Dec 7, 2023 · f09bb8a · f09bb8a
1 parent 41fbac7
commit f09bb8a
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 20 deletions.
diff --git a/lib/Entity/DataSetColumn.php b/lib/Entity/DataSetColumn.php
@@ -252,11 +252,13 @@ public function validate()
             // We can check this is valid by building up a NOT IN sql statement, if we get results.. we know its not good
             $select = '';
 
-            $dbh = $this->getStore()->getConnection();
+            $dbh = $this->getStore()->getConnection('isolated');
 
             for ($i=0; $i < count($list); $i++) {
-                $list_val = $dbh->quote($list[$i]);
-                $select .= $list_val . ',';
+                if (!empty($list[$i])) {
+                    $list_val = $dbh->quote($list[$i]);
+                    $select .= $list_val . ',';
+                }
             }
 
             $select = rtrim($select, ',');
@@ -279,7 +281,7 @@ public function validate()
                 $formula = str_replace('[DisplayId]', 0, $this->formula);
                 // replace DisplayGeoLocation with default CMS location, just to validate here.
                 $formula = str_replace('[DisplayGeoLocation]', "GEOMFROMTEXT('POINT(51.504 -0.104)')", $formula);
-                $this->getStore()->select('SELECT * FROM (SELECT `id`, ' . $formula . ' AS `' . $this->heading . '`  FROM `dataset_' . $this->dataSetId . '`) dataset WHERE 1 = 1 ', []);
+                $this->getStore()->select('SELECT * FROM (SELECT `id`, ' . $formula . ' AS `' . $this->heading . '`  FROM `dataset_' . $this->dataSetId . '`) dataset WHERE 1 = 1 ', [], 'isolated');
             } catch (\Exception $e) {
                 $this->getLog()->debug('Formula validation failed with following message ' . $e->getMessage());
                 throw new InvalidArgumentException(__('Provided formula is invalid'), 'formula');

diff --git a/lib/OAuth/AccessTokenRepository.php b/lib/OAuth/AccessTokenRepository.php
@@ -130,27 +130,38 @@ public function isAccessTokenRevoked($tokenId)
     /** @inheritDoc */
     public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEntity)
     {
+        $date = clone $accessTokenEntity->getExpiryDateTime();
+        // since stash cache sets expiresAt at up to provided date
+        // with up to 15% less than the provided date
+        // add more time to normal token expire, to ensure cache does not expire before the token.
+        $date = $date->add(new \DateInterval('PT30M'));
+
         // cache with token identifier
         $cache = $this->pool->getItem('C_' . $accessTokenEntity->getIdentifier());
+
         $cache->set(
             [
                 'userIdentifier' => $accessTokenEntity->getUserIdentifier(),
                 'client' => $accessTokenEntity->getClient()->getIdentifier()
             ]
         );
-        $cache->expiresAt($accessTokenEntity->getExpiryDateTime());
+        $cache->expiresAt($date);
         $this->pool->saveDeferred($cache);
 
         // double cache with client identifier and user identifier
         // this will allow us to revoke access to client or for specific client/user combination in the backend
-        $cache2 = $this->pool->getItem('C_' . $accessTokenEntity->getClient()->getIdentifier() . '/' . $accessTokenEntity->getUserIdentifier());
+        $cache2 = $this->pool->getItem(
+            'C_' . $accessTokenEntity->getClient()->getIdentifier() . '/' . $accessTokenEntity->getUserIdentifier()
+        );
+
         $cache2->set(
             [
                 'userIdentifier' => $accessTokenEntity->getUserIdentifier(),
                 'client' => $accessTokenEntity->getClient()->getIdentifier()
             ]
         );
-        $cache2->expiresAt($accessTokenEntity->getExpiryDateTime());
+
+        $cache2->expiresAt($date);
         $this->pool->saveDeferred($cache2);
     }
 

diff --git a/lib/OAuth/RefreshTokenRepository.php b/lib/OAuth/RefreshTokenRepository.php
@@ -1,8 +1,8 @@
 <?php
-/**
- * Copyright (C) 2022 Xibo Signage Ltd
+/*
+ * Copyright (C) 2023 Xibo Signage Ltd
  *
- * Xibo - Digital Signage - http://www.xibo.org.uk
+ * Xibo - Digital Signage - https://xibosignage.com
  *
  * This file is part of Xibo.
  *
@@ -52,14 +52,20 @@ public function __construct(\Xibo\Service\LogServiceInterface $logger, PoolInter
      */
     public function persistNewRefreshToken(RefreshTokenEntityInterface $refreshTokenEntity)
     {
+        $date = clone $refreshTokenEntity->getExpiryDateTime();
+        // since stash cache sets expiresAt at up to provided date
+        // with up to 15% less than the provided date
+        // add more time to normal refresh token expire, to ensure cache does not expire before the token.
+        $date = $date->add(new \DateInterval('P15D'));
+
         // cache with refresh token identifier
         $cache = $this->pool->getItem('R_' . $refreshTokenEntity->getIdentifier());
         $cache->set(
             [
                 'accessToken' => $refreshTokenEntity->getAccessToken()->getIdentifier(),
             ]
         );
-        $cache->expiresAt($refreshTokenEntity->getExpiryDateTime());
+        $cache->expiresAt($date);
         $this->pool->saveDeferred($cache);
     }
 
@@ -88,13 +94,18 @@ public function isRefreshTokenRevoked($tokenId)
         $tokenCache = $this->pool->getItem('C_' . $refreshTokenData['accessToken']);
         $tokenCacheData = $tokenCache->get();
 
-        // check access token cache by client and user identifiers
-        // (see if application got changed secret/revoked access)
-        $cache2 = $this->pool->getItem('C_' . $tokenCacheData['client'] . '/' . $tokenCacheData['userIdentifier']);
-        $data2 = $cache2->get();
+        // if the token itself not expired yet
+        // check if it was unauthorised by the specific user
+        // we cannot always check this as it would revoke refresh token if the access token already expired.
+        if (!$tokenCache->isMiss() && !empty($tokenCacheData)) {
+            // check access token cache by client and user identifiers
+            // (see if application got changed secret/revoked access)
+            $cache2 = $this->pool->getItem('C_' . $tokenCacheData['client'] . '/' . $tokenCacheData['userIdentifier']);
+            $data2 = $cache2->get();
 
-        if ($cache2->isMiss() || empty($data2)) {
-            return true;
+            if ($cache2->isMiss() || empty($data2)) {
+                return true;
+            }
         }
 
         return false; // The refresh token has not been revoked

diff --git a/lib/Widget/Image.php b/lib/Widget/Image.php
@@ -1,8 +1,8 @@
 <?php
-/**
- * Copyright (C) 2020 Xibo Signage Ltd
+/*
+ * Copyright (C) 2023 Xibo Signage Ltd
  *
- * Xibo - Digital Signage - http://www.xibo.org.uk
+ * Xibo - Digital Signage - https://xibosignage.com
  *
  * This file is part of Xibo.
  *
@@ -286,6 +286,7 @@ public function download(Request $request, Response $response): Response
                                 if ($proportional) {
                                     $constraint->aspectRatio();
                                 }
+                                $constraint->upsize();
                             });
                         }
                     }