mirror of https://github.com/friendica/friendica
Add Session Management instances (including Depenency Injection)
- Prerequesite for mocking Sessions - Reduce "App" class complexity
This commit is contained in:
parent
009a8bb939
commit
555513e4b4
|
|
@ -670,15 +670,11 @@ class App
|
|||
System::externalRedirect($this->baseURL->get() . '/' . $this->args->getQueryString());
|
||||
}
|
||||
|
||||
Core\Session::init();
|
||||
Core\Hook::callAll('init_1');
|
||||
}
|
||||
|
||||
// Exclude the backend processes from the session management
|
||||
if (!$this->mode->isBackend()) {
|
||||
$stamp1 = microtime(true);
|
||||
session_start();
|
||||
$this->profiler->saveTimestamp($stamp1, 'parser', Core\System::callstack());
|
||||
$this->l10n->setSessionVariable();
|
||||
$this->l10n->setLangFromSession();
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -41,6 +41,8 @@ class Authentication
|
|||
private $logger;
|
||||
/** @var User\Cookie */
|
||||
private $cookie;
|
||||
/** @var Session\ISession */
|
||||
private $session;
|
||||
|
||||
/**
|
||||
* Authentication constructor.
|
||||
|
|
@ -51,8 +53,9 @@ class Authentication
|
|||
* @param Database $dba
|
||||
* @param LoggerInterface $logger
|
||||
* @param User\Cookie $cookie
|
||||
* @param Session\ISession $session
|
||||
*/
|
||||
public function __construct(Configuration $config, App\BaseURL $baseUrl, L10n $l10n, Database $dba, LoggerInterface $logger, User\Cookie $cookie)
|
||||
public function __construct(Configuration $config, App\BaseURL $baseUrl, L10n $l10n, Database $dba, LoggerInterface $logger, User\Cookie $cookie, Session\ISession $session)
|
||||
{
|
||||
$this->config = $config;
|
||||
$this->baseUrl = $baseUrl;
|
||||
|
|
@ -60,6 +63,7 @@ class Authentication
|
|||
$this->dba = $dba;
|
||||
$this->logger = $logger;
|
||||
$this->cookie = $cookie;
|
||||
$this->session = $session;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -88,12 +92,12 @@ class Authentication
|
|||
'verified' => true,
|
||||
]
|
||||
);
|
||||
if (DBA::isResult($user)) {
|
||||
if ($this->dba->isResult($user)) {
|
||||
if (!$this->cookie->check($data->hash,
|
||||
$user['password'] ?? '',
|
||||
$user['prvKey'] ?? '')) {
|
||||
$this->logger->notice("Hash doesn't fit.", ['user' => $data->uid]);
|
||||
Session::delete();
|
||||
$this->session->delete();
|
||||
$this->baseUrl->redirect();
|
||||
}
|
||||
|
||||
|
|
@ -101,34 +105,34 @@ class Authentication
|
|||
$this->cookie->set($user['uid'], $user['password'], $user['prvKey']);
|
||||
|
||||
// Do the authentification if not done by now
|
||||
if (!Session::get('authenticated')) {
|
||||
if (!$this->session->get('authenticated')) {
|
||||
$this->setForUser($a, $user);
|
||||
|
||||
if ($this->config->get('system', 'paranoia')) {
|
||||
Session::set('addr', $data->ip);
|
||||
$this->session->set('addr', $data->ip);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (Session::get('authenticated')) {
|
||||
if (Session::get('visitor_id') && !Session::get('uid')) {
|
||||
$contact = $this->dba->selectFirst('contact', [], ['id' => Session::get('visitor_id')]);
|
||||
if ($this->session->get('authenticated')) {
|
||||
if ($this->session->get('visitor_id') && !$this->session->get('uid')) {
|
||||
$contact = $this->dba->selectFirst('contact', [], ['id' => $this->session->get('visitor_id')]);
|
||||
if ($this->dba->isResult($contact)) {
|
||||
$a->contact = $contact;
|
||||
}
|
||||
}
|
||||
|
||||
if (Session::get('uid')) {
|
||||
if ($this->session->get('uid')) {
|
||||
// already logged in user returning
|
||||
$check = $this->config->get('system', 'paranoia');
|
||||
// extra paranoia - if the IP changed, log them out
|
||||
if ($check && (Session::get('addr') != $_SERVER['REMOTE_ADDR'])) {
|
||||
if ($check && ($this->session->get('addr') != $_SERVER['REMOTE_ADDR'])) {
|
||||
$this->logger->notice('Session address changed. Paranoid setting in effect, blocking session. ', [
|
||||
'addr' => Session::get('addr'),
|
||||
'addr' => $this->session->get('addr'),
|
||||
'remote_addr' => $_SERVER['REMOTE_ADDR']]
|
||||
);
|
||||
Session::delete();
|
||||
$this->session->delete();
|
||||
$this->baseUrl->redirect();
|
||||
}
|
||||
|
||||
|
|
@ -136,7 +140,7 @@ class Authentication
|
|||
'user',
|
||||
[],
|
||||
[
|
||||
'uid' => Session::get('uid'),
|
||||
'uid' => $this->session->get('uid'),
|
||||
'blocked' => false,
|
||||
'account_expired' => false,
|
||||
'account_removed' => false,
|
||||
|
|
@ -144,18 +148,18 @@ class Authentication
|
|||
]
|
||||
);
|
||||
if (!$this->dba->isResult($user)) {
|
||||
Session::delete();
|
||||
$this->session->delete();
|
||||
$this->baseUrl->redirect();
|
||||
}
|
||||
|
||||
// Make sure to refresh the last login time for the user if the user
|
||||
// stays logged in for a long time, e.g. with "Remember Me"
|
||||
$login_refresh = false;
|
||||
if (!Session::get('last_login_date')) {
|
||||
Session::set('last_login_date', DateTimeFormat::utcNow());
|
||||
if (!$this->session->get('last_login_date')) {
|
||||
$this->session->set('last_login_date', DateTimeFormat::utcNow());
|
||||
}
|
||||
if (strcmp(DateTimeFormat::utc('now - 12 hours'), Session::get('last_login_date')) > 0) {
|
||||
Session::set('last_login_date', DateTimeFormat::utcNow());
|
||||
if (strcmp(DateTimeFormat::utc('now - 12 hours'), $this->session->get('last_login_date')) > 0) {
|
||||
$this->session->set('last_login_date', DateTimeFormat::utcNow());
|
||||
$login_refresh = true;
|
||||
}
|
||||
|
||||
|
|
@ -186,8 +190,8 @@ class Authentication
|
|||
try {
|
||||
$openid = new LightOpenID($this->baseUrl->getHostname());
|
||||
$openid->identity = $openid_url;
|
||||
Session::set('openid', $openid_url);
|
||||
Session::set('remember', $remember);
|
||||
$this->session->set('openid', $openid_url);
|
||||
$this->session->set('remember', $remember);
|
||||
$openid->returnUrl = $this->baseUrl->get(true) . '/openid';
|
||||
$openid->optional = ['namePerson/friendly', 'contact/email', 'namePerson', 'namePerson/first', 'media/image/aspect11', 'media/image/default'];
|
||||
System::externalRedirect($openid->authUrl());
|
||||
|
|
@ -250,11 +254,11 @@ class Authentication
|
|||
}
|
||||
|
||||
// if we haven't failed up this point, log them in.
|
||||
Session::set('remember', $remember);
|
||||
Session::set('last_login_date', DateTimeFormat::utcNow());
|
||||
$this->session->set('remember', $remember);
|
||||
$this->session->set('last_login_date', DateTimeFormat::utcNow());
|
||||
|
||||
$openid_identity = Session::get('openid_identity');
|
||||
$openid_server = Session::get('openid_server');
|
||||
$openid_identity = $this->session->get('openid_identity');
|
||||
$openid_server = $this->session->get('openid_server');
|
||||
|
||||
if (!empty($openid_identity) || !empty($openid_server)) {
|
||||
$this->dba->update('user', ['openid' => $openid_identity, 'openidserver' => $openid_server], ['uid' => $record['uid']]);
|
||||
|
|
@ -262,8 +266,8 @@ class Authentication
|
|||
|
||||
$this->setForUser($a, $record, true, true);
|
||||
|
||||
$return_path = Session::get('return_path', '');
|
||||
Session::remove('return_path');
|
||||
$return_path = $this->session->get('return_path', '');
|
||||
$this->session->remove('return_path');
|
||||
|
||||
$this->baseUrl->redirect($return_path);
|
||||
}
|
||||
|
|
@ -282,7 +286,7 @@ class Authentication
|
|||
*/
|
||||
public function setForUser(App $a, array $user_record, bool $login_initial = false, bool $interactive = false, bool $login_refresh = false)
|
||||
{
|
||||
Session::setMultiple([
|
||||
$this->session->setMultiple([
|
||||
'uid' => $user_record['uid'],
|
||||
'theme' => $user_record['theme'],
|
||||
'mobile-theme' => PConfig::get($user_record['uid'], 'system', 'mobile_theme'),
|
||||
|
|
@ -296,7 +300,7 @@ class Authentication
|
|||
Session::setVisitorsContacts();
|
||||
|
||||
$member_since = strtotime($user_record['register_date']);
|
||||
Session::set('new_member', time() < ($member_since + (60 * 60 * 24 * 14)));
|
||||
$this->session->set('new_member', time() < ($member_since + (60 * 60 * 24 * 14)));
|
||||
|
||||
if (strlen($user_record['timezone'])) {
|
||||
date_default_timezone_set($user_record['timezone']);
|
||||
|
|
@ -305,8 +309,8 @@ class Authentication
|
|||
|
||||
$masterUid = $user_record['uid'];
|
||||
|
||||
if (Session::get('submanage')) {
|
||||
$user = $this->dba->selectFirst('user', ['uid'], ['uid' => Session::get('submanage')]);
|
||||
if ($this->session->get('submanage')) {
|
||||
$user = $this->dba->selectFirst('user', ['uid'], ['uid' => $this->session->get('submanage')]);
|
||||
if ($this->dba->isResult($user)) {
|
||||
$masterUid = $user['uid'];
|
||||
}
|
||||
|
|
@ -326,7 +330,7 @@ class Authentication
|
|||
if ($this->dba->isResult($contact)) {
|
||||
$a->contact = $contact;
|
||||
$a->cid = $contact['id'];
|
||||
Session::set('cid', $a->cid);
|
||||
$this->session->set('cid', $a->cid);
|
||||
}
|
||||
|
||||
header('X-Account-Management-Status: active; name="' . $user_record['username'] . '"; id="' . $user_record['nickname'] . '"');
|
||||
|
|
@ -346,10 +350,10 @@ class Authentication
|
|||
* The cookie will be renewed automatically.
|
||||
* The week ensures that sessions will expire after some inactivity.
|
||||
*/;
|
||||
if (Session::get('remember')) {
|
||||
if ($this->session->get('remember')) {
|
||||
$a->getLogger()->info('Injecting cookie for remembered user ' . $user_record['nickname']);
|
||||
$this->cookie->set($user_record['uid'], $user_record['password'], $user_record['prvKey']);
|
||||
Session::remove('remember');
|
||||
$this->session->remove('remember');
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -370,8 +374,8 @@ class Authentication
|
|||
if ($login_initial) {
|
||||
Hook::callAll('logged_in', $a->user);
|
||||
|
||||
if ($a->module !== 'home' && Session::exists('return_path')) {
|
||||
$this->baseUrl->redirect(Session::get('return_path'));
|
||||
if ($a->module !== 'home' && $this->session->exists('return_path')) {
|
||||
$this->baseUrl->redirect($this->session->get('return_path'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -395,7 +399,7 @@ class Authentication
|
|||
}
|
||||
|
||||
// Case 1: 2FA session present and valid: return
|
||||
if (Session::get('2fa')) {
|
||||
if ($this->session->get('2fa')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,119 +5,50 @@
|
|||
*/
|
||||
namespace Friendica\Core;
|
||||
|
||||
use Friendica\App;
|
||||
use Friendica\BaseObject;
|
||||
use Friendica\Core\Cache\ICache;
|
||||
use Friendica\Core\Session\CacheSessionHandler;
|
||||
use Friendica\Core\Session\DatabaseSessionHandler;
|
||||
use Friendica\Database\Database;
|
||||
use Friendica\Core\Session\ISession;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\User;
|
||||
use Friendica\Util\Strings;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
||||
/**
|
||||
* High-level Session service class
|
||||
*
|
||||
* @author Hypolite Petovan <hypolite@mrpetovan.com>
|
||||
*/
|
||||
class Session
|
||||
class Session extends BaseObject
|
||||
{
|
||||
public static $exists = false;
|
||||
public static $expire = 180000;
|
||||
|
||||
public static function init()
|
||||
{
|
||||
ini_set('session.gc_probability', 50);
|
||||
ini_set('session.use_only_cookies', 1);
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
|
||||
if (Config::get('system', 'ssl_policy') == App\BaseURL::SSL_POLICY_FULL) {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
}
|
||||
|
||||
$session_handler = Config::get('system', 'session_handler', 'database');
|
||||
if ($session_handler != 'native') {
|
||||
if ($session_handler == 'cache' && Config::get('system', 'cache_driver', 'database') != 'database') {
|
||||
$SessionHandler = new CacheSessionHandler(
|
||||
BaseObject::getClass(ICache::class),
|
||||
BaseObject::getClass(LoggerInterface::class),
|
||||
$_SERVER
|
||||
);
|
||||
} else {
|
||||
$SessionHandler = new DatabaseSessionHandler(
|
||||
BaseObject::getClass(Database::class),
|
||||
BaseObject::getClass(LoggerInterface::class),
|
||||
$_SERVER
|
||||
);
|
||||
}
|
||||
|
||||
session_set_save_handler($SessionHandler);
|
||||
}
|
||||
}
|
||||
|
||||
public static function exists($name)
|
||||
{
|
||||
return isset($_SESSION[$name]);
|
||||
return self::getClass(ISession::class)->exists($name);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves a key from the session super global or the defaults if the key is missing or the value is falsy.
|
||||
*
|
||||
* Handle the case where session_start() hasn't been called and the super global isn't available.
|
||||
*
|
||||
* @param string $name
|
||||
* @param mixed $defaults
|
||||
* @return mixed
|
||||
*/
|
||||
public static function get($name, $defaults = null)
|
||||
{
|
||||
return $_SESSION[$name] ?? $defaults;
|
||||
return self::getClass(ISession::class)->get($name, $defaults);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets a single session variable.
|
||||
* Overrides value of existing key.
|
||||
*
|
||||
* @param string $name
|
||||
* @param mixed $value
|
||||
*/
|
||||
public static function set($name, $value)
|
||||
{
|
||||
$_SESSION[$name] = $value;
|
||||
self::getClass(ISession::class)->set($name, $value);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets multiple session variables.
|
||||
* Overrides values for existing keys.
|
||||
*
|
||||
* @param array $values
|
||||
*/
|
||||
public static function setMultiple(array $values)
|
||||
{
|
||||
$_SESSION = $values + $_SESSION;
|
||||
self::getClass(ISession::class)->setMultiple($values);
|
||||
}
|
||||
|
||||
/**
|
||||
* Removes a session variable.
|
||||
* Ignores missing keys.
|
||||
*
|
||||
* @param $name
|
||||
*/
|
||||
public static function remove($name)
|
||||
{
|
||||
unset($_SESSION[$name]);
|
||||
self::getClass(ISession::class)->remove($name);
|
||||
}
|
||||
|
||||
/**
|
||||
* Clears the current session array
|
||||
*/
|
||||
public static function clear()
|
||||
{
|
||||
session_unset();
|
||||
session_start();
|
||||
$_SESSION = [];
|
||||
self::getClass(ISession::class)->clear();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -184,16 +115,8 @@ class Session
|
|||
return $_SESSION['authenticated'];
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Kills the "Friendica" cookie and all session data
|
||||
*/
|
||||
public static function delete()
|
||||
{
|
||||
/** @var User\Cookie $cookie */
|
||||
$cookie = BaseObject::getClass(User\Cookie::class);
|
||||
$cookie->clear();
|
||||
$_SESSION = [];
|
||||
session_unset();
|
||||
session_destroy();
|
||||
self::getClass(ISession::class)->delete();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,9 @@
|
|||
namespace Friendica\Core\Session;
|
||||
|
||||
use Friendica\Core\Cache\ICache;
|
||||
use Friendica\Core\Config\Configuration;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Model\User\Cookie;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use SessionHandlerInterface;
|
||||
|
||||
|
|
@ -12,7 +14,7 @@ use SessionHandlerInterface;
|
|||
*
|
||||
* @author Hypolite Petovan <hypolite@mrpetovan.com>
|
||||
*/
|
||||
class CacheSessionHandler implements SessionHandlerInterface
|
||||
final class CacheSession extends NativeSession implements SessionHandlerInterface
|
||||
{
|
||||
/** @var ICache */
|
||||
private $cache;
|
||||
|
|
@ -21,18 +23,15 @@ class CacheSessionHandler implements SessionHandlerInterface
|
|||
/** @var array The $_SERVER array */
|
||||
private $server;
|
||||
|
||||
/**
|
||||
* CacheSessionHandler constructor.
|
||||
*
|
||||
* @param ICache $cache
|
||||
* @param LoggerInterface $logger
|
||||
* @param array $server
|
||||
*/
|
||||
public function __construct(ICache $cache, LoggerInterface $logger, array $server)
|
||||
public function __construct(Configuration $config, Cookie $cookie, ICache $cache, LoggerInterface $logger, array $server)
|
||||
{
|
||||
parent::__construct($config, $cookie);
|
||||
|
||||
$this->cache = $cache;
|
||||
$this->logger = $logger;
|
||||
$this->server = $server;
|
||||
|
||||
session_set_save_handler($this);
|
||||
}
|
||||
|
||||
public function open($save_path, $session_name)
|
||||
|
|
@ -64,8 +63,9 @@ class CacheSessionHandler implements SessionHandlerInterface
|
|||
* on the case. Uses the Session::expire for existing session, 5 minutes
|
||||
* for newly created session.
|
||||
*
|
||||
* @param string $session_id Session ID with format: [a-z0-9]{26}
|
||||
* @param string $session_data Serialized session data
|
||||
* @param string $session_id Session ID with format: [a-z0-9]{26}
|
||||
* @param string $session_data Serialized session data
|
||||
*
|
||||
* @return boolean Returns false if parameters are missing, true otherwise
|
||||
* @throws \Exception
|
||||
*/
|
||||
|
|
@ -2,8 +2,10 @@
|
|||
|
||||
namespace Friendica\Core\Session;
|
||||
|
||||
use Friendica\Core\Config\Configuration;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\Database;
|
||||
use Friendica\Model\User\Cookie;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use SessionHandlerInterface;
|
||||
|
||||
|
|
@ -12,7 +14,7 @@ use SessionHandlerInterface;
|
|||
*
|
||||
* @author Hypolite Petovan <hypolite@mrpetovan.com>
|
||||
*/
|
||||
class DatabaseSessionHandler implements SessionHandlerInterface
|
||||
final class DatabaseSession extends NativeSession implements SessionHandlerInterface
|
||||
{
|
||||
/** @var Database */
|
||||
private $dba;
|
||||
|
|
@ -28,11 +30,15 @@ class DatabaseSessionHandler implements SessionHandlerInterface
|
|||
* @param LoggerInterface $logger
|
||||
* @param array $server
|
||||
*/
|
||||
public function __construct(Database $dba, LoggerInterface $logger, array $server)
|
||||
public function __construct(Configuration $config, Cookie $cookie, Database $dba, LoggerInterface $logger, array $server)
|
||||
{
|
||||
parent::__construct($config, $cookie);
|
||||
|
||||
$this->dba = $dba;
|
||||
$this->logger = $logger;
|
||||
$this->server = $server;
|
||||
|
||||
session_set_save_handler($this);
|
||||
}
|
||||
|
||||
public function open($save_path, $session_name)
|
||||
|
|
@ -64,8 +70,9 @@ class DatabaseSessionHandler implements SessionHandlerInterface
|
|||
* on the case. Uses the Session::expire global for existing session, 5 minutes
|
||||
* for newly created session.
|
||||
*
|
||||
* @param string $session_id Session ID with format: [a-z0-9]{26}
|
||||
* @param string $session_data Serialized session data
|
||||
* @param string $session_id Session ID with format: [a-z0-9]{26}
|
||||
* @param string $session_data Serialized session data
|
||||
*
|
||||
* @return boolean Returns false if parameters are missing, true otherwise
|
||||
* @throws \Exception
|
||||
*/
|
||||
|
|
@ -79,11 +86,11 @@ class DatabaseSessionHandler implements SessionHandlerInterface
|
|||
return true;
|
||||
}
|
||||
|
||||
$expire = time() + Session::$expire;
|
||||
$expire = time() + Session::$expire;
|
||||
$default_expire = time() + 300;
|
||||
|
||||
if (Session::$exists) {
|
||||
$fields = ['data' => $session_data, 'expire' => $expire];
|
||||
$fields = ['data' => $session_data, 'expire' => $expire];
|
||||
$condition = ["`sid` = ? AND (`data` != ? OR `expire` != ?)", $session_id, $session_data, $expire];
|
||||
$this->dba->update('session', $fields, $condition);
|
||||
} else {
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
<?php
|
||||
|
||||
namespace Friendica\Core\Session;
|
||||
|
||||
use Friendica\BaseObject;
|
||||
|
||||
interface ISession
|
||||
{
|
||||
/**
|
||||
* Start the current session
|
||||
*
|
||||
* @return self The own Session instance
|
||||
*/
|
||||
public function start();
|
||||
|
||||
/**
|
||||
* Checks if the key exists in this session
|
||||
*
|
||||
* @param string $name
|
||||
*
|
||||
* @return boolean True, if it exists
|
||||
*/
|
||||
public function exists(string $name);
|
||||
|
||||
/**
|
||||
* Retrieves a key from the session super global or the defaults if the key is missing or the value is falsy.
|
||||
*
|
||||
* Handle the case where session_start() hasn't been called and the super global isn't available.
|
||||
*
|
||||
* @param string $name
|
||||
* @param mixed $defaults
|
||||
* @return mixed
|
||||
*/
|
||||
public function get(string $name, $defaults = null);
|
||||
|
||||
/**
|
||||
* Sets a single session variable.
|
||||
* Overrides value of existing key.
|
||||
*
|
||||
* @param string $name
|
||||
* @param mixed $value
|
||||
*/
|
||||
public function set(string $name, $value);
|
||||
|
||||
/**
|
||||
* Sets multiple session variables.
|
||||
* Overrides values for existing keys.
|
||||
*
|
||||
* @param array $values
|
||||
*/
|
||||
public function setMultiple(array $values);
|
||||
|
||||
/**
|
||||
* Removes a session variable.
|
||||
* Ignores missing keys.
|
||||
*
|
||||
* @param string $name
|
||||
*/
|
||||
public function remove(string $name);
|
||||
|
||||
/**
|
||||
* Clears the current session array
|
||||
*/
|
||||
public function clear();
|
||||
|
||||
/**
|
||||
* Kills the "Friendica" cookie and all session data
|
||||
*/
|
||||
public function delete();
|
||||
}
|
||||
|
|
@ -0,0 +1,84 @@
|
|||
<?php
|
||||
|
||||
namespace Friendica\Core\Session;
|
||||
|
||||
/**
|
||||
* Native Session functions for internal Session usage.
|
||||
*
|
||||
* Usable for backend processes (daemon/worker) and testing
|
||||
*/
|
||||
final class MemorySession implements ISession
|
||||
{
|
||||
private $data = [];
|
||||
|
||||
public function start()
|
||||
{
|
||||
$this->clear();
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritDoc
|
||||
*/
|
||||
public function exists(string $name)
|
||||
{
|
||||
return isset($this->data[$name]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritDoc
|
||||
*/
|
||||
public function get(string $name, $defaults = null)
|
||||
{
|
||||
return $this->data[$name] ?? $defaults;
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritDoc
|
||||
*/
|
||||
public function set(string $name, $value)
|
||||
{
|
||||
$this->data[$name] = $value;
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritDoc
|
||||
*/
|
||||
public function setMultiple(array $values)
|
||||
{
|
||||
foreach ($values as $key => $value) {
|
||||
$this->data[$key] = $value;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritDoc
|
||||
*/
|
||||
public function remove(string $name)
|
||||
{
|
||||
if ($this->exists($name)) {
|
||||
unset($this->data[$name]);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritDoc
|
||||
*/
|
||||
public function clear()
|
||||
{
|
||||
$this->data = [];
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritDoc
|
||||
*/
|
||||
public function delete()
|
||||
{
|
||||
$this->data = [];
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,94 @@
|
|||
<?php
|
||||
|
||||
namespace Friendica\Core\Session;
|
||||
|
||||
use Friendica\Core\Config\Configuration;
|
||||
use Friendica\App;
|
||||
use Friendica\Model\User\Cookie;
|
||||
|
||||
class NativeSession implements ISession
|
||||
{
|
||||
/** @var Cookie */
|
||||
protected $cookie;
|
||||
|
||||
public function __construct(Configuration $config, Cookie $cookie)
|
||||
{
|
||||
ini_set('session.gc_probability', 50);
|
||||
ini_set('session.use_only_cookies', 1);
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
|
||||
if ($config->get('system', 'ssl_policy') == App\BaseURL::SSL_POLICY_FULL) {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
}
|
||||
|
||||
$this->cookie = $cookie;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function start()
|
||||
{
|
||||
session_start();
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}}
|
||||
*/
|
||||
public function exists(string $name)
|
||||
{
|
||||
return isset($_SESSION[$name]);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function get(string $name, $defaults = null)
|
||||
{
|
||||
return $_SESSION[$name] ?? $defaults;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function set(string $name, $value)
|
||||
{
|
||||
$_SESSION[$name] = $value;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function setMultiple(array $values)
|
||||
{
|
||||
$_SESSION = $values + $_SESSION;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function remove(string $name)
|
||||
{
|
||||
unset($_SESSION[$name]);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function clear()
|
||||
{
|
||||
$_SESSION = [];
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Kills the "Friendica" cookie and all session data
|
||||
*/
|
||||
public function delete()
|
||||
{
|
||||
$this->cookie->clear();
|
||||
$_SESSION = [];
|
||||
session_unset();
|
||||
session_destroy();
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
<?php
|
||||
|
||||
namespace Friendica\Factory;
|
||||
|
||||
use Friendica\App;
|
||||
use Friendica\Core\Cache\Cache;
|
||||
use Friendica\Core\Cache\ICache;
|
||||
use Friendica\Core\Config\Configuration;
|
||||
use Friendica\Core\Session\CacheSession;
|
||||
use Friendica\Core\Session\DatabaseSession;
|
||||
use Friendica\Core\Session\ISession;
|
||||
use Friendica\Core\Session\Memory;
|
||||
use Friendica\Core\Session\MemorySession;
|
||||
use Friendica\Core\Session\NativeSession;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Database\Database;
|
||||
use Friendica\Model\User\Cookie;
|
||||
use Friendica\Util\Profiler;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
||||
class SessionFactory
|
||||
{
|
||||
/** @var string The plain, PHP internal session management */
|
||||
const INTERNAL = 'native';
|
||||
/** @var string Using the database for session management */
|
||||
const DATABASE = 'database';
|
||||
/** @var string Using the cache for session management */
|
||||
const CACHE = 'cache';
|
||||
/** @var string A temporary cached session */
|
||||
const MEMORY = 'memory';
|
||||
/** @var string The default type for Session management in case of no config */
|
||||
const DEFAULT = self::DATABASE;
|
||||
|
||||
/**
|
||||
* @param App\Mode $mode
|
||||
* @param Configuration $config
|
||||
* @param Cookie $cookie
|
||||
* @param Database $dba
|
||||
* @param ICache $cache
|
||||
* @param LoggerInterface $logger
|
||||
* @param array $server
|
||||
*
|
||||
* @return ISession
|
||||
*/
|
||||
public function createSession(App\Mode $mode, Configuration $config, Cookie $cookie, Database $dba, ICache $cache, LoggerInterface $logger, Profiler $profiler, array $server = [])
|
||||
{
|
||||
$stamp1 = microtime(true);
|
||||
$session = null;
|
||||
|
||||
try {
|
||||
if ($mode->isInstall() || $mode->isBackend()) {
|
||||
$session = new MemorySession();
|
||||
} else {
|
||||
$session_handler = $config->get('system', 'session_handler', self::DEFAULT);
|
||||
|
||||
switch ($session_handler) {
|
||||
case self::INTERNAL:
|
||||
$session = new NativeSession($config, $cookie);
|
||||
break;
|
||||
case self::DATABASE:
|
||||
default:
|
||||
$session = new DatabaseSession($config, $cookie, $dba, $logger, $server);
|
||||
break;
|
||||
case self::CACHE:
|
||||
// In case we're using the db as cache driver, use the native db session, not the cache
|
||||
if ($config->get('system', 'cache_driver') === Cache::TYPE_DATABASE) {
|
||||
$session = new DatabaseSession($config, $cookie, $dba, $logger, $server);
|
||||
} else {
|
||||
$session = new CacheSession($config, $cookie, $cache, $logger, $server);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
$profiler->saveTimestamp($stamp1, 'parser', System::callstack());
|
||||
return $session;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -6,6 +6,7 @@ use Friendica\Core\Cache;
|
|||
use Friendica\Core\Config;
|
||||
use Friendica\Core\L10n\L10n;
|
||||
use Friendica\Core\Lock\ILock;
|
||||
use Friendica\Core\Session\ISession;
|
||||
use Friendica\Database\Database;
|
||||
use Friendica\Factory;
|
||||
use Friendica\Util;
|
||||
|
|
@ -179,4 +180,11 @@ return [
|
|||
$_SERVER, $_GET
|
||||
],
|
||||
],
|
||||
ISession::class => [
|
||||
'instanceOf' => Factory\SessionFactory::class,
|
||||
'call' => [
|
||||
['createSession', [$_SERVER], Dice::CHAIN_CALL],
|
||||
['start', [], Dice::CHAIN_CALL],
|
||||
],
|
||||
],
|
||||
];
|
||||
|
|
|
|||
Loading…
Reference in New Issue