diff --git a/include/api.php b/include/api.php index f360dc411..eccd77675 100644 --- a/include/api.php +++ b/include/api.php @@ -11,7 +11,6 @@ use Friendica\Content\ContactSelector; use Friendica\Content\Feature; use Friendica\Content\Text\BBCode; use Friendica\Content\Text\HTML; -use Friendica\Core\Authentication; use Friendica\Core\Config; use Friendica\Core\Hook; use Friendica\Core\L10n; @@ -19,6 +18,7 @@ use Friendica\Core\Logger; use Friendica\Core\NotificationsManager; use Friendica\Core\PConfig; use Friendica\Core\Protocol; +use Friendica\Core\Session; use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBA; @@ -250,7 +250,7 @@ function api_login(App $a) throw new UnauthorizedException("This API requires login"); } - Authentication::setAuthenticatedSessionForUser($record); + Session::setAuthenticatedForUser($a, $record); $_SESSION["allow_api"] = true; diff --git a/mod/manage.php b/mod/manage.php index 52ddfdf03..58590264a 100644 --- a/mod/manage.php +++ b/mod/manage.php @@ -2,11 +2,12 @@ /** * @file mod/manage.php */ + use Friendica\App; -use Friendica\Core\Authentication; use Friendica\Core\Hook; use Friendica\Core\L10n; use Friendica\Core\Renderer; +use Friendica\Core\Session; use Friendica\Database\DBA; function manage_post(App $a) { @@ -108,7 +109,7 @@ function manage_post(App $a) { unset($_SESSION['sysmsg_info']); } - Authentication::setAuthenticatedSessionForUser($r[0], true, true); + Session::setAuthenticatedForUser($a, $r[0], true, true); if ($limited_id) { $_SESSION['submanage'] = $original_id; diff --git a/mod/openid.php b/mod/openid.php index 7300c686b..def34ff08 100644 --- a/mod/openid.php +++ b/mod/openid.php @@ -4,10 +4,10 @@ */ use Friendica\App; -use Friendica\Core\Authentication; use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\Logger; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Util\Strings; @@ -52,7 +52,7 @@ function openid_content(App $a) { unset($_SESSION['openid']); - Authentication::setAuthenticatedSessionForUser($r[0],true,true); + Session::setAuthenticatedForUser($a, $r[0],true,true); // just in case there was no return url set // and we fell through diff --git a/src/Core/Authentication.php b/src/Core/Authentication.php index 1963d34b4..1826602df 100644 --- a/src/Core/Authentication.php +++ b/src/Core/Authentication.php @@ -6,10 +6,7 @@ namespace Friendica\Core; use Friendica\BaseObject; -use Friendica\Database\DBA; -use Friendica\Model\User; use Friendica\Util\BaseURL; -use Friendica\Util\DateTimeFormat; /** * Handle Authentification, Session and Cookies @@ -55,112 +52,6 @@ class Authentication extends BaseObject setcookie("Friendica", $value, $time, "/", "", (Config::get('system', 'ssl_policy') == BaseUrl::SSL_POLICY_FULL), true); } - /** - * @brief Sets the provided user's authenticated session - * - * @todo Should be moved to Friendica\Core\Session once it's created - * - * @param array $user_record - * @param bool $login_initial - * @param bool $interactive - * @param bool $login_refresh - * @throws \Friendica\Network\HTTPException\InternalServerErrorException - */ - public static function setAuthenticatedSessionForUser($user_record, $login_initial = false, $interactive = false, $login_refresh = false) - { - $a = self::getApp(); - - $_SESSION['uid'] = $user_record['uid']; - $_SESSION['theme'] = $user_record['theme']; - $_SESSION['mobile-theme'] = PConfig::get($user_record['uid'], 'system', 'mobile_theme'); - $_SESSION['authenticated'] = 1; - $_SESSION['page_flags'] = $user_record['page-flags']; - $_SESSION['my_url'] = $a->getbaseUrl() . '/profile/' . $user_record['nickname']; - $_SESSION['my_address'] = $user_record['nickname'] . '@' . substr($a->getbaseUrl(), strpos($a->getbaseUrl(), '://') + 3); - $_SESSION['addr'] = defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'); - - $a->user = $user_record; - - if ($interactive) { - if ($a->user['login_date'] <= DBA::NULL_DATETIME) { - $_SESSION['return_path'] = 'profile_photo/new'; - $a->module = 'profile_photo'; - info(L10n::t("Welcome ") . $a->user['username'] . EOL); - info(L10n::t('Please upload a profile photo.') . EOL); - } else { - info(L10n::t("Welcome back ") . $a->user['username'] . EOL); - } - } - - $member_since = strtotime($a->user['register_date']); - if (time() < ($member_since + ( 60 * 60 * 24 * 14))) { - $_SESSION['new_member'] = true; - } else { - $_SESSION['new_member'] = false; - } - if (strlen($a->user['timezone'])) { - date_default_timezone_set($a->user['timezone']); - $a->timezone = $a->user['timezone']; - } - - $masterUid = $user_record['uid']; - - if (!empty($_SESSION['submanage'])) { - $user = DBA::selectFirst('user', ['uid'], ['uid' => $_SESSION['submanage']]); - if (DBA::isResult($user)) { - $masterUid = $user['uid']; - } - } - - $a->identities = User::identities($masterUid); - - if ($login_initial) { - Logger::log('auth_identities: ' . print_r($a->identities, true), Logger::DEBUG); - } - if ($login_refresh) { - Logger::log('auth_identities refresh: ' . print_r($a->identities, true), Logger::DEBUG); - } - - $contact = DBA::selectFirst('contact', [], ['uid' => $_SESSION['uid'], 'self' => true]); - if (DBA::isResult($contact)) { - $a->contact = $contact; - $a->cid = $contact['id']; - $_SESSION['cid'] = $a->cid; - } - - header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] . '"'); - - if ($login_initial || $login_refresh) { - DBA::update('user', ['login_date' => DateTimeFormat::utcNow()], ['uid' => $_SESSION['uid']]); - - // Set the login date for all identities of the user - DBA::update('user', ['login_date' => DateTimeFormat::utcNow()], - ['parent-uid' => $masterUid, 'account_removed' => false]); - } - - if ($login_initial) { - /* - * If the user specified to remember the authentication, then set a cookie - * that expires after one week (the default is when the browser is closed). - * The cookie will be renewed automatically. - * The week ensures that sessions will expire after some inactivity. - */ - if (!empty($_SESSION['remember'])) { - Logger::log('Injecting cookie for remembered user ' . $a->user['nickname']); - self::setCookie(604800, $user_record); - unset($_SESSION['remember']); - } - } - - if ($login_initial) { - Hook::callAll('logged_in', $a->user); - - if (($a->module !== 'home') && isset($_SESSION['return_path'])) { - $a->internalRedirect($_SESSION['return_path']); - } - } - } - /** * @brief Kills the "Friendica" cookie and all session data */ diff --git a/src/Core/Session.php b/src/Core/Session.php index f1da864bb..9dadbb168 100644 --- a/src/Core/Session.php +++ b/src/Core/Session.php @@ -5,9 +5,13 @@ */ namespace Friendica\Core; +use Friendica\App; use Friendica\Core\Session\CacheSessionHandler; use Friendica\Core\Session\DatabaseSessionHandler; +use Friendica\Database\DBA; +use Friendica\Model\User; use Friendica\Util\BaseURL; +use Friendica\Util\DateTimeFormat; /** * High-level Session service class @@ -25,7 +29,7 @@ class Session ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); - if (Config::get('system', 'ssl_policy') == BaseUrl::SSL_POLICY_FULL) { + if (Config::get('system', 'ssl_policy') == BaseURL::SSL_POLICY_FULL) { ini_set('session.cookie_secure', 1); } @@ -66,8 +70,140 @@ class Session return $return; } + /** + * Sets a single session variable. + * Overrides value of existing key. + * + * @param string $name + * @param mixed $value + */ public static function set($name, $value) { $_SESSION[$name] = $value; } + + /** + * Sets multiple session variables. + * Overrides values for existing keys. + * + * @param array $values + */ + public static function setMultiple(array $values) + { + $_SESSION = $values + $_SESSION; + } + + /** + * Removes a session variable. + * Ignores missing keys. + * + * @param $name + */ + public static function remove($name) + { + unset($_SESSION[$name]); + } + + /** + * @brief Sets the provided user's authenticated session + * + * @param App $a + * @param array $user_record + * @param bool $login_initial + * @param bool $interactive + * @param bool $login_refresh + * @throws \Friendica\Network\HTTPException\InternalServerErrorException + */ + public static function setAuthenticatedForUser(App $a, array $user_record, $login_initial = false, $interactive = false, $login_refresh = false) + { + self::setMultiple([ + 'uid' => $user_record['uid'], + 'theme' => $user_record['theme'], + 'mobile-theme' => PConfig::get($user_record['uid'], 'system', 'mobile_theme'), + 'authenticated' => 1, + 'page_flags' => $user_record['page-flags'], + 'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'], + 'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3), + 'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'), + ]); + + $member_since = strtotime($user_record['register_date']); + self::set('new_member', time() < ($member_since + ( 60 * 60 * 24 * 14))); + + if (strlen($user_record['timezone'])) { + date_default_timezone_set($user_record['timezone']); + $a->timezone = $user_record['timezone']; + } + + $masterUid = $user_record['uid']; + + if (!empty($_SESSION['submanage'])) { + $user = DBA::selectFirst('user', ['uid'], ['uid' => $_SESSION['submanage']]); + if (DBA::isResult($user)) { + $masterUid = $user['uid']; + } + } + + $a->identities = User::identities($masterUid); + + if ($login_initial) { + $a->getLogger()->info('auth_identities: ' . print_r($a->identities, true)); + } + + if ($login_refresh) { + $a->getLogger()->info('auth_identities refresh: ' . print_r($a->identities, true)); + } + + $contact = DBA::selectFirst('contact', [], ['uid' => $_SESSION['uid'], 'self' => true]); + if (DBA::isResult($contact)) { + $a->contact = $contact; + $a->cid = $contact['id']; + self::set('cid', $a->cid); + } + + header('X-Account-Management-Status: active; name="' . $user_record['username'] . '"; id="' . $user_record['nickname'] . '"'); + + if ($login_initial || $login_refresh) { + DBA::update('user', ['login_date' => DateTimeFormat::utcNow()], ['uid' => $_SESSION['uid']]); + + // Set the login date for all identities of the user + DBA::update('user', ['login_date' => DateTimeFormat::utcNow()], + ['parent-uid' => $masterUid, 'account_removed' => false]); + } + + if ($login_initial) { + /* + * If the user specified to remember the authentication, then set a cookie + * that expires after one week (the default is when the browser is closed). + * The cookie will be renewed automatically. + * The week ensures that sessions will expire after some inactivity. + */ + ; + if (self::get('remember')) { + $a->getLogger()->info('Injecting cookie for remembered user ' . $user_record['nickname']); + Authentication::setCookie(604800, $user_record); + self::remove('remember'); + } + } + + if ($interactive) { + if ($user_record['login_date'] <= DBA::NULL_DATETIME) { + info(L10n::t('Welcome %s', $user_record['username'])); + info(L10n::t('Please upload a profile photo.')); + $a->internalRedirect('profile_photo/new'); + } else { + info(L10n::t("Welcome back %s", $user_record['username'])); + } + } + + $a->user = $user_record; + + if ($login_initial) { + Hook::callAll('logged_in', $a->user); + + if ($a->module !== 'home' && self::exists('return_path')) { + $a->internalRedirect(self::get('return_path')); + } + } + } } diff --git a/src/Module/Login.php b/src/Module/Login.php index b0897f2d7..7a3b6ae45 100644 --- a/src/Module/Login.php +++ b/src/Module/Login.php @@ -12,6 +12,7 @@ use Friendica\Core\Hook; use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\Renderer; +use Friendica\Core\Session; use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\User; @@ -160,7 +161,8 @@ class Login extends BaseModule // if we haven't failed up this point, log them in. $_SESSION['remember'] = $remember; $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); - Authentication::setAuthenticatedSessionForUser($record, true, true); + + Session::setAuthenticatedForUser($a, $record, true, true); if (!empty($_SESSION['return_path'])) { $return_path = $_SESSION['return_path']; @@ -210,7 +212,7 @@ class Login extends BaseModule // Do the authentification if not done by now if (!isset($_SESSION) || !isset($_SESSION['authenticated'])) { - Authentication::setAuthenticatedSessionForUser($user); + Session::setAuthenticatedForUser($a, $user); if (Config::get('system', 'paranoia')) { $_SESSION['addr'] = $data->ip; @@ -263,7 +265,8 @@ class Login extends BaseModule $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); $login_refresh = true; } - Authentication::setAuthenticatedSessionForUser($user, false, false, $login_refresh); + + Session::setAuthenticatedForUser($a, $user, false, false, $login_refresh); } } }