Move settings/oauth to src/Module

- Add settings_content() permission checks to Module\BaseSettings
- Transform application token deletion GET links to POST forms to keep a single OAuth module class
This commit is contained in:
Hypolite Petovan 2022-11-04 22:15:32 -04:00
parent 55365aa4da
commit 3226b00995
6 changed files with 185 additions and 79 deletions

View file

@ -157,31 +157,6 @@ function settings_content(App $a)
return ''; return '';
} }
if ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'oauth')) {
if ((DI::args()->getArgc() > 3) && (DI::args()->getArgv()[2] === 'delete')) {
BaseModule::checkFormSecurityTokenRedirectOnError('/settings/oauth', 'settings_oauth', 't');
DBA::delete('application-token', ['application-id' => DI::args()->getArgv()[3], 'uid' => DI::userSession()->getLocalUserId()]);
DI::baseUrl()->redirect('settings/oauth/', true);
return '';
}
$applications = DBA::selectToArray('application-view', ['id', 'uid', 'name', 'website', 'scopes', 'created_at'], ['uid' => DI::userSession()->getLocalUserId()]);
$tpl = Renderer::getMarkupTemplate('settings/oauth.tpl');
$o .= Renderer::replaceMacros($tpl, [
'$form_security_token' => BaseModule::getFormSecurityToken("settings_oauth"),
'$baseurl' => DI::baseUrl()->get(true),
'$title' => DI::l10n()->t('Connected Apps'),
'$name' => DI::l10n()->t('Name'),
'$website' => DI::l10n()->t('Home Page'),
'$created_at' => DI::l10n()->t('Created'),
'$delete' => DI::l10n()->t('Remove authorization'),
'$apps' => $applications,
]);
return $o;
}
if ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'addon')) { if ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'addon')) {
$addon_settings_forms = []; $addon_settings_forms = [];
foreach (DI::dba()->selectToArray('hook', ['file', 'function'], ['hook' => 'addon_settings']) as $hook) { foreach (DI::dba()->selectToArray('hook', ['file', 'function'], ['hook' => 'addon_settings']) as $hook) {

View file

@ -21,116 +21,156 @@
namespace Friendica\Module; namespace Friendica\Module;
use Friendica\App;
use Friendica\BaseModule; use Friendica\BaseModule;
use Friendica\Content\Feature; use Friendica\Content\Feature;
use Friendica\Content\Nav;
use Friendica\Core\L10n;
use Friendica\Core\Renderer; use Friendica\Core\Renderer;
use Friendica\DI; use Friendica\Core\Session\Capability\IHandleUserSessions;
use Friendica\Core\System;
use Friendica\Module\Security\Login;
use Friendica\Network\HTTPException\ForbiddenException;
use Friendica\Util\Profiler;
use Psr\Log\LoggerInterface;
class BaseSettings extends BaseModule class BaseSettings extends BaseModule
{ {
public static function createAside() /** @var App\Page */
protected $page;
/** @var IHandleUserSessions */
protected $session;
public function __construct(IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
{
parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
$this->page = $page;
$this->session = $session;
if ($this->session->getSubManagedUserId()) {
throw new ForbiddenException($this->t('Permission denied.'));
}
}
protected function content(array $request = []): string
{
Nav::setSelected('settings');
if (!$this->session->getLocalUserId()) {
$this->session->set('return_path', $this->args->getCommand());
$this->baseUrl->redirect('login');
}
$this->createAside();
return '';
}
public function createAside()
{ {
$tpl = Renderer::getMarkupTemplate('settings/head.tpl'); $tpl = Renderer::getMarkupTemplate('settings/head.tpl');
DI::page()['htmlhead'] .= Renderer::replaceMacros($tpl, [ $this->page['htmlhead'] .= Renderer::replaceMacros($tpl, [
'$ispublic' => DI::l10n()->t('everybody') '$ispublic' => $this->t('everybody')
]); ]);
$tabs = []; $tabs = [];
$tabs[] = [ $tabs[] = [
'label' => DI::l10n()->t('Account'), 'label' => $this->t('Account'),
'url' => 'settings', 'url' => 'settings',
'selected' => ((DI::args()->getArgc() == 1) && (DI::args()->getArgv() === 'settings') ? 'active' : ''), 'selected' => static::class == Settings\Account::class ? 'active' : '',
'accesskey' => 'o', 'accesskey' => 'o',
]; ];
$tabs[] = [ $tabs[] = [
'label' => DI::l10n()->t('Two-factor authentication'), 'label' => $this->t('Two-factor authentication'),
'url' => 'settings/2fa', 'url' => 'settings/2fa',
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === '2fa') ? 'active' : ''), 'selected' => in_array(static::class, [
Settings\TwoFactor\AppSpecific::class,
Settings\TwoFactor\Index::class,
Settings\TwoFactor\Recovery::class,
Settings\TwoFactor\Trusted::class,
Settings\TwoFactor\Verify::class
]) ? 'active' : '',
'accesskey' => '2', 'accesskey' => '2',
]; ];
$tabs[] = [ $tabs[] = [
'label' => DI::l10n()->t('Profile'), 'label' => $this->t('Profile'),
'url' => 'settings/profile', 'url' => 'settings/profile',
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'profile') ? 'active' : ''), 'selected' => in_array(static::class, [
Settings\Profile\Index::class,
Settings\Profile\Photo\Crop::class,
Settings\Profile\Photo\Index::class,
]) ? 'active' : '',
'accesskey' => 'p', 'accesskey' => 'p',
]; ];
if (Feature::get()) { if (Feature::get()) {
$tabs[] = [ $tabs[] = [
'label' => DI::l10n()->t('Additional features'), 'label' => $this->t('Additional features'),
'url' => 'settings/features', 'url' => 'settings/features',
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'features') ? 'active' : ''), 'selected' => static::class == Settings\Features::class ? 'active' : '',
'accesskey' => 't', 'accesskey' => 't',
]; ];
} }
$tabs[] = [ $tabs[] = [
'label' => DI::l10n()->t('Display'), 'label' => $this->t('Display'),
'url' => 'settings/display', 'url' => 'settings/display',
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'display') ? 'active' : ''), 'selected' => static::class == Settings\Display::class ? 'active' : '',
'accesskey' => 'i', 'accesskey' => 'i',
]; ];
$tabs[] = [ $tabs[] = [
'label' => DI::l10n()->t('Social Networks'), 'label' => $this->t('Social Networks'),
'url' => 'settings/connectors', 'url' => 'settings/connectors',
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'connectors') ? 'active' : ''), 'selected' => static::class == Settings\SocialNetworks::class ? 'active' : '',
'accesskey' => 'w', 'accesskey' => 'w',
]; ];
$tabs[] = [ $tabs[] = [
'label' => DI::l10n()->t('Addons'), 'label' => $this->t('Addons'),
'url' => 'settings/addon', 'url' => 'settings/addon',
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'addon') ? 'active' : ''), 'selected' => static::class == Settings\Addons::class ? 'active' : '',
'accesskey' => 'l', 'accesskey' => 'l',
]; ];
$tabs[] = [ $tabs[] = [
'label' => DI::l10n()->t('Manage Accounts'), 'label' => $this->t('Manage Accounts'),
'url' => 'settings/delegation', 'url' => 'settings/delegation',
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'delegation') ? 'active' : ''), 'selected' => static::class == Settings\Delegation::class ? 'active' : '',
'accesskey' => 'd', 'accesskey' => 'd',
]; ];
$tabs[] = [ $tabs[] = [
'label' => DI::l10n()->t('Connected apps'), 'label' => $this->t('Connected apps'),
'url' => 'settings/oauth', 'url' => 'settings/oauth',
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'oauth') ? 'active' : ''), 'selected' => static::class == Settings\OAuth::class ? 'active' : '',
'accesskey' => 'b', 'accesskey' => 'b',
]; ];
$tabs[] = [ $tabs[] = [
'label' => DI::l10n()->t('Export personal data'), 'label' => $this->t('Export personal data'),
'url' => 'settings/userexport', 'url' => 'settings/userexport',
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'userexport') ? 'active' : ''), 'selected' => static::class == Settings\UserExport::class ? 'active' : '',
'accesskey' => 'e', 'accesskey' => 'e',
]; ];
$tabs[] = [ $tabs[] = [
'label' => DI::l10n()->t('Remove account'), 'label' => $this->t('Remove account'),
'url' => 'settings/removeme', 'url' => 'settings/removeme',
'selected' => static::class === Settings\RemoveMe::class ? 'active' : '', 'selected' => static::class === Settings\RemoveMe::class ? 'active' : '',
'accesskey' => 'r', 'accesskey' => 'r',
]; ];
$tabtpl = Renderer::getMarkupTemplate("generic_links_widget.tpl"); $tabtpl = Renderer::getMarkupTemplate('generic_links_widget.tpl');
DI::page()['aside'] = Renderer::replaceMacros($tabtpl, [ $this->page['aside'] = Renderer::replaceMacros($tabtpl, [
'$title' => DI::l10n()->t('Settings'), '$title' => $this->t('Settings'),
'$class' => 'settings-widget', '$class' => 'settings-widget',
'$items' => $tabs, '$items' => $tabs,
]); ]);
} }
protected function content(array $request = []): string
{
$a = DI::app();
static::createAside();
return '';
}
} }

View file

@ -0,0 +1,80 @@
<?php
/**
* @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Module\Settings;
use Friendica\App;
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Core\Session\Capability\IHandleUserSessions;
use Friendica\Database\Database;
use Friendica\Module\BaseSettings;
use Friendica\Module\Response;
use Friendica\Util\Profiler;
use Psr\Log\LoggerInterface;
class OAuth extends BaseSettings
{
/** @var Database */
private $database;
public function __construct(Database $database, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
{
parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
$this->database = $database;
}
protected function post(array $request = [])
{
if (!$this->session->getLocalUserId()) {
return;
}
if (!isset($request['delete'])) {
return;
}
BaseSettings::checkFormSecurityTokenRedirectOnError('/settings/oauth', 'settings_oauth');
$this->database->delete('application-token', ['application-id' => $request['delete'], 'uid' => $this->session->getLocalUserId()]);
$this->baseUrl->redirect('settings/oauth', true);
}
protected function content(array $request = []): string
{
parent::content($request);
$applications = $this->database->selectToArray('application-view', ['id', 'uid', 'name', 'website', 'scopes', 'created_at'], ['uid' => $this->session->getLocalUserId()]);
$tpl = Renderer::getMarkupTemplate('settings/oauth.tpl');
return Renderer::replaceMacros($tpl, [
'$form_security_token' => BaseSettings::getFormSecurityToken('settings_oauth'),
'$baseurl' => $this->baseUrl->get(true),
'$title' => $this->t('Connected Apps'),
'$name' => $this->t('Name'),
'$website' => $this->t('Home Page'),
'$created_at' => $this->t('Created'),
'$delete' => $this->t('Remove authorization'),
'$apps' => $applications,
]);
}
}

View file

@ -600,7 +600,8 @@ return [
'/trusted' => [Module\Settings\TwoFactor\Trusted::class, [R::GET, R::POST]], '/trusted' => [Module\Settings\TwoFactor\Trusted::class, [R::GET, R::POST]],
], ],
'/delegation[/{action}/{user_id}]' => [Module\Settings\Delegation::class, [R::GET, R::POST]], '/delegation[/{action}/{user_id}]' => [Module\Settings\Delegation::class, [R::GET, R::POST]],
'/display' => [Module\Settings\Display::class, [R::GET, R::POST]], '/display' => [Module\Settings\Display::class, [R::GET, R::POST]],
'/oauth' => [Module\Settings\OAuth::class, [R::GET, R::POST]],
'/profile' => [ '/profile' => [
'[/]' => [Module\Settings\Profile\Index::class, [R::GET, R::POST]], '[/]' => [Module\Settings\Profile\Index::class, [R::GET, R::POST]],
'/photo[/new]' => [Module\Settings\Profile\Photo\Index::class, [R::GET, R::POST]], '/photo[/new]' => [Module\Settings\Profile\Photo\Index::class, [R::GET, R::POST]],

View file

@ -1,13 +1,14 @@
<div class="generic-page-wrapper"> <div class="generic-page-wrapper">
<h1>{{$title}}</h1> <h1>{{$title}}</h1>
<form action="settings/oauth" method="post" autocomplete="off"> <form action="settings/oauth" method="post" autocomplete="off">
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'> <input type="hidden" name="form_security_token" value="{{$form_security_token}}">
<table id='application-block' class='table table-condensed table-striped'> <table id='application-block' class='table table-condensed table-striped'>
<thead> <thead>
<tr> <tr>
<th>{{$name}}</th> <th>{{$name}}</th>
<th>{{$website}}</th> <th>{{$website}}</th>
<th>{{$created_at}}</th> <th>{{$created_at}}</th>
<th></th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
@ -16,7 +17,11 @@
<td>{{$app.name}}</td> <td>{{$app.name}}</td>
<td>{{$app.website}}</td> <td>{{$app.website}}</td>
<td>{{$app.created_at}}</td> <td>{{$app.created_at}}</td>
<td><a href="{{$baseurl}}/settings/oauth/delete/{{$app.id}}?t={{$form_security_token}}" class="icon s22 delete" title="{{$delete}}">&nbsp;</a></td> <td>
<button type="submit" class="btn" title="{{$delete}}" name="delete" value="{{$app.id}}">
<i class="icon s22 delete" aria-hidden="true"></i>
</button>
</td>
</tr> </tr>
{{/foreach}} {{/foreach}}
</tbody> </tbody>

View file

@ -2,13 +2,14 @@
{{* include the title template for the settings title *}} {{* include the title template for the settings title *}}
{{include file="section_title.tpl" title=$title}} {{include file="section_title.tpl" title=$title}}
<form action="settings/oauth" method="post" autocomplete="off"> <form action="settings/oauth" method="post" autocomplete="off">
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'> <input type="hidden" name="form_security_token" value="{{$form_security_token}}">
<table id='application-block' class='table table-condensed table-striped'> <table id='application-block' class='table table-condensed table-striped'>
<thead> <thead>
<tr> <tr>
<th>{{$name}}</th> <th>{{$name}}</th>
<th>{{$website}}</th> <th>{{$website}}</th>
<th>{{$created_at}}</th> <th>{{$created_at}}</th>
<th></th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
@ -17,7 +18,11 @@
<td>{{$app.name}}</td> <td>{{$app.name}}</td>
<td>{{$app.website}}</td> <td>{{$app.website}}</td>
<td>{{$app.created_at}}</td> <td>{{$app.created_at}}</td>
<td><a href="{{$baseurl}}/settings/oauth/delete/{{$app.id}}?t={{$form_security_token}}" class="btn" title="{{$delete}}"><i class="fa fa-trash" aria-hidden="true"></i></a></td> <td>
<button type="submit" class="btn" title="{{$delete}}" name="delete" value="{{$app.id}}">
<i class="fa fa-trash" aria-hidden="true"></i>
</button>
</td>
</tr> </tr>
{{/foreach}} {{/foreach}}
</tbody> </tbody>