Merge pull request 'feature/start-using-authentication-required-interface' (!22) from feature/start-using-authentication-required-interface into master
All checks were successful
rvr-nextgen/pipeline/head This commit looks good
All checks were successful
rvr-nextgen/pipeline/head This commit looks good
Reviewed-on: #22
This commit is contained in:
commit
34eeb10c27
@ -10,7 +10,7 @@
|
|||||||
}
|
}
|
||||||
],
|
],
|
||||||
"require": {
|
"require": {
|
||||||
"esoko/soko-web": "0.2.1",
|
"esoko/soko-web": "0.3",
|
||||||
"firebase/php-jwt": "^6.4"
|
"firebase/php-jwt": "^6.4"
|
||||||
},
|
},
|
||||||
"require-dev": {
|
"require-dev": {
|
||||||
|
8
composer.lock
generated
8
composer.lock
generated
@ -4,15 +4,15 @@
|
|||||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||||
"This file is @generated automatically"
|
"This file is @generated automatically"
|
||||||
],
|
],
|
||||||
"content-hash": "695034ad53031c4fdacbc6f551d610e3",
|
"content-hash": "64c21f0e5181bd39d8977af72e2aeddc",
|
||||||
"packages": [
|
"packages": [
|
||||||
{
|
{
|
||||||
"name": "esoko/soko-web",
|
"name": "esoko/soko-web",
|
||||||
"version": "v0.2.1",
|
"version": "v0.3",
|
||||||
"source": {
|
"source": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.esoko.eu/esoko/soko-web.git",
|
"url": "https://git.esoko.eu/esoko/soko-web.git",
|
||||||
"reference": "4af7ae352108e7ba151fca2633ff4b40b3194b32"
|
"reference": "014a5480967c03c00dda5ee34c7eaf4be224b96e"
|
||||||
},
|
},
|
||||||
"require": {
|
"require": {
|
||||||
"phpmailer/phpmailer": "^6.8",
|
"phpmailer/phpmailer": "^6.8",
|
||||||
@ -33,7 +33,7 @@
|
|||||||
"GNU GPL 3.0"
|
"GNU GPL 3.0"
|
||||||
],
|
],
|
||||||
"description": "Lightweight web framework",
|
"description": "Lightweight web framework",
|
||||||
"time": "2023-04-16T14:00:29+00:00"
|
"time": "2023-04-16T14:54:22+00:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "firebase/php-jwt",
|
"name": "firebase/php-jwt",
|
||||||
|
@ -1,7 +1,12 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
use SokoWeb\Interfaces\Response\IRedirect;
|
use SokoWeb\Interfaces\Response\IRedirect;
|
||||||
|
use SokoWeb\Interfaces\Response\IContent;
|
||||||
|
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
|
||||||
|
use SokoWeb\Interfaces\Authorization\ISecured;
|
||||||
use SokoWeb\Response\Redirect;
|
use SokoWeb\Response\Redirect;
|
||||||
|
use SokoWeb\Response\HtmlContent;
|
||||||
|
use SokoWeb\Response\JsonContent;
|
||||||
|
|
||||||
require '../web.php';
|
require '../web.php';
|
||||||
|
|
||||||
@ -22,13 +27,11 @@ if ($match !== null) {
|
|||||||
$handler = $route->getHandler();
|
$handler = $route->getHandler();
|
||||||
$controller = new $handler[0](Container::$request);
|
$controller = new $handler[0](Container::$request);
|
||||||
|
|
||||||
if ($controller instanceof SokoWeb\Interfaces\Authorization\ISecured) {
|
if (
|
||||||
$authorized = $controller->authorize();
|
$controller instanceof IAuthenticationRequired &&
|
||||||
} else {
|
$controller->isAuthenticationRequired() &&
|
||||||
$authorized = true;
|
Container::$request->user() === null
|
||||||
}
|
) {
|
||||||
|
|
||||||
if (!$authorized) {
|
|
||||||
Container::$request->session()->set('redirect_after_login', substr($_SERVER['REQUEST_URI'], strlen('/')));
|
Container::$request->session()->set('redirect_after_login', substr($_SERVER['REQUEST_URI'], strlen('/')));
|
||||||
$response = new Redirect(Container::$routeCollection->getRoute('login')->generateLink(), IRedirect::TEMPORARY);
|
$response = new Redirect(Container::$routeCollection->getRoute('login')->generateLink(), IRedirect::TEMPORARY);
|
||||||
header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
|
header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
|
||||||
@ -36,23 +39,28 @@ if ($match !== null) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($method === 'post' && !in_array($url, $antiCsrfTokenExceptions) && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) {
|
if ($method === 'post' && !in_array($url, $antiCsrfTokenExceptions) && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) {
|
||||||
$content = new SokoWeb\Response\JsonContent(['error' => 'no_valid_anti_csrf_token']);
|
$content = new JsonContent(['error' => 'no_valid_anti_csrf_token']);
|
||||||
header('Content-Type: text/html; charset=UTF-8', true, 403);
|
header('Content-Type: text/html; charset=UTF-8', true, 403);
|
||||||
$content->render();
|
$content->render();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (
|
||||||
|
!($controller instanceof ISecured) ||
|
||||||
|
$controller->authorize()
|
||||||
|
) {
|
||||||
$response = call_user_func([$controller, $handler[1]]);
|
$response = call_user_func([$controller, $handler[1]]);
|
||||||
if ($response instanceof SokoWeb\Interfaces\Response\IContent) {
|
if ($response instanceof IContent) {
|
||||||
header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8');
|
header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8');
|
||||||
$response->render();
|
$response->render();
|
||||||
return;
|
return;
|
||||||
} elseif ($response instanceof SokoWeb\Interfaces\Response\IRedirect) {
|
} elseif ($response instanceof IRedirect) {
|
||||||
header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
|
header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$content = new SokoWeb\Response\HtmlContent('error/404');
|
$content = new HtmlContent('error/404');
|
||||||
header('Content-Type: text/html; charset=UTF-8', true, 404);
|
header('Content-Type: text/html; charset=UTF-8', true, 404);
|
||||||
$content->render();
|
$content->render();
|
||||||
|
@ -7,14 +7,14 @@ use RVR\PersistentData\Model\User;
|
|||||||
use RVR\Repository\CommunityRepository;
|
use RVR\Repository\CommunityRepository;
|
||||||
use RVR\Repository\CommunityMemberRepository;
|
use RVR\Repository\CommunityMemberRepository;
|
||||||
use RVR\Repository\UserRepository;
|
use RVR\Repository\UserRepository;
|
||||||
use SokoWeb\Interfaces\Authorization\ISecured;
|
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
|
||||||
use SokoWeb\Interfaces\Request\IRequest;
|
use SokoWeb\Interfaces\Request\IRequest;
|
||||||
use SokoWeb\Interfaces\Response\IContent;
|
use SokoWeb\Interfaces\Response\IContent;
|
||||||
use SokoWeb\PersistentData\PersistentDataManager;
|
use SokoWeb\PersistentData\PersistentDataManager;
|
||||||
use SokoWeb\Response\HtmlContent;
|
use SokoWeb\Response\HtmlContent;
|
||||||
use SokoWeb\Response\JsonContent;
|
use SokoWeb\Response\JsonContent;
|
||||||
|
|
||||||
class CommunityController implements ISecured
|
class CommunityController implements IAuthenticationRequired
|
||||||
{
|
{
|
||||||
private IRequest $request;
|
private IRequest $request;
|
||||||
|
|
||||||
@ -35,9 +35,9 @@ class CommunityController implements ISecured
|
|||||||
$this->communityMemberRepository = new CommunityMemberRepository();
|
$this->communityMemberRepository = new CommunityMemberRepository();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function authorize(): bool
|
public function isAuthenticationRequired(): bool
|
||||||
{
|
{
|
||||||
return $this->request->user() !== null;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getCommunityHome(): ?IContent
|
public function getCommunityHome(): ?IContent
|
||||||
|
@ -2,12 +2,12 @@
|
|||||||
|
|
||||||
use RVR\PersistentData\Model\User;
|
use RVR\PersistentData\Model\User;
|
||||||
use RVR\Repository\CommunityMemberRepository;
|
use RVR\Repository\CommunityMemberRepository;
|
||||||
use SokoWeb\Interfaces\Authorization\ISecured;
|
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
|
||||||
use SokoWeb\Interfaces\Request\IRequest;
|
use SokoWeb\Interfaces\Request\IRequest;
|
||||||
use SokoWeb\Interfaces\Response\IContent;
|
use SokoWeb\Interfaces\Response\IContent;
|
||||||
use SokoWeb\Response\HtmlContent;
|
use SokoWeb\Response\HtmlContent;
|
||||||
|
|
||||||
class HomeController implements ISecured
|
class HomeController implements IAuthenticationRequired
|
||||||
{
|
{
|
||||||
private IRequest $request;
|
private IRequest $request;
|
||||||
|
|
||||||
@ -19,9 +19,9 @@ class HomeController implements ISecured
|
|||||||
$this->communityMemberRepository = new CommunityMemberRepository();
|
$this->communityMemberRepository = new CommunityMemberRepository();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function authorize(): bool
|
public function isAuthenticationRequired(): bool
|
||||||
{
|
{
|
||||||
return $this->request->user() !== null;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getHome(): IContent
|
public function getHome(): IContent
|
||||||
|
@ -4,14 +4,14 @@ use DateTime;
|
|||||||
use RVR\PersistentData\Model\OAuthToken;
|
use RVR\PersistentData\Model\OAuthToken;
|
||||||
use RVR\PersistentData\Model\User;
|
use RVR\PersistentData\Model\User;
|
||||||
use RVR\Repository\OAuthClientRepository;
|
use RVR\Repository\OAuthClientRepository;
|
||||||
use SokoWeb\Interfaces\Authorization\ISecured;
|
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
|
||||||
use SokoWeb\Interfaces\Request\IRequest;
|
use SokoWeb\Interfaces\Request\IRequest;
|
||||||
use SokoWeb\Interfaces\Response\IRedirect;
|
use SokoWeb\Interfaces\Response\IRedirect;
|
||||||
use SokoWeb\Response\Redirect;
|
use SokoWeb\Response\Redirect;
|
||||||
use SokoWeb\PersistentData\PersistentDataManager;
|
use SokoWeb\PersistentData\PersistentDataManager;
|
||||||
use SokoWeb\Response\HtmlContent;
|
use SokoWeb\Response\HtmlContent;
|
||||||
|
|
||||||
class OAuthAuthController implements ISecured
|
class OAuthAuthController implements IAuthenticationRequired
|
||||||
{
|
{
|
||||||
private IRequest $request;
|
private IRequest $request;
|
||||||
|
|
||||||
@ -26,9 +26,9 @@ class OAuthAuthController implements ISecured
|
|||||||
$this->oAuthClientRepository = new OAuthClientRepository();
|
$this->oAuthClientRepository = new OAuthClientRepository();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function authorize(): bool
|
public function isAuthenticationRequired(): bool
|
||||||
{
|
{
|
||||||
return $this->request->user() !== null;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function auth()
|
public function auth()
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
use DateTime;
|
use DateTime;
|
||||||
use SokoWeb\Http\Request;
|
use SokoWeb\Http\Request;
|
||||||
use SokoWeb\Interfaces\Authorization\ISecured;
|
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
|
||||||
use SokoWeb\Interfaces\Request\IRequest;
|
use SokoWeb\Interfaces\Request\IRequest;
|
||||||
use SokoWeb\Interfaces\Response\IContent;
|
use SokoWeb\Interfaces\Response\IContent;
|
||||||
use SokoWeb\Interfaces\Response\IRedirect;
|
use SokoWeb\Interfaces\Response\IRedirect;
|
||||||
@ -15,7 +15,7 @@ use SokoWeb\Response\Redirect;
|
|||||||
use SokoWeb\Util\JwtParser;
|
use SokoWeb\Util\JwtParser;
|
||||||
use RVR\Repository\UserRepository;
|
use RVR\Repository\UserRepository;
|
||||||
|
|
||||||
class UserController implements ISecured
|
class UserController implements IAuthenticationRequired
|
||||||
{
|
{
|
||||||
private IRequest $request;
|
private IRequest $request;
|
||||||
|
|
||||||
@ -30,9 +30,9 @@ class UserController implements ISecured
|
|||||||
$this->userRepository = new UserRepository();
|
$this->userRepository = new UserRepository();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function authorize(): bool
|
public function isAuthenticationRequired(): bool
|
||||||
{
|
{
|
||||||
return $this->request->user() !== null;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getAccount(): IContent
|
public function getAccount(): IContent
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
<?php namespace RVR\Controller;
|
<?php namespace RVR\Controller;
|
||||||
|
|
||||||
use RVR\Repository\UserRepository;
|
use RVR\Repository\UserRepository;
|
||||||
use SokoWeb\Interfaces\Authorization\ISecured;
|
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
|
||||||
use SokoWeb\Interfaces\Request\IRequest;
|
use SokoWeb\Interfaces\Request\IRequest;
|
||||||
use SokoWeb\Interfaces\Response\IContent;
|
use SokoWeb\Interfaces\Response\IContent;
|
||||||
use SokoWeb\Response\JsonContent;
|
use SokoWeb\Response\JsonContent;
|
||||||
|
|
||||||
class UserSearchController implements ISecured
|
class UserSearchController implements IAuthenticationRequired
|
||||||
{
|
{
|
||||||
private IRequest $request;
|
private IRequest $request;
|
||||||
|
|
||||||
@ -18,9 +18,9 @@ class UserSearchController implements ISecured
|
|||||||
$this->userRepository = new UserRepository();
|
$this->userRepository = new UserRepository();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function authorize(): bool
|
public function isAuthenticationRequired(): bool
|
||||||
{
|
{
|
||||||
return $this->request->user() !== null;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function searchUser(): IContent
|
public function searchUser(): IContent
|
||||||
|
Loading…
Reference in New Issue
Block a user