composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°3985 - Performance checks on the back end - Use Session helper

Browse Source
This commit is contained in:
Eric
2021-08-26 10:27:26 +02:00
parent 2c2155a8e0
commit bd9286f903
13 changed files with 135 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
application/loginexternal.class.inc.php
View File

@@ -1,5 +1,7 @@
<?php <?php
use Combodo\iTop\Application\Helper\Session;
/** /**
* Class LoginExternal * Class LoginExternal
* *
@@ -22,12 +24,12 @@ class LoginExternal extends AbstractLoginFSMExtension
protected function OnModeDetection(&$iErrorCode) protected function OnModeDetection(&$iErrorCode)
{ {
if (!isset($_SESSION['login_mode'])) if (!Session::IsSet('login_mode'))
{ {
$sAuthUser = $this->GetAuthUser(); $sAuthUser = $this->GetAuthUser();
if ($sAuthUser && (strlen($sAuthUser) > 0)) if ($sAuthUser && (strlen($sAuthUser) > 0))
{ {
$_SESSION['login_mode'] = 'external'; Session::Set('login_mode', 'external');
} }
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
@@ -35,10 +37,10 @@ class LoginExternal extends AbstractLoginFSMExtension
protected function OnCheckCredentials(&$iErrorCode) protected function OnCheckCredentials(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'external') if (Session::Get('login_mode') == 'external')
{ {
$sAuthUser = $this->GetAuthUser(); $sAuthUser = $this->GetAuthUser();
if (!UserRights::CheckCredentials($sAuthUser, '', $_SESSION['login_mode'], 'external')) if (!UserRights::CheckCredentials($sAuthUser, '', Session::Get('login_mode'), 'external'))
{ {
$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
return LoginWebPage::LOGIN_FSM_ERROR; return LoginWebPage::LOGIN_FSM_ERROR;
@@ -49,19 +51,19 @@ class LoginExternal extends AbstractLoginFSMExtension
protected function OnCredentialsOK(&$iErrorCode) protected function OnCredentialsOK(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'external') if (Session::Get('login_mode') == 'external')
{ {
$sAuthUser = $this->GetAuthUser(); $sAuthUser = $this->GetAuthUser();
LoginWebPage::OnLoginSuccess($sAuthUser, 'external', $_SESSION['login_mode']); LoginWebPage::OnLoginSuccess($sAuthUser, 'external', Session::Get('login_mode'));
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
} }
protected function OnConnected(&$iErrorCode) protected function OnConnected(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'external') if (Session::Get('login_mode') == 'external')
{ {
$_SESSION['can_logoff'] = false; Session::Set('can_logoff', false);
return LoginWebPage::CheckLoggedUser($iErrorCode); return LoginWebPage::CheckLoggedUser($iErrorCode);
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
@@ -69,7 +71,7 @@ class LoginExternal extends AbstractLoginFSMExtension
protected function OnError(&$iErrorCode) protected function OnError(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'external') if (Session::Get('login_mode') == 'external')
{ {
LoginWebPage::HTTP401Error(); LoginWebPage::HTTP401Error();
} }

27
application/loginform.class.inc.php
View File

@@ -5,6 +5,8 @@
* @license http://opensource.org/licenses/AGPL-3.0 * @license http://opensource.org/licenses/AGPL-3.0
*/ */
use Combodo\iTop\Application\Helper\Session;
/** /**
* Class LoginForm * Class LoginForm
* *
@@ -29,8 +31,7 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
*/ */
protected function OnReadCredentials(&$iErrorCode) protected function OnReadCredentials(&$iErrorCode)
{ {
if (!isset($_SESSION['login_mode']) || ($_SESSION['login_mode'] == 'form')) if (Session::Get('login_mode') == 'form') {
{
$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data'); $sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
$sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data'); $sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data');
if ($this->bForceFormOnError || empty($sAuthUser) || empty($sAuthPwd)) if ($this->bForceFormOnError || empty($sAuthUser) || empty($sAuthPwd))
@@ -51,8 +52,8 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
exit; exit;
} }
$_SESSION['login_temp_auth_user'] = $sAuthUser; Session::Set('login_temp_auth_user', $sAuthUser);
$_SESSION['login_mode'] = 'form'; Session::Set('login_mode', 'form');
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
} }
@@ -62,11 +63,11 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
*/ */
protected function OnCheckCredentials(&$iErrorCode) protected function OnCheckCredentials(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'form') if (Session::Get('login_mode') == 'form')
{ {
$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data'); $sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
$sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data'); $sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data');
if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, $_SESSION['login_mode'], 'internal')) if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal'))
{ {
$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
return LoginWebPage::LOGIN_FSM_ERROR; return LoginWebPage::LOGIN_FSM_ERROR;
@@ -80,19 +81,19 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
*/ */
protected function OnCredentialsOK(&$iErrorCode) protected function OnCredentialsOK(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'form') if (Session::Get('login_mode') == 'form')
{ {
if (isset($_SESSION['auth_user'])) if (Session::IsSet('auth_user'))
{ {
// If FSM reenter this state (example 2FA) then the auth_user is not resubmitted // If FSM reenter this state (example 2FA) then the auth_user is not resubmitted
$sAuthUser = $_SESSION['auth_user']; $sAuthUser =Session::Get('auth_user');
} }
else else
{ {
$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data'); $sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
} }
// Store 'auth_user' in session for further use // Store 'auth_user' in session for further use
LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']); LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
} }
@@ -102,7 +103,7 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
*/ */
protected function OnError(&$iErrorCode) protected function OnError(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'form') if (Session::Get('login_mode') == 'form')
{ {
$this->bForceFormOnError = true; $this->bForceFormOnError = true;
} }
@@ -114,9 +115,9 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
*/ */
protected function OnConnected(&$iErrorCode) protected function OnConnected(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'form') if (Session::Get('login_mode') == 'form')
{ {
$_SESSION['can_logoff'] = true; Session::Set('can_logoff', true);
return LoginWebPage::CheckLoggedUser($iErrorCode); return LoginWebPage::CheckLoggedUser($iErrorCode);
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;

24
application/loginurl.class.inc.php
View File

@@ -1,5 +1,7 @@
<?php <?php
use Combodo\iTop\Application\Helper\Session;
/** /**
* Class LoginURL * Class LoginURL
* *
@@ -26,13 +28,13 @@ class LoginURL extends AbstractLoginFSMExtension
protected function OnModeDetection(&$iErrorCode) protected function OnModeDetection(&$iErrorCode)
{ {
if (!isset($_SESSION['login_mode']) && !$this->bErrorOccurred) if (!Session::IsSet('login_mode') && !$this->bErrorOccurred)
{ {
$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data'); $sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data'); $sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
if (!empty($sAuthUser) && !empty($sAuthPwd)) if (!empty($sAuthUser) && !empty($sAuthPwd))
{ {
$_SESSION['login_mode'] = 'url'; Session::Set('login_mode', 'url');
} }
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
@@ -40,20 +42,20 @@ class LoginURL extends AbstractLoginFSMExtension
protected function OnReadCredentials(&$iErrorCode) protected function OnReadCredentials(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'url') if (Session::Get('login_mode') == 'url')
{ {
$_SESSION['login_temp_auth_user'] = utils::ReadParam('auth_user', '', false, 'raw_data'); Session::Set('login_temp_auth_user', utils::ReadParam('auth_user', '', false, 'raw_data'));
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
} }
protected function OnCheckCredentials(&$iErrorCode) protected function OnCheckCredentials(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'url') if (Session::Get('login_mode') == 'url')
{ {
$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data'); $sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data'); $sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, $_SESSION['login_mode'], 'internal')) if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal'))
{ {
$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
return LoginWebPage::LOGIN_FSM_ERROR; return LoginWebPage::LOGIN_FSM_ERROR;
@@ -64,17 +66,17 @@ class LoginURL extends AbstractLoginFSMExtension
protected function OnCredentialsOK(&$iErrorCode) protected function OnCredentialsOK(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'url') if (Session::Get('login_mode') == 'url')
{ {
$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data'); $sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']); LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
} }
protected function OnError(&$iErrorCode) protected function OnError(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'url') if (Session::Get('login_mode') == 'url')
{ {
$this->bErrorOccurred = true; $this->bErrorOccurred = true;
} }
@@ -83,9 +85,9 @@ class LoginURL extends AbstractLoginFSMExtension
protected function OnConnected(&$iErrorCode) protected function OnConnected(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'url') if (Session::Get('login_mode') == 'url')
{ {
$_SESSION['can_logoff'] = true; Session::Set('can_logoff', true);
return LoginWebPage::CheckLoggedUser($iErrorCode); return LoginWebPage::CheckLoggedUser($iErrorCode);
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;

64
application/loginwebpage.class.inc.php
View File

@@ -24,6 +24,8 @@
* @license http://opensource.org/licenses/AGPL-3.0 * @license http://opensource.org/licenses/AGPL-3.0
*/ */
use Combodo\iTop\Application\Helper\Session;
/** /**
* Web page used for displaying the login form * Web page used for displaying the login form
*/ */
@@ -392,12 +394,14 @@ class LoginWebPage extends NiceWebPage
public static function ResetSession() public static function ResetSession()
{ {
// Unset all of the session variables. // Unset all of the session variables.
unset($_SESSION['auth_user']); Session::Start();
unset($_SESSION['login_state']); Session::Unset('auth_user');
unset($_SESSION['can_logoff']); Session::Unset('login_state');
unset($_SESSION['archive_mode']); Session::Unset('can_logoff');
unset($_SESSION['impersonate_user']); Session::Unset('archive_mode');
Session::Unset('impersonate_user');
UserRights::_ResetSessionCache(); UserRights::_ResetSessionCache();
Session::WriteClose();
// If it's desired to kill the session, also delete the session cookie. // If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data! // Note: This will destroy the session, and not just the session data!
} }
@@ -442,11 +446,11 @@ class LoginWebPage extends NiceWebPage
} }
$bLoginDebug = MetaModel::GetConfig()->Get('login_debug'); $bLoginDebug = MetaModel::GetConfig()->Get('login_debug');
if (!isset($_SESSION['login_state']) || ($_SESSION['login_state'] == self::LOGIN_STATE_ERROR)) if (Session::Get('login_state') == self::LOGIN_STATE_ERROR)
{ {
$_SESSION['login_state'] = self::LOGIN_STATE_START; Session::Set('login_state', self::LOGIN_STATE_START);
} }
$sLoginState = $_SESSION['login_state']; $sLoginState = Session::Get('login_state');
$sSessionLog = ''; $sSessionLog = '';
if ($bLoginDebug) if ($bLoginDebug)
@@ -500,7 +504,7 @@ class LoginWebPage extends NiceWebPage
// Every plugin has nothing else to do in this state, go forward // Every plugin has nothing else to do in this state, go forward
$sLoginState = self::AdvanceLoginFSMState($sLoginState); $sLoginState = self::AdvanceLoginFSMState($sLoginState);
$_SESSION['login_state'] = $sLoginState; Session::Set('login_state', $sLoginState);
} }
catch (Exception $e) catch (Exception $e)
{ {
@@ -526,7 +530,7 @@ class LoginWebPage extends NiceWebPage
if ($bFilterWithMode) if ($bFilterWithMode)
{ {
$sCurrentLoginMode = isset($_SESSION['login_mode']) ? $_SESSION['login_mode'] : ''; $sCurrentLoginMode = Session::Get('login_mode', '');
} }
else else
{ {
@@ -665,8 +669,10 @@ class LoginWebPage extends NiceWebPage
$oLog->DBInsertNoReload(); $oLog->DBInsertNoReload();
} }
$_SESSION['auth_user'] = $sAuthUser; Session::Start();
$_SESSION['login_mode'] = $sLoginMode; Session::Set('auth_user', $sAuthUser);
Session::Set('login_mode', $sLoginMode);
Session::WriteClose();
UserRights::_InitSessionCache(); UserRights::_InitSessionCache();
} }
@@ -681,10 +687,10 @@ class LoginWebPage extends NiceWebPage
*/ */
public static function CheckLoggedUser(&$iErrorCode) public static function CheckLoggedUser(&$iErrorCode)
{ {
if (isset($_SESSION['auth_user'])) if (Session::IsSet('auth_user'))
{ {
// Already authenticated // Already authenticated
$bRet = UserRights::Login($_SESSION['auth_user']); // Login & set the user's language $bRet = UserRights::Login(Session::Get('auth_user')); // Login & set the user's language
if ($bRet) if ($bRet)
{ {
$iErrorCode = self::EXIT_CODE_OK; $iErrorCode = self::EXIT_CODE_OK;
@@ -712,11 +718,11 @@ class LoginWebPage extends NiceWebPage
public static function SetLoginModeAndReload($sNewLoginMode) public static function SetLoginModeAndReload($sNewLoginMode)
{ {
if (isset($_SESSION['login_mode']) && ($_SESSION['login_mode'] == $sNewLoginMode)) if (Session::Get('login_mode') == $sNewLoginMode)
{ {
return; return;
} }
$_SESSION['login_mode'] = $sNewLoginMode; Session::Set('login_mode', $sNewLoginMode);
self::HTTPReload(); self::HTTPReload();
} }
@@ -829,9 +835,9 @@ class LoginWebPage extends NiceWebPage
{ {
CMDBObject::SetTrackOrigin('custom-extension'); CMDBObject::SetTrackOrigin('custom-extension');
$sInfo = 'External User provisioning'; $sInfo = 'External User provisioning';
if (isset($_SESSION['login_mode'])) if (Session::IsSet('login_mode'))
{ {
$sInfo .= " ({$_SESSION['login_mode']})"; $sInfo .= " (".Session::Get('login_mode').")";
} }
CMDBObject::SetTrackInfo($sInfo); CMDBObject::SetTrackInfo($sInfo);
@@ -883,9 +889,9 @@ class LoginWebPage extends NiceWebPage
{ {
CMDBObject::SetTrackOrigin('custom-extension'); CMDBObject::SetTrackOrigin('custom-extension');
$sInfo = 'External User provisioning'; $sInfo = 'External User provisioning';
if (isset($_SESSION['login_mode'])) if (Session::IsSet('login_mode'))
{ {
$sInfo .= " ({$_SESSION['login_mode']})"; $sInfo .= " (".Session::Get('login_mode').")";
} }
CMDBObject::SetTrackInfo($sInfo); CMDBObject::SetTrackInfo($sInfo);
@@ -924,9 +930,9 @@ class LoginWebPage extends NiceWebPage
// Now synchronize the profiles // Now synchronize the profiles
$sOrigin = 'External User provisioning'; $sOrigin = 'External User provisioning';
if (isset($_SESSION['login_mode'])) if (Session::IsSet('login_mode'))
{ {
$sOrigin .= " ({$_SESSION['login_mode']})"; $sOrigin .= " (".Session::Get('login_mode').")";
} }
$aExistingProfiles = self::SynchronizeProfiles($oUser, $aProfiles, $sOrigin); $aExistingProfiles = self::SynchronizeProfiles($oUser, $aProfiles, $sOrigin);
if ($oUser->IsModified()) if ($oUser->IsModified())
@@ -1091,11 +1097,11 @@ class LoginWebPage extends NiceWebPage
} }
else if ($operation == 'change_pwd') else if ($operation == 'change_pwd')
{ {
if (isset($_SESSION['auth_user'])) if (Session::IsSet('auth_user'))
{ {
$sAuthUser = $_SESSION['auth_user']; $sAuthUser = Session::Get('auth_user');
$sIssue = $_SESSION['pwd_issue'] ?? null; $sIssue = Session::Get('pwd_issue');
unset($_SESSION['pwd_issue']); Session::Unset('pwd_issue');
$bFailedLogin = ($sIssue != null); // Force the "failed login" flag to display the "issue" message $bFailedLogin = ($sIssue != null); // Force the "failed login" flag to display the "issue" message
UserRights::Login($sAuthUser); // Set the user's language UserRights::Login($sAuthUser); // Set the user's language
@@ -1107,7 +1113,7 @@ class LoginWebPage extends NiceWebPage
} }
else if ($operation == 'check_pwd_policy') else if ($operation == 'check_pwd_policy')
{ {
$sAuthUser = $_SESSION['auth_user']; $sAuthUser = Session::Get('auth_user');
UserRights::Login($sAuthUser); // Set the user's language UserRights::Login($sAuthUser); // Set the user's language
$aPwdMap = array(); $aPwdMap = array();
@@ -1125,9 +1131,9 @@ class LoginWebPage extends NiceWebPage
} }
if ($operation == 'do_change_pwd') if ($operation == 'do_change_pwd')
{ {
if (isset($_SESSION['auth_user'])) if (Session::IsSet('auth_user'))
{ {
$sAuthUser = $_SESSION['auth_user']; $sAuthUser = Session::Get('auth_user');
UserRights::Login($sAuthUser); // Set the user's language UserRights::Login($sAuthUser); // Set the user's language
$sOldPwd = utils::ReadPostedParam('old_pwd', '', 'raw_data'); $sOldPwd = utils::ReadPostedParam('old_pwd', '', 'raw_data');
$sNewPwd = utils::ReadPostedParam('new_pwd', '', 'raw_data'); $sNewPwd = utils::ReadPostedParam('new_pwd', '', 'raw_data');

10
application/startup.inc.php
View File

@@ -74,9 +74,9 @@ Session::WriteClose();
$sSwitchEnv = utils::ReadParam('switch_env', null); $sSwitchEnv = utils::ReadParam('switch_env', null);
$bAllowCache = true; $bAllowCache = true;
if (($sSwitchEnv != null) && (file_exists(APPCONF.$sSwitchEnv.'/'.ITOP_CONFIG_FILE)) && isset($_SESSION['itop_env']) && ($_SESSION['itop_env'] !== $sSwitchEnv)) if (($sSwitchEnv != null) && file_exists(APPCONF.$sSwitchEnv.'/'.ITOP_CONFIG_FILE) &&( Session::Get('itop_env') !== $sSwitchEnv))
{ {
$_SESSION['itop_env'] = $sSwitchEnv; Session::Set('itop_env', $sSwitchEnv);
$sEnv = $sSwitchEnv; $sEnv = $sSwitchEnv;
$bAllowCache = false; $bAllowCache = false;
// Reset the opcache since otherwise the PHP "model" files may still be cached !! // Reset the opcache since otherwise the PHP "model" files may still be cached !!
@@ -92,14 +92,14 @@ if (($sSwitchEnv != null) && (file_exists(APPCONF.$sSwitchEnv.'/'.ITOP_CONFIG_FI
} }
// TODO: reset the credentials as well ?? // TODO: reset the credentials as well ??
} }
else if (isset($_SESSION['itop_env'])) else if (Session::IsSet('itop_env'))
{ {
$sEnv = $_SESSION['itop_env']; $sEnv = Session::Get('itop_env');
} }
else else
{ {
$sEnv = ITOP_DEFAULT_ENV; $sEnv = ITOP_DEFAULT_ENV;
$_SESSION['itop_env'] = ITOP_DEFAULT_ENV; Session::Set('itop_env', ITOP_DEFAULT_ENV);
} }
$sConfigFile = APPCONF.$sEnv.'/'.ITOP_CONFIG_FILE; $sConfigFile = APPCONF.$sEnv.'/'.ITOP_CONFIG_FILE;
MetaModel::Startup($sConfigFile, false /* $bModelOnly */, $bAllowCache, false /* $bTraceSourceFiles */, $sEnv); MetaModel::Startup($sConfigFile, false /* $bModelOnly */, $bAllowCache, false /* $bTraceSourceFiles */, $sEnv);

3
application/transaction.class.inc.php
View File

@@ -101,7 +101,8 @@ class privUITransaction
/** /**
* The original (and by default) mechanism for storing transaction information * The original (and by default) mechanism for storing transaction information
* as an array in the $_SESSION variable * as an array in the _SESSION variable
* @see Session
* *
*/ */
class privUITransactionSession class privUITransactionSession

4
application/utils.inc.php
View File

@@ -250,7 +250,7 @@ class utils
} }
// Read and record the value for switching the archive mode // Read and record the value for switching the archive mode
$iCurrent = self::ReadParam('with-archive', $iDefault); $iCurrent = self::ReadParam('with-archive', $iDefault);
if (isset($_SESSION)) if (Session::IsInitialized())
{ {
Session::Set('archive_mode', $iCurrent); Session::Set('archive_mode', $iCurrent);
} }
@@ -1220,7 +1220,7 @@ class utils
*/ */
public static function GetSessionLog() public static function GetSessionLog()
{ {
return print_r($_SESSION, true); return Session::GetLog();
} }
static function DebugBacktrace($iLimit = 5) static function DebugBacktrace($iLimit = 5)

2
core/userrights.class.inc.php
View File

@@ -1905,8 +1905,10 @@ class UserRights
public static function _ResetSessionCache() public static function _ResetSessionCache()
{ {
Session::Start();
Session::Unset('profile_list'); Session::Unset('profile_list');
Session::Unset('archive_allowed'); Session::Unset('archive_allowed');
Session::WriteClose();
} }
/** /**

41
datamodels/2.x/authent-cas/src/CASLoginExtension.php
View File

@@ -9,6 +9,7 @@ namespace Combodo\iTop\Cas;
use AbstractLoginFSMExtension; use AbstractLoginFSMExtension;
use CMDBObject; use CMDBObject;
use Combodo\iTop\Application\Helper\Session;
use DBObjectSearch; use DBObjectSearch;
use DBObjectSet; use DBObjectSet;
use Dict; use Dict;
@@ -40,52 +41,54 @@ class CASLoginExtension extends AbstractLoginFSMExtension implements iLogoutExte
protected function OnStart(&$iErrorCode) protected function OnStart(&$iErrorCode)
{ {
unset($_SESSION['phpCAS']); Session::Unset('phpCAS');
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
} }
protected function OnReadCredentials(&$iErrorCode) protected function OnReadCredentials(&$iErrorCode)
{ {
if (!isset($_SESSION['login_mode']) || ($_SESSION['login_mode'] == 'cas')) if (Session::Get('login_mode') == 'cas')
{ {
Session::Start();
static::InitCASClient(); static::InitCASClient();
if (phpCAS::isAuthenticated()) if (phpCAS::isAuthenticated())
{ {
$_SESSION['login_mode'] = 'cas'; Session::Set('login_mode', 'cas');
$_SESSION['auth_user'] = phpCAS::getUser(); Session::Set('auth_user', phpCAS::getUser());
unset($_SESSION['login_will_redirect']); Session::Unset('login_will_redirect');
} }
else else
{ {
if (!isset($_SESSION['login_will_redirect'])) if (!Session::IsSet('login_will_redirect'))
{ {
$_SESSION['login_will_redirect'] = true; Session::Set('login_will_redirect', true);
} }
else else
{ {
unset($_SESSION['login_will_redirect']); Session::Unset('login_will_redirect');
$iErrorCode = LoginWebPage::EXIT_CODE_MISSINGLOGIN; $iErrorCode = LoginWebPage::EXIT_CODE_MISSINGLOGIN;
return LoginWebPage::LOGIN_FSM_ERROR; return LoginWebPage::LOGIN_FSM_ERROR;
} }
$_SESSION['login_mode'] = 'cas'; Session::Set('login_mode', 'cas');
phpCAS::forceAuthentication(); // Redirect to CAS and exit phpCAS::forceAuthentication(); // Redirect to CAS and exit
} }
Session::WriteClose();
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
} }
protected function OnCheckCredentials(&$iErrorCode) protected function OnCheckCredentials(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'cas') if (Session::Get('login_mode') == 'cas')
{ {
if (!isset($_SESSION['auth_user'])) if (!Session::IsSet('auth_user'))
{ {
$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
return LoginWebPage::LOGIN_FSM_ERROR; return LoginWebPage::LOGIN_FSM_ERROR;
} }
if (Config::Get('cas_user_synchro' )) if (Config::Get('cas_user_synchro' ))
{ {
self::DoUserProvisioning($_SESSION['auth_user']); self::DoUserProvisioning(Session::Get('auth_user'));
} }
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
@@ -93,24 +96,24 @@ class CASLoginExtension extends AbstractLoginFSMExtension implements iLogoutExte
protected function OnCredentialsOK(&$iErrorCode) protected function OnCredentialsOK(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'cas') if (Session::Get('login_mode') == 'cas')
{ {
$sAuthUser = $_SESSION['auth_user']; $sAuthUser = Session::Get('auth_user');
if (!LoginWebPage::CheckUser($sAuthUser)) if (!LoginWebPage::CheckUser($sAuthUser))
{ {
$iErrorCode = LoginWebPage::EXIT_CODE_NOTAUTHORIZED; $iErrorCode = LoginWebPage::EXIT_CODE_NOTAUTHORIZED;
return LoginWebPage::LOGIN_FSM_ERROR; return LoginWebPage::LOGIN_FSM_ERROR;
} }
LoginWebPage::OnLoginSuccess($sAuthUser, 'external', $_SESSION['login_mode']); LoginWebPage::OnLoginSuccess($sAuthUser, 'external', Session::Get('login_mode'));
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
} }
protected function OnError(&$iErrorCode) protected function OnError(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'cas') if (Session::Get('login_mode') == 'cas')
{ {
unset($_SESSION['phpCAS']); Session::Unset('phpCAS');
if ($iErrorCode != LoginWebPage::EXIT_CODE_MISSINGLOGIN) if ($iErrorCode != LoginWebPage::EXIT_CODE_MISSINGLOGIN)
{ {
$oLoginWebPage = new LoginWebPage(); $oLoginWebPage = new LoginWebPage();
@@ -123,9 +126,9 @@ class CASLoginExtension extends AbstractLoginFSMExtension implements iLogoutExte
protected function OnConnected(&$iErrorCode) protected function OnConnected(&$iErrorCode)
{ {
if ($_SESSION['login_mode'] == 'cas') if (Session::Get('login_mode') == 'cas')
{ {
$_SESSION['can_logoff'] = true; Session::Set('can_logoff', true);
return LoginWebPage::CheckLoggedUser($iErrorCode); return LoginWebPage::CheckLoggedUser($iErrorCode);
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;

2
datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS.php vendored
View File

@@ -1174,7 +1174,7 @@ class phpCAS
} }
/** /**
* Checks whether authenticated based on $_SESSION. Useful to avoid * Checks whether authenticated based on _SESSION. Useful to avoid
* server calls. * server calls.
* *
* @return bool true if authenticated, false otherwise. * @return bool true if authenticated, false otherwise.

9
pages/ajax.render.php
View File

@@ -4,6 +4,7 @@
* @license http://opensource.org/licenses/AGPL-3.0 * @license http://opensource.org/licenses/AGPL-3.0
*/ */
use Combodo\iTop\Application\Helper\Session;
use Combodo\iTop\Application\TwigBase\Twig\TwigHelper; use Combodo\iTop\Application\TwigBase\Twig\TwigHelper;
use Combodo\iTop\Application\UI\Base\Component\Html\Html; use Combodo\iTop\Application\UI\Base\Component\Html\Html;
use Combodo\iTop\Application\UI\Base\Component\Title\TitleUIBlockFactory; use Combodo\iTop\Application\UI\Base\Component\Title\TitleUIBlockFactory;
@@ -181,7 +182,7 @@ try
} }
$oWidget = new UILinksWidget($sClass, $sAttCode, $iInputId, $sSuffix, $bDuplicates); $oWidget = new UILinksWidget($sClass, $sAttCode, $iInputId, $sSuffix, $bDuplicates);
$oAppContext = new ApplicationContext(); $oAppContext = new ApplicationContext();
$aPrefillFormParam = array( 'user' => $_SESSION["auth_user"], $aPrefillFormParam = array( 'user' => Session::Get("auth_user"),
'context' => $oAppContext->GetAsHash(), 'context' => $oAppContext->GetAsHash(),
'att_code' => $sAttCode, 'att_code' => $sAttCode,
'origin' => 'console', 'origin' => 'console',
@@ -261,7 +262,7 @@ try
$iCurrObjectId = utils::ReadParam('iObjId', 0); $iCurrObjectId = utils::ReadParam('iObjId', 0);
$oPage->SetContentType('text/html'); $oPage->SetContentType('text/html');
$oAppContext = new ApplicationContext(); $oAppContext = new ApplicationContext();
$aPrefillFormParam = array( 'user' => $_SESSION["auth_user"], $aPrefillFormParam = array( 'user' => Session::Get('auth_user'),
'context' => $oAppContext->GetAsHash(), 'context' => $oAppContext->GetAsHash(),
'att_code' => $sAttCode, 'att_code' => $sAttCode,
'origin' => 'console', 'origin' => 'console',
@@ -290,7 +291,7 @@ try
$oObj = $oWizardHelper->GetTargetObject(); $oObj = $oWizardHelper->GetTargetObject();
} }
$oAppContext = new ApplicationContext(); $oAppContext = new ApplicationContext();
$aPrefillFormParam = array( 'user' => $_SESSION["auth_user"], $aPrefillFormParam = array( 'user' => Session::Get('auth_user'),
'context' => $oAppContext->GetAsHash(), 'context' => $oAppContext->GetAsHash(),
'att_code' => $sAttCode, 'att_code' => $sAttCode,
'origin' => 'console', 'origin' => 'console',
@@ -441,7 +442,7 @@ try
$oWizardHelper = WizardHelper::FromJSON($sJson); $oWizardHelper = WizardHelper::FromJSON($sJson);
$oObj = $oWizardHelper->GetTargetObject(); $oObj = $oWizardHelper->GetTargetObject();
$oAppContext = new ApplicationContext(); $oAppContext = new ApplicationContext();
$aPrefillFormParam = array( 'user' => $_SESSION["auth_user"], $aPrefillFormParam = array( 'user' => Session::Get('auth_user'),
'context' => $oAppContext->GetAsHash(), 'context' => $oAppContext->GetAsHash(),
'att_code' => $sAttCode, 'att_code' => $sAttCode,
'source_obj' => $oObj, 'source_obj' => $oObj,

6
pages/logoff.php
View File

@@ -17,6 +17,8 @@
* You should have received a copy of the GNU Affero General Public License * You should have received a copy of the GNU Affero General Public License
*/ */
use Combodo\iTop\Application\Helper\Session;
require_once('../approot.inc.php'); require_once('../approot.inc.php');
require_once(APPROOT.'/application/application.inc.php'); require_once(APPROOT.'/application/application.inc.php');
require_once(APPROOT.'/application/wizardhelper.class.inc.php'); require_once(APPROOT.'/application/wizardhelper.class.inc.php');
@@ -41,9 +43,9 @@ if ($operation == 'do_logoff')
exit; exit;
} }
if (isset($_SESSION['auth_user'])) if (Session::IsSet('auth_user'))
{ {
$sAuthUser = $_SESSION['auth_user']; $sAuthUser = Session::Get('auth_user');
UserRights::Login($sAuthUser); // Set the user's language UserRights::Login($sAuthUser); // Set the user's language
} }

20
sources/application/Helper/Session.php
View File

@@ -19,10 +19,12 @@ use ExecutionKPI;
class Session class Session
{ {
public static $iSessionId = null; public static $iSessionId = null;
public static $bSessionStarted = false; protected static $bIsInitialized = false;
protected static $bSessionStarted = false;
public static function Start() public static function Start()
{ {
self::$bIsInitialized = true;
if (!self::$bSessionStarted) { if (!self::$bSessionStarted) {
$oKPI = new ExecutionKPI(); $oKPI = new ExecutionKPI();
session_name('itop-'.md5(APPROOT)); session_name('itop-'.md5(APPROOT));
@@ -140,6 +142,7 @@ class Session
} else { } else {
$sSessionVar = &$sSessionVar[$key]; $sSessionVar = &$sSessionVar[$key];
} }
return isset($sSessionVar); return isset($sSessionVar);
} }
@@ -148,4 +151,19 @@ class Session
return array_keys($_SESSION); return array_keys($_SESSION);
} }
/**
* @return bool
*/
public static function IsInitialized(): bool
{
return self::$bIsInitialized;
}
/**
* @return bool|string
*/
public static function GetLog()
{
return print_r($_SESSION, true);
}
} }