From ebc238a3ce7a4d010b3aebe766fe197880fb3bc4 Mon Sep 17 00:00:00 2001
From: jf-cbd <jimmy.fayolle@combodo.com>
Date: Tue, 10 Mar 2026 12:11:42 +0100
Subject: [PATCH] Do not require startup when not necessary + refacto

---
 pages/exec.php                                | 23 +++++++++----------
 ...nticationEndpointsListAndAdminRequired.php |  5 ++++
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/pages/exec.php b/pages/exec.php
index e81ab6b15..05b3e7c8f 100644
--- a/pages/exec.php
+++ b/pages/exec.php
@@ -100,32 +100,31 @@ if ($sTargetPage === false) {
 // check module white list
 // check conf param
 // force login if needed
-require_once(APPROOT.'/application/startup.inc.php');
 
-$aModuleDelegatedAuthenticationEndpoints = GetModuleDelegatedAuthenticationEndpoints($sModule);
-if (is_null($aModuleDelegatedAuthenticationEndpoints)) {
-	$bForceLoginWhenNoDelegatedAuthenticationEndpoints = MetaModel::GetConfig()->Get('security.force_login_when_no_delegated_authentication_endpoints_list');
+$aModuleDelegatedAuthenticationEndpointsList = GetModuleDelegatedAuthenticationEndpoints($sModule);
+if (is_null($aModuleDelegatedAuthenticationEndpointsList)) {
+	$bForceLoginWhenNoDelegatedAuthenticationEndpoints = utils::GetConfig()->Get('security.force_login_when_no_delegated_authentication_endpoints_list');
 	if ($bForceLoginWhenNoDelegatedAuthenticationEndpoints) {
+		require_once(APPROOT.'/application/startup.inc.php');
 		LoginWebPage::DoLoginEx();
 	}
 }
-if (is_null($aModuleDelegatedAuthenticationEndpoints) && !MetaModel::GetConfig()->Get('security.force_login_when_no_delegated_authentication_endpoints_list')) {
-	// check if user is not logged in, if not log a warning in the log file as the page is executed without login, which is not recommended for security reason
-	if (is_null(UserRights::GetUserId())) {
-		IssueLog::Warning("The page '$sPage' is executed without login. In the future, this call will be blocked, and will likely cause unwanted behavior in the module '$sModule'. \n Please define a delegated authentication endpoints for the module as described in https://www.itophub.io/wiki/page?id=latest:customization:new_extension#security.");
-	}
-}
-if (is_array($aModuleDelegatedAuthenticationEndpoints) && !in_array($sPage, $aModuleDelegatedAuthenticationEndpoints)) {
+if (is_array($aModuleDelegatedAuthenticationEndpointsList) && !in_array($sPage, $aModuleDelegatedAuthenticationEndpointsList)) {
 	// if module defined a delegated authentication endpoints but not for the current page, we consider that the page is not allowed to be executed without login
+	require_once(APPROOT.'/application/startup.inc.php');
 	LoginWebPage::DoLoginEx();
 }
+if (is_null($aModuleDelegatedAuthenticationEndpointsList) && !UserRights::IsLoggedIn()) {
+	// check if user is not logged in, if not log a warning in the log file as the page is executed without login, which is not recommended for security reason
+	IssueLog::Warning("The page '$sPage' is executed without login. In the future, this call will be blocked, and will likely cause unwanted behavior in the module '$sModule'. \n Please define a delegated authentication endpoints for the module as described in https://www.itophub.io/wiki/page?id=latest:customization:new_extension#security.");
+}
 
 require_once($sTargetPage);
 
 function GetModuleDelegatedAuthenticationEndpoints(string $sModuleName): ?array
 {
 	$sModuleFile =  utils::GetAbsoluteModulePath($sModuleName).'/module.'.$sModuleName.'.php';
-
+	require_once APPROOT.'setup/extensionsmap.class.inc.php';
 	$oExtensionMap = new iTopExtensionsMap();
 	$aModuleParam = $oExtensionMap->GetModuleInfo($sModuleFile)[2];
 	return $aModuleParam['delegated_authentication_endpoints'] ?? null;
diff --git a/tests/php-unit-tests/integration-tests/login-tests/extension-with-delegated-authentication-endpoints-list/src/Controller/FileInDelegatedAuthenticationEndpointsListAndAdminRequired.php b/tests/php-unit-tests/integration-tests/login-tests/extension-with-delegated-authentication-endpoints-list/src/Controller/FileInDelegatedAuthenticationEndpointsListAndAdminRequired.php
index 9ad77ae09..b054bdd00 100644
--- a/tests/php-unit-tests/integration-tests/login-tests/extension-with-delegated-authentication-endpoints-list/src/Controller/FileInDelegatedAuthenticationEndpointsListAndAdminRequired.php
+++ b/tests/php-unit-tests/integration-tests/login-tests/extension-with-delegated-authentication-endpoints-list/src/Controller/FileInDelegatedAuthenticationEndpointsListAndAdminRequired.php
@@ -1,5 +1,10 @@
 <?php
 
+if (UserRights::IsLoggedIn()) {
+	throw new Exception("User should not be authenticated at this point");
+}
+require_once(APPROOT.'/application/startup.inc.php');
+
 LoginWebPage::DoLogin(true);
 
 echo 'Yo !';