Skip to content

Commit

Permalink
Merge pull request #6627 from ChurchCRM/fixes
Browse files Browse the repository at this point in the history 
attempt to fix potentially-undefined fn apache_get_modules, only allow upgrade when logged in, fix kiosk routes, misc minor cleanup
  • Loading branch information
@DawoudIO
DawoudIO authored Nov 6, 2023
2 parents c414849 + f68e4b5 commit 39fafec
Show file tree
Hide file tree
Showing 7 changed files with 167 additions and 146 deletions.
59 changes: 38 additions & 21 deletions src/ChurchCRM/Authentication/AuthenticationManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ public static function getAuthenticationProvider()
) {
return $_SESSION['AuthenticationProvider'];
} else {
throw new \Exception("No active authentication provider");
throw new \Exception('No active authentication provider');
}
}

Expand All @@ -41,7 +41,7 @@ public static function getCurrentUser(): User
try {
$currentUser = self::getAuthenticationProvider()->getCurrentUser();
if (empty($currentUser)) {
throw new \Exception("No current user provided by current authentication provider: " . get_class(self::getAuthenticationProvider()));
throw new \Exception('No current user provided by current authentication provider: ' . get_class(self::getAuthenticationProvider()));
}
return $currentUser;
} catch (\Exception $e) {
Expand All @@ -53,27 +53,34 @@ public static function getCurrentUser(): User
public static function endSession($preventRedirect = false)
{
$logger = LoggerUtils::getAuthLogger();
$currentSessionUserName = "Unknown";
$currentSessionUserName = 'Unknown';
try {
if (self::getCurrentUser() != null) {
if (self::getCurrentUser() !== null) {
$currentSessionUserName = self::getCurrentUser()->getName();
}
} catch (\Exception $e) {
//unable to get name of user logging out. Don't really care.
//unable to get name of user logging out. Don't really care.
}
$logCtx = ['username' => $currentSessionUserName];

try {
$result = self::getAuthenticationProvider()->endSession();
$_COOKIE = [];
$_SESSION = [];
session_destroy();
Bootstrapper::initSession();
$logger->info("Ended Local session for user " . $currentSessionUserName);
$logger->info(
'Ended Local session for user',
$logCtx
);
} catch (\Exception $e) {
$logger->warning('Error destroying session', ['exception' => $e]);
$logger->warning(
'Error destroying session',
array_merge($logCtx, ['exception' => $e])
);
} finally {
if (!$preventRedirect) {
RedirectUtils::redirect(self::getSessionBeginURL());
RedirectUtils::redirect(self::getSessionBeginURL());
}
}
}
Expand All @@ -94,37 +101,40 @@ public static function authenticate(AuthenticationRequest $AuthenticationRequest
try {
self::getAuthenticationProvider();
} catch (\Exception $e) {
$logger->warning("Tried to supply two factor authentication code, but didn't have an existing session. This shouldn't ever happen", ['exception' => $e]);
$logger->warning(
"Tried to supply two factor authentication code, but didn't have an existing session. This shouldn't ever happen",
['exception' => $e]
);
}
break;
default:
$logger->critical("Unknown AuthenticationRequest type supplied");
$logger->critical('Unknown AuthenticationRequest type supplied', ['providedAuthenticationRequestClass' => get_class($AuthenticationRequest)]);
break;
}

$result = self::getAuthenticationProvider()->authenticate($AuthenticationRequest);

if (null !== $result->nextStepURL) {
$logger->debug("Authentication requires additional step: " . $result->nextStepURL);
$logger->debug('Authentication requires additional step: ' . $result->nextStepURL);
RedirectUtils::redirect($result->nextStepURL);
}

if ($result->isAuthenticated && ! $result->preventRedirect) {
$redirectLocation = array_key_exists("location", $_SESSION) ? $_SESSION['location'] : 'Menu.php';
$redirectLocation = array_key_exists('location', $_SESSION) ? $_SESSION['location'] : 'Menu.php';
NotificationService::updateNotifications();
$logger->debug("Authentication Successful; redirecting to: " . $redirectLocation);
$logger->debug('Authentication Successful; redirecting to: ' . $redirectLocation);
RedirectUtils::redirect($redirectLocation);
}
return $result;
}

public static function validateUserSessionIsActive($updateLastOperationTimestamp = true)
public static function validateUserSessionIsActive(bool $updateLastOperationTimestamp = true): bool
{
try {
$result = self::getAuthenticationProvider()->validateUserSessionIsActive($updateLastOperationTimestamp);
return $result->isAuthenticated;
} catch (\Exception $error) {
LoggerUtils::getAuthLogger()->debug("Error determining session authentication status.", ['exception' => $error]);
LoggerUtils::getAuthLogger()->debug('Error determining session authentication status.', ['exception' => $error]);
return false;
}
}
Expand All @@ -141,22 +151,29 @@ public static function ensureAuthentication()
// Sometimes other actions may require a `nextStepURL` that should be enforced with
// an authentication request (2FA, Expired Password, etc).
if (!$result->isAuthenticated) {
LoggerUtils::getAuthLogger()->debug("Session not authenticated. Redirecting to login page");
LoggerUtils::getAuthLogger()->debug(
'Session not authenticated. Redirecting to login page'
);
RedirectUtils::redirect(self::getSessionBeginURL());
} elseif (null !== $result->nextStepURL) {
LoggerUtils::getAuthLogger()->debug("Session authenticated, but redirect requested by authentication provider.");
LoggerUtils::getAuthLogger()->debug(
'Session authenticated, but redirect requested by authentication provider.'
);
RedirectUtils::redirect($result->nextStepURL);
}
LoggerUtils::getAuthLogger()->debug("Session valid");
LoggerUtils::getAuthLogger()->debug('Session valid');
} catch (\Throwable $error) {
LoggerUtils::getAuthLogger()->debug("Error determining session authentication status. Redirecting to login page.", ['exception' => $error]);
LoggerUtils::getAuthLogger()->debug(
'Error determining session authentication status. Redirecting to login page.',
['exception' => $error]
);
RedirectUtils::redirect(self::getSessionBeginURL());
}
}

public static function getSessionBeginURL()
{
return SystemURLs::getRootPath() . "/session/begin";
return SystemURLs::getRootPath() . '/session/begin';
}

public static function getForgotPasswordURL()
Expand All @@ -166,7 +183,7 @@ public static function getForgotPasswordURL()
// this URL will need to be configuable by the system administrator
// since they likely will not want users attempting to reset ChurchCRM passwords
// but rather redirect users to some other password reset mechanism.
return SystemURLs::getRootPath() . "/session/forgot-password/reset-request";
return SystemURLs::getRootPath() . '/session/forgot-password/reset-request';
}
}
}
4 changes: 2 additions & 2 deletions src/ChurchCRM/Authentication/AuthenticationProviders/APITokenAuthentication.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public function getCurrentUser()
public function authenticate(AuthenticationRequest $AuthenticationRequest)
{
if (! $AuthenticationRequest instanceof APITokenAuthenticationRequest) {
throw new \Exception("Unable to process request as APITokenAuthenticationRequest");
throw new \Exception('Unable to process request as APITokenAuthenticationRequest');
}
$authenticationResult = new AuthenticationResult();
$authenticationResult->isAuthenticated = false;
Expand All @@ -40,7 +40,7 @@ public function authenticate(AuthenticationRequest $AuthenticationRequest)
return $authenticationResult;
}

public function validateUserSessionIsActive($updateLastOperationTimestamp): AuthenticationResult
public function validateUserSessionIsActive(bool $updateLastOperationTimestamp): AuthenticationResult
{
// APITokens are sessionless, so just always say false.
$authenticationResult = new AuthenticationResult();
Expand Down
Loading

0 comments on commit 39fafec

Please sign in to comment.