From 4a90394c38a2ad04ca3a6e4078a75e2a7d6f9245 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Tue, 24 Oct 2023 19:44:53 -0400 Subject: [PATCH 1/2] Remove DI and superglobals dependency from two-factor settings modules --- src/Module/Settings/TwoFactor/AppSpecific.php | 49 ++++---- src/Module/Settings/TwoFactor/Index.php | 112 +++++++++++------- src/Module/Settings/TwoFactor/Recovery.php | 33 +++--- src/Module/Settings/TwoFactor/Trusted.php | 31 ++--- src/Module/Settings/TwoFactor/Verify.php | 37 +++--- 5 files changed, 147 insertions(+), 115 deletions(-) diff --git a/src/Module/Settings/TwoFactor/AppSpecific.php b/src/Module/Settings/TwoFactor/AppSpecific.php index 0d76e0466..c3653d5fd 100644 --- a/src/Module/Settings/TwoFactor/AppSpecific.php +++ b/src/Module/Settings/TwoFactor/AppSpecific.php @@ -26,11 +26,11 @@ use Friendica\Core\L10n; use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues; use Friendica\Core\Renderer; use Friendica\Core\Session\Capability\IHandleUserSessions; -use Friendica\DI; -use Friendica\Module\Response; -use Friendica\Security\TwoFactor\Model\AppSpecificPassword; use Friendica\Module\BaseSettings; +use Friendica\Module\Response; use Friendica\Module\Security\Login; +use Friendica\Navigation\SystemMessages; +use Friendica\Security\TwoFactor\Model\AppSpecificPassword; use Friendica\Util\Profiler; use Psr\Log\LoggerInterface; @@ -45,66 +45,69 @@ class AppSpecific extends BaseSettings /** @var IManagePersonalConfigValues */ protected $pConfig; + /** @var SystemMessages */ + protected $systemMessages; - public function __construct(IManagePersonalConfigValues $pConfig, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = []) + public function __construct(SystemMessages $systemMessages, IManagePersonalConfigValues $pConfig, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = []) { parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters); $this->pConfig = $pConfig; + $this->systemMessages = $systemMessages; - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return; } - $verified = $this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'verified'); + $verified = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'verified'); if (!$verified) { $this->baseUrl->redirect('settings/2fa'); } if (!self::checkFormSecurityToken('settings_2fa_password', 't')) { - DI::sysmsg()->addNotice($this->t('Please enter your password to access this page.')); + $this->systemMessages->addNotice($this->t('Please enter your password to access this page.')); $this->baseUrl->redirect('settings/2fa'); } } protected function post(array $request = []) { - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return; } - if (!empty($_POST['action'])) { + if (!empty($request['action'])) { self::checkFormSecurityTokenRedirectOnError('settings/2fa/app_specific', 'settings_2fa_app_specific'); - switch ($_POST['action']) { + switch ($request['action']) { case 'generate': - $description = $_POST['description'] ?? ''; + $description = $request['description'] ?? ''; if (empty($description)) { - DI::sysmsg()->addNotice($this->t('App-specific password generation failed: The description is empty.')); + $this->systemMessages->addNotice($this->t('App-specific password generation failed: The description is empty.')); $this->baseUrl->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password')); - } elseif (AppSpecificPassword::checkDuplicateForUser(DI::userSession()->getLocalUserId(), $description)) { - DI::sysmsg()->addNotice($this->t('App-specific password generation failed: This description already exists.')); + } elseif (AppSpecificPassword::checkDuplicateForUser($this->session->getLocalUserId(), $description)) { + $this->systemMessages->addNotice($this->t('App-specific password generation failed: This description already exists.')); $this->baseUrl->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password')); } else { - $this->appSpecificPassword = AppSpecificPassword::generateForUser(DI::userSession()->getLocalUserId(), $_POST['description'] ?? ''); - DI::sysmsg()->addInfo($this->t('New app-specific password generated.')); + $this->appSpecificPassword = AppSpecificPassword::generateForUser($this->session->getLocalUserId(), $request['description'] ?? ''); + $this->systemMessages->addInfo($this->t('New app-specific password generated.')); } break; case 'revoke_all' : - AppSpecificPassword::deleteAllForUser(DI::userSession()->getLocalUserId()); - DI::sysmsg()->addInfo($this->t('App-specific passwords successfully revoked.')); + AppSpecificPassword::deleteAllForUser($this->session->getLocalUserId()); + $this->systemMessages->addInfo($this->t('App-specific passwords successfully revoked.')); $this->baseUrl->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password')); break; } } - if (!empty($_POST['revoke_id'])) { + if (!empty($request['revoke_id'])) { self::checkFormSecurityTokenRedirectOnError('settings/2fa/app_specific', 'settings_2fa_app_specific'); - if (AppSpecificPassword::deleteForUser(DI::userSession()->getLocalUserId(), $_POST['revoke_id'])) { - DI::sysmsg()->addInfo($this->t('App-specific password successfully revoked.')); + if (AppSpecificPassword::deleteForUser($this->session->getLocalUserId(), $request['revoke_id'])) { + $this->systemMessages->addInfo($this->t('App-specific password successfully revoked.')); } $this->baseUrl->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password')); @@ -113,13 +116,13 @@ class AppSpecific extends BaseSettings protected function content(array $request = []): string { - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return Login::form('settings/2fa/app_specific'); } parent::content(); - $appSpecificPasswords = AppSpecificPassword::getListForUser(DI::userSession()->getLocalUserId()); + $appSpecificPasswords = AppSpecificPassword::getListForUser($this->session->getLocalUserId()); return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/app_specific.tpl'), [ '$form_security_token' => self::getFormSecurityToken('settings_2fa_app_specific'), diff --git a/src/Module/Settings/TwoFactor/Index.php b/src/Module/Settings/TwoFactor/Index.php index 8e51992d4..43c96f6f5 100644 --- a/src/Module/Settings/TwoFactor/Index.php +++ b/src/Module/Settings/TwoFactor/Index.php @@ -21,75 +21,95 @@ namespace Friendica\Module\Settings\TwoFactor; +use Friendica\App; +use Friendica\Core\L10n; +use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues; use Friendica\Core\Renderer; -use Friendica\DI; +use Friendica\Core\Session\Capability\IHandleUserSessions; +use Friendica\Module\Response; +use Friendica\Navigation\SystemMessages; use Friendica\Network\HTTPException\FoundException; use Friendica\Security\TwoFactor\Model\AppSpecificPassword; use Friendica\Security\TwoFactor\Model\RecoveryCode; use Friendica\Model\User; use Friendica\Module\BaseSettings; use Friendica\Module\Security\Login; +use Friendica\Util\Profiler; use PragmaRX\Google2FA\Google2FA; +use Psr\Log\LoggerInterface; class Index extends BaseSettings { + /** @var IManagePersonalConfigValues */ + protected $pConfig; + /** @var SystemMessages */ + protected $systemMessages; + + public function __construct(SystemMessages $systemMessages, IManagePersonalConfigValues $pConfig, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = []) + { + parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters); + + $this->pConfig = $pConfig; + $this->systemMessages = $systemMessages; + } + protected function post(array $request = []) { - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return; } self::checkFormSecurityTokenRedirectOnError('settings/2fa', 'settings_2fa'); try { - User::getIdFromPasswordAuthentication(DI::userSession()->getLocalUserId(), $_POST['password'] ?? ''); + User::getIdFromPasswordAuthentication($this->session->getLocalUserId(), $request['password'] ?? ''); - $has_secret = (bool)DI::pConfig()->get(DI::userSession()->getLocalUserId(), '2fa', 'secret'); - $verified = DI::pConfig()->get(DI::userSession()->getLocalUserId(), '2fa', 'verified'); + $has_secret = (bool)$this->pConfig->get($this->session->getLocalUserId(), '2fa', 'secret'); + $verified = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'verified'); - switch ($_POST['action'] ?? '') { + switch ($request['action'] ?? '') { case 'enable': if (!$has_secret && !$verified) { $Google2FA = new Google2FA(); - DI::pConfig()->set(DI::userSession()->getLocalUserId(), '2fa', 'secret', $Google2FA->generateSecretKey(32)); + $this->pConfig->set($this->session->getLocalUserId(), '2fa', 'secret', $Google2FA->generateSecretKey(32)); - DI::baseUrl() + $this->baseUrl ->redirect('settings/2fa/recovery?t=' . self::getFormSecurityToken('settings_2fa_password')); } break; case 'disable': if ($has_secret) { - RecoveryCode::deleteForUser(DI::userSession()->getLocalUserId()); - DI::pConfig()->delete(DI::userSession()->getLocalUserId(), '2fa', 'secret'); - DI::pConfig()->delete(DI::userSession()->getLocalUserId(), '2fa', 'verified'); - DI::session()->remove('2fa'); + RecoveryCode::deleteForUser($this->session->getLocalUserId()); + $this->pConfig->delete($this->session->getLocalUserId(), '2fa', 'secret'); + $this->pConfig->delete($this->session->getLocalUserId(), '2fa', 'verified'); + $this->session->remove('2fa'); - DI::sysmsg()->addInfo(DI::l10n()->t('Two-factor authentication successfully disabled.')); - DI::baseUrl()->redirect('settings/2fa'); + $this->systemMessages->addInfo($this->t('Two-factor authentication successfully disabled.')); + $this->baseUrl->redirect('settings/2fa'); } break; case 'recovery': if ($has_secret) { - DI::baseUrl() + $this->baseUrl ->redirect('settings/2fa/recovery?t=' . self::getFormSecurityToken('settings_2fa_password')); } break; case 'app_specific': if ($has_secret) { - DI::baseUrl() + $this->baseUrl ->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password')); } break; case 'trusted': if ($has_secret) { - DI::baseUrl() + $this->baseUrl ->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password')); } break; case 'configure': if (!$verified) { - DI::baseUrl() + $this->baseUrl ->redirect('settings/2fa/verify?t=' . self::getFormSecurityToken('settings_2fa_password')); } break; @@ -97,53 +117,53 @@ class Index extends BaseSettings } catch (FoundException $exception) { // Nothing to do here } catch (\Exception $e) { - DI::sysmsg()->addNotice(DI::l10n()->t($e->getMessage())); + $this->systemMessages->addNotice($this->t($e->getMessage())); } } protected function content(array $request = []): string { - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return Login::form('settings/2fa'); } parent::content(); - $has_secret = (bool) DI::pConfig()->get(DI::userSession()->getLocalUserId(), '2fa', 'secret'); - $verified = DI::pConfig()->get(DI::userSession()->getLocalUserId(), '2fa', 'verified'); + $has_secret = (bool) $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'secret'); + $verified = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'verified'); return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/index.tpl'), [ '$form_security_token' => self::getFormSecurityToken('settings_2fa'), - '$title' => DI::l10n()->t('Two-factor authentication'), - '$help_label' => DI::l10n()->t('Help'), - '$status_title' => DI::l10n()->t('Status'), - '$message' => DI::l10n()->t('

Use an application on a mobile device to get two-factor authentication codes when prompted on login.

'), + '$title' => $this->t('Two-factor authentication'), + '$help_label' => $this->t('Help'), + '$status_title' => $this->t('Status'), + '$message' => $this->t('

Use an application on a mobile device to get two-factor authentication codes when prompted on login.

'), '$has_secret' => $has_secret, '$verified' => $verified, - '$auth_app_label' => DI::l10n()->t('Authenticator app'), - '$app_status' => $has_secret ? $verified ? DI::l10n()->t('Configured') : DI::l10n()->t('Not Configured') : DI::l10n()->t('Disabled'), - '$not_configured_message' => DI::l10n()->t('

You haven\'t finished configuring your authenticator app.

'), - '$configured_message' => DI::l10n()->t('

Your authenticator app is correctly configured.

'), + '$auth_app_label' => $this->t('Authenticator app'), + '$app_status' => $has_secret ? $verified ? $this->t('Configured') : $this->t('Not Configured') : $this->t('Disabled'), + '$not_configured_message' => $this->t('

You haven\'t finished configuring your authenticator app.

'), + '$configured_message' => $this->t('

Your authenticator app is correctly configured.

'), - '$recovery_codes_title' => DI::l10n()->t('Recovery codes'), - '$recovery_codes_remaining' => DI::l10n()->t('Remaining valid codes'), - '$recovery_codes_count' => RecoveryCode::countValidForUser(DI::userSession()->getLocalUserId()), - '$recovery_codes_message' => DI::l10n()->t('

These one-use codes can replace an authenticator app code in case you have lost access to it.

'), + '$recovery_codes_title' => $this->t('Recovery codes'), + '$recovery_codes_remaining' => $this->t('Remaining valid codes'), + '$recovery_codes_count' => RecoveryCode::countValidForUser($this->session->getLocalUserId()), + '$recovery_codes_message' => $this->t('

These one-use codes can replace an authenticator app code in case you have lost access to it.

'), - '$app_specific_passwords_title' => DI::l10n()->t('App-specific passwords'), - '$app_specific_passwords_remaining' => DI::l10n()->t('Generated app-specific passwords'), - '$app_specific_passwords_count' => AppSpecificPassword::countForUser(DI::userSession()->getLocalUserId()), - '$app_specific_passwords_message' => DI::l10n()->t('

These randomly generated passwords allow you to authenticate on apps not supporting two-factor authentication.

'), + '$app_specific_passwords_title' => $this->t('App-specific passwords'), + '$app_specific_passwords_remaining' => $this->t('Generated app-specific passwords'), + '$app_specific_passwords_count' => AppSpecificPassword::countForUser($this->session->getLocalUserId()), + '$app_specific_passwords_message' => $this->t('

These randomly generated passwords allow you to authenticate on apps not supporting two-factor authentication.

'), - '$action_title' => DI::l10n()->t('Actions'), - '$password' => ['password', DI::l10n()->t('Current password:'), '', DI::l10n()->t('You need to provide your current password to change two-factor authentication settings.'), DI::l10n()->t('Required'), 'autofocus'], - '$enable_label' => DI::l10n()->t('Enable two-factor authentication'), - '$disable_label' => DI::l10n()->t('Disable two-factor authentication'), - '$recovery_codes_label' => DI::l10n()->t('Show recovery codes'), - '$app_specific_passwords_label' => DI::l10n()->t('Manage app-specific passwords'), - '$trusted_browsers_label' => DI::l10n()->t('Manage trusted browsers'), - '$configure_label' => DI::l10n()->t('Finish app configuration'), + '$action_title' => $this->t('Actions'), + '$password' => ['password', $this->t('Current password:'), '', $this->t('You need to provide your current password to change two-factor authentication settings.'), $this->t('Required'), 'autofocus'], + '$enable_label' => $this->t('Enable two-factor authentication'), + '$disable_label' => $this->t('Disable two-factor authentication'), + '$recovery_codes_label' => $this->t('Show recovery codes'), + '$app_specific_passwords_label' => $this->t('Manage app-specific passwords'), + '$trusted_browsers_label' => $this->t('Manage trusted browsers'), + '$configure_label' => $this->t('Finish app configuration'), ]); } } diff --git a/src/Module/Settings/TwoFactor/Recovery.php b/src/Module/Settings/TwoFactor/Recovery.php index cf577a82a..9c0191b6d 100644 --- a/src/Module/Settings/TwoFactor/Recovery.php +++ b/src/Module/Settings/TwoFactor/Recovery.php @@ -26,11 +26,11 @@ use Friendica\Core\L10n; use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues; use Friendica\Core\Renderer; use Friendica\Core\Session\Capability\IHandleUserSessions; -use Friendica\DI; -use Friendica\Module\Response; -use Friendica\Security\TwoFactor\Model\RecoveryCode; use Friendica\Module\BaseSettings; +use Friendica\Module\Response; use Friendica\Module\Security\Login; +use Friendica\Navigation\SystemMessages; +use Friendica\Security\TwoFactor\Model\RecoveryCode; use Friendica\Util\Profiler; use Psr\Log\LoggerInterface; @@ -43,32 +43,35 @@ class Recovery extends BaseSettings { /** @var IManagePersonalConfigValues */ protected $pConfig; + /** @var SystemMessages */ + protected $systemMessages; - public function __construct(IManagePersonalConfigValues $pConfig, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = []) + public function __construct(SystemMessages $systemMessages, IManagePersonalConfigValues $pConfig, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = []) { parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters); $this->pConfig = $pConfig; + $this->systemMessages = $systemMessages; - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return; } - $secret = $this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'secret'); + $secret = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'secret'); if (!$secret) { $this->baseUrl->redirect('settings/2fa'); } if (!self::checkFormSecurityToken('settings_2fa_password', 't')) { - DI::sysmsg()->addNotice($this->t('Please enter your password to access this page.')); + $this->systemMessages->addNotice($this->t('Please enter your password to access this page.')); $this->baseUrl->redirect('settings/2fa'); } } protected function post(array $request = []) { - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return; } @@ -76,8 +79,8 @@ class Recovery extends BaseSettings self::checkFormSecurityTokenRedirectOnError('settings/2fa/recovery', 'settings_2fa_recovery'); if ($_POST['action'] == 'regenerate') { - RecoveryCode::regenerateForUser(DI::userSession()->getLocalUserId()); - DI::sysmsg()->addInfo($this->t('New recovery codes successfully generated.')); + RecoveryCode::regenerateForUser($this->session->getLocalUserId()); + $this->systemMessages->addInfo($this->t('New recovery codes successfully generated.')); $this->baseUrl->redirect('settings/2fa/recovery?t=' . self::getFormSecurityToken('settings_2fa_password')); } } @@ -85,19 +88,19 @@ class Recovery extends BaseSettings protected function content(array $request = []): string { - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return Login::form('settings/2fa/recovery'); } parent::content(); - if (!RecoveryCode::countValidForUser(DI::userSession()->getLocalUserId())) { - RecoveryCode::generateForUser(DI::userSession()->getLocalUserId()); + if (!RecoveryCode::countValidForUser($this->session->getLocalUserId())) { + RecoveryCode::generateForUser($this->session->getLocalUserId()); } - $recoveryCodes = RecoveryCode::getListForUser(DI::userSession()->getLocalUserId()); + $recoveryCodes = RecoveryCode::getListForUser($this->session->getLocalUserId()); - $verified = $this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'verified'); + $verified = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'verified'); return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/recovery.tpl'), [ '$form_security_token' => self::getFormSecurityToken('settings_2fa_recovery'), diff --git a/src/Module/Settings/TwoFactor/Trusted.php b/src/Module/Settings/TwoFactor/Trusted.php index 7460785b1..1cd5e5598 100644 --- a/src/Module/Settings/TwoFactor/Trusted.php +++ b/src/Module/Settings/TwoFactor/Trusted.php @@ -26,9 +26,9 @@ use Friendica\Core\L10n; use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues; use Friendica\Core\Renderer; use Friendica\Core\Session\Capability\IHandleUserSessions; -use Friendica\DI; use Friendica\Module\BaseSettings; use Friendica\Module\Response; +use Friendica\Navigation\SystemMessages; use Friendica\Security\TwoFactor; use Friendica\Util\DateTimeFormat; use Friendica\Util\Profiler; @@ -45,53 +45,56 @@ class Trusted extends BaseSettings protected $pConfig; /** @var TwoFactor\Repository\TrustedBrowser */ protected $trustedBrowserRepo; + /** @var SystemMessages */ + protected $systemMessages; - public function __construct(IManagePersonalConfigValues $pConfig, TwoFactor\Repository\TrustedBrowser $trustedBrowserRepo, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = []) + public function __construct(SystemMessages $systemMessages, IManagePersonalConfigValues $pConfig, TwoFactor\Repository\TrustedBrowser $trustedBrowserRepo, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = []) { parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters); $this->pConfig = $pConfig; $this->trustedBrowserRepo = $trustedBrowserRepo; + $this->systemMessages = $systemMessages; - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return; } - $verified = $this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'verified'); + $verified = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'verified'); if (!$verified) { $this->baseUrl->redirect('settings/2fa'); } if (!self::checkFormSecurityToken('settings_2fa_password', 't')) { - DI::sysmsg()->addNotice($this->t('Please enter your password to access this page.')); + $this->systemMessages->addNotice($this->t('Please enter your password to access this page.')); $this->baseUrl->redirect('settings/2fa'); } } protected function post(array $request = []) { - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return; } - if (!empty($_POST['action'])) { + if (!empty($request['action'])) { self::checkFormSecurityTokenRedirectOnError('settings/2fa/trusted', 'settings_2fa_trusted'); - switch ($_POST['action']) { + switch ($request['action']) { case 'remove_all': - $this->trustedBrowserRepo->removeAllForUser(DI::userSession()->getLocalUserId()); - DI::sysmsg()->addInfo($this->t('Trusted browsers successfully removed.')); + $this->trustedBrowserRepo->removeAllForUser($this->session->getLocalUserId()); + $this->systemMessages->addInfo($this->t('Trusted browsers successfully removed.')); $this->baseUrl->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password')); break; } } - if (!empty($_POST['remove_id'])) { + if (!empty($request['remove_id'])) { self::checkFormSecurityTokenRedirectOnError('settings/2fa/trusted', 'settings_2fa_trusted'); - if ($this->trustedBrowserRepo->removeForUser(DI::userSession()->getLocalUserId(), $_POST['remove_id'])) { - DI::sysmsg()->addInfo($this->t('Trusted browser successfully removed.')); + if ($this->trustedBrowserRepo->removeForUser($this->session->getLocalUserId(), $request['remove_id'])) { + $this->systemMessages->addInfo($this->t('Trusted browser successfully removed.')); } $this->baseUrl->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password')); @@ -103,7 +106,7 @@ class Trusted extends BaseSettings { parent::content(); - $trustedBrowsers = $this->trustedBrowserRepo->selectAllByUid(DI::userSession()->getLocalUserId()); + $trustedBrowsers = $this->trustedBrowserRepo->selectAllByUid($this->session->getLocalUserId()); $parser = Parser::create(); diff --git a/src/Module/Settings/TwoFactor/Verify.php b/src/Module/Settings/TwoFactor/Verify.php index 7f7a7ba7d..ca05dbf5e 100644 --- a/src/Module/Settings/TwoFactor/Verify.php +++ b/src/Module/Settings/TwoFactor/Verify.php @@ -30,10 +30,10 @@ use Friendica\Core\L10n; use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues; use Friendica\Core\Renderer; use Friendica\Core\Session\Capability\IHandleUserSessions; -use Friendica\DI; use Friendica\Module\BaseSettings; use Friendica\Module\Response; use Friendica\Module\Security\Login; +use Friendica\Navigation\SystemMessages; use Friendica\Util\Profiler; use PragmaRX\Google2FA\Google2FA; use Psr\Log\LoggerInterface; @@ -47,67 +47,70 @@ class Verify extends BaseSettings { /** @var IManagePersonalConfigValues */ protected $pConfig; + /** @var SystemMessages */ + protected $systemMessages; - public function __construct(IManagePersonalConfigValues $pConfig, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = []) + public function __construct(SystemMessages $systemMessages, IManagePersonalConfigValues $pConfig, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = []) { parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters); - $this->pConfig = $pConfig; + $this->pConfig = $pConfig; + $this->systemMessages = $systemMessages; - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return; } - $secret = $this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'secret'); - $verified = $this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'verified'); + $secret = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'secret'); + $verified = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'verified'); if ($secret && $verified) { $this->baseUrl->redirect('settings/2fa'); } if (!self::checkFormSecurityToken('settings_2fa_password', 't')) { - DI::sysmsg()->addNotice($this->t('Please enter your password to access this page.')); + $this->systemMessages->addNotice($this->t('Please enter your password to access this page.')); $this->baseUrl->redirect('settings/2fa'); } } protected function post(array $request = []) { - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return; } - if (($_POST['action'] ?? '') == 'verify') { + if (($request['action'] ?? '') == 'verify') { self::checkFormSecurityTokenRedirectOnError('settings/2fa/verify', 'settings_2fa_verify'); $google2fa = new Google2FA(); - $valid = $google2fa->verifyKey($this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'secret'), $_POST['verify_code'] ?? ''); + $valid = $google2fa->verifyKey($this->pConfig->get($this->session->getLocalUserId(), '2fa', 'secret'), $request['verify_code'] ?? ''); if ($valid) { - $this->pConfig->set(DI::userSession()->getLocalUserId(), '2fa', 'verified', true); - DI::session()->set('2fa', true); + $this->pConfig->set($this->session->getLocalUserId(), '2fa', 'verified', true); + $this->session->set('2fa', true); - DI::sysmsg()->addInfo($this->t('Two-factor authentication successfully activated.')); + $this->systemMessages->addInfo($this->t('Two-factor authentication successfully activated.')); $this->baseUrl->redirect('settings/2fa'); } else { - DI::sysmsg()->addNotice($this->t('Invalid code, please retry.')); + $this->systemMessages->addNotice($this->t('Invalid code, please retry.')); } } } protected function content(array $request = []): string { - if (!DI::userSession()->getLocalUserId()) { + if (!$this->session->getLocalUserId()) { return Login::form('settings/2fa/verify'); } parent::content(); $company = 'Friendica'; - $holder = DI::session()->get('my_address'); - $secret = $this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'secret'); + $holder = $this->session->get('my_address'); + $secret = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'secret'); $otpauthUrl = (new Google2FA())->getQRCodeUrl($company, $holder, $secret); From 7ebf4d51cac1b0d6fe2417c414e449b39ee925a4 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Tue, 24 Oct 2023 20:26:34 -0400 Subject: [PATCH 2/2] Fix redirections in two-factor authentication settings index page - FoundException are used to redirect users --- src/Module/Settings/TwoFactor/Index.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Module/Settings/TwoFactor/Index.php b/src/Module/Settings/TwoFactor/Index.php index 43c96f6f5..29acacc60 100644 --- a/src/Module/Settings/TwoFactor/Index.php +++ b/src/Module/Settings/TwoFactor/Index.php @@ -115,7 +115,8 @@ class Index extends BaseSettings break; } } catch (FoundException $exception) { - // Nothing to do here + // Redirection, passing along + throw $exception; } catch (\Exception $e) { $this->systemMessages->addNotice($this->t($e->getMessage())); }