Merge pull request #8350 from nupplaphil/bug/8342_not_link

Add Login form in case of notification links
This commit is contained in:
Hypolite Petovan 2020-03-02 09:31:54 -05:00 committed by GitHub
commit e008811514
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 22 deletions

View file

@ -25,7 +25,6 @@
use Friendica\App; use Friendica\App;
use Friendica\Content\ContactSelector; use Friendica\Content\ContactSelector;
use Friendica\Content\Feature;
use Friendica\Content\Text\BBCode; use Friendica\Content\Text\BBCode;
use Friendica\Content\Text\HTML; use Friendica\Content\Text\HTML;
use Friendica\Core\Hook; use Friendica\Core\Hook;
@ -42,7 +41,6 @@ use Friendica\Model\Item;
use Friendica\Model\Mail; use Friendica\Model\Mail;
use Friendica\Model\Notify; use Friendica\Model\Notify;
use Friendica\Model\Photo; use Friendica\Model\Photo;
use Friendica\Model\Profile;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Model\UserItem; use Friendica\Model\UserItem;
use Friendica\Network\FKOAuth1; use Friendica\Network\FKOAuth1;
@ -5920,7 +5918,7 @@ function api_friendica_notification_seen($type)
$id = (!empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0); $id = (!empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0);
try { try {
$notify = DI::notify()->getByID($id); $notify = DI::notify()->getByID($id, api_user());
DI::notify()->setSeen(true, $notify); DI::notify()->setSeen(true, $notify);
if ($notify->otype === Notify\ObjectType::ITEM) { if ($notify->otype === Notify\ObjectType::ITEM) {

View file

@ -24,6 +24,7 @@ namespace Friendica\Module\Notifications;
use Friendica\BaseModule; use Friendica\BaseModule;
use Friendica\Core\System; use Friendica\Core\System;
use Friendica\DI; use Friendica\DI;
use Friendica\Module\Security\Login;
use Friendica\Network\HTTPException; use Friendica\Network\HTTPException;
/** /**
@ -31,15 +32,21 @@ use Friendica\Network\HTTPException;
*/ */
class Notification extends BaseModule class Notification extends BaseModule
{ {
public static function init(array $parameters = []) /**
* {@inheritDoc}
*
* @throws HTTPException\InternalServerErrorException
* @throws HTTPException\NotFoundException
* @throws HTTPException\UnauthorizedException
* @throws \ImagickException
* @throws \Exception
*/
public static function post(array $parameters = [])
{ {
if (!local_user()) { if (!local_user()) {
throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.')); throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
} }
}
public static function post(array $parameters = [])
{
$request_id = $parameters['id'] ?? false; $request_id = $parameters['id'] ?? false;
if ($request_id) { if ($request_id) {
@ -58,9 +65,17 @@ class Notification extends BaseModule
} }
} }
/**
* {@inheritDoc}
*
* @throws HTTPException\UnauthorizedException
*/
public static function rawContent(array $parameters = []) public static function rawContent(array $parameters = [])
{ {
// @TODO: Replace with parameter from router if (!local_user()) {
throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
}
if (DI::args()->get(1) === 'mark' && DI::args()->get(2) === 'all') { if (DI::args()->get(1) === 'mark' && DI::args()->get(2) === 'all') {
try { try {
$success = DI::notify()->setSeen(); $success = DI::notify()->setSeen();
@ -74,31 +89,36 @@ class Notification extends BaseModule
} }
/** /**
* {@inheritDoc}
*
* Redirect to the notifications main page or to the url for the chosen notifications * Redirect to the notifications main page or to the url for the chosen notifications
* *
* @return string|void * @throws HTTPException\NotFoundException In case the notification is either not existing or is not for this user
* @throws HTTPException\InternalServerErrorException * @throws HTTPException\InternalServerErrorException
* @throws \Exception
*/ */
public static function content(array $parameters = []) public static function content(array $parameters = [])
{ {
if (!local_user()) {
notice(DI::l10n()->t('You must be logged in to show this page.'));
return Login::form();
}
$request_id = $parameters['id'] ?? false; $request_id = $parameters['id'] ?? false;
if ($request_id) { if ($request_id) {
try { $notify = DI::notify()->getByID($request_id, local_user());
$notify = DI::notify()->getByID($request_id);
DI::notify()->setSeen(true, $notify); DI::notify()->setSeen(true, $notify);
if (!empty($notify->link)) { if (!empty($notify->link)) {
System::externalRedirect($notify->link); System::externalRedirect($notify->link);
} }
} catch (HTTPException\NotFoundException $e) {
info(DI::l10n()->t('Invalid notification.'));
}
DI::baseUrl()->redirect(); DI::baseUrl()->redirect();
} }
DI::baseUrl()->redirect('notifications/system'); DI::baseUrl()->redirect('notifications/system');
throw new HTTPException\InternalServerErrorException('Invalid situation.');
} }
} }

View file

@ -23,9 +23,9 @@ namespace Friendica\Repository;
use Exception; use Exception;
use Friendica\BaseRepository; use Friendica\BaseRepository;
use Friendica\Collection;
use Friendica\Core\Hook; use Friendica\Core\Hook;
use Friendica\Model; use Friendica\Model;
use Friendica\Collection;
use Friendica\Network\HTTPException\InternalServerErrorException; use Friendica\Network\HTTPException\InternalServerErrorException;
use Friendica\Network\HTTPException\NotFoundException; use Friendica\Network\HTTPException\NotFoundException;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
@ -61,14 +61,17 @@ class Notify extends BaseRepository
} }
/** /**
* {@inheritDoc} * Return one notify instance based on ID / UID
*
* @param int $id The ID of the notify instance
* @param int $uid The user ID, bound to this notify instance (= security check)
* *
* @return Model\Notify * @return Model\Notify
* @throws NotFoundException * @throws NotFoundException
*/ */
public function getByID(int $id) public function getByID(int $id, int $uid)
{ {
return $this->selectFirst(['id' => $id, 'uid' => local_user()]); return $this->selectFirst(['id' => $id, 'uid' => $uid]);
} }
/** /**