Session handling bugfix, profile frontend WIP
This commit is contained in:
@@ -76,6 +76,10 @@ namespace Core\API\Permission {
|
||||
$currentUser = $this->context->getUser();
|
||||
$userGroups = $currentUser ? $currentUser->getGroups() : [];
|
||||
if (empty($userGroups) || empty(array_intersect($groups, array_keys($userGroups)))) {
|
||||
if (!$currentUser) {
|
||||
$this->result["loggedIn"] = false;
|
||||
}
|
||||
|
||||
http_response_code(401);
|
||||
return $this->createError("Permission denied.");
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ use Core\Objects\DatabaseEntity\TwoFactorToken;
|
||||
use Core\Objects\TwoFactor\KeyBasedTwoFactorToken;
|
||||
use PhpMqtt\Client\MqttClient;
|
||||
|
||||
// TODO: many things are only checked for external calls, e.g. loginRequired. If we call the API internally, we might get null-pointers for $context->user
|
||||
abstract class Request {
|
||||
|
||||
protected Context $context;
|
||||
@@ -228,6 +229,7 @@ abstract class Request {
|
||||
if ($this->loginRequired) {
|
||||
if (!$session && !$apiKeyAuthorized) {
|
||||
$this->lastError = 'You are not logged in.';
|
||||
$this->result["loggedIn"] = false;
|
||||
http_response_code(401);
|
||||
return false;
|
||||
} else if ($session && !$this->check2FA()) {
|
||||
@@ -253,6 +255,9 @@ abstract class Request {
|
||||
$this->success = $req->execute(["method" => self::getEndpoint()]);
|
||||
$this->lastError = $req->getLastError();
|
||||
if (!$this->success) {
|
||||
if (!$this->context->getUser()) {
|
||||
$this->result["loggedIn"] = false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1231,6 +1231,10 @@ namespace Core\API\User {
|
||||
}
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public static function getDefaultACL(Insert $insert): void {
|
||||
$insert->addRow(self::getEndpoint(), [], "Allows users to update their profiles.", true);
|
||||
}
|
||||
}
|
||||
|
||||
class ImportGPG extends UserAPI {
|
||||
|
||||
@@ -53,7 +53,7 @@ class Context {
|
||||
}
|
||||
}
|
||||
|
||||
public function setLanguage(Language $language) {
|
||||
public function setLanguage(Language $language): void {
|
||||
$this->language = $language;
|
||||
$this->language->activate();
|
||||
|
||||
@@ -90,7 +90,7 @@ class Context {
|
||||
return $this->user;
|
||||
}
|
||||
|
||||
public function sendCookies() {
|
||||
public function sendCookies(): void {
|
||||
$domain = $this->getSettings()->getDomain();
|
||||
$this->language->sendCookie($domain);
|
||||
$this->session?->sendCookie($domain);
|
||||
@@ -139,7 +139,7 @@ class Context {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function processVisit() {
|
||||
public function processVisit(): void {
|
||||
if (isset($_COOKIE["PHPSESSID"]) && !empty($_COOKIE["PHPSESSID"])) {
|
||||
if ($this->isBot()) {
|
||||
return;
|
||||
@@ -206,7 +206,7 @@ class Context {
|
||||
->set("active", false)
|
||||
->whereEq("user_id", $this->user->getId());
|
||||
|
||||
if (!$keepCurrent && $this->session !== null) {
|
||||
if ($keepCurrent && $this->session !== null) {
|
||||
$query->whereNeq("id", $this->session->getId());
|
||||
}
|
||||
|
||||
|
||||
@@ -76,7 +76,7 @@ class Router {
|
||||
}
|
||||
}
|
||||
|
||||
public function addRoute(Route $route) {
|
||||
public function addRoute(Route $route): void {
|
||||
if (preg_match("/^\/(\d+)$/", $route->getPattern(), $re)) {
|
||||
$this->statusCodeRoutes[$re[1]] = $route;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user