tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
icingaweb2/library/Icinga/Session/PhpSession.php

163 lines
4.5 KiB
PHP
Raw Normal View History

Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
<?php
Added License header, removed deprecated or empty files refs #4265
2013-06-10 17:03:01 +02:00
// {{{ICINGA_LICENSE_HEADER}}}
License writer Update license headers refs #4262
2013-06-28 16:47:30 +02:00
/**
Rename Icinga 2 Web to Icinga Web 2
2013-10-23 15:10:33 +02:00
* This file is part of Icinga Web 2.
CS: Remove whitespaces at end of line find application/ library/ test/ modules/ -name *.php | xargs sed -i 's/\s\+$//'
2013-09-04 18:27:16 +02:00
*
Rename Icinga 2 Web to Icinga Web 2
2013-10-23 15:10:33 +02:00
* Icinga Web 2 - Head for multiple monitoring backends.
Remove session handling from the authentication manager refs #5510
2014-01-23 12:09:48 +01:00
* Copyright (C) 2014 Icinga Development Team
CS: Remove whitespaces at end of line find application/ library/ test/ modules/ -name *.php | xargs sed -i 's/\s\+$//'
2013-09-04 18:27:16 +02:00
*
License writer Update license headers refs #4262
2013-06-28 16:47:30 +02:00
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
CS: Remove whitespaces at end of line find application/ library/ test/ modules/ -name *.php | xargs sed -i 's/\s\+$//'
2013-09-04 18:27:16 +02:00
*
License writer Update license headers refs #4262
2013-06-28 16:47:30 +02:00
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
CS: Remove whitespaces at end of line find application/ library/ test/ modules/ -name *.php | xargs sed -i 's/\s\+$//'
2013-09-04 18:27:16 +02:00
*
License writer Update license headers refs #4262
2013-06-28 16:47:30 +02:00
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
CS: Remove whitespaces at end of line find application/ library/ test/ modules/ -name *.php | xargs sed -i 's/\s\+$//'
2013-09-04 18:27:16 +02:00
*
Remove session handling from the authentication manager refs #5510
2014-01-23 12:09:48 +01:00
* @copyright 2014 Icinga Development Team <info@icinga.org>
Rename Icinga 2 Web to Icinga Web 2
2013-10-23 15:10:33 +02:00
* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL, version 2
* @author Icinga Development Team <info@icinga.org>
*
License writer Update license headers refs #4262
2013-06-28 16:47:30 +02:00
*/
Added License header, removed deprecated or empty files refs #4265
2013-06-10 17:03:01 +02:00
// {{{ICINGA_LICENSE_HEADER}}}
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
Remove session handling from the authentication manager refs #5510
2014-01-23 12:09:48 +01:00
namespace Icinga\Session;
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
use Icinga\Application\Logger;
use \Icinga\Exception\ConfigurationError;
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
Add PhpSession with tests PhpSession handles file based sessions as supported by PHP refs #4265 refs #4250
2013-06-10 14:21:17 +02:00
/**
CS: Fix session classes refs #4641
2013-08-30 10:35:41 +02:00
* Session implementation in PHP
Refactor Authentication Code Fix PSR, fix testing refs #4265
2013-06-11 13:53:42 +02:00
*/
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
class PhpSession extends Session
{
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
/**
* Name of the session
*
* @var string
*/
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
private $sessionName = 'Icingaweb2';
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
/**
* Configuration for cookie options
*
* @var array
*/
private static $defaultCookieOptions = array(
'use_trans_sid' => false,
'use_cookies' => true,
'cookie_httponly' => true,
'use_only_cookies' => true,
'hash_function' => true,
'hash_bits_per_character' => 5,
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
);
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
Add PHP Documentation to Authentication Documented all currently existing classes underneath the Authentication package refs #4350
2013-06-27 15:18:24 +02:00
/**
CS: Fix session classes refs #4641
2013-08-30 10:35:41 +02:00
* Create a new PHPSession object using the provided options (if any)
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
*
Remove session handling from the authentication manager refs #5510
2014-01-23 12:09:48 +01:00
* @param array $options An optional array of ini options to set
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
*
* @throws ConfigurationError
* @see http://php.net/manual/en/session.configuration.php
*/
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
public function __construct(array $options = null)
{
if ($options !== null) {
Remove session handling from the authentication manager refs #5510
2014-01-23 12:09:48 +01:00
$options = array_merge(self::$defaultCookieOptions, $options);
Add PhpSession with tests PhpSession handles file based sessions as supported by PHP refs #4265 refs #4250
2013-06-10 14:21:17 +02:00
} else {
Remove session handling from the authentication manager refs #5510
2014-01-23 12:09:48 +01:00
$options = self::$defaultCookieOptions;
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
}
Remove session handling from the authentication manager refs #5510
2014-01-23 12:09:48 +01:00
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
if (array_key_exists('test_session_name', $options)) {
$this->sessionName = $options['test_session_name'];
unset($options['test_session_name']);
}
Remove session handling from the authentication manager refs #5510
2014-01-23 12:09:48 +01:00
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
foreach ($options as $sessionVar => $value) {
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
if (ini_set("session." . $sessionVar, $value) === false) {
Update and test Auth/Manager implementation - remove Storable inheritance from User and make it a plain DAO - remove Authorization methods from User refs #4265 refs #4250
2013-06-10 13:28:54 +02:00
Logger::warn(
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
'Could not set php.ini setting %s = %s. This might affect your sessions behaviour.',
Update and test Auth/Manager implementation - remove Storable inheritance from User and make it a plain DAO - remove Authorization methods from User refs #4265 refs #4250
2013-06-10 13:28:54 +02:00
$sessionVar,
$value
);
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
}
}
Remove session handling from the authentication manager refs #5510
2014-01-23 12:09:48 +01:00
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340
2013-06-24 18:46:45 +02:00
if (!is_writable(session_save_path())) {
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
throw new ConfigurationError('Can\'t save session');
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340
2013-06-24 18:46:45 +02:00
}
Remove session handling from the authentication manager refs #5510
2014-01-23 12:09:48 +01:00
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
$this->read();
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
}
Add PHP Documentation to Authentication Documented all currently existing classes underneath the Authentication package refs #4350
2013-06-27 15:18:24 +02:00
/**
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
* Open a PHP session
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
*/
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
private function open()
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
{
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
session_name($this->sessionName);
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340
2013-06-24 18:46:45 +02:00
session_start();
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
}
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
Add PHP Documentation to Authentication Documented all currently existing classes underneath the Authentication package refs #4350
2013-06-27 15:18:24 +02:00
/**
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
* Read all values written to the underling session and make them accessible.
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
*/
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
public function read()
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
{
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
$this->open();
$this->setAll($_SESSION);
session_write_close();
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
}
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
Add PHP Documentation to Authentication Documented all currently existing classes underneath the Authentication package refs #4350
2013-06-27 15:18:24 +02:00
/**
CS: Fix session classes refs #4641
2013-08-30 10:35:41 +02:00
* Write all values of this session object to the underlying session implementation
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
*/
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
public function write()
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
{
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
$this->open();
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
foreach ($this->getAll() as $key => $value) {
$_SESSION[$key] = $value;
}
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
session_write_close();
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
}
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
Add PHP Documentation to Authentication Documented all currently existing classes underneath the Authentication package refs #4350
2013-06-27 15:18:24 +02:00
/**
CS: Fix session classes refs #4641
2013-08-30 10:35:41 +02:00
* Delete the current session, causing all session information to be lost
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
*/
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
public function purge()
{
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
$this->open();
$_SESSION = array();
Remove session handling from the authentication manager refs #5510
2014-01-23 12:09:48 +01:00
$this->clear();
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101
2013-11-20 12:01:40 +01:00
session_destroy();
$this->clearCookies();
session_write_close();
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
}
Add PhpSession with tests PhpSession handles file based sessions as supported by PHP refs #4265 refs #4250
2013-06-10 14:21:17 +02:00
Add PHP Documentation to Authentication Documented all currently existing classes underneath the Authentication package refs #4350
2013-06-27 15:18:24 +02:00
/**
CS: Fix session classes refs #4641
2013-08-30 10:35:41 +02:00
* Remove session cookies
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
*/
Add PhpSession with tests PhpSession handles file based sessions as supported by PHP refs #4265 refs #4250
2013-06-10 14:21:17 +02:00
private function clearCookies()
{
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
if (ini_get('session.use_cookies')) {
Logger::debug('Clear session cookie');
Add PhpSession with tests PhpSession handles file based sessions as supported by PHP refs #4265 refs #4250
2013-06-10 14:21:17 +02:00
$params = session_get_cookie_params();
setcookie(
session_name(),
'',
time() - 42000,
AuthManager: Implement backend chain refs #4641 refs #4590 refs #4593
2013-08-28 10:16:18 +02:00
$params['path'],
$params['domain'],
$params['secure'],
$params['httponly']
Add PhpSession with tests PhpSession handles file based sessions as supported by PHP refs #4265 refs #4250
2013-06-10 14:21:17 +02:00
);
}
}
Add basic, untested skeleton for Session and PHPSession As we decided to remove Zend_Session due to locking issues, we have to implement our session handling here. This is the basic, untested code which will be tested in the next step refs #4265
2013-06-07 17:28:06 +02:00
}