CoreLibs/development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Switch session ACL Login user load check to cuuid

Browse Source 
Update tests too for using edit user cuuid instead of the primary key
This commit is contained in:
Clemens Schwaighofer
2024-12-06 20:11:28 +09:00
parent a84ab86e31
commit fe50a988a0
3 changed files with 86 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
4dev/tests/ACL/CoreLibsACLLoginTest.php
View File

@@ -265,7 +265,7 @@ final class CoreLibsACLLoginTest extends TestCase
'ajax_post_action' => 'login', 'ajax_post_action' => 'login',
], ],
], ],
'load, session euid set only, php error' => [ 'load, session ecuuid set only, php error' => [
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
], ],
@@ -273,8 +273,8 @@ final class CoreLibsACLLoginTest extends TestCase
[], [],
[ [
'EUID' => 1, 'EUID' => 1,
'ECUID' => 'abc', 'EUCUID' => 'abc',
'ECUUID' => '1233456-1234-1234-1234-123456789012', 'EUCUUID' => '1233456-1234-1234-1234-123456789012',
], ],
2, 2,
[], [],
@@ -293,8 +293,8 @@ final class CoreLibsACLLoginTest extends TestCase
[], [],
[ [
'EUID' => 1, 'EUID' => 1,
'ECUID' => 'abc', 'EUCUID' => 'abc',
'ECUUID' => '1233456-1234-1234-1234-123456789012', 'EUCUUID' => 'SET_EUCUUID_IN_TEST',
'USER_NAME' => '', 'USER_NAME' => '',
'GROUP_NAME' => '', 'GROUP_NAME' => '',
'ADMIN' => 1, 'ADMIN' => 1,
@@ -1176,6 +1176,11 @@ final class CoreLibsACLLoginTest extends TestCase
$_POST[$post_var] = $post_value; $_POST[$post_var] = $post_value;
} }
// set ingoing session cuuid if requested
if (isset($session['EUCUUID']) && $session['EUCUUID'] == 'SET_EUCUUID_IN_TEST') {
$session['EUCUUID'] = self::$edit_user_cuuid;
}
// set _SESSION data // set _SESSION data
foreach ($session as $session_var => $session_value) { foreach ($session as $session_var => $session_value) {
$_SESSION[$session_var] = $session_value; $_SESSION[$session_var] = $session_value;
@@ -1435,8 +1440,18 @@ final class CoreLibsACLLoginTest extends TestCase
// run test // run test
try { try {
// preset, we cannot set that in the provider // preset, we cannot set that in the provider
$expected['check_access_cuid'] = self::$edit_access_cuid; if (
$mock_settings['edit_access_cuid'] = self::$edit_access_cuid; isset($expected['check_access_cuid']) &&
$expected['check_access_cuid'] == 'SET_EDIT_ACCESS_CUID_IN_TEST'
) {
$expected['check_access_cuid'] = self::$edit_access_cuid;
}
if (
isset($mock_settings['edit_access_cuid']) &&
$mock_settings['edit_access_cuid'] == 'SET_EDIT_ACCESS_CUID_IN_TEST'
) {
$mock_settings['edit_access_cuid'] = self::$edit_access_cuid;
}
// if ajax call // if ajax call
// check if parameter, or globals (old type) // check if parameter, or globals (old type)
// else normal call // else normal call

4
www/admin/class_test.login.php
View File

@@ -99,8 +99,8 @@ echo "ACL: " . Support::printAr($login->loginGetAcl()) . "<br>";
echo "ACL (MIN): " . Support::printAr($login->loginGetAcl()['min'] ?? []) . "<br>"; echo "ACL (MIN): " . Support::printAr($login->loginGetAcl()['min'] ?? []) . "<br>";
echo "LOCALE: " . Support::printAr($login->loginGetLocale()) . "<br>"; echo "LOCALE: " . Support::printAr($login->loginGetLocale()) . "<br>";
echo "ECUID: " . $login->loginGetEcuid() . "<br>"; echo "ECUID: " . $login->loginGetEuCuid() . "<br>";
echo "ECUUID: " . $login->loginGetEcuuid() . "<br>"; echo "ECUUID: " . $login->loginGetEuCuuid() . "<br>";
echo "<hr>"; echo "<hr>";
// set + check edit access id // set + check edit access id

114
www/lib/CoreLibs/ACL/Login.php
View File

@@ -75,18 +75,18 @@ use CoreLibs\Convert\Json;
class Login class Login
{ {
/** @var ?int the user id var*/ /** @var ?int the user id var*/
private ?int $euid; private ?int $edit_user_id;
/** @var ?string the user cuid (note will be super seeded with uuid v4 later) */ /** @var ?string the user cuid (note will be super seeded with uuid v4 later) */
private ?string $ecuid; private ?string $edit_user_cuid;
/** @var ?string UUIDv4, will superseed the ecuid and replace euid as login id */ /** @var ?string UUIDv4, will superseed the ecuid and replace euid as login id */
private ?string $ecuuid; private ?string $edit_user_cuuid;
/** @var string _GET/_POST loginUserId parameter for non password login */ /** @var string _GET/_POST loginUserId parameter for non password login */
private string $login_user_id = ''; private string $login_user_id = '';
/** @var string source, either _GET or _POST or empty */ /** @var string source, either _GET or _POST or empty */
private string $login_user_id_source = ''; private string $login_user_id_source = '';
/** @var bool set to true if illegal characters where found in the login user id string */ /** @var bool set to true if illegal characters where found in the login user id string */
private bool $login_user_id_unclear = false; private bool $login_user_id_unclear = false;
// is set to one if login okay, or EUID is set and user is okay to access this page // is set to one if login okay, or EUCUUID is set and user is okay to access this page
/** @var bool */ /** @var bool */
private bool $permission_okay = false; private bool $permission_okay = false;
/** @var string pressed login */ /** @var string pressed login */
@@ -262,7 +262,7 @@ class Login
], ],
// actually obsolete // actually obsolete
'100' => [ '100' => [
'msg' => '[EUID] came in as GET/POST!', 'msg' => '[EUCUUID] came in as GET/POST!',
'flag' => 'e', 'flag' => 'e',
], ],
// query errors // query errors
@@ -769,7 +769,7 @@ class Login
private function loginLoginUser(): void private function loginLoginUser(): void
{ {
// if pressed login at least and is not yet loggined in // if pressed login at least and is not yet loggined in
if ($this->euid || (!$this->login && !$this->login_user_id)) { if ($this->edit_user_cuuid || (!$this->login && !$this->login_user_id)) {
return; return;
} }
// if not username AND password where given // if not username AND password where given
@@ -939,13 +939,13 @@ class Login
} }
// normal user processing // normal user processing
// set class var and session var // set class var and session var
$this->euid = (int)$res['edit_user_id']; $this->edit_user_id = (int)$res['edit_user_id'];
$this->ecuid = (string)$res['cuid']; $this->edit_user_cuid = (string)$res['cuid'];
$this->ecuuid = (string)$res['cuuid']; $this->edit_user_cuuid = (string)$res['cuuid'];
$this->session->setMany([ $this->session->setMany([
'EUID' => $this->euid, 'EUID' => $this->edit_user_id, // DEPRECATED
'ECUID' => $this->ecuid, 'EUCUID' => $this->edit_user_cuid,
'ECUUID' => $this->ecuuid, 'EUCUUID' => $this->edit_user_cuuid,
]); ]);
// check if user is okay // check if user is okay
$this->loginCheckPermissions(); $this->loginCheckPermissions();
@@ -962,7 +962,7 @@ class Login
SET login_user_id_last_revalidate = NOW() SET login_user_id_last_revalidate = NOW()
WHERE edit_user_id = $1 WHERE edit_user_id = $1
SQL; SQL;
$this->db->dbExecParams($q, [$this->euid]); $this->db->dbExecParams($q, [$this->edit_user_id]);
} }
$locale = $res['locale'] ?? 'en'; $locale = $res['locale'] ?? 'en';
$encoding = $res['encoding'] ?? 'UTF-8'; $encoding = $res['encoding'] ?? 'UTF-8';
@@ -1014,7 +1014,7 @@ class Login
login_error_date_first = NULL login_error_date_first = NULL
WHERE edit_user_id = $1 WHERE edit_user_id = $1
SQL; SQL;
$this->db->dbExecParams($q, [$this->euid]); $this->db->dbExecParams($q, [$this->edit_user_id]);
} }
$edit_page_ids = []; $edit_page_ids = [];
$pages = []; $pages = [];
@@ -1022,7 +1022,7 @@ class Login
// set pages access // set pages access
$q = <<<SQL $q = <<<SQL
SELECT SELECT
ep.edit_page_id, ep.cuid, epca.cuid AS content_alias_uid, ep.edit_page_id, ep.cuid, ep.cuuid, epca.cuid AS content_alias_uid,
ep.hostname, ep.filename, ep.name AS edit_page_name, ep.hostname, ep.filename, ep.name AS edit_page_name,
ep.order_number AS edit_page_order, ep.menu, ep.order_number AS edit_page_order, ep.menu,
ep.popup, ep.popup_x, ep.popup_y, ep.online, ear.level, ear.type ep.popup, ep.popup_x, ep.popup_y, ep.online, ear.level, ear.type
@@ -1044,6 +1044,7 @@ class Login
$pages[$res['cuid']] = [ $pages[$res['cuid']] = [
'edit_page_id' => $res['edit_page_id'], 'edit_page_id' => $res['edit_page_id'],
'cuid' => $res['cuid'], 'cuid' => $res['cuid'],
'cuuid' => $res['cuuid'],
// for reference of content data on a differen page // for reference of content data on a differen page
'content_alias_uid' => $res['content_alias_uid'], 'content_alias_uid' => $res['content_alias_uid'],
'hostname' => $res['hostname'], 'hostname' => $res['hostname'],
@@ -1096,7 +1097,7 @@ class Login
// get the page content and add them to the page // get the page content and add them to the page
$q = <<<SQL $q = <<<SQL
SELECT SELECT
epc.edit_page_id, epc.name, epc.uid, epc.order_number, epc.edit_page_id, epc.name, epc.uid, epc.cuid, epc.cuuid, epc.order_number,
epc.online, ear.level, ear.type epc.online, ear.level, ear.type
FROM edit_page_content epc, edit_access_right ear FROM edit_page_content epc, edit_access_right ear
WHERE WHERE
@@ -1108,6 +1109,8 @@ class Login
$pages[$edit_page_ids[$res['edit_page_id']]]['content'][$res['uid']] = [ $pages[$edit_page_ids[$res['edit_page_id']]]['content'][$res['uid']] = [
'name' => $res['name'], 'name' => $res['name'],
'uid' => $res['uid'], 'uid' => $res['uid'],
'cuid' => $res['cuid'],
'cuuid' => $res['cuuid'],
'online' => $res['online'], 'online' => $res['online'],
'order' => $res['order_number'], 'order' => $res['order_number'],
// access name and level // access name and level
@@ -1123,7 +1126,7 @@ class Login
// load the edit_access user rights // load the edit_access user rights
$q = <<<SQL $q = <<<SQL
SELECT SELECT
ea.edit_access_id, ea.cuid, level, type, ea.name, ea.edit_access_id, ea.cuid, ea.cuuid, level, type, ea.name,
ea.color, ea.uid, edit_default, ea.additional_acl ea.color, ea.uid, edit_default, ea.additional_acl
FROM edit_access_user eau, edit_access_right ear, edit_access ea FROM edit_access_user eau, edit_access_right ear, edit_access ea
WHERE WHERE
@@ -1140,7 +1143,7 @@ class Login
$eacuid = []; $eacuid = [];
$unit_acl = []; $unit_acl = [];
$unit_uid_lookup = []; $unit_uid_lookup = [];
while (is_array($res = $this->db->dbReturnParams($q, [$this->euid]))) { while (is_array($res = $this->db->dbReturnParams($q, [$this->edit_user_id]))) {
// read edit access data fields and drop them into the unit access array // read edit access data fields and drop them into the unit access array
$q_sub = <<<SQL $q_sub = <<<SQL
SELECT name, value SELECT name, value
@@ -1154,6 +1157,7 @@ class Login
// build master unit array // build master unit array
$unit_access_cuid[$res['cuid']] = [ $unit_access_cuid[$res['cuid']] = [
'id' => (int)$res['edit_access_id'], // DEPRECATED 'id' => (int)$res['edit_access_id'], // DEPRECATED
'cuuid' => $res['cuuid'],
'acl_level' => $res['level'], 'acl_level' => $res['level'],
'acl_type' => $res['type'], 'acl_type' => $res['type'],
'name' => $res['name'], 'name' => $res['name'],
@@ -1262,8 +1266,8 @@ class Login
$this->acl['user_name'] = $_SESSION['USER_NAME']; $this->acl['user_name'] = $_SESSION['USER_NAME'];
$this->acl['group_name'] = $_SESSION['GROUP_NAME']; $this->acl['group_name'] = $_SESSION['GROUP_NAME'];
// edit user cuid // edit user cuid
$this->acl['ecuid'] = $_SESSION['ECUID']; $this->acl['eucuid'] = $_SESSION['EUCUID'];
$this->acl['ecuuid'] = $_SESSION['ECUUID']; $this->acl['eucuuid'] = $_SESSION['EUCUUID'];
// set additional acl // set additional acl
$this->acl['additional_acl'] = [ $this->acl['additional_acl'] = [
'user' => $_SESSION['USER_ADDITIONAL_ACL'], 'user' => $_SESSION['USER_ADDITIONAL_ACL'],
@@ -1701,15 +1705,15 @@ class Login
$event = 'No Permission'; $event = 'No Permission';
} }
// prepare for log // prepare for log
if ($this->euid) { if ($this->edit_user_cuuid) {
// get user from user table // get user from user table
$q = <<<SQL $q = <<<SQL
SELECT username SELECT username
FROM edit_user FROM edit_user
WHERE edit_user_id = $1 WHERE cuuid = $1
SQL; SQL;
$username = ''; $username = '';
if (is_array($res = $this->db->dbReturnRowParams($q, [$this->euid]))) { if (is_array($res = $this->db->dbReturnRowParams($q, [$this->edit_user_cuuid]))) {
$username = $res['username']; $username = $res['username'];
} }
} // if euid is set, get username (or try) } // if euid is set, get username (or try)
@@ -2023,10 +2027,10 @@ HTML;
empty($username) ? $this->session->get('USER_NAME') ?? '' : $username, empty($username) ? $this->session->get('USER_NAME') ?? '' : $username,
is_numeric($this->session->get('EUID')) ? is_numeric($this->session->get('EUID')) ?
$this->session->get('EUID') : null, $this->session->get('EUID') : null,
is_string($this->session->get('ECUID')) ? is_string($this->session->get('EUCUID')) ?
$this->session->get('ECUID') : null, $this->session->get('EUCUID') : null,
!empty($this->session->get('ECUUID')) && Uids::validateUuuidv4($this->session->get('ECUUID')) ? !empty($this->session->get('EUCUUID')) && Uids::validateUuuidv4($this->session->get('EUCUUID')) ?
$this->session->get('ECUUID') : null, $this->session->get('EUCUUID') : null,
(string)$event, (string)$event,
(string)$error, (string)$error,
$data_write, $data_write,
@@ -2153,10 +2157,8 @@ HTML;
} }
} }
// if there is none, there is none, saves me POST/GET check // if there is none, there is none, saves me POST/GET check
$this->euid = (int)($this->session->get('EUID') ?? 0); // $this->euid = (int)($this->session->get('EUID') ?? 0);
// TODO: allow load from cuid $this->edit_user_cuuid = (string)($this->session->get('EUCUUID') ?? '');
// $this->ecuid = (string)($this->session->get('ECUID') ?? '');
// $this->ecuuid = (string)($this->session->get('ECUUID') ?? '');
// get login vars, are so, can't be changed // get login vars, are so, can't be changed
// prepare // prepare
// pass on vars to Object vars // pass on vars to Object vars
@@ -2337,7 +2339,7 @@ HTML;
return $this->session->get('PAGES'); return $this->session->get('PAGES');
} }
// MARK: logged in uid(pk)/cuid/eccuid // MARK: logged in uid(pk)/cuid/ecuuid
/** /**
* Get the current set EUID (edit user id) * Get the current set EUID (edit user id)
@@ -2346,27 +2348,33 @@ HTML;
*/ */
public function loginGetEuid(): string public function loginGetEuid(): string
{ {
return (string)$this->euid; return (string)$this->edit_user_id;
} }
/** /**
* Get the current set ECUID (edit user cuid) * Get the current set EUCUID (edit user cuid)
* *
* @return string ECUID as string * @return string EUCUID as string
*/ */
public function loginGetEcuid(): string public function loginGetEuCuid(): string
{ {
return (string)$this->ecuid; return (string)$this->edit_user_cuid;
} }
/** /**
* Get the current set ECUUID (edit user cuuid) * Get the current set EUCUUID (edit user cuuid)
* *
* @return string ECUUID as string * @return string EUCUUID as string
* @deprecated Wrong name, use ->loginGetEuCuuid
*/ */
public function loginGetEcuuid(): string public function loginGetEcuuid(): string
{ {
return (string)$this->ecuuid; return (string)$this->edit_user_cuuid;
}
public function loginGetEuCuuid(): string
{
return (string)$this->edit_user_cuuid;
} }
// MARK: get error messages // MARK: get error messages
@@ -2515,9 +2523,9 @@ HTML;
// unset session vars set/used in this login // unset session vars set/used in this login
$this->session->sessionDestroy(); $this->session->sessionDestroy();
// unset euid // unset euid
$this->euid = null; $this->edit_user_id = null;
$this->ecuid = null; $this->edit_user_cuid = null;
$this->ecuuid = null; $this->edit_user_cuuid = null;
// then prints the login screen again // then prints the login screen again
$this->permission_okay = false; $this->permission_okay = false;
} }
@@ -2534,7 +2542,7 @@ HTML;
// start with not allowed // start with not allowed
$this->permission_okay = false; $this->permission_okay = false;
// bail for no euid (no login) // bail for no euid (no login)
if (empty($this->euid)) { if (empty($this->edit_user_cuuid)) {
return $this->permission_okay; return $this->permission_okay;
} }
// euid must match ecuid and ecuuid // euid must match ecuid and ecuuid
@@ -2544,7 +2552,7 @@ HTML;
} }
$q = <<<SQL $q = <<<SQL
SELECT SELECT
ep.filename, eu.cuid, eu.cuuid, ep.filename, eu.edit_user_id, eu.cuid, eu.cuuid,
-- base lock flags -- base lock flags
eu.deleted, eu.enabled, eu.locked, eu.deleted, eu.enabled, eu.locked,
-- date based lock -- date based lock
@@ -2585,10 +2593,10 @@ HTML;
AND eg.edit_group_id = epa.edit_group_id AND eg.edit_group_id = epa.edit_group_id
AND eg.edit_group_id = eu.edit_group_id AND eg.edit_group_id = eu.edit_group_id
AND eg.enabled = 1 AND epa.enabled = 1 AND eg.enabled = 1 AND epa.enabled = 1
AND eu.edit_user_id = $1 AND eu.cuuid = $1
AND ep.filename = $2 AND ep.filename = $2
SQL; SQL;
$res = $this->db->dbReturnRowParams($q, [$this->euid, $this->page_name]); $res = $this->db->dbReturnRowParams($q, [$this->edit_user_cuuid, $this->page_name]);
if (!is_array($res)) { if (!is_array($res)) {
$this->login_error = 109; $this->login_error = 109;
return $this->permission_okay; return $this->permission_okay;
@@ -2622,12 +2630,14 @@ HTML;
} else { } else {
$this->login_error = 103; $this->login_error = 103;
} }
// set ECUID // set all the internal vars
$this->ecuid = (string)$res['cuid']; $this->edit_user_id = (int)$res['edit_user_id'];
$this->ecuuid = (string)$res['cuuid']; $this->edit_user_cuid = (string)$res['cuid'];
$this->edit_user_cuuid = (string)$res['cuuid'];
$this->session->setMany([ $this->session->setMany([
'ECUID' => $this->ecuid, 'EUID' => $this->edit_user_id, // DEPRECATED
'ECUUID' => $this->ecuuid, 'EUCUID' => $this->edit_user_cuid,
'EUCUUID' => $this->edit_user_cuuid,
]); ]);
// if called from public, so we can check if the permissions are ok // if called from public, so we can check if the permissions are ok
return $this->permission_okay; return $this->permission_okay;