From 205846e41a0fbd446d92a0c3e21df54a91d99db5 Mon Sep 17 00:00:00 2001 From: Marcin Haba Date: Wed, 30 Dec 2015 00:03:51 +0100 Subject: [PATCH] baculum: Prevent opening new sessions for each request --- gui/baculum/protected/Class/API.php | 1 + gui/baculum/protected/Class/BaculumAPI.php | 2 +- gui/baculum/protected/Class/BaculumUser.php | 6 +++- .../protected/Class/BaculumUsersManager.php | 34 +++++++++++++++---- 4 files changed, 34 insertions(+), 9 deletions(-) diff --git a/gui/baculum/protected/Class/API.php b/gui/baculum/protected/Class/API.php index 9d109fbb4d..b04df45407 100644 --- a/gui/baculum/protected/Class/API.php +++ b/gui/baculum/protected/Class/API.php @@ -39,6 +39,7 @@ class API extends TModule { curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_COOKIE, 'PHPSESSID=' . md5(session_id())); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt($ch, CURLOPT_USERPWD, $this->appCfg['baculum']['login'] . ':' . $this->appCfg['baculum']['password']); return $ch; diff --git a/gui/baculum/protected/Class/BaculumAPI.php b/gui/baculum/protected/Class/BaculumAPI.php index 50d4526cfd..0ed249aede 100644 --- a/gui/baculum/protected/Class/BaculumAPI.php +++ b/gui/baculum/protected/Class/BaculumAPI.php @@ -53,7 +53,7 @@ abstract class BaculumAPI extends TPage $user = isset($_SERVER['HTTP_X_BACULUM_USER']) ? $_SERVER['HTTP_X_BACULUM_USER']: null; $pwd = isset($_SERVER['HTTP_X_BACULUM_PWD']) ? $_SERVER['HTTP_X_BACULUM_PWD']: null; if(!is_null($user) && !is_null($pwd)) { - $logged = $this->Application->getModule('auth')->login($user, $pwd); + $logged = $this->Application->getModule('users')->loginUser($user, $pwd); if ($logged === true) { $this->user = ($this->User->getIsAdmin() === false) ? $user : null; } else { diff --git a/gui/baculum/protected/Class/BaculumUser.php b/gui/baculum/protected/Class/BaculumUser.php index 4cf3a8eaa9..d5116e5b05 100644 --- a/gui/baculum/protected/Class/BaculumUser.php +++ b/gui/baculum/protected/Class/BaculumUser.php @@ -22,7 +22,7 @@ Prado::using('System.Security.TUser'); -class BaculumUser extends TUser { +class BaculumUser extends TUser implements IUser { private $_id; private $_pwd; @@ -46,5 +46,9 @@ class BaculumUser extends TUser { public function getIsAdmin() { return $this->isInRole('admin'); } + + public function getIsUser() { + return $this->isInRole('user'); + } } ?> diff --git a/gui/baculum/protected/Class/BaculumUsersManager.php b/gui/baculum/protected/Class/BaculumUsersManager.php index f47e0b57e5..cb7a08862d 100644 --- a/gui/baculum/protected/Class/BaculumUsersManager.php +++ b/gui/baculum/protected/Class/BaculumUsersManager.php @@ -50,11 +50,11 @@ class BaculumUsersManager extends TModule implements IUserManager { public function getUser($username = null) { $user = new BaculumUser($this); + $user->setIsGuest(false); $id = sha1(time()); $user->setID($id); $user->setName($username); - $user->setIsGuest(false); - if ($username != null) { + if (!is_null($username)) { $user->setPwd($this->users[$username]); } if(is_null($this->config) || $this->config['baculum']['login'] === $username) { @@ -66,16 +66,36 @@ class BaculumUsersManager extends TModule implements IUserManager { } public function getUserFromCookie($cookie) { - return; + $data = $cookie->Value; + if (!empty($data)) { + $data = $this->Application->SecurityManager->validateData($data); + if ($data != false) { + $data = unserialize($data); + if (is_array($data) && count($data) === 3) { + list($username, $address, $token) = $data; + return $this->getUser($username); + } + } + } } public function saveUserToCookie($cookie) { - return; + $address = $this->Application->Request->UserHostAddress; + $username = $this->User->getName(); + $token = $this->User->getID(); + $data = array($username, $address, $token); + $data = serialize($data); + $data = $this->Application->SecurityManager->hashData($data); + $cookie->setValue($data); } - public function loginUser() { - $enc_pwd = $this->Application->getModule('configuration')->getCryptedPassword($_SERVER['PHP_AUTH_PW']); - $logged = $this->Application->getModule('auth')->login($_SERVER['PHP_AUTH_USER'], $enc_pwd); + public function loginUser($user = null, $pwd = null) { + if (is_null($user) && is_null($pwd)) { + $user = $_SERVER['PHP_AUTH_USER']; + $pwd = $this->Application->getModule('configuration')->getCryptedPassword($_SERVER['PHP_AUTH_PW']); + } + $logged = $this->Application->getModule('auth')->login($user, $pwd, 86400); + return $logged; } } ?> -- 2.39.5