Improve session handler and add Ajax session check

author: Frédéric Guillot <fred@kanboard.net> 2014-11-29 17:18:23 -0500
committer: Frédéric Guillot <fred@kanboard.net> 2014-11-29 17:18:23 -0500
commit: e72327d4b1fd92675372a118052f1c9847f882dc (patch)
tree: 8147a3ae0c6304769b8da747626467f032d1f171 /app/Controller
parent: 7d36747de634f7101bdaeed38e634adbc5f11b02 (diff)
3 files changed, 20 insertions, 5 deletions
diff --git a/app/Controller/App.php b/app/Controller/App.php
index 9ac9d012..c88fd928 100644
--- a/app/Controller/App.php
+++ b/app/Controller/App.php
@@ -15,6 +15,16 @@ use Helper;
 class App extends Base
 {
     /**
+     * Check if the user is connected
+     *
+     * @access public
+     */
+    public function status()
+    {
+        $this->response->text('OK');
+    }
+
+    /**
      * Dashboard for the current user
      *
      * @access public
diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index c1753c97..92a3d068 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -140,7 +140,7 @@ abstract class Base
     public function beforeAction($controller, $action)
     {
         // Start the session
-        $this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH);
+        $this->session->open(BASE_URL_DIRECTORY);
 
         // HTTP secure headers
         $this->response->csp(array('style-src' => "'self' 'unsafe-inline'"));
@@ -161,6 +161,11 @@ abstract class Base
 
         // Authentication
         if (! $this->authentication->isAuthenticated($controller, $action)) {
+
+            if ($this->request->isAjax()) {
+                $this->response->text('Not Authorized', 401);
+            }
+
             $this->response->redirect('?controller=user&action=login&redirect_query='.urlencode($this->request->getQueryString()));
         }
 
diff --git a/app/Controller/Board.php b/app/Controller/Board.php
index f04e847f..7d498f81 100644
--- a/app/Controller/Board.php
+++ b/app/Controller/Board.php
@@ -342,7 +342,7 @@ class Board extends Base
         if ($project_id > 0 && $this->request->isAjax()) {
 
             if (! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
-                $this->response->status(401);
+                $this->response->text('Forbidden', 403);
             }
 
             $values = $this->request->getJson();
@@ -366,7 +366,7 @@ class Board extends Base
             }
         }
         else {
-            $this->response->status(401);
+            $this->response->status(403);
         }
     }
 
@@ -383,7 +383,7 @@ class Board extends Base
             $timestamp = $this->request->getIntegerParam('timestamp');
 
             if ($project_id > 0 && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
-                $this->response->text('Not Authorized', 401);
+                $this->response->text('Forbidden', 403);
             }
 
             if ($this->project->isModifiedSince($project_id, $timestamp)) {
@@ -402,7 +402,7 @@ class Board extends Base
             }
         }
         else {
-            $this->response->status(401);
+            $this->response->status(403);
         }
     }
author	Frédéric Guillot <fred@kanboard.net>	2014-11-29 17:18:23 -0500
committer	Frédéric Guillot <fred@kanboard.net>	2014-11-29 17:18:23 -0500
commit	e72327d4b1fd92675372a118052f1c9847f882dc (patch)
tree	8147a3ae0c6304769b8da747626467f032d1f171 /app/Controller
parent	7d36747de634f7101bdaeed38e634adbc5f11b02 (diff)