Rewrite of the authentication and authorization system

1 files changed, 87 insertions, 38 deletions

diff --git a/app/Core/Http/Request.php b/app/Core/Http/Request.php
index 9f89a6e2..c626f5b2 100644
--- a/app/Core/Http/Request.php
+++ b/app/Core/Http/Request.php
@@ -2,6 +2,7 @@
 
 namespace Kanboard\Core\Http;
 
+use Pimple\Container;
 use Kanboard\Core\Base;
 
 /**
@@ -13,7 +14,35 @@ use Kanboard\Core\Base;
 class Request extends Base
 {
     /**
-     * Get URL string parameter
+     * Pointer to PHP environment variables
+     *
+     * @access private
+     * @var array
+     */
+    private $server;
+    private $get;
+    private $post;
+    private $files;
+    private $cookies;
+
+    /**
+     * Constructor
+     *
+     * @access public
+     * @param  \Pimple\Container   $container
+     */
+    public function __construct(Container $container, array $server = array(), array $get = array(), array $post = array(), array $files = array(), array $cookies = array())
+    {
+        parent::__construct($container);
+        $this->server = empty($server) ? $_SERVER : $server;
+        $this->get = empty($get) ? $_GET : $get;
+        $this->post = empty($post) ? $_POST : $post;
+        $this->files = empty($files) ? $_FILES : $files;
+        $this->cookies = empty($cookies) ? $_COOKIE : $cookies;
+    }
+
+    /**
+     * Get query string string parameter
      *
      * @access public
      * @param  string   $name            Parameter name
@@ -22,11 +51,11 @@ class Request extends Base
      */
     public function getStringParam($name, $default_value = '')
     {
-        return isset($_GET[$name]) ? $_GET[$name] : $default_value;
+        return isset($this->get[$name]) ? $this->get[$name] : $default_value;
     }
 
     /**
-     * Get URL integer parameter
+     * Get query string integer parameter
      *
      * @access public
      * @param  string   $name            Parameter name
@@ -35,7 +64,7 @@ class Request extends Base
      */
     public function getIntegerParam($name, $default_value = 0)
     {
-        return isset($_GET[$name]) && ctype_digit($_GET[$name]) ? (int) $_GET[$name] : $default_value;
+        return isset($this->get[$name]) && ctype_digit($this->get[$name]) ? (int) $this->get[$name] : $default_value;
     }
 
     /**
@@ -59,9 +88,9 @@ class Request extends Base
      */
     public function getValues()
     {
-        if (! empty($_POST) && ! empty($_POST['csrf_token']) && $this->token->validateCSRFToken($_POST['csrf_token'])) {
-            unset($_POST['csrf_token']);
-            return $_POST;
+        if (! empty($this->post) && ! empty($this->post['csrf_token']) && $this->token->validateCSRFToken($this->post['csrf_token'])) {
+            unset($this->post['csrf_token']);
+            return $this->post;
         }
 
         return array();
@@ -98,8 +127,8 @@ class Request extends Base
      */
     public function getFileContent($name)
     {
-        if (isset($_FILES[$name])) {
-            return file_get_contents($_FILES[$name]['tmp_name']);
+        if (isset($this->files[$name]['tmp_name'])) {
+            return file_get_contents($this->files[$name]['tmp_name']);
         }
 
         return '';
@@ -114,7 +143,7 @@ class Request extends Base
      */
     public function getFilePath($name)
     {
-        return isset($_FILES[$name]['tmp_name']) ? $_FILES[$name]['tmp_name'] : '';
+        return isset($this->files[$name]['tmp_name']) ? $this->files[$name]['tmp_name'] : '';
     }
 
     /**
@@ -125,7 +154,7 @@ class Request extends Base
      */
     public function isPost()
     {
-        return isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST';
+        return isset($this->server['REQUEST_METHOD']) && $this->server['REQUEST_METHOD'] === 'POST';
     }
 
     /**
@@ -144,13 +173,24 @@ class Request extends Base
      *
      * Note: IIS return the value 'off' and other web servers an empty value when it's not HTTPS
      *
-     * @static
      * @access public
      * @return boolean
      */
-    public static function isHTTPS()
+    public function isHTTPS()
+    {
+        return isset($this->server['HTTPS']) && $this->server['HTTPS'] !== '' && $this->server['HTTPS'] !== 'off';
+    }
+
+    /**
+     * Get cookie value
+     *
+     * @access public
+     * @param  string $name
+     * @return string
+     */
+    public function getCookie($name)
     {
-        return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== '' && $_SERVER['HTTPS'] !== 'off';
+        return isset($this->cookies[$name]) ? $this->cookies[$name] : '';
     }
 
     /**
@@ -163,7 +203,18 @@ class Request extends Base
     public function getHeader($name)
     {
         $name = 'HTTP_'.str_replace('-', '_', strtoupper($name));
-        return isset($_SERVER[$name]) ? $_SERVER[$name] : '';
+        return isset($this->server[$name]) ? $this->server[$name] : '';
+    }
+
+    /**
+     * Get remote user
+     *
+     * @access public
+     * @return string
+     */
+    public function getRemoteUser()
+    {
+        return isset($this->server[REVERSE_PROXY_USER_HEADER]) ? $this->server[REVERSE_PROXY_USER_HEADER] : '';
     }
 
     /**
@@ -174,41 +225,38 @@ class Request extends Base
      */
     public function getQueryString()
     {
-        return isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
+        return isset($this->server['QUERY_STRING']) ? $this->server['QUERY_STRING'] : '';
     }
 
     /**
-     * Returns uri
+     * Return URI
      *
      * @access public
      * @return string
      */
     public function getUri()
     {
-        return isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
+        return isset($this->server['REQUEST_URI']) ? $this->server['REQUEST_URI'] : '';
     }
 
     /**
      * Get the user agent
      *
-     * @static
      * @access public
      * @return string
      */
-    public static function getUserAgent()
+    public function getUserAgent()
     {
-        return empty($_SERVER['HTTP_USER_AGENT']) ? t('Unknown') : $_SERVER['HTTP_USER_AGENT'];
+        return empty($this->server['HTTP_USER_AGENT']) ? t('Unknown') : $this->server['HTTP_USER_AGENT'];
     }
 
     /**
-     * Get the real IP address of the user
+     * Get the IP address of the user
      *
-     * @static
      * @access public
-     * @param  bool    $only_public   Return only public IP address
      * @return string
      */
-    public static function getIpAddress($only_public = false)
+    public function getIpAddress()
     {
         $keys = array(
             'HTTP_CLIENT_IP',
@@ -221,23 +269,24 @@ class Request extends Base
         );
 
         foreach ($keys as $key) {
-            if (isset($_SERVER[$key])) {
-                foreach (explode(',', $_SERVER[$key]) as $ip_address) {
-                    $ip_address = trim($ip_address);
-
-                    if ($only_public) {
-
-                        // Return only public IP address
-                        if (filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
-                            return $ip_address;
-                        }
-                    } else {
-                        return $ip_address;
-                    }
+            if (! empty($this->server[$key])) {
+                foreach (explode(',', $this->server[$key]) as $ipAddress) {
+                    return trim($ipAddress);
                 }
             }
         }
 
         return t('Unknown');
     }
+
+    /**
+     * Get start time
+     *
+     * @access public
+     * @return float
+     */
+    public function getStartTime()
+    {
+        return isset($this->server['REQUEST_TIME_FLOAT']) ? $this->server['REQUEST_TIME_FLOAT'] : 0;
+    }
 }