Merge pull request #1 from fguillot/master

Update from upstream
author: Gerardo Zamudio <gerardozamudio@users.noreply.github.com> 2016-02-24 23:48:50 -0600
committer: Gerardo Zamudio <gerardozamudio@users.noreply.github.com> 2016-02-24 23:48:50 -0600
commit: e4de6b3898b64b26d29aff31f21df5fda8055686 (patch)
tree: 575f8a65440f291d70a070d168eafca8c82a6459 /app/Core/Session
parent: d9ffbea174ea6524d0a22f8375ca8b3aa04a3c96 (diff)
parent: a6540bc604c837d92c9368540c145606723e97f7 (diff)
3 files changed, 270 insertions, 0 deletions
diff --git a/app/Core/Session/FlashMessage.php b/app/Core/Session/FlashMessage.php
new file mode 100644
index 00000000..e02d056d
--- /dev/null
+++ b/app/Core/Session/FlashMessage.php
@@ -0,0 +1,71 @@
+<?php
+
+namespace Kanboard\Core\Session;
+
+use Kanboard\Core\Base;
+
+/**
+ * Session Flash Message
+ *
+ * @package  session
+ * @author   Frederic Guillot
+ */
+class FlashMessage extends Base
+{
+    /**
+     * Add success message
+     *
+     * @access public
+     * @param  string  $message
+     */
+    public function success($message)
+    {
+        $this->setMessage('success', $message);
+    }
+
+    /**
+     * Add failure message
+     *
+     * @access public
+     * @param  string  $message
+     */
+    public function failure($message)
+    {
+        $this->setMessage('failure', $message);
+    }
+
+    /**
+     * Add new flash message
+     *
+     * @access public
+     * @param  string  $key
+     * @param  string  $message
+     */
+    public function setMessage($key, $message)
+    {
+        if (! isset($this->sessionStorage->flash)) {
+            $this->sessionStorage->flash = array();
+        }
+
+        $this->sessionStorage->flash[$key] = $message;
+    }
+
+    /**
+     * Get flash message
+     *
+     * @access public
+     * @param  string  $key
+     * @return string
+     */
+    public function getMessage($key)
+    {
+        $message = '';
+
+        if (isset($this->sessionStorage->flash[$key])) {
+            $message = $this->sessionStorage->flash[$key];
+            unset($this->sessionStorage->flash[$key]);
+        }
+
+        return $message;
+    }
+}
diff --git a/app/Core/Session/SessionManager.php b/app/Core/Session/SessionManager.php
new file mode 100644
index 00000000..4f9f2c0a
--- /dev/null
+++ b/app/Core/Session/SessionManager.php
@@ -0,0 +1,110 @@
+<?php
+
+namespace Kanboard\Core\Session;
+
+use Kanboard\Core\Base;
+
+/**
+ * Session Manager
+ *
+ * @package  session
+ * @author   Frederic Guillot
+ */
+class SessionManager extends Base
+{
+    /**
+     * Event names
+     *
+     * @var string
+     */
+    const EVENT_DESTROY = 'session.destroy';
+
+    /**
+     * Return true if the session is open
+     *
+     * @static
+     * @access public
+     * @return boolean
+     */
+    public static function isOpen()
+    {
+        return session_id() !== '';
+    }
+
+    /**
+     * Create a new session
+     *
+     * @access public
+     */
+    public function open()
+    {
+        $this->configure();
+
+        if (ini_get('session.auto_start') == 1) {
+            session_destroy();
+        }
+
+        session_name('KB_SID');
+        session_start();
+
+        $this->sessionStorage->setStorage($_SESSION);
+    }
+
+    /**
+     * Destroy the session
+     *
+     * @access public
+     */
+    public function close()
+    {
+        $this->dispatcher->dispatch(self::EVENT_DESTROY);
+
+        // Destroy the session cookie
+        $params = session_get_cookie_params();
+
+        setcookie(
+            session_name(),
+            '',
+            time() - 42000,
+            $params['path'],
+            $params['domain'],
+            $params['secure'],
+            $params['httponly']
+        );
+
+        session_unset();
+        session_destroy();
+    }
+
+    /**
+     * Define session settings
+     *
+     * @access private
+     */
+    private function configure()
+    {
+        // Session cookie: HttpOnly and secure flags
+        session_set_cookie_params(
+            SESSION_DURATION,
+            $this->helper->url->dir() ?: '/',
+            null,
+            $this->request->isHTTPS(),
+            true
+        );
+
+        // Avoid session id in the URL
+        ini_set('session.use_only_cookies', '1');
+        ini_set('session.use_trans_sid', '0');
+
+        // Enable strict mode
+        ini_set('session.use_strict_mode', '1');
+
+        // Better session hash
+        ini_set('session.hash_function', '1'); // 'sha512' is not compatible with FreeBSD, only MD5 '0' and SHA-1 '1' seems to work
+        ini_set('session.hash_bits_per_character', 6);
+
+        // Set an additional entropy
+        ini_set('session.entropy_file', '/dev/urandom');
+        ini_set('session.entropy_length', '256');
+    }
+}
diff --git a/app/Core/Session/SessionStorage.php b/app/Core/Session/SessionStorage.php
new file mode 100644
index 00000000..667d9253
--- /dev/null
+++ b/app/Core/Session/SessionStorage.php
@@ -0,0 +1,89 @@
+<?php
+
+namespace Kanboard\Core\Session;
+
+/**
+ * Session Storage
+ *
+ * @package  session
+ * @author   Frederic Guillot
+ *
+ * @property array  $user
+ * @property array  $flash
+ * @property array  $csrf
+ * @property array  $postAuthenticationValidated
+ * @property array  $filters
+ * @property string $redirectAfterLogin
+ * @property string $captcha
+ * @property string $commentSorting
+ * @property bool   $hasSubtaskInProgress
+ * @property bool   $hasRememberMe
+ * @property bool   $boardCollapsed
+ * @property bool   $twoFactorBeforeCodeCalled
+ * @property string $twoFactorSecret
+ */
+class SessionStorage
+{
+    /**
+     * Pointer to external storage
+     *
+     * @access private
+     * @var array
+     */
+    private $storage = array();
+
+    /**
+     * Set external storage
+     *
+     * @access public
+     * @param  array  $storage  External session storage (example: $_SESSION)
+     */
+    public function setStorage(array &$storage)
+    {
+        $this->storage =& $storage;
+
+        // Load dynamically existing session variables into object properties
+        foreach ($storage as $key => $value) {
+            $this->$key = $value;
+        }
+    }
+
+    /**
+     * Get all session variables
+     *
+     * @access public
+     * @return array
+     */
+    public function getAll()
+    {
+        $session = get_object_vars($this);
+        unset($session['storage']);
+
+        return $session;
+    }
+
+    /**
+     * Flush session data
+     *
+     * @access public
+     */
+    public function flush()
+    {
+        $session = get_object_vars($this);
+        unset($session['storage']);
+
+        foreach (array_keys($session) as $property) {
+            unset($this->$property);
+        }
+    }
+
+    /**
+     * Copy class properties to external storage
+     *
+     * @access public
+     */
+    public function __destruct()
+    {
+        $this->storage = $this->getAll();
+    }
+}
author	Gerardo Zamudio <gerardozamudio@users.noreply.github.com>	2016-02-24 23:48:50 -0600
committer	Gerardo Zamudio <gerardozamudio@users.noreply.github.com>	2016-02-24 23:48:50 -0600
commit	e4de6b3898b64b26d29aff31f21df5fda8055686 (patch)
tree	575f8a65440f291d70a070d168eafca8c82a6459 /app/Core/Session
parent	d9ffbea174ea6524d0a22f8375ca8b3aa04a3c96 (diff)
parent	a6540bc604c837d92c9368540c145606723e97f7 (diff)