diff options
58 files changed, 405 insertions, 382 deletions
diff --git a/app/Api/Middleware/AuthenticationMiddleware.php b/app/Api/Middleware/AuthenticationMiddleware.php index d2910589..22a3558b 100644 --- a/app/Api/Middleware/AuthenticationMiddleware.php +++ b/app/Api/Middleware/AuthenticationMiddleware.php @@ -28,7 +28,7 @@ class AuthenticationMiddleware extends Base implements MiddlewareInterface public function execute($username, $password, $procedureName) { $this->dispatcher->dispatch('app.bootstrap'); - $this->sessionStorage->scope = 'API'; + session_set('scope', 'API'); if ($this->isUserAuthenticated($username, $password)) { $this->userSession->initialize($this->userCacheDecorator->getByUsername($username)); diff --git a/app/Api/Procedure/MeProcedure.php b/app/Api/Procedure/MeProcedure.php index 5a64cdb3..3ccba0e1 100644 --- a/app/Api/Procedure/MeProcedure.php +++ b/app/Api/Procedure/MeProcedure.php @@ -12,7 +12,7 @@ class MeProcedure extends BaseProcedure { public function getMe() { - return $this->sessionStorage->user; + return session_get('user'); } public function getMyDashboard() diff --git a/app/Auth/ApiAccessTokenAuth.php b/app/Auth/ApiAccessTokenAuth.php index 12ab21a7..88e16866 100644 --- a/app/Auth/ApiAccessTokenAuth.php +++ b/app/Auth/ApiAccessTokenAuth.php @@ -58,8 +58,7 @@ class ApiAccessTokenAuth extends Base implements PasswordAuthenticationProviderI */ public function authenticate() { - if (! isset($this->sessionStorage->scope) || $this->sessionStorage->scope !== 'API') { - $this->logger->debug(__METHOD__.': Authentication provider skipped because invalid scope'); + if (session_get('scope') !== 'API') { return false; } diff --git a/app/Controller/AuthController.php b/app/Controller/AuthController.php index d1fba92c..06bcd913 100644 --- a/app/Controller/AuthController.php +++ b/app/Controller/AuthController.php @@ -40,7 +40,7 @@ class AuthController extends BaseController public function check() { $values = $this->request->getValues(); - $this->sessionStorage->hasRememberMe = ! empty($values['remember_me']); + session_set('hasRememberMe', ! empty($values['remember_me'])); list($valid, $errors) = $this->authValidator->validateForm($values); if ($valid) { @@ -72,9 +72,9 @@ class AuthController extends BaseController */ private function redirectAfterLogin() { - if (isset($this->sessionStorage->redirectAfterLogin) && ! empty($this->sessionStorage->redirectAfterLogin) && ! filter_var($this->sessionStorage->redirectAfterLogin, FILTER_VALIDATE_URL)) { - $redirect = $this->sessionStorage->redirectAfterLogin; - unset($this->sessionStorage->redirectAfterLogin); + if (session_exists('redirectAfterLogin') && ! filter_var(session_get('redirectAfterLogin'), FILTER_VALIDATE_URL)) { + $redirect = session_get('redirectAfterLogin'); + session_remove('redirectAfterLogin'); $this->response->redirect($redirect); } else { $this->response->redirect($this->helper->url->to('DashboardController', 'show')); diff --git a/app/Controller/CaptchaController.php b/app/Controller/CaptchaController.php index 43b2f823..5b4ea61b 100644 --- a/app/Controller/CaptchaController.php +++ b/app/Controller/CaptchaController.php @@ -23,7 +23,7 @@ class CaptchaController extends BaseController $builder = new CaptchaBuilder; $builder->build(); - $this->sessionStorage->captcha = $builder->getPhrase(); + session_set('captcha', $builder->getPhrase()); $builder->output(); } } diff --git a/app/Controller/TaskListController.php b/app/Controller/TaskListController.php index f2f2f6e5..f2482f22 100644 --- a/app/Controller/TaskListController.php +++ b/app/Controller/TaskListController.php @@ -24,9 +24,9 @@ class TaskListController extends BaseController $search = $this->helper->projectHeader->getSearchQuery($project); if ($this->request->getIntegerParam('show_subtasks')) { - $this->sessionStorage->subtaskListToggle = true; + session_set('subtaskListToggle', true); } elseif ($this->request->getIntegerParam('hide_subtasks')) { - $this->sessionStorage->subtaskListToggle = false; + session_set('subtaskListToggle', false); } if ($this->userSession->hasSubtaskListActivated()) { diff --git a/app/Controller/TwoFactorController.php b/app/Controller/TwoFactorController.php index 80f89fbd..5f60e946 100644 --- a/app/Controller/TwoFactorController.php +++ b/app/Controller/TwoFactorController.php @@ -36,7 +36,7 @@ class TwoFactorController extends UserViewController { $user = $this->getUser(); $this->checkCurrentUser($user); - unset($this->sessionStorage->twoFactorSecret); + session_remove('twoFactorSecret'); $this->response->html($this->helper->layout->user('twofactor/index', array( 'user' => $user, @@ -57,17 +57,17 @@ class TwoFactorController extends UserViewController $label = $user['email'] ?: $user['username']; $provider = $this->authenticationManager->getPostAuthenticationProvider(); - if (! isset($this->sessionStorage->twoFactorSecret)) { + if (! session_exists('twoFactorSecret')) { $provider->generateSecret(); $provider->beforeCode(); - $this->sessionStorage->twoFactorSecret = $provider->getSecret(); + session_set('twoFactorSecret', $provider->getSecret()); } else { - $provider->setSecret($this->sessionStorage->twoFactorSecret); + $provider->setSecret(session_get('twoFactorSecret')); } $this->response->html($this->helper->layout->user('twofactor/show', array( 'user' => $user, - 'secret' => $this->sessionStorage->twoFactorSecret, + 'secret' => session_get('twoFactorSecret'), 'key_url' => $provider->getKeyUrl($label), ))); } @@ -86,7 +86,7 @@ class TwoFactorController extends UserViewController $provider = $this->authenticationManager->getPostAuthenticationProvider(); $provider->setCode(empty($values['code']) ? '' : $values['code']); - $provider->setSecret($this->sessionStorage->twoFactorSecret); + $provider->setSecret(session_get('twoFactorSecret')); if ($provider->authenticate()) { $this->flash->success(t('The two factor authentication code is valid.')); @@ -97,7 +97,7 @@ class TwoFactorController extends UserViewController 'twofactor_secret' => $this->authenticationManager->getPostAuthenticationProvider()->getSecret(), )); - unset($this->sessionStorage->twoFactorSecret); + session_remove('twoFactorSecret'); $this->userSession->disablePostAuthentication(); $this->response->redirect($this->helper->url->to('TwoFactorController', 'index', array('user_id' => $user['id'])), true); @@ -168,10 +168,10 @@ class TwoFactorController extends UserViewController */ public function code() { - if (! isset($this->sessionStorage->twoFactorBeforeCodeCalled)) { + if (! session_exists('twoFactorBeforeCodeCalled')) { $provider = $this->authenticationManager->getPostAuthenticationProvider(); $provider->beforeCode(); - $this->sessionStorage->twoFactorBeforeCodeCalled = true; + session_set('twoFactorBeforeCodeCalled', true); } $this->response->html($this->helper->layout->app('twofactor/check', array( @@ -210,10 +210,10 @@ class TwoFactorController extends UserViewController */ public function qrcode() { - if (isset($this->sessionStorage->twoFactorSecret)) { + if (session_exists('twoFactorSecret')) { $user = $this->getUser(); $provider = $this->authenticationManager->getPostAuthenticationProvider(); - $provider->setSecret($this->sessionStorage->twoFactorSecret); + $provider->setSecret(session_get('twoFactorSecret')); $url = $provider->getKeyUrl($user['email'] ?: $user['username']); if (! empty($url)) { diff --git a/app/Core/Base.php b/app/Core/Base.php index a36828c4..709327a7 100644 --- a/app/Core/Base.php +++ b/app/Core/Base.php @@ -48,7 +48,6 @@ use Pimple\Container; * @property \Kanboard\Core\Security\Token $token * @property \Kanboard\Core\Session\FlashMessage $flash * @property \Kanboard\Core\Session\SessionManager $sessionManager - * @property \Kanboard\Core\Session\SessionStorage $sessionStorage * @property \Kanboard\Core\User\Avatar\AvatarManager $avatarManager * @property \Kanboard\Core\User\GroupSync $groupSync * @property \Kanboard\Core\User\UserProfile $userProfile diff --git a/app/Core/Http/OAuth2.php b/app/Core/Http/OAuth2.php index 211ca5b4..f47927e1 100644 --- a/app/Core/Http/OAuth2.php +++ b/app/Core/Http/OAuth2.php @@ -53,11 +53,11 @@ class OAuth2 extends Base */ public function getState() { - if (! isset($this->sessionStorage->oauthState) || empty($this->sessionStorage->oauthState)) { - $this->sessionStorage->oauthState = $this->token->getToken(); + if (! session_exists('oauthState')) { + session_set('oauthState', $this->token->getToken()); } - return $this->sessionStorage->oauthState; + return session_get('oauthState'); } /** @@ -140,11 +140,12 @@ class OAuth2 extends Base * @access public * @param string $token * @param string $type - * @return string + * @return $this */ public function setAccessToken($token, $type = 'bearer') { $this->accessToken = $token; $this->tokenType = $type; + return $this; } } diff --git a/app/Core/Queue/JobHandler.php b/app/Core/Queue/JobHandler.php index 11c1fb69..d7e7d099 100644 --- a/app/Core/Queue/JobHandler.php +++ b/app/Core/Queue/JobHandler.php @@ -67,8 +67,7 @@ class JobHandler extends Base */ protected function prepareJobSession($user_id) { - $session = array(); - $this->sessionStorage->setStorage($session); + session_flush(); if ($user_id > 0) { $user = $this->userModel->getById($user_id); diff --git a/app/Core/Security/AuthenticationManager.php b/app/Core/Security/AuthenticationManager.php index b1ba76cf..e7a3c8d4 100644 --- a/app/Core/Security/AuthenticationManager.php +++ b/app/Core/Security/AuthenticationManager.php @@ -72,7 +72,7 @@ class AuthenticationManager extends Base foreach ($this->filterProviders('SessionCheckProviderInterface') as $provider) { if (! $provider->isValidSession()) { $this->logger->debug('Invalidate session for '.$this->userSession->getUsername()); - $this->sessionStorage->flush(); + session_flush(); $this->preAuthentication(); return false; } diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php index cbd784a8..9b0c5769 100644 --- a/app/Core/Security/Token.php +++ b/app/Core/Security/Token.php @@ -32,12 +32,12 @@ class Token extends Base */ public function getCSRFToken() { - if (! isset($this->sessionStorage->csrf)) { - $this->sessionStorage->csrf = array(); + if (! session_exists('csrf')) { + session_set('csrf', []); } $nonce = self::getToken(); - $this->sessionStorage->csrf[$nonce] = true; + session_merge('csrf', [$nonce => true]); return $nonce; } @@ -51,8 +51,10 @@ class Token extends Base */ public function validateCSRFToken($token) { - if (isset($this->sessionStorage->csrf[$token])) { - unset($this->sessionStorage->csrf[$token]); + $tokens = session_get('csrf'); + if (isset($tokens[$token])) { + unset($tokens[$token]); + session_set('csrf', $tokens); return true; } diff --git a/app/Core/Session/FlashMessage.php b/app/Core/Session/FlashMessage.php index e02d056d..037717c2 100644 --- a/app/Core/Session/FlashMessage.php +++ b/app/Core/Session/FlashMessage.php @@ -7,7 +7,7 @@ use Kanboard\Core\Base; /** * Session Flash Message * - * @package session + * @package Kanboard\Core\Session * @author Frederic Guillot */ class FlashMessage extends Base @@ -43,11 +43,11 @@ class FlashMessage extends Base */ public function setMessage($key, $message) { - if (! isset($this->sessionStorage->flash)) { - $this->sessionStorage->flash = array(); + if (! session_exists('flash')) { + session_set('flash', []); } - $this->sessionStorage->flash[$key] = $message; + session_merge('flash', [$key => $message]); } /** @@ -61,9 +61,14 @@ class FlashMessage extends Base { $message = ''; - if (isset($this->sessionStorage->flash[$key])) { - $message = $this->sessionStorage->flash[$key]; - unset($this->sessionStorage->flash[$key]); + if (session_exists('flash')) { + $messages = session_get('flash'); + + if (isset($messages[$key])) { + $message = $messages[$key]; + unset($messages[$key]); + session_set('flash', $messages); + } } return $message; diff --git a/app/Core/Session/SessionHandler.php b/app/Core/Session/SessionHandler.php new file mode 100644 index 00000000..135e0ab0 --- /dev/null +++ b/app/Core/Session/SessionHandler.php @@ -0,0 +1,70 @@ +<?php + +namespace Kanboard\Core\Session; + +use PicoDb\Database; +use SessionHandlerInterface; + +/** + * Class SessionHandler + * + * @package Kanboard\Core\Session + */ +class SessionHandler implements SessionHandlerInterface +{ + const TABLE = 'sessions'; + + /** + * @var Database + */ + private $db; + + public function __construct(Database $db) + { + $this->db = $db; + } + + public function close() + { + return true; + } + + public function destroy($sessionID) + { + return $this->db->table(self::TABLE)->eq('id', $sessionID)->remove(); + } + + public function gc($maxlifetime) + { + return $this->db->table(self::TABLE)->lt('expire_at', time())->remove(); + } + + public function open($savePath, $name) + { + return true; + } + + public function read($sessionID) + { + $result = $this->db->table(self::TABLE)->eq('id', $sessionID)->findOneColumn('data'); + return $result ?: ''; + } + + public function write($sessionID, $data) + { + $lifetime = time() + (ini_get('session.gc_maxlifetime') ?: 1440); + + if ($this->db->table(self::TABLE)->eq('id', $sessionID)->exists()) { + return $this->db->table(self::TABLE)->eq('id', $sessionID)->update(array( + 'expire_at' => $lifetime, + 'data' => $data, + )); + } + + return $this->db->table(self::TABLE)->insert(array( + 'id' => $sessionID, + 'expire_at' => $lifetime, + 'data' => $data, + )); + } +} diff --git a/app/Core/Session/SessionManager.php b/app/Core/Session/SessionManager.php index 4f9f2c0a..e3d5cf15 100644 --- a/app/Core/Session/SessionManager.php +++ b/app/Core/Session/SessionManager.php @@ -7,7 +7,7 @@ use Kanboard\Core\Base; /** * Session Manager * - * @package session + * @package Kanboard\Core\Session * @author Frederic Guillot */ class SessionManager extends Base @@ -38,6 +38,8 @@ class SessionManager extends Base */ public function open() { + session_set_save_handler(new SessionHandler($this->db), true); + $this->configure(); if (ini_get('session.auto_start') == 1) { @@ -46,8 +48,6 @@ class SessionManager extends Base session_name('KB_SID'); session_start(); - - $this->sessionStorage->setStorage($_SESSION); } /** diff --git a/app/Core/Session/SessionStorage.php b/app/Core/Session/SessionStorage.php deleted file mode 100644 index bb6771f1..00000000 --- a/app/Core/Session/SessionStorage.php +++ /dev/null @@ -1,92 +0,0 @@ -<?php - -namespace Kanboard\Core\Session; - -/** - * Session Storage - * - * @package session - * @author Frederic Guillot - * - * @property array $user - * @property array $flash - * @property array $csrf - * @property array $postAuthenticationValidated - * @property array $filters - * @property string $redirectAfterLogin - * @property string $captcha - * @property string $commentSorting - * @property bool $hasSubtaskInProgress - * @property bool $hasRememberMe - * @property bool $subtaskListToggle - * @property string $scope - * @property bool $twoFactorBeforeCodeCalled - * @property string $twoFactorSecret - * @property string $oauthState - * @property int $smsTwoFactorSecret - */ -class SessionStorage -{ - /** - * Pointer to external storage - * - * @access private - * @var array - */ - private $storage = array(); - - /** - * Set external storage - * - * @access public - * @param array $storage External session storage (example: $_SESSION) - */ - public function setStorage(array &$storage) - { - $this->storage =& $storage; - - // Load dynamically existing session variables into object properties - foreach ($storage as $key => $value) { - $this->$key = $value; - } - } - - /** - * Get all session variables - * - * @access public - * @return array - */ - public function getAll() - { - $session = get_object_vars($this); - unset($session['storage']); - - return $session; - } - - /** - * Flush session data - * - * @access public - */ - public function flush() - { - $session = get_object_vars($this); - unset($session['storage']); - - foreach (array_keys($session) as $property) { - unset($this->$property); - } - } - - /** - * Copy class properties to external storage - * - * @access public - */ - public function __destruct() - { - $this->storage = $this->getAll(); - } -} diff --git a/app/Core/User/UserSession.php b/app/Core/User/UserSession.php index f3f7359a..0206be80 100644 --- a/app/Core/User/UserSession.php +++ b/app/Core/User/UserSession.php @@ -44,8 +44,8 @@ class UserSession extends Base $user['is_ldap_user'] = isset($user['is_ldap_user']) ? (bool) $user['is_ldap_user'] : false; $user['twofactor_activated'] = isset($user['twofactor_activated']) ? (bool) $user['twofactor_activated'] : false; - $this->sessionStorage->user = $user; - $this->sessionStorage->postAuthenticationValidated = false; + session_set('user', $user); + session_set('postAuthenticationValidated', false); } /** @@ -56,7 +56,7 @@ class UserSession extends Base */ public function getAll() { - return $this->sessionStorage->user; + return session_get('user'); } /** @@ -67,7 +67,11 @@ class UserSession extends Base */ public function getRole() { - return $this->sessionStorage->user['role']; + if (! $this->isLogged()) { + return ''; + } + + return session_get('user')['role']; } /** @@ -78,7 +82,7 @@ class UserSession extends Base */ public function isPostAuthenticationValidated() { - return isset($this->sessionStorage->postAuthenticationValidated) && $this->sessionStorage->postAuthenticationValidated === true; + return session_is_true('postAuthenticationValidated'); } /** @@ -88,7 +92,7 @@ class UserSession extends Base */ public function validatePostAuthentication() { - $this->sessionStorage->postAuthenticationValidated = true; + session_set('postAuthenticationValidated', true); } /** @@ -99,7 +103,11 @@ class UserSession extends Base */ public function hasPostAuthentication() { - return isset($this->sessionStorage->user['twofactor_activated']) && $this->sessionStorage->user['twofactor_activated'] === true; + if (! $this->isLogged()) { + return false; + } + + return session_get('user')['twofactor_activated'] === true; } /** @@ -109,7 +117,7 @@ class UserSession extends Base */ public function disablePostAuthentication() { - $this->sessionStorage->user['twofactor_activated'] = false; + session_merge('user', ['twofactor_activated' => false]); } /** @@ -120,7 +128,7 @@ class UserSession extends Base */ public function isAdmin() { - return isset($this->sessionStorage->user['role']) && $this->sessionStorage->user['role'] === Role::APP_ADMIN; + return $this->getRole() === Role::APP_ADMIN; } /** @@ -131,7 +139,11 @@ class UserSession extends Base */ public function getId() { - return isset($this->sessionStorage->user['id']) ? (int) $this->sessionStorage->user['id'] : 0; + if (! $this->isLogged()) { + return 0; + } + + return session_get('user')['id']; } /** @@ -142,7 +154,41 @@ class UserSession extends Base */ public function getUsername() { - return isset($this->sessionStorage->user['username']) ? $this->sessionStorage->user['username'] : ''; + if (! $this->isLogged()) { + return ''; + } + + return session_get('user')['username']; + } + + /** + * Get user language + * + * @access public + * @return string + */ + public function getLanguage() + { + if (! $this->isLogged()) { + return ''; + } + + return session_get('user')['language']; + } + + /** + * Get user timezone + * + * @access public + * @return string + */ + public function getTimezone() + { + if (! $this->isLogged()) { + return ''; + } + + return session_get('user')['timezone']; } /** @@ -153,7 +199,7 @@ class UserSession extends Base */ public function hasSubtaskListActivated() { - return isset($this->sessionStorage->subtaskListToggle) && ! empty($this->sessionStorage->subtaskListToggle); + return session_is_true('subtaskListToggle'); } /** @@ -164,30 +210,34 @@ class UserSession extends Base */ public function isLogged() { - return isset($this->sessionStorage->user) && ! empty($this->sessionStorage->user); + return session_exists('user') && session_get('user') !== []; } /** * Get project filters from the session * * @access public - * @param integer $project_id + * @param integer $projectID * @return string */ - public function getFilters($project_id) + public function getFilters($projectID) { - return ! empty($this->sessionStorage->filters[$project_id]) ? $this->sessionStorage->filters[$project_id] : 'status:open'; + if (! session_exists('filters:'.$projectID)) { + return 'status:open'; + } + + return session_get('filters:'.$projectID); } /** * Save project filters in the session * * @access public - * @param integer $project_id + * @param integer $projectID * @param string $filters */ - public function setFilters($project_id, $filters) + public function setFilters($projectID, $filters) { - $this->sessionStorage->filters[$project_id] = $filters; + session_set('filters:'.$projectID, $filters); } } diff --git a/app/Helper/SubtaskHelper.php b/app/Helper/SubtaskHelper.php index 67875a63..19cdf97a 100644 --- a/app/Helper/SubtaskHelper.php +++ b/app/Helper/SubtaskHelper.php @@ -20,7 +20,7 @@ class SubtaskHelper extends Base */ public function hasSubtaskInProgress() { - return isset($this->sessionStorage->hasSubtaskInProgress) && $this->sessionStorage->hasSubtaskInProgress; + return session_is_true('hasSubtaskInProgress'); } /** diff --git a/app/Middleware/AuthenticationMiddleware.php b/app/Middleware/AuthenticationMiddleware.php index 499843fd..54652e57 100644 --- a/app/Middleware/AuthenticationMiddleware.php +++ b/app/Middleware/AuthenticationMiddleware.php @@ -38,7 +38,7 @@ class AuthenticationMiddleware extends BaseMiddleware if ($this->request->isAjax()) { $this->response->text('Not Authorized', 401); } else { - $this->sessionStorage->redirectAfterLogin = $this->request->getUri(); + session_set('redirectAfterLogin', $this->request->getUri()); $this->response->redirect($this->helper->url->to('AuthController', 'login')); } } diff --git a/app/Model/LanguageModel.php b/app/Model/LanguageModel.php index 6d46a2fa..09893690 100644 --- a/app/Model/LanguageModel.php +++ b/app/Model/LanguageModel.php @@ -174,11 +174,7 @@ class LanguageModel extends Base */ public function getCurrentLanguage() { - if ($this->userSession->isLogged() && ! empty($this->sessionStorage->user['language'])) { - return $this->sessionStorage->user['language']; - } - - return $this->configModel->get('application_language', 'en_US'); + return $this->userSession->getLanguage() ?: $this->configModel->get('application_language', 'en_US'); } /** diff --git a/app/Model/TimezoneModel.php b/app/Model/TimezoneModel.php index 8b3e895a..ef6afc6a 100644 --- a/app/Model/TimezoneModel.php +++ b/app/Model/TimezoneModel.php @@ -39,11 +39,7 @@ class TimezoneModel extends Base */ public function getCurrentTimezone() { - if ($this->userSession->isLogged() && ! empty($this->sessionStorage->user['timezone'])) { - return $this->sessionStorage->user['timezone']; - } - - return $this->configModel->get('application_timezone', 'UTC'); + return $this->userSession->getTimezone() ?: $this->configModel->get('application_timezone', 'UTC'); } /** diff --git a/app/Schema/Mysql.php b/app/Schema/Mysql.php index 5709b86d..32171d17 100644 --- a/app/Schema/Mysql.php +++ b/app/Schema/Mysql.php @@ -8,7 +8,17 @@ use PDO; use Kanboard\Core\Security\Token; use Kanboard\Core\Security\Role; -const VERSION = 126; +const VERSION = 127; + +function version_127(PDO $pdo) +{ + $pdo->exec("CREATE TABLE sessions ( + id VARCHAR(255) NOT NULL, + expire_at INT NOT NULL, + data LONGTEXT, + PRIMARY KEY(id) + ) ENGINE=InnoDB CHARSET=utf8"); +} function version_126(PDO $pdo) { diff --git a/app/Schema/Postgres.php b/app/Schema/Postgres.php index bf9acaa7..8d5a68e5 100644 --- a/app/Schema/Postgres.php +++ b/app/Schema/Postgres.php @@ -8,7 +8,16 @@ use PDO; use Kanboard\Core\Security\Token; use Kanboard\Core\Security\Role; -const VERSION = 105; +const VERSION = 106; + +function version_106(PDO $pdo) +{ + $pdo->exec("CREATE TABLE sessions ( + id TEXT PRIMARY KEY, + expire_at INTEGER NOT NULL, + data TEXT DEFAULT '' + )"); +} function version_105(PDO $pdo) { diff --git a/app/Schema/Sqlite.php b/app/Schema/Sqlite.php index 70d13b98..e40b2aeb 100644 --- a/app/Schema/Sqlite.php +++ b/app/Schema/Sqlite.php @@ -8,7 +8,16 @@ use Kanboard\Core\Security\Token; use Kanboard\Core\Security\Role; use PDO; -const VERSION = 116; +const VERSION = 117; + +function version_117(PDO $pdo) +{ + $pdo->exec("CREATE TABLE sessions ( + id TEXT PRIMARY KEY, + expire_at INTEGER NOT NULL, + data TEXT DEFAULT '' + )"); +} function version_116(PDO $pdo) { diff --git a/app/ServiceProvider/SessionProvider.php b/app/ServiceProvider/SessionProvider.php index 96dcac2e..82d0c4f3 100644 --- a/app/ServiceProvider/SessionProvider.php +++ b/app/ServiceProvider/SessionProvider.php @@ -5,7 +5,6 @@ namespace Kanboard\ServiceProvider; use Pimple\Container; use Pimple\ServiceProviderInterface; use Kanboard\Core\Session\SessionManager; -use Kanboard\Core\Session\SessionStorage; use Kanboard\Core\Session\FlashMessage; /** @@ -25,10 +24,6 @@ class SessionProvider implements ServiceProviderInterface */ public function register(Container $container) { - $container['sessionStorage'] = function() { - return new SessionStorage; - }; - $container['sessionManager'] = function($c) { return new SessionManager($c); }; diff --git a/app/Subscriber/AuthSubscriber.php b/app/Subscriber/AuthSubscriber.php index 0097c407..5f22edab 100644 --- a/app/Subscriber/AuthSubscriber.php +++ b/app/Subscriber/AuthSubscriber.php @@ -58,7 +58,7 @@ class AuthSubscriber extends BaseSubscriber implements EventSubscriberInterface $this->userSession->validatePostAuthentication(); } - if (isset($this->sessionStorage->hasRememberMe) && $this->sessionStorage->hasRememberMe) { + if (session_is_true('hasRememberMe')) { $session = $this->rememberMeSessionModel->create($this->userSession->getId(), $ipAddress, $userAgent); $this->rememberMeCookie->write($session['token'], $session['sequence'], $session['expiration']); } diff --git a/app/Subscriber/BootstrapSubscriber.php b/app/Subscriber/BootstrapSubscriber.php index 3618f30f..432f8378 100644 --- a/app/Subscriber/BootstrapSubscriber.php +++ b/app/Subscriber/BootstrapSubscriber.php @@ -21,7 +21,7 @@ class BootstrapSubscriber extends BaseSubscriber implements EventSubscriberInter $this->actionManager->attachEvents(); if ($this->userSession->isLogged()) { - $this->sessionStorage->hasSubtaskInProgress = $this->subtaskStatusModel->hasSubtaskInProgress($this->userSession->getId()); + session_set('hasSubtaskInProgress', $this->subtaskStatusModel->hasSubtaskInProgress($this->userSession->getId())); } } diff --git a/app/Validator/AuthValidator.php b/app/Validator/AuthValidator.php index 25dab430..9abe69f0 100644 --- a/app/Validator/AuthValidator.php +++ b/app/Validator/AuthValidator.php @@ -101,11 +101,11 @@ class AuthValidator extends BaseValidator $errors = array(); if ($this->userLockingModel->hasCaptcha($values['username'])) { - if (! isset($this->sessionStorage->captcha)) { + if (! session_exists('captcha')) { $result = false; } else { $builder = new CaptchaBuilder; - $builder->setPhrase($this->sessionStorage->captcha); + $builder->setPhrase(session_get('captcha')); $result = $builder->testPhrase(isset($values['captcha']) ? $values['captcha'] : ''); if (! $result) { diff --git a/app/Validator/PasswordResetValidator.php b/app/Validator/PasswordResetValidator.php index e44e5206..0a2a3cd6 100644 --- a/app/Validator/PasswordResetValidator.php +++ b/app/Validator/PasswordResetValidator.php @@ -69,17 +69,17 @@ class PasswordResetValidator extends BaseValidator * * @access protected * @param array $values Form values - * @return boolean + * @return array */ protected function validateCaptcha(array $values) { $errors = array(); - if (! isset($this->sessionStorage->captcha)) { + if (! session_exists('captcha')) { $result = false; } else { $builder = new CaptchaBuilder; - $builder->setPhrase($this->sessionStorage->captcha); + $builder->setPhrase(session_get('captcha')); $result = $builder->testPhrase(isset($values['captcha']) ? $values['captcha'] : ''); if (! $result) { diff --git a/app/functions.php b/app/functions.php index 94530af8..bb739d0f 100644 --- a/app/functions.php +++ b/app/functions.php @@ -2,9 +2,50 @@ use Kanboard\Core\Translator; -function explode_csv_field($field) +function session_get($key) { - $fields = explode(',', $field); + return isset($_SESSION[$key]) ? $_SESSION[$key] : null; +} + +function session_set($key, $value) +{ + $_SESSION[$key] = $value; +} + +function session_remove($key) +{ + unset($_SESSION[$key]); +} + +function session_exists($key) +{ + return isset($_SESSION[$key]); +} + +function session_is_true($key) +{ + return isset($_SESSION[$key]) && $_SESSION[$key] === true; +} + +function session_merge($key, array $value) +{ + $_SESSION[$key] = array_merge($_SESSION[$key], $value); +} + +function session_flush() +{ + $_SESSION = []; +} + +/** + * Split CSV string + * + * @param string $str + * @return string[] + */ +function explode_csv_field($str) +{ + $fields = explode(',', $str); array_walk($fields, function (&$value) { $value = trim($value); }); return array_filter($fields); } diff --git a/tests/units/Action/CommentCreationMoveTaskColumnTest.php b/tests/units/Action/CommentCreationMoveTaskColumnTest.php index b3d21287..202c6515 100644 --- a/tests/units/Action/CommentCreationMoveTaskColumnTest.php +++ b/tests/units/Action/CommentCreationMoveTaskColumnTest.php @@ -13,7 +13,7 @@ class CommentCreationMoveTaskColumnTest extends Base { public function testSuccess() { - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $projectModel = new ProjectModel($this->container); $commentModel = new CommentModel($this->container); diff --git a/tests/units/Action/TaskAssignCurrentUserColumnTest.php b/tests/units/Action/TaskAssignCurrentUserColumnTest.php index 3b64d718..9ebc9cce 100644 --- a/tests/units/Action/TaskAssignCurrentUserColumnTest.php +++ b/tests/units/Action/TaskAssignCurrentUserColumnTest.php @@ -13,7 +13,7 @@ class TaskAssignCurrentUserColumnTest extends Base { public function testChangeUser() { - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $projectModel = new ProjectModel($this->container); $taskCreationModel = new TaskCreationModel($this->container); @@ -43,7 +43,7 @@ class TaskAssignCurrentUserColumnTest extends Base public function testWithWrongColumn() { - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $projectModel = new ProjectModel($this->container); $taskCreationModel = new TaskCreationModel($this->container); diff --git a/tests/units/Action/TaskAssignCurrentUserTest.php b/tests/units/Action/TaskAssignCurrentUserTest.php index 5569a191..a06b204b 100644 --- a/tests/units/Action/TaskAssignCurrentUserTest.php +++ b/tests/units/Action/TaskAssignCurrentUserTest.php @@ -13,7 +13,7 @@ class TaskAssignCurrentUserTest extends Base { public function testChangeUser() { - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $projectModel = new ProjectModel($this->container); $taskCreationModel = new TaskCreationModel($this->container); diff --git a/tests/units/Auth/ApiAccessTokenAuthTest.php b/tests/units/Auth/ApiAccessTokenAuthTest.php index 22852805..337d6039 100644 --- a/tests/units/Auth/ApiAccessTokenAuthTest.php +++ b/tests/units/Auth/ApiAccessTokenAuthTest.php @@ -49,7 +49,7 @@ class ApiAccessTokenAuthTest extends Base public function testAuthenticateWithToken() { - $this->container['sessionStorage']->scope = 'API'; + $_SESSION['scope'] = 'API'; $provider = new ApiAccessTokenAuth($this->container); $userModel = new UserModel($this->container); diff --git a/tests/units/Auth/DatabaseAuthTest.php b/tests/units/Auth/DatabaseAuthTest.php index 97c75bd2..50ae3c7e 100644 --- a/tests/units/Auth/DatabaseAuthTest.php +++ b/tests/units/Auth/DatabaseAuthTest.php @@ -48,15 +48,15 @@ class DatabaseAuthTest extends Base $this->assertEquals(2, $userModel->create(array('username' => 'foobar'))); - $this->container['sessionStorage']->user = array('id' => 2); + $_SESSION['user'] = array('id' => 2); $this->assertTrue($provider->isValidSession()); - $this->container['sessionStorage']->user = array('id' => 3); + $_SESSION['user'] = array('id' => 3); $this->assertFalse($provider->isValidSession()); $this->assertTrue($userModel->disable(2)); - $this->container['sessionStorage']->user = array('id' => 2); + $_SESSION['user'] = array('id' => 2); $this->assertFalse($provider->isValidSession()); } } diff --git a/tests/units/Auth/ReverseProxyAuthTest.php b/tests/units/Auth/ReverseProxyAuthTest.php index cdbc247d..10d0841e 100644 --- a/tests/units/Auth/ReverseProxyAuthTest.php +++ b/tests/units/Auth/ReverseProxyAuthTest.php @@ -54,7 +54,7 @@ class ReverseProxyAuthTest extends Base ->method('getRemoteUser') ->will($this->returnValue('admin')); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'username' => 'admin' ); @@ -69,7 +69,7 @@ class ReverseProxyAuthTest extends Base ->method('getRemoteUser') ->will($this->returnValue('foobar')); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'username' => 'admin' ); diff --git a/tests/units/Base.php b/tests/units/Base.php index f7c99425..cb6a2e20 100644 --- a/tests/units/Base.php +++ b/tests/units/Base.php @@ -9,7 +9,6 @@ use Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher; use Symfony\Component\Stopwatch\Stopwatch; use SimpleLogger\Logger; use Kanboard\Core\Session\FlashMessage; -use Kanboard\Core\Session\SessionStorage; use Kanboard\ServiceProvider\ActionProvider; abstract class Base extends PHPUnit_Framework_TestCase @@ -24,6 +23,7 @@ abstract class Base extends PHPUnit_Framework_TestCase public function setUp() { date_default_timezone_set('UTC'); + $_SESSION = array(); if (DB_DRIVER === 'mysql') { $pdo = new PDO('mysql:host='.DB_HOSTNAME, DB_USERNAME, DB_PASSWORD); @@ -86,7 +86,6 @@ abstract class Base extends PHPUnit_Framework_TestCase ->setMethods(array('put', 'moveFile', 'remove', 'moveUploadedFile')) ->getMock(); - $this->container['sessionStorage'] = new SessionStorage; $this->container->register(new ActionProvider); $this->container['flash'] = function ($c) { diff --git a/tests/units/Core/Action/ActionManagerTest.php b/tests/units/Core/Action/ActionManagerTest.php index 4878c0c9..cf6a88d4 100644 --- a/tests/units/Core/Action/ActionManagerTest.php +++ b/tests/units/Core/Action/ActionManagerTest.php @@ -116,7 +116,7 @@ class ActionManagerTest extends Base public function testAttachEventsWithLoggedUser() { - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $projectModel = new ProjectModel($this->container); $projectUserRoleModel = new ProjectUserRoleModel($this->container); diff --git a/tests/units/Core/Security/AuthenticationManagerTest.php b/tests/units/Core/Security/AuthenticationManagerTest.php index c2369626..a5a23c7e 100644 --- a/tests/units/Core/Security/AuthenticationManagerTest.php +++ b/tests/units/Core/Security/AuthenticationManagerTest.php @@ -56,7 +56,7 @@ class AuthenticationManagerTest extends Base $authManager = new AuthenticationManager($this->container); $authManager->register(new DatabaseAuth($this->container)); - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1, 'username' => 'test'); $this->assertTrue($this->container['userSession']->isLogged()); $this->assertTrue($authManager->checkCurrentSession()); @@ -67,7 +67,7 @@ class AuthenticationManagerTest extends Base $authManager = new AuthenticationManager($this->container); $authManager->register(new DatabaseAuth($this->container)); - $this->container['sessionStorage']->user = array('id' => 2); + $_SESSION['user'] = array('id' => 42, 'username' => 'test'); $this->assertTrue($this->container['userSession']->isLogged()); $this->assertFalse($authManager->checkCurrentSession()); diff --git a/tests/units/Core/Session/SessionStorageTest.php b/tests/units/Core/Session/SessionStorageTest.php deleted file mode 100644 index dd0040d5..00000000 --- a/tests/units/Core/Session/SessionStorageTest.php +++ /dev/null @@ -1,60 +0,0 @@ -<?php - -require_once __DIR__.'/../../Base.php'; - -use Kanboard\Core\Session\SessionStorage; - -class SessionStorageTest extends Base -{ - public function testNotPersistentStorage() - { - $storage = new SessionStorage(); - $storage->something = array('a' => 'b'); - $this->assertEquals(array('a' => 'b'), $storage->something); - $this->assertTrue(isset($storage->something)); - $this->assertFalse(isset($storage->something->x)); - $this->assertFalse(isset($storage->notFound)); - $this->assertFalse(isset($storage->notFound->x)); - $this->assertFalse(isset($storage->notFound['x'])); - } - - public function testPersistentStorage() - { - $session = array('d' => 'e'); - - $storage = new SessionStorage(); - $storage->setStorage($session); - $storage->something = array('a' => 'b'); - - $this->assertEquals(array('a' => 'b'), $storage->something); - $this->assertEquals('e', $storage->d); - - $storage->something['a'] = 'c'; - $this->assertEquals('c', $storage->something['a']); - - $storage = null; - $this->assertEquals(array('something' => array('a' => 'c'), 'd' => 'e'), $session); - } - - public function testFlush() - { - $session = array('d' => 'e'); - - $storage = new SessionStorage(); - $storage->setStorage($session); - $storage->something = array('a' => 'b'); - - $this->assertEquals(array('a' => 'b'), $storage->something); - $this->assertEquals('e', $storage->d); - - $storage->flush(); - - $this->assertFalse(isset($storage->d)); - $this->assertFalse(isset($storage->something)); - - $storage->foo = 'bar'; - - $storage = null; - $this->assertEquals(array('foo' => 'bar'), $session); - } -} diff --git a/tests/units/Core/User/UserProfileTest.php b/tests/units/Core/User/UserProfileTest.php index 6dc627b7..684db06e 100644 --- a/tests/units/Core/User/UserProfileTest.php +++ b/tests/units/Core/User/UserProfileTest.php @@ -15,8 +15,8 @@ class UserProfileTest extends Base $user = new DatabaseUserProvider(array('id' => 1)); $this->assertTrue($userProfile->initialize($user)); - $this->assertNotEmpty($this->container['sessionStorage']->user); - $this->assertEquals('admin', $this->container['sessionStorage']->user['username']); + $this->assertNotEmpty($_SESSION['user']); + $this->assertEquals('admin', $_SESSION['user']['username']); } public function testInitializeLocalUserNotFound() @@ -25,7 +25,7 @@ class UserProfileTest extends Base $user = new DatabaseUserProvider(array('id' => 2)); $this->assertFalse($userProfile->initialize($user)); - $this->assertFalse(isset($this->container['sessionStorage']->user)); + $this->assertFalse(isset($_SESSION['user'])); } public function testInitializeRemoteUser() @@ -34,17 +34,17 @@ class UserProfileTest extends Base $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_MANAGER, array()); $this->assertTrue($userProfile->initialize($user)); - $this->assertNotEmpty($this->container['sessionStorage']->user); - $this->assertEquals(2, $this->container['sessionStorage']->user['id']); - $this->assertEquals('bob', $this->container['sessionStorage']->user['username']); - $this->assertEquals(Role::APP_MANAGER, $this->container['sessionStorage']->user['role']); + $this->assertNotEmpty($_SESSION['user']); + $this->assertEquals(2, $_SESSION['user']['id']); + $this->assertEquals('bob', $_SESSION['user']['username']); + $this->assertEquals(Role::APP_MANAGER, $_SESSION['user']['role']); $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_MANAGER, array()); $this->assertTrue($userProfile->initialize($user)); - $this->assertNotEmpty($this->container['sessionStorage']->user); - $this->assertEquals(2, $this->container['sessionStorage']->user['id']); - $this->assertEquals('bob', $this->container['sessionStorage']->user['username']); + $this->assertNotEmpty($_SESSION['user']); + $this->assertEquals(2, $_SESSION['user']['id']); + $this->assertEquals('bob', $_SESSION['user']['username']); } public function testAssignRemoteUser() @@ -53,11 +53,11 @@ class UserProfileTest extends Base $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_MANAGER, array()); $this->assertTrue($userProfile->assign(1, $user)); - $this->assertNotEmpty($this->container['sessionStorage']->user); - $this->assertEquals(1, $this->container['sessionStorage']->user['id']); - $this->assertEquals('admin', $this->container['sessionStorage']->user['username']); - $this->assertEquals('Bob', $this->container['sessionStorage']->user['name']); - $this->assertEquals('', $this->container['sessionStorage']->user['email']); - $this->assertEquals(Role::APP_MANAGER, $this->container['sessionStorage']->user['role']); + $this->assertNotEmpty($_SESSION['user']); + $this->assertEquals(1, $_SESSION['user']['id']); + $this->assertEquals('admin', $_SESSION['user']['username']); + $this->assertEquals('Bob', $_SESSION['user']['name']); + $this->assertEquals('', $_SESSION['user']['email']); + $this->assertEquals(Role::APP_MANAGER, $_SESSION['user']['role']); } } diff --git a/tests/units/Core/User/UserSessionTest.php b/tests/units/Core/User/UserSessionTest.php index 2a118079..5e7bab43 100644 --- a/tests/units/Core/User/UserSessionTest.php +++ b/tests/units/Core/User/UserSessionTest.php @@ -9,8 +9,7 @@ class UserSessionTest extends Base { public function testInitialize() { - $us = new UserSession($this->container); - + $userSession = new UserSession($this->container); $user = array( 'id' => '123', 'username' => 'john', @@ -23,101 +22,97 @@ class UserSessionTest extends Base 'role' => Role::APP_MANAGER, ); - $us->initialize($user); - - $session = $this->container['sessionStorage']->getAll(); + $userSession->initialize($user); - $this->assertNotEmpty($session); - $this->assertEquals(123, $session['user']['id']); - $this->assertEquals('john', $session['user']['username']); - $this->assertEquals(Role::APP_MANAGER, $session['user']['role']); - $this->assertFalse($session['user']['is_ldap_user']); - $this->assertFalse($session['user']['twofactor_activated']); - $this->assertArrayNotHasKey('password', $session['user']); - $this->assertArrayNotHasKey('twofactor_secret', $session['user']); - $this->assertArrayNotHasKey('is_admin', $session['user']); - $this->assertArrayNotHasKey('is_project_admin', $session['user']); + $this->assertNotEmpty($_SESSION); + $this->assertEquals(123, $_SESSION['user']['id']); + $this->assertEquals('john', $_SESSION['user']['username']); + $this->assertEquals(Role::APP_MANAGER, $_SESSION['user']['role']); + $this->assertFalse($_SESSION['user']['is_ldap_user']); + $this->assertFalse($_SESSION['user']['twofactor_activated']); + $this->assertArrayNotHasKey('password', $_SESSION['user']); + $this->assertArrayNotHasKey('twofactor_secret', $_SESSION['user']); + $this->assertArrayNotHasKey('is_admin', $_SESSION['user']); + $this->assertArrayNotHasKey('is_project_admin', $_SESSION['user']); - $this->assertEquals('john', $us->getUsername()); + $this->assertEquals('john', $userSession->getUsername()); } public function testGetId() { - $us = new UserSession($this->container); + $userSession = new UserSession($this->container); - $this->assertEquals(0, $us->getId()); + $this->assertEquals(0, $userSession->getId()); - $this->container['sessionStorage']->user = array('id' => 2); - $this->assertEquals(2, $us->getId()); + $_SESSION['user'] = array('id' => 2); + $this->assertEquals(2, $userSession->getId()); - $this->container['sessionStorage']->user = array('id' => '2'); - $this->assertEquals(2, $us->getId()); + $_SESSION['user'] = array('id' => '2'); + $this->assertEquals(2, $userSession->getId()); } public function testIsLogged() { - $us = new UserSession($this->container); + $userSession = new UserSession($this->container); + $this->assertFalse($userSession->isLogged()); - $this->assertFalse($us->isLogged()); + $_SESSION['user'] = array(); + $this->assertFalse($userSession->isLogged()); - $this->container['sessionStorage']->user = array(); - $this->assertFalse($us->isLogged()); - - $this->container['sessionStorage']->user = array('id' => 1); - $this->assertTrue($us->isLogged()); + $_SESSION['user'] = array('id' => 1); + $this->assertTrue($userSession->isLogged()); } public function testIsAdmin() { - $us = new UserSession($this->container); - - $this->assertFalse($us->isAdmin()); + $userSession = new UserSession($this->container); + $this->assertFalse($userSession->isAdmin()); - $this->container['sessionStorage']->user = array('role' => Role::APP_ADMIN); - $this->assertTrue($us->isAdmin()); + $_SESSION['user'] = array('role' => Role::APP_ADMIN); + $this->assertTrue($userSession->isAdmin()); - $this->container['sessionStorage']->user = array('role' => Role::APP_USER); - $this->assertFalse($us->isAdmin()); + $_SESSION['user'] = array('role' => Role::APP_USER); + $this->assertFalse($userSession->isAdmin()); - $this->container['sessionStorage']->user = array('role' => ''); - $this->assertFalse($us->isAdmin()); + $_SESSION['user'] = array('role' => ''); + $this->assertFalse($userSession->isAdmin()); } public function testFilters() { - $us = new UserSession($this->container); - $this->assertEquals('status:open', $us->getFilters(1)); + $userSession = new UserSession($this->container); + $this->assertEquals('status:open', $userSession->getFilters(1)); - $us->setFilters(1, 'assignee:me'); - $this->assertEquals('assignee:me', $us->getFilters(1)); + $userSession->setFilters(1, 'assignee:me'); + $this->assertEquals('assignee:me', $userSession->getFilters(1)); - $this->assertEquals('status:open', $us->getFilters(2)); + $this->assertEquals('status:open', $userSession->getFilters(2)); - $us->setFilters(2, 'assignee:bob'); - $this->assertEquals('assignee:bob', $us->getFilters(2)); + $userSession->setFilters(2, 'assignee:bob'); + $this->assertEquals('assignee:bob', $userSession->getFilters(2)); } public function testPostAuthentication() { - $us = new UserSession($this->container); - $this->assertFalse($us->isPostAuthenticationValidated()); + $userSession = new UserSession($this->container); + $this->assertFalse($userSession->isPostAuthenticationValidated()); - $this->container['sessionStorage']->postAuthenticationValidated = false; - $this->assertFalse($us->isPostAuthenticationValidated()); + $_SESSION['postAuthenticationValidated'] = false; + $this->assertFalse($userSession->isPostAuthenticationValidated()); - $us->validatePostAuthentication(); - $this->assertTrue($us->isPostAuthenticationValidated()); + $userSession->validatePostAuthentication(); + $this->assertTrue($userSession->isPostAuthenticationValidated()); - $this->container['sessionStorage']->user = array(); - $this->assertFalse($us->hasPostAuthentication()); + $_SESSION['user'] = array(); + $this->assertFalse($userSession->hasPostAuthentication()); - $this->container['sessionStorage']->user = array('twofactor_activated' => false); - $this->assertFalse($us->hasPostAuthentication()); + $_SESSION['user'] = array('twofactor_activated' => false); + $this->assertFalse($userSession->hasPostAuthentication()); - $this->container['sessionStorage']->user = array('twofactor_activated' => true); - $this->assertTrue($us->hasPostAuthentication()); + $_SESSION['user'] = array('twofactor_activated' => true); + $this->assertTrue($userSession->hasPostAuthentication()); - $us->disablePostAuthentication(); - $this->assertFalse($us->hasPostAuthentication()); + $userSession->disablePostAuthentication(); + $this->assertFalse($userSession->hasPostAuthentication()); } } diff --git a/tests/units/Helper/ProjectRoleHelperTest.php b/tests/units/Helper/ProjectRoleHelperTest.php index d2335dfa..f6b5afff 100644 --- a/tests/units/Helper/ProjectRoleHelperTest.php +++ b/tests/units/Helper/ProjectRoleHelperTest.php @@ -25,7 +25,7 @@ class ProjectRoleHelperTest extends Base $projectUserRole = new ProjectUserRoleModel($this->container); $userModel = new UserModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -44,7 +44,7 @@ class ProjectRoleHelperTest extends Base $projectUserRole = new ProjectUserRoleModel($this->container); $userModel = new UserModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -64,7 +64,7 @@ class ProjectRoleHelperTest extends Base $userModel = new UserModel($this->container); $projectRoleModel = new ProjectRoleModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -88,7 +88,7 @@ class ProjectRoleHelperTest extends Base $projectRoleRestrictionModel = new ProjectRoleRestrictionModel($this->container); $columnRestrictionModel = new ColumnRestrictionModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -117,7 +117,7 @@ class ProjectRoleHelperTest extends Base $taskFinderModel = new TaskFinderModel($this->container); $projectRoleRestrictionModel = new ProjectRoleRestrictionModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -145,7 +145,7 @@ class ProjectRoleHelperTest extends Base $taskCreationModel = new TaskCreationModel($this->container); $taskFinderModel = new TaskFinderModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -172,7 +172,7 @@ class ProjectRoleHelperTest extends Base $taskFinderModel = new TaskFinderModel($this->container); $projectRoleRestrictionModel = new ProjectRoleRestrictionModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -200,7 +200,7 @@ class ProjectRoleHelperTest extends Base $taskCreationModel = new TaskCreationModel($this->container); $taskFinderModel = new TaskFinderModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -223,7 +223,7 @@ class ProjectRoleHelperTest extends Base $projectUserRole = new ProjectUserRoleModel($this->container); $userModel = new UserModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -242,7 +242,7 @@ class ProjectRoleHelperTest extends Base $projectUserRole = new ProjectUserRoleModel($this->container); $userModel = new UserModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -262,7 +262,7 @@ class ProjectRoleHelperTest extends Base $userModel = new UserModel($this->container); $projectRoleModel = new ProjectRoleModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -286,7 +286,7 @@ class ProjectRoleHelperTest extends Base $projectRoleRestrictionModel = new ProjectRoleRestrictionModel($this->container); $columnRestrictionModel = new ColumnRestrictionModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -313,7 +313,7 @@ class ProjectRoleHelperTest extends Base $projectUserRole = new ProjectUserRoleModel($this->container); $userModel = new UserModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -337,7 +337,7 @@ class ProjectRoleHelperTest extends Base $projectUserRole = new ProjectUserRoleModel($this->container); $userModel = new UserModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -363,7 +363,7 @@ class ProjectRoleHelperTest extends Base $projectRoleModel = new ProjectRoleModel($this->container); $columnMoveRestrictionModel = new ColumnMoveRestrictionModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); diff --git a/tests/units/Helper/UserHelperTest.php b/tests/units/Helper/UserHelperTest.php index b66acdba..efd7410b 100644 --- a/tests/units/Helper/UserHelperTest.php +++ b/tests/units/Helper/UserHelperTest.php @@ -57,7 +57,7 @@ class UserHelperTest extends Base { $helper = new UserHelper($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_ADMIN, ); @@ -71,7 +71,7 @@ class UserHelperTest extends Base { $helper = new UserHelper($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_MANAGER, ); @@ -85,7 +85,7 @@ class UserHelperTest extends Base { $helper = new UserHelper($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -109,7 +109,7 @@ class UserHelperTest extends Base $helper = new UserHelper($this->container); $project = new ProjectModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_ADMIN, ); @@ -125,7 +125,7 @@ class UserHelperTest extends Base $helper = new UserHelper($this->container); $project = new ProjectModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_MANAGER, ); @@ -141,7 +141,7 @@ class UserHelperTest extends Base $helper = new UserHelper($this->container); $project = new ProjectModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -159,7 +159,7 @@ class UserHelperTest extends Base $project = new ProjectModel($this->container); $projectUserRole = new ProjectUserRoleModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_MANAGER, ); @@ -187,7 +187,7 @@ class UserHelperTest extends Base $project = new ProjectModel($this->container); $projectUserRole = new ProjectUserRoleModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -215,7 +215,7 @@ class UserHelperTest extends Base $project = new ProjectModel($this->container); $projectUserRole = new ProjectUserRoleModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -243,7 +243,7 @@ class UserHelperTest extends Base $project = new ProjectModel($this->container); $projectUserRole = new ProjectUserRoleModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); @@ -272,7 +272,7 @@ class UserHelperTest extends Base $projectUserRole = new ProjectUserRoleModel($this->container); $projectRole = new ProjectRoleModel($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 2, 'role' => Role::APP_USER, ); diff --git a/tests/units/Job/UserMentionJobTest.php b/tests/units/Job/UserMentionJobTest.php index 04ffa0d3..b2bfe41c 100644 --- a/tests/units/Job/UserMentionJobTest.php +++ b/tests/units/Job/UserMentionJobTest.php @@ -70,7 +70,7 @@ class UserMentionJobTest extends Base public function testGetMentionedUsersWithNotficationEnabledAndUserLoggedIn() { - $this->container['sessionStorage']->user = array('id' => 3); + $_SESSION['user'] = array('id' => 3); $userModel = new UserModel($this->container); $userMentionJob = new UserMentionJob($this->container); diff --git a/tests/units/Model/LanguageTest.php b/tests/units/Model/LanguageTest.php index 4330c3c8..88f6df6e 100644 --- a/tests/units/Model/LanguageTest.php +++ b/tests/units/Model/LanguageTest.php @@ -25,10 +25,10 @@ class LanguageTest extends Base $languageModel = new LanguageModel($this->container); $this->assertEquals('en', $languageModel->getJsLanguageCode()); - $this->container['sessionStorage']->user = array('language' => 'fr_FR'); + $_SESSION['user'] = array('language' => 'fr_FR'); $this->assertEquals('fr', $languageModel->getJsLanguageCode()); - $this->container['sessionStorage']->user = array('language' => 'xx_XX'); + $_SESSION['user'] = array('language' => 'xx_XX'); $this->assertEquals('en', $languageModel->getJsLanguageCode()); } @@ -37,10 +37,10 @@ class LanguageTest extends Base $languageModel = new LanguageModel($this->container); $this->assertEquals('en_US', $languageModel->getCurrentLanguage()); - $this->container['sessionStorage']->user = array('language' => 'fr_FR'); + $_SESSION['user'] = array('language' => 'fr_FR'); $this->assertEquals('fr_FR', $languageModel->getCurrentLanguage()); - $this->container['sessionStorage']->user = array('language' => 'xx_XX'); + $_SESSION['user'] = array('language' => 'xx_XX'); $this->assertEquals('xx_XX', $languageModel->getCurrentLanguage()); } diff --git a/tests/units/Model/ProjectFileTest.php b/tests/units/Model/ProjectFileTest.php index 116dd3d2..dfecb5ec 100644 --- a/tests/units/Model/ProjectFileTest.php +++ b/tests/units/Model/ProjectFileTest.php @@ -52,7 +52,7 @@ class ProjectFileTest extends Base public function testCreationWithSessionOpen() { - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $projectModel = new ProjectModel($this->container); $fileModel = new ProjectFileModel($this->container); diff --git a/tests/units/Model/SubtaskStatusModelTest.php b/tests/units/Model/SubtaskStatusModelTest.php index af4c3955..6047001b 100644 --- a/tests/units/Model/SubtaskStatusModelTest.php +++ b/tests/units/Model/SubtaskStatusModelTest.php @@ -71,7 +71,7 @@ class SubtaskStatusModelTest extends Base $this->assertEquals(1, $subtask['task_id']); // Set the current logged user - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $this->assertEquals(SubtaskModel::STATUS_INPROGRESS, $subtaskStatusModel->toggleStatus(1)); diff --git a/tests/units/Model/SubtaskTimeTrackingModelTest.php b/tests/units/Model/SubtaskTimeTrackingModelTest.php index 120cfc2c..071785c3 100644 --- a/tests/units/Model/SubtaskTimeTrackingModelTest.php +++ b/tests/units/Model/SubtaskTimeTrackingModelTest.php @@ -73,7 +73,7 @@ class SubtaskTimeTrackingModelTest extends Base $subtaskTimeTrackingModel = new SubtaskTimeTrackingModel($this->container); $projectModel = new ProjectModel($this->container); - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $this->assertEquals(1, $projectModel->create(array('name' => 'test1'))); $this->assertEquals(1, $taskCreationModel->create(array('title' => 'test 1', 'project_id' => 1, 'column_id' => 1, 'owner_id' => 1))); diff --git a/tests/units/Model/TaskCreationModelTest.php b/tests/units/Model/TaskCreationModelTest.php index 7723bece..4b04ac3b 100644 --- a/tests/units/Model/TaskCreationModelTest.php +++ b/tests/units/Model/TaskCreationModelTest.php @@ -159,7 +159,7 @@ class TaskCreationModelTest extends Base $taskCreationModel = new TaskCreationModel($this->container); $taskFinderModel = new TaskFinderModel($this->container); - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $this->assertEquals(1, $projectModel->create(array('name' => 'test'))); $this->assertEquals(1, $taskCreationModel->create(array('project_id' => 1, 'title' => 'test'))); diff --git a/tests/units/Model/TaskDuplicationModelTest.php b/tests/units/Model/TaskDuplicationModelTest.php index e4121ff9..1295cd37 100644 --- a/tests/units/Model/TaskDuplicationModelTest.php +++ b/tests/units/Model/TaskDuplicationModelTest.php @@ -28,7 +28,7 @@ class TaskDuplicationModelTest extends Base $this->assertEquals(1, $task['project_id']); $this->assertEquals(0, $task['creator_id']); - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); // We duplicate our task $this->assertEquals(2, $taskDuplicationModel->duplicate(1)); diff --git a/tests/units/Model/TaskExternalLinkTest.php b/tests/units/Model/TaskExternalLinkTest.php index 7b61cb90..d734f70e 100644 --- a/tests/units/Model/TaskExternalLinkTest.php +++ b/tests/units/Model/TaskExternalLinkTest.php @@ -33,7 +33,7 @@ class TaskExternalLinkTest extends Base public function testCreateWithUserSession() { - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $projectModel = new ProjectModel($this->container); $taskCreationModel = new TaskCreationModel($this->container); @@ -92,7 +92,7 @@ class TaskExternalLinkTest extends Base public function testGetAll() { - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $this->container['externalLinkManager'] = new ExternalLinkManager($this->container); $projectModel = new ProjectModel($this->container); diff --git a/tests/units/Model/TaskFileModelTest.php b/tests/units/Model/TaskFileModelTest.php index de12553f..3c30cc0b 100644 --- a/tests/units/Model/TaskFileModelTest.php +++ b/tests/units/Model/TaskFileModelTest.php @@ -58,7 +58,7 @@ class TaskFileModelTest extends Base public function testCreationWithSessionOpen() { - $this->container['sessionStorage']->user = array('id' => 1); + $_SESSION['user'] = array('id' => 1); $projectModel = new ProjectModel($this->container); $fileModel = new TaskFileModel($this->container); diff --git a/tests/units/Model/TimezoneTest.php b/tests/units/Model/TimezoneTest.php index 8e7103d8..a839f2cc 100644 --- a/tests/units/Model/TimezoneTest.php +++ b/tests/units/Model/TimezoneTest.php @@ -23,10 +23,10 @@ class TimezoneTest extends Base $timezoneModel = new TimezoneModel($this->container); $this->assertEquals('UTC', $timezoneModel->getCurrentTimezone()); - $this->container['sessionStorage']->user = array('timezone' => 'Europe/Paris'); + $_SESSION['user'] = array('timezone' => 'Europe/Paris'); $this->assertEquals('Europe/Paris', $timezoneModel->getCurrentTimezone()); - $this->container['sessionStorage']->user = array('timezone' => 'Something'); + $_SESSION['user'] = array('timezone' => 'Something'); $this->assertEquals('Something', $timezoneModel->getCurrentTimezone()); } } diff --git a/tests/units/Validator/PasswordResetValidatorTest.php b/tests/units/Validator/PasswordResetValidatorTest.php index eed77e42..a2647d2d 100644 --- a/tests/units/Validator/PasswordResetValidatorTest.php +++ b/tests/units/Validator/PasswordResetValidatorTest.php @@ -29,7 +29,7 @@ class PasswordResetValidatorTest extends Base public function testValidateCreation() { - $this->container['sessionStorage']->captcha = 'test'; + $_SESSION['captcha'] = 'test'; $passwordResetValidator = new PasswordResetValidator($this->container); list($valid,) = $passwordResetValidator->validateCreation(array('username' => 'foobar', 'captcha' => 'test')); @@ -38,7 +38,7 @@ class PasswordResetValidatorTest extends Base public function testValidateCreationWithNoUsername() { - $this->container['sessionStorage']->captcha = 'test'; + $_SESSION['captcha'] = 'test'; $passwordResetValidator = new PasswordResetValidator($this->container); list($valid,) = $passwordResetValidator->validateCreation(array('captcha' => 'test')); @@ -47,7 +47,7 @@ class PasswordResetValidatorTest extends Base public function testValidateCreationWithWrongCaptcha() { - $this->container['sessionStorage']->captcha = 'test123'; + $_SESSION['captcha'] = 'test123'; $passwordResetValidator = new PasswordResetValidator($this->container); list($valid,) = $passwordResetValidator->validateCreation(array('username' => 'foobar', 'captcha' => 'test')); diff --git a/tests/units/Validator/UserValidatorTest.php b/tests/units/Validator/UserValidatorTest.php index 64c76175..ae9c94da 100644 --- a/tests/units/Validator/UserValidatorTest.php +++ b/tests/units/Validator/UserValidatorTest.php @@ -11,7 +11,7 @@ class UserValidatorTest extends Base { $userValidator = new UserValidator($this->container); - $this->container['sessionStorage']->user = array( + $_SESSION['user'] = array( 'id' => 1, 'role' => Role::APP_ADMIN, 'username' => 'admin', diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php index 867e4aed..b4ca84b7 100644 --- a/vendor/composer/autoload_classmap.php +++ b/vendor/composer/autoload_classmap.php @@ -342,8 +342,8 @@ return array( 'Kanboard\\Core\\Security\\SessionCheckProviderInterface' => $baseDir . '/app/Core/Security/SessionCheckProviderInterface.php', 'Kanboard\\Core\\Security\\Token' => $baseDir . '/app/Core/Security/Token.php', 'Kanboard\\Core\\Session\\FlashMessage' => $baseDir . '/app/Core/Session/FlashMessage.php', + 'Kanboard\\Core\\Session\\SessionHandler' => $baseDir . '/app/Core/Session/SessionHandler.php', 'Kanboard\\Core\\Session\\SessionManager' => $baseDir . '/app/Core/Session/SessionManager.php', - 'Kanboard\\Core\\Session\\SessionStorage' => $baseDir . '/app/Core/Session/SessionStorage.php', 'Kanboard\\Core\\Template' => $baseDir . '/app/Core/Template.php', 'Kanboard\\Core\\Thumbnail' => $baseDir . '/app/Core/Thumbnail.php', 'Kanboard\\Core\\Tool' => $baseDir . '/app/Core/Tool.php', diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php index d20a0a0d..197baa63 100644 --- a/vendor/composer/autoload_static.php +++ b/vendor/composer/autoload_static.php @@ -478,8 +478,8 @@ class ComposerStaticInit6edea6294a88689e3f5c56484bb70c9b 'Kanboard\\Core\\Security\\SessionCheckProviderInterface' => __DIR__ . '/../..' . '/app/Core/Security/SessionCheckProviderInterface.php', 'Kanboard\\Core\\Security\\Token' => __DIR__ . '/../..' . '/app/Core/Security/Token.php', 'Kanboard\\Core\\Session\\FlashMessage' => __DIR__ . '/../..' . '/app/Core/Session/FlashMessage.php', + 'Kanboard\\Core\\Session\\SessionHandler' => __DIR__ . '/../..' . '/app/Core/Session/SessionHandler.php', 'Kanboard\\Core\\Session\\SessionManager' => __DIR__ . '/../..' . '/app/Core/Session/SessionManager.php', - 'Kanboard\\Core\\Session\\SessionStorage' => __DIR__ . '/../..' . '/app/Core/Session/SessionStorage.php', 'Kanboard\\Core\\Template' => __DIR__ . '/../..' . '/app/Core/Template.php', 'Kanboard\\Core\\Thumbnail' => __DIR__ . '/../..' . '/app/Core/Thumbnail.php', 'Kanboard\\Core\\Tool' => __DIR__ . '/../..' . '/app/Core/Tool.php', |