AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rewrite of session management

This commit is contained in:
Frederic Guillot 2015-11-15 12:50:33 -05:00
parent 2fc402f673
commit a675271ad7
72 changed files with 793 additions and 466 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -5,6 +5,11 @@ Improvements:
* Improve error handling of plugins
Internal code refactoring:
* Rewrite of session management
* Move some classes to a new namespace Kanboard\Core\Http
Bug fixes:
* Loading cs_CZ locale display the wrong language in datetime picker

2
app/Api/Auth.php
View File

@ -28,7 +28,7 @@ class Auth extends Base
if ($username !== 'jsonrpc' && ! $this->authentication->hasCaptcha($username) && $this->authentication->authenticate($username, $password)) {
$this->checkProcedurePermission(true, $method);
$this->userSession->refresh($this->user->getByUsername($username));
$this->userSession->initialize($this->user->getByUsername($username));
} elseif ($username === 'jsonrpc' && $password === $this->config->get('api_token')) {
$this->checkProcedurePermission(false, $method);
} else {

2
app/Api/Me.php
View File

@ -14,7 +14,7 @@ class Me extends Base
{
public function getMe()
{
return $this->session['user'];
return $this->sessionStorage->user;
}
public function getMyDashboard()

2
app/Auth/Database.php
View File

@ -39,7 +39,7 @@ class Database extends Base
->findOne();
if (is_array($user) && password_verify($password, $user['password'])) {
$this->userSession->refresh($user);
$this->userSession->initialize($user);
$this->container['dispatcher']->dispatch('auth.success', new AuthEvent(self::AUTH_NAME, $user['id']));
return true;
}

2
app/Auth/Github.php
View File

@ -39,7 +39,7 @@ class Github extends Base
$user = $this->user->getByGithubId($github_id);
if (! empty($user)) {
$this->userSession->refresh($user);
$this->userSession->initialize($user);
$this->container['dispatcher']->dispatch('auth.success', new AuthEvent(self::AUTH_NAME, $user['id']));
return true;
}

2
app/Auth/Gitlab.php
View File

@ -39,7 +39,7 @@ class Gitlab extends Base
$user = $this->user->getByGitlabId($gitlab_id);
if (! empty($user)) {
$this->userSession->refresh($user);
$this->userSession->initialize($user);
$this->container['dispatcher']->dispatch('auth.success', new AuthEvent(self::AUTH_NAME, $user['id']));
return true;
}

2
app/Auth/Google.php
View File

@ -40,7 +40,7 @@ class Google extends Base
$user = $this->user->getByGoogleId($google_id);
if (! empty($user)) {
$this->userSession->refresh($user);
$this->userSession->initialize($user);
$this->container['dispatcher']->dispatch('auth.success', new AuthEvent(self::AUTH_NAME, $user['id']));
return true;
}

2
app/Auth/Ldap.php
View File

@ -237,7 +237,7 @@ class Ldap extends Base
}
// We open the session
$this->userSession->refresh($user);
$this->userSession->initialize($user);
$this->container['dispatcher']->dispatch('auth.success', new AuthEvent(self::AUTH_NAME, $user['id']));
return true;

4
app/Auth/RememberMe.php
View File

@ -101,10 +101,10 @@ class RememberMe extends Base
);
// Create the session
$this->userSession->refresh($this->user->getById($record['user_id']));
$this->userSession->initialize($this->user->getById($record['user_id']));
// Do not ask 2FA for remember me session
$this->session['2fa_validated'] = true;
$this->sessionStorage->postAuth['validated'] = true;
$this->container['dispatcher']->dispatch(
'auth.success',

2
app/Auth/ReverseProxy.php
View File

@ -48,7 +48,7 @@ class ReverseProxy extends Base
$user = $this->user->getByUsername($login);
}
$this->userSession->refresh($user);
$this->userSession->initialize($user);
$this->container['dispatcher']->dispatch('auth.success', new AuthEvent(self::AUTH_NAME, $user['id']));
return true;

8
app/Controller/Action.php
View File

@ -119,9 +119,9 @@ class Action extends Base
if ($valid) {
if ($this->action->create($values) !== false) {
$this->session->flash(t('Your automatic action have been created successfully.'));
$this->flash->success(t('Your automatic action have been created successfully.'));
} else {
$this->session->flashError(t('Unable to create your automatic action.'));
$this->flash->failure(t('Unable to create your automatic action.'));
}
}
@ -158,9 +158,9 @@ class Action extends Base
$action = $this->action->getById($this->request->getIntegerParam('action_id'));
if (! empty($action) && $this->action->remove($action['id'])) {
$this->session->flash(t('Action removed successfully.'));
$this->flash->success(t('Action removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this action.'));
$this->flash->failure(t('Unable to remove this action.'));
}
$this->response->redirect($this->helper->url->to('action', 'index', array('project_id' => $project['id'])));

12
app/Controller/Auth.php
View File

@ -43,9 +43,11 @@ class Auth extends Base
list($valid, $errors) = $this->authentication->validateForm($values);
if ($valid) {
if (! empty($this->session['login_redirect']) && ! filter_var($this->session['login_redirect'], FILTER_VALIDATE_URL)) {
$redirect = $this->session['login_redirect'];
unset($this->session['login_redirect']);
if (isset($this->sessionStorage->redirectAfterLogin)
&& ! empty($this->sessionStorage->redirectAfterLogin)
&& ! filter_var($this->sessionStorage->redirectAfterLogin, FILTER_VALIDATE_URL)) {
$redirect = $this->sessionStorage->redirectAfterLogin;
unset($this->sessionStorage->redirectAfterLogin);
$this->response->redirect($redirect);
}
@ -63,7 +65,7 @@ class Auth extends Base
public function logout()
{
$this->authentication->backend('rememberMe')->destroy($this->userSession->getId());
$this->session->close();
$this->sessionManager->close();
$this->response->redirect($this->helper->url->to('auth', 'login'));
}
@ -78,7 +80,7 @@ class Auth extends Base
$builder = new CaptchaBuilder;
$builder->build();
$this->session['captcha'] = $builder->getPhrase();
$this->sessionStorage->captcha = $builder->getPhrase();
$builder->output();
}
}

9
app/Controller/Base.php
View File

@ -76,8 +76,7 @@ abstract class Base extends \Kanboard\Core\Base
*/
public function beforeAction($controller, $action)
{
// Start the session
$this->session->open($this->helper->url->dir());
$this->sessionManager->open();
$this->sendHeaders($action);
$this->container['dispatcher']->dispatch('session.bootstrap', new Event);
@ -86,7 +85,7 @@ abstract class Base extends \Kanboard\Core\Base
$this->handle2FA($controller, $action);
$this->handleAuthorization($controller, $action);
$this->session['has_subtask_inprogress'] = $this->subtask->hasSubtaskInProgress($this->userSession->getId());
$this->sessionStorage->hasSubtaskInProgress = $this->subtask->hasSubtaskInProgress($this->userSession->getId());
}
}
@ -102,7 +101,7 @@ abstract class Base extends \Kanboard\Core\Base
$this->response->text('Not Authorized', 401);
}
$this->session['login_redirect'] = $this->request->getUri();
$this->sessionStorage->redirectAfterLogin = $this->request->getUri();
$this->response->redirect($this->helper->url->to('auth', 'login'));
}
}
@ -269,7 +268,7 @@ abstract class Base extends \Kanboard\Core\Base
$project = $this->project->getById($project_id);
if (empty($project)) {
$this->session->flashError(t('Project not found.'));
$this->flash->failure(t('Project not found.'));
$this->response->redirect($this->helper->url->to('project', 'index'));
}

8
app/Controller/Board.php
View File

@ -242,9 +242,9 @@ class Board extends Base
list($valid, ) = $this->taskValidator->validateAssigneeModification($values);
if ($valid && $this->taskModification->update($values)) {
$this->session->flash(t('Task updated successfully.'));
$this->flash->success(t('Task updated successfully.'));
} else {
$this->session->flashError(t('Unable to update your task.'));
$this->flash->failure(t('Unable to update your task.'));
}
$this->response->redirect($this->helper->url->to('board', 'show', array('project_id' => $values['project_id'])));
@ -279,9 +279,9 @@ class Board extends Base
list($valid, ) = $this->taskValidator->validateCategoryModification($values);
if ($valid && $this->taskModification->update($values)) {
$this->session->flash(t('Task updated successfully.'));
$this->flash->success(t('Task updated successfully.'));
} else {
$this->session->flashError(t('Unable to update your task.'));
$this->flash->failure(t('Unable to update your task.'));
}
$this->response->redirect($this->helper->url->to('board', 'show', array('project_id' => $values['project_id'])));

14
app/Controller/Category.php
View File

@ -22,7 +22,7 @@ class Category extends Base
$category = $this->category->getById($this->request->getIntegerParam('category_id'));
if (empty($category)) {
$this->session->flashError(t('Category not found.'));
$this->flash->failure(t('Category not found.'));
$this->response->redirect($this->helper->url->to('category', 'index', array('project_id' => $project_id)));
}
@ -61,10 +61,10 @@ class Category extends Base
if ($valid) {
if ($this->category->create($values)) {
$this->session->flash(t('Your category have been created successfully.'));
$this->flash->success(t('Your category have been created successfully.'));
$this->response->redirect($this->helper->url->to('category', 'index', array('project_id' => $project['id'])));
} else {
$this->session->flashError(t('Unable to create your category.'));
$this->flash->failure(t('Unable to create your category.'));
}
}
@ -103,10 +103,10 @@ class Category extends Base
if ($valid) {
if ($this->category->update($values)) {
$this->session->flash(t('Your category have been updated successfully.'));
$this->flash->success(t('Your category have been updated successfully.'));
$this->response->redirect($this->helper->url->to('category', 'index', array('project_id' => $project['id'])));
} else {
$this->session->flashError(t('Unable to update your category.'));
$this->flash->failure(t('Unable to update your category.'));
}
}
@ -142,9 +142,9 @@ class Category extends Base
$category = $this->getCategory($project['id']);
if ($this->category->remove($category['id'])) {
$this->session->flash(t('Category removed successfully.'));
$this->flash->success(t('Category removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this category.'));
$this->flash->failure(t('Unable to remove this category.'));
}
$this->response->redirect($this->helper->url->to('category', 'index', array('project_id' => $project['id'])));

12
app/Controller/Column.php
View File

@ -55,10 +55,10 @@ class Column extends Base
if ($valid) {
if ($this->board->addColumn($project['id'], $data['title'], $data['task_limit'], $data['description'])) {
$this->session->flash(t('Board updated successfully.'));
$this->flash->success(t('Board updated successfully.'));
$this->response->redirect($this->helper->url->to('column', 'index', array('project_id' => $project['id'])));
} else {
$this->session->flashError(t('Unable to update this board.'));
$this->flash->failure(t('Unable to update this board.'));
}
}
@ -98,10 +98,10 @@ class Column extends Base
if ($valid) {
if ($this->board->updateColumn($values['id'], $values['title'], $values['task_limit'], $values['description'])) {
$this->session->flash(t('Board updated successfully.'));
$this->flash->success(t('Board updated successfully.'));
$this->response->redirect($this->helper->url->to('column', 'index', array('project_id' => $project['id'])));
} else {
$this->session->flashError(t('Unable to update this board.'));
$this->flash->failure(t('Unable to update this board.'));
}
}
@ -155,9 +155,9 @@ class Column extends Base
$column = $this->board->getColumn($this->request->getIntegerParam('column_id'));
if (! empty($column) && $this->board->removeColumn($column['id'])) {
$this->session->flash(t('Column removed successfully.'));
$this->flash->success(t('Column removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this column.'));
$this->flash->failure(t('Unable to remove this column.'));
}
$this->response->redirect($this->helper->url->to('column', 'index', array('project_id' => $project['id'])));

12
app/Controller/Comment.php
View File

@ -82,9 +82,9 @@ class Comment extends Base
if ($valid) {
if ($this->comment->create($values)) {
$this->session->flash(t('Comment added successfully.'));
$this->flash->success(t('Comment added successfully.'));
} else {
$this->session->flashError(t('Unable to create your comment.'));
$this->flash->failure(t('Unable to create your comment.'));
}
if ($ajax) {
@ -131,9 +131,9 @@ class Comment extends Base
if ($valid) {
if ($this->comment->update($values)) {
$this->session->flash(t('Comment updated successfully.'));
$this->flash->success(t('Comment updated successfully.'));
} else {
$this->session->flashError(t('Unable to update your comment.'));
$this->flash->failure(t('Unable to update your comment.'));
}
$this->response->redirect($this->helper->url->to('task', 'show', array('task_id' => $task['id'], 'project_id' => $task['project_id']), 'comment-'.$comment['id']));
@ -171,9 +171,9 @@ class Comment extends Base
$comment = $this->getComment();
if ($this->comment->remove($comment['id'])) {
$this->session->flash(t('Comment removed successfully.'));
$this->flash->success(t('Comment removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this comment.'));
$this->flash->failure(t('Unable to remove this comment.'));
}
$this->response->redirect($this->helper->url->to('task', 'show', array('task_id' => $task['id'], 'project_id' => $task['project_id']), 'comments'));

8
app/Controller/Config.php
View File

@ -53,9 +53,9 @@ class Config extends Base
if ($this->config->save($values)) {
$this->config->reload();
$this->session->flash(t('Settings saved successfully.'));
$this->flash->success(t('Settings saved successfully.'));
} else {
$this->session->flashError(t('Unable to save your settings.'));
$this->flash->failure(t('Unable to save your settings.'));
}
$this->response->redirect($this->helper->url->to('config', $redirect));
@ -210,7 +210,7 @@ class Config extends Base
{
$this->checkCSRFParam();
$this->config->optimizeDatabase();
$this->session->flash(t('Database optimization done.'));
$this->flash->success(t('Database optimization done.'));
$this->response->redirect($this->helper->url->to('config', 'index'));
}
@ -226,7 +226,7 @@ class Config extends Base
$this->checkCSRFParam();
$this->config->regenerateToken($type.'_token');
$this->session->flash(t('Token regenerated.'));
$this->flash->success(t('Token regenerated.'));
$this->response->redirect($this->helper->url->to('config', $type));
}
}

8
app/Controller/Currency.php
View File

@ -55,10 +55,10 @@ class Currency extends Base
if ($valid) {
if ($this->currency->create($values['currency'], $values['rate'])) {
$this->session->flash(t('The currency rate have been added successfully.'));
$this->flash->success(t('The currency rate have been added successfully.'));
$this->response->redirect($this->helper->url->to('currency', 'index'));
} else {
$this->session->flashError(t('Unable to add this currency rate.'));
$this->flash->failure(t('Unable to add this currency rate.'));
}
}
@ -76,9 +76,9 @@ class Currency extends Base
if ($this->config->save($values)) {
$this->config->reload();
$this->session->flash(t('Settings saved successfully.'));
$this->flash->success(t('Settings saved successfully.'));
} else {
$this->session->flashError(t('Unable to save your settings.'));
$this->flash->failure(t('Unable to save your settings.'));
}
$this->response->redirect($this->helper->url->to('currency', 'index'));

12
app/Controller/Customfilter.php
View File

@ -44,10 +44,10 @@ class Customfilter extends Base
if ($valid) {
if ($this->customFilter->create($values)) {
$this->session->flash(t('Your custom filter have been created successfully.'));
$this->flash->success(t('Your custom filter have been created successfully.'));
$this->response->redirect($this->helper->url->to('customfilter', 'index', array('project_id' => $project['id'])));
} else {
$this->session->flashError(t('Unable to create your custom filter.'));
$this->flash->failure(t('Unable to create your custom filter.'));
}
}
@ -68,9 +68,9 @@ class Customfilter extends Base
$this->checkPermission($project, $filter);
if ($this->customFilter->remove($filter['id'])) {
$this->session->flash(t('Custom filter removed successfully.'));
$this->flash->success(t('Custom filter removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this custom filter.'));
$this->flash->failure(t('Unable to remove this custom filter.'));
}
$this->response->redirect($this->helper->url->to('customfilter', 'index', array('project_id' => $project['id'])));
@ -123,10 +123,10 @@ class Customfilter extends Base
if ($valid) {
if ($this->customFilter->update($values)) {
$this->session->flash(t('Your custom filter have been updated successfully.'));
$this->flash->success(t('Your custom filter have been updated successfully.'));
$this->response->redirect($this->helper->url->to('customfilter', 'index', array('project_id' => $project['id'])));
} else {
$this->session->flashError(t('Unable to update custom filter.'));
$this->flash->failure(t('Unable to update custom filter.'));
}
}

8
app/Controller/File.php
View File

@ -22,7 +22,7 @@ class File extends Base
$task = $this->getTask();
if ($this->request->isPost() && $this->file->uploadScreenshot($task['project_id'], $task['id'], $this->request->getValue('screenshot')) !== false) {
$this->session->flash(t('Screenshot uploaded successfully.'));
$this->flash->success(t('Screenshot uploaded successfully.'));
if ($this->request->getStringParam('redirect') === 'board') {
$this->response->redirect($this->helper->url->to('board', 'show', array('project_id' => $task['project_id'])));
@ -62,7 +62,7 @@ class File extends Base
$task = $this->getTask();
if (! $this->file->uploadFiles($task['project_id'], $task['id'], 'files')) {
$this->session->flashError(t('Unable to upload the file.'));
$this->flash->failure(t('Unable to upload the file.'));
}
$this->response->redirect($this->helper->url->to('task', 'show', array('task_id' => $task['id'], 'project_id' => $task['project_id'])));
@ -166,9 +166,9 @@ class File extends Base
$file = $this->file->getById($this->request->getIntegerParam('file_id'));
if ($file['task_id'] == $task['id'] && $this->file->remove($file['id'])) {
$this->session->flash(t('File removed successfully.'));
$this->flash->success(t('File removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this file.'));
$this->flash->failure(t('Unable to remove this file.'));
}
$this->response->redirect($this->helper->url->to('task', 'show', array('task_id' => $task['id'], 'project_id' => $task['project_id'])));

4
app/Controller/Gantt.php
View File

@ -135,10 +135,10 @@ class Gantt extends Base
$task_id = $this->taskCreation->create($values);
if ($task_id !== false) {
$this->session->flash(t('Task created successfully.'));
$this->flash->success(t('Task created successfully.'));
$this->response->redirect($this->helper->url->to('gantt', 'project', array('project_id' => $project['id'])));
} else {
$this->session->flashError(t('Unable to create your task.'));
$this->flash->failure(t('Unable to create your task.'));
}
}

12
app/Controller/Link.php
View File

@ -71,10 +71,10 @@ class Link extends Base
if ($valid) {
if ($this->link->create($values['label'], $values['opposite_label']) !== false) {
$this->session->flash(t('Link added successfully.'));
$this->flash->success(t('Link added successfully.'));
$this->response->redirect($this->helper->url->to('link', 'index'));
} else {
$this->session->flashError(t('Unable to create your link.'));
$this->flash->failure(t('Unable to create your link.'));
}
}
@ -112,10 +112,10 @@ class Link extends Base
if ($valid) {
if ($this->link->update($values)) {
$this->session->flash(t('Link updated successfully.'));
$this->flash->success(t('Link updated successfully.'));
$this->response->redirect($this->helper->url->to('link', 'index'));
} else {
$this->session->flashError(t('Unable to update your link.'));
$this->flash->failure(t('Unable to update your link.'));
}
}
@ -148,9 +148,9 @@ class Link extends Base
$link = $this->getLink();
if ($this->link->remove($link['id'])) {
$this->session->flash(t('Link removed successfully.'));
$this->flash->success(t('Link removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this link.'));
$this->flash->failure(t('Unable to remove this link.'));
}
$this->response->redirect($this->helper->url->to('link', 'index'));

8
app/Controller/Oauth.php
View File

@ -51,9 +51,9 @@ class Oauth extends Base
$this->checkCSRFParam();
if ($this->authentication->backend($backend)->unlink($this->userSession->getId())) {
$this->session->flash(t('Your external account is not linked anymore to your profile.'));
$this->flash->success(t('Your external account is not linked anymore to your profile.'));
} else {
$this->session->flashError(t('Unable to unlink your external account.'));
$this->flash->failure(t('Unable to unlink your external account.'));
}
$this->response->redirect($this->helper->url->to('user', 'external', array('user_id' => $this->userSession->getId())));
@ -99,9 +99,9 @@ class Oauth extends Base
private function link($backend, $profile)
{
if (empty($profile)) {
$this->session->flashError(t('External authentication failed'));
$this->flash->failure(t('External authentication failed'));
} else {
$this->session->flash(t('Your external account is linked to your profile successfully.'));
$this->flash->success(t('Your external account is linked to your profile successfully.'));
$this->authentication->backend($backend)->updateUser($this->userSession->getId(), $profile);
}

48
app/Controller/Project.php
View File

@ -70,9 +70,9 @@ class Project extends Base
$this->checkCSRFParam();
if ($this->project->{$switch.'PublicAccess'}($project['id'])) {
$this->session->flash(t('Project updated successfully.'));
$this->flash->success(t('Project updated successfully.'));
} else {
$this->session->flashError(t('Unable to update this project.'));
$this->flash->failure(t('Unable to update this project.'));
}
$this->response->redirect($this->helper->url->to('project', 'share', array('project_id' => $project['id'])));
@ -95,7 +95,7 @@ class Project extends Base
if ($this->request->isPost()) {
$this->projectMetadata->save($project['id'], $this->request->getValues());
$this->session->flash(t('Project updated successfully.'));
$this->flash->success(t('Project updated successfully.'));
$this->response->redirect($this->helper->url->to('project', 'integrations', array('project_id' => $project['id'])));
}
@ -120,7 +120,7 @@ class Project extends Base
if ($this->request->isPost()) {
$values = $this->request->getValues();
$this->projectNotification->saveSettings($project['id'], $values);
$this->session->flash(t('Project updated successfully.'));
$this->flash->success(t('Project updated successfully.'));
$this->response->redirect($this->helper->url->to('project', 'notifications', array('project_id' => $project['id'])));
}
@ -173,10 +173,10 @@ class Project extends Base
if ($valid) {
if ($this->project->update($values)) {
$this->session->flash(t('Project updated successfully.'));
$this->flash->success(t('Project updated successfully.'));
$this->response->redirect($this->helper->url->to('project', 'edit', array('project_id' => $project['id'])));
} else {
$this->session->flashError(t('Unable to update this project.'));
$this->flash->failure(t('Unable to update this project.'));
}
}
@ -212,9 +212,9 @@ class Project extends Base
if ($valid) {
if ($this->project->update($values)) {
$this->session->flash(t('Project updated successfully.'));
$this->flash->success(t('Project updated successfully.'));
} else {
$this->session->flashError(t('Unable to update this project.'));
$this->flash->failure(t('Unable to update this project.'));
}
}
@ -233,9 +233,9 @@ class Project extends Base
if ($valid) {
if ($this->projectPermission->addMember($values['project_id'], $values['user_id'])) {
$this->session->flash(t('Project updated successfully.'));
$this->flash->success(t('Project updated successfully.'));
} else {
$this->session->flashError(t('Unable to update this project.'));
$this->flash->failure(t('Unable to update this project.'));
}
}
@ -261,9 +261,9 @@ class Project extends Base
if ($valid) {
if ($this->projectPermission->changeRole($values['project_id'], $values['user_id'], $values['is_owner'])) {
$this->session->flash(t('Project updated successfully.'));
$this->flash->success(t('Project updated successfully.'));
} else {
$this->session->flashError(t('Unable to update this project.'));
$this->flash->failure(t('Unable to update this project.'));
}
}
@ -288,9 +288,9 @@ class Project extends Base
if ($valid) {
if ($this->projectPermission->revokeMember($values['project_id'], $values['user_id'])) {
$this->session->flash(t('Project updated successfully.'));
$this->flash->success(t('Project updated successfully.'));
} else {
$this->session->flashError(t('Unable to update this project.'));
$this->flash->failure(t('Unable to update this project.'));
}
}
@ -310,9 +310,9 @@ class Project extends Base
$this->checkCSRFParam();
if ($this->project->remove($project['id'])) {
$this->session->flash(t('Project removed successfully.'));
$this->flash->success(t('Project removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this project.'));
$this->flash->failure(t('Unable to remove this project.'));
}
$this->response->redirect($this->helper->url->to('project', 'index'));
@ -338,9 +338,9 @@ class Project extends Base
if ($this->request->getStringParam('duplicate') === 'yes') {
$values = array_keys($this->request->getValues());
if ($this->projectDuplication->duplicate($project['id'], $values) !== false) {
$this->session->flash(t('Project cloned successfully.'));
$this->flash->success(t('Project cloned successfully.'));
} else {
$this->session->flashError(t('Unable to clone this project.'));
$this->flash->failure(t('Unable to clone this project.'));
}
$this->response->redirect($this->helper->url->to('project', 'index'));
@ -365,9 +365,9 @@ class Project extends Base
$this->checkCSRFParam();
if ($this->project->disable($project['id'])) {
$this->session->flash(t('Project disabled successfully.'));
$this->flash->success(t('Project disabled successfully.'));
} else {
$this->session->flashError(t('Unable to disable this project.'));
$this->flash->failure(t('Unable to disable this project.'));
}
$this->response->redirect($this->helper->url->to('project', 'show', array('project_id' => $project['id'])));
@ -392,9 +392,9 @@ class Project extends Base
$this->checkCSRFParam();
if ($this->project->enable($project['id'])) {
$this->session->flash(t('Project activated successfully.'));
$this->flash->success(t('Project activated successfully.'));
} else {
$this->session->flashError(t('Unable to activate this project.'));
$this->flash->failure(t('Unable to activate this project.'));
}
$this->response->redirect($this->helper->url->to('project', 'show', array('project_id' => $project['id'])));
@ -438,11 +438,11 @@ class Project extends Base
$project_id = $this->project->create($values, $this->userSession->getId(), true);
if ($project_id > 0) {
$this->session->flash(t('Your project have been created successfully.'));
$this->flash->success(t('Your project have been created successfully.'));
$this->response->redirect($this->helper->url->to('project', 'show', array('project_id' => $project_id)));
}
$this->session->flashError(t('Unable to create your project.'));
$this->flash->failure(t('Unable to create your project.'));
}
$this->create($values, $errors);

14
app/Controller/Subtask.php
View File

@ -67,9 +67,9 @@ class Subtask extends Base
if ($valid) {
if ($this->subtask->create($values)) {
$this->session->flash(t('Sub-task added successfully.'));
$this->flash->success(t('Sub-task added successfully.'));
} else {
$this->session->flashError(t('Unable to create your sub-task.'));
$this->flash->failure(t('Unable to create your sub-task.'));
}
if (isset($values['another_subtask']) && $values['another_subtask'] == 1) {
@ -117,9 +117,9 @@ class Subtask extends Base
if ($valid) {
if ($this->subtask->update($values)) {
$this->session->flash(t('Sub-task updated successfully.'));
$this->flash->success(t('Sub-task updated successfully.'));
} else {
$this->session->flashError(t('Unable to update your sub-task.'));
$this->flash->failure(t('Unable to update your sub-task.'));
}
$this->response->redirect($this->helper->url->to('task', 'show', array('project_id' => $task['project_id'], 'task_id' => $task['id']), 'subtasks'));
@ -156,9 +156,9 @@ class Subtask extends Base
$subtask = $this->getSubtask();
if ($this->subtask->remove($subtask['id'])) {
$this->session->flash(t('Sub-task removed successfully.'));
$this->flash->success(t('Sub-task removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this sub-task.'));
$this->flash->failure(t('Unable to remove this sub-task.'));
}
$this->response->redirect($this->helper->url->to('task', 'show', array('project_id' => $task['project_id'], 'task_id' => $task['id']), 'subtasks'));
@ -178,7 +178,7 @@ class Subtask extends Base
$this->subtask->toggleStatus($subtask['id']);
if ($redirect === 'board') {
$this->session['has_subtask_inprogress'] = $this->subtask->hasSubtaskInProgress($this->userSession->getId());
$this->sessionStorage->hasSubtaskInProgress = $this->subtask->hasSubtaskInProgress($this->userSession->getId());
$this->response->html($this->template->render('board/tooltip_subtasks', array(
'subtasks' => $this->subtask->getAll($task['id']),

26
app/Controller/Swimlane.php
View File

@ -24,7 +24,7 @@ class Swimlane extends Base
$swimlane = $this->swimlane->getById($this->request->getIntegerParam('swimlane_id'));
if (empty($swimlane)) {
$this->session->flashError(t('Swimlane not found.'));
$this->flash->failure(t('Swimlane not found.'));
$this->response->redirect($this->helper->url->to('swimlane', 'index', array('project_id' => $project_id)));
}
@ -64,10 +64,10 @@ class Swimlane extends Base
if ($valid) {
if ($this->swimlane->create($values)) {
$this->session->flash(t('Your swimlane have been created successfully.'));
$this->flash->success(t('Your swimlane have been created successfully.'));
$this->response->redirect($this->helper->url->to('swimlane', 'index', array('project_id' => $project['id'])));
} else {
$this->session->flashError(t('Unable to create your swimlane.'));
$this->flash->failure(t('Unable to create your swimlane.'));
}
}
@ -88,10 +88,10 @@ class Swimlane extends Base
if ($valid) {
if ($this->swimlane->updateDefault($values)) {
$this->session->flash(t('The default swimlane have been updated successfully.'));
$this->flash->success(t('The default swimlane have been updated successfully.'));
$this->response->redirect($this->helper->url->to('swimlane', 'index', array('project_id' => $project['id'])));
} else {
$this->session->flashError(t('Unable to update this swimlane.'));
$this->flash->failure(t('Unable to update this swimlane.'));
}
}
@ -130,10 +130,10 @@ class Swimlane extends Base
if ($valid) {
if ($this->swimlane->update($values)) {
$this->session->flash(t('Swimlane updated successfully.'));
$this->flash->success(t('Swimlane updated successfully.'));
$this->response->redirect($this->helper->url->to('swimlane', 'index', array('project_id' => $project['id'])));
} else {
$this->session->flashError(t('Unable to update this swimlane.'));
$this->flash->failure(t('Unable to update this swimlane.'));
}
}
@ -169,9 +169,9 @@ class Swimlane extends Base
$swimlane_id = $this->request->getIntegerParam('swimlane_id');
if ($this->swimlane->remove($project['id'], $swimlane_id)) {
$this->session->flash(t('Swimlane removed successfully.'));
$this->flash->success(t('Swimlane removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this swimlane.'));
$this->flash->failure(t('Unable to remove this swimlane.'));
}
$this->response->redirect($this->helper->url->to('swimlane', 'index', array('project_id' => $project['id'])));
@ -189,9 +189,9 @@ class Swimlane extends Base
$swimlane_id = $this->request->getIntegerParam('swimlane_id');
if ($this->swimlane->disable($project['id'], $swimlane_id)) {
$this->session->flash(t('Swimlane updated successfully.'));
$this->flash->success(t('Swimlane updated successfully.'));
} else {
$this->session->flashError(t('Unable to update this swimlane.'));
$this->flash->failure(t('Unable to update this swimlane.'));
}
$this->response->redirect($this->helper->url->to('swimlane', 'index', array('project_id' => $project['id'])));
@ -209,9 +209,9 @@ class Swimlane extends Base
$swimlane_id = $this->request->getIntegerParam('swimlane_id');
if ($this->swimlane->enable($project['id'], $swimlane_id)) {
$this->session->flash(t('Swimlane updated successfully.'));
$this->flash->success(t('Swimlane updated successfully.'));
} else {
$this->session->flashError(t('Unable to update this swimlane.'));
$this->flash->failure(t('Unable to update this swimlane.'));
}
$this->response->redirect($this->helper->url->to('swimlane', 'index', array('project_id' => $project['id'])));

4
app/Controller/Task.php
View File

@ -159,9 +159,9 @@ class Task extends Base
$this->checkCSRFParam();
if ($this->task->remove($task['id'])) {
$this->session->flash(t('Task removed successfully.'));
$this->flash->success(t('Task removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this task.'));
$this->flash->failure(t('Unable to remove this task.'));
}
$this->response->redirect($this->helper->url->to('board', 'show', array('project_id' => $task['project_id'])));

4
app/Controller/TaskImport.php
View File

@ -52,9 +52,9 @@ class TaskImport extends Base
$csv->read($filename, array($this->taskImport, 'import'));
if ($this->taskImport->counter > 0) {
$this->session->flash(t('%d task(s) have been imported successfully.', $this->taskImport->counter));
$this->flash->success(t('%d task(s) have been imported successfully.', $this->taskImport->counter));
} else {
$this->session->flashError(t('Nothing have been imported!'));
$this->flash->failure(t('Nothing have been imported!'));
}
$this->response->redirect($this->helper->url->to('taskImport', 'step1', array('project_id' => $project['id'])));

4
app/Controller/Taskcreation.php
View File

@ -59,10 +59,10 @@ class Taskcreation extends Base
list($valid, $errors) = $this->taskValidator->validateCreation($values);
if ($valid && $this->taskCreation->create($values)) {
$this->session->flash(t('Task created successfully.'));
$this->flash->success(t('Task created successfully.'));
$this->afterSave($project, $values);
} else {
$this->session->flashError(t('Unable to create your task.'));
$this->flash->failure(t('Unable to create your task.'));
}
$this->create($values, $errors);

12
app/Controller/Taskduplication.php
View File

@ -24,10 +24,10 @@ class Taskduplication extends Base
$task_id = $this->taskDuplication->duplicate($task['id']);
if ($task_id > 0) {
$this->session->flash(t('Task created successfully.'));
$this->flash->success(t('Task created successfully.'));
$this->response->redirect($this->helper->url->to('task', 'show', array('project_id' => $task['project_id'], 'task_id' => $task_id)));
} else {
$this->session->flashError(t('Unable to create this task.'));
$this->flash->failure(t('Unable to create this task.'));
$this->response->redirect($this->helper->url->to('taskduplication', 'duplicate', array('project_id' => $task['project_id'], 'task_id' => $task['id'])));
}
}
@ -56,11 +56,11 @@ class Taskduplication extends Base
$values['column_id'],
$values['category_id'],
$values['owner_id'])) {
$this->session->flash(t('Task updated successfully.'));
$this->flash->success(t('Task updated successfully.'));
$this->response->redirect($this->helper->url->to('task', 'show', array('project_id' => $values['project_id'], 'task_id' => $task['id'])));
}
$this->session->flashError(t('Unable to update your task.'));
$this->flash->failure(t('Unable to update your task.'));
}
$this->chooseDestination($task, 'task_duplication/move');
@ -86,12 +86,12 @@ class Taskduplication extends Base
);
if ($task_id > 0) {
$this->session->flash(t('Task created successfully.'));
$this->flash->success(t('Task created successfully.'));
$this->response->redirect($this->helper->url->to('task', 'show', array('project_id' => $values['project_id'], 'task_id' => $task_id)));
}
}
$this->session->flashError(t('Unable to create your task.'));
$this->flash->failure(t('Unable to create your task.'));
}
$this->chooseDestination($task, 'task_duplication/copy');

12
app/Controller/Tasklink.php
View File

@ -73,7 +73,7 @@ class Tasklink extends Base
if ($valid) {
if ($this->taskLink->create($values['task_id'], $values['opposite_task_id'], $values['link_id'])) {
$this->session->flash(t('Link added successfully.'));
$this->flash->success(t('Link added successfully.'));
if ($ajax) {
$this->response->redirect($this->helper->url->to('board', 'show', array('project_id' => $task['project_id'])));
@ -83,7 +83,7 @@ class Tasklink extends Base
}
$errors = array('title' => array(t('The exact same link already exists')));
$this->session->flashError(t('Unable to create your link.'));
$this->flash->failure(t('Unable to create your link.'));
}
$this->create($values, $errors);
@ -129,11 +129,11 @@ class Tasklink extends Base
if ($valid) {
if ($this->taskLink->update($values['id'], $values['task_id'], $values['opposite_task_id'], $values['link_id'])) {
$this->session->flash(t('Link updated successfully.'));
$this->flash->success(t('Link updated successfully.'));
$this->response->redirect($this->helper->url->to('task', 'show', array('task_id' => $task['id'], 'project_id' => $task['project_id'])).'#links');
}
$this->session->flashError(t('Unable to update your link.'));
$this->flash->failure(t('Unable to update your link.'));
}
$this->edit($values, $errors);
@ -166,9 +166,9 @@ class Tasklink extends Base
$task = $this->getTask();
if ($this->taskLink->remove($this->request->getIntegerParam('link_id'))) {
$this->session->flash(t('Link removed successfully.'));
$this->flash->success(t('Link removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this link.'));
$this->flash->failure(t('Unable to remove this link.'));
}
$this->response->redirect($this->helper->url->to('task', 'show', array('task_id' => $task['id'], 'project_id' => $task['project_id'])).'#links');

16
app/Controller/Taskmodification.php
View File

@ -35,9 +35,9 @@ class Taskmodification extends Base
list($valid, ) = $this->taskValidator->validateTimeModification($values);
if ($valid && $this->taskModification->update($values)) {
$this->session->flash(t('Task updated successfully.'));
$this->flash->success(t('Task updated successfully.'));
} else {
$this->session->flashError(t('Unable to update your task.'));
$this->flash->failure(t('Unable to update your task.'));
}
$this->response->redirect($this->helper->url->to('task', 'show', array('project_id' => $task['project_id'], 'task_id' => $task['id'])));
@ -60,9 +60,9 @@ class Taskmodification extends Base
if ($valid) {
if ($this->taskModification->update($values)) {
$this->session->flash(t('Task updated successfully.'));
$this->flash->success(t('Task updated successfully.'));
} else {
$this->session->flashError(t('Unable to update your task.'));
$this->flash->failure(t('Unable to update your task.'));
}
if ($ajax) {
@ -140,7 +140,7 @@ class Taskmodification extends Base
list($valid, $errors) = $this->taskValidator->validateModification($values);
if ($valid && $this->taskModification->update($values)) {
$this->session->flash(t('Task updated successfully.'));
$this->flash->success(t('Task updated successfully.'));
if ($this->request->isAjax()) {
$this->response->redirect($this->helper->url->to('board', 'show', array('project_id' => $task['project_id'])));
@ -148,7 +148,7 @@ class Taskmodification extends Base
$this->response->redirect($this->helper->url->to('task', 'show', array('project_id' => $task['project_id'], 'task_id' => $task['id'])));
}
} else {
$this->session->flashError(t('Unable to update your task.'));
$this->flash->failure(t('Unable to update your task.'));
$this->edit($values, $errors);
}
}
@ -169,9 +169,9 @@ class Taskmodification extends Base
if ($valid) {
if ($this->taskModification->update($values)) {
$this->session->flash(t('Task updated successfully.'));
$this->flash->success(t('Task updated successfully.'));
} else {
$this->session->flashError(t('Unable to update your task.'));
$this->flash->failure(t('Unable to update your task.'));
}
$this->response->redirect($this->helper->url->to('task', 'show', array('project_id' => $task['project_id'], 'task_id' => $task['id'])));

4
app/Controller/Taskstatus.php
View File

@ -40,9 +40,9 @@ class Taskstatus extends Base
$this->checkCSRFParam();
if ($this->taskStatus->$method($task['id'])) {
$this->session->flash($success_message);
$this->flash->success($success_message);
} else {
$this->session->flashError($failure_message);
$this->flash->failure($failure_message);
}
if ($this->request->getStringParam('redirect') === 'board') {

14
app/Controller/Twofactor.php
View File

@ -72,9 +72,9 @@ class Twofactor extends User
}
// Allow the user to test or disable the feature
$_SESSION['user']['twofactor_activated'] = false;
$this->userSession->disable2FA();
$this->session->flash(t('User updated successfully.'));
$this->flash->success(t('User updated successfully.'));
$this->response->redirect($this->helper->url->to('twofactor', 'index', array('user_id' => $user['id'])));
}
@ -92,9 +92,9 @@ class Twofactor extends User
$values = $this->request->getValues();
if (! empty($values['code']) && $otp->checkTotp(Base32::decode($user['twofactor_secret']), $values['code'])) {
$this->session->flash(t('The two factor authentication code is valid.'));
$this->flash->success(t('The two factor authentication code is valid.'));
} else {
$this->session->flashError(t('The two factor authentication code is not valid.'));
$this->flash->failure(t('The two factor authentication code is not valid.'));
}
$this->response->redirect($this->helper->url->to('twofactor', 'index', array('user_id' => $user['id'])));
@ -114,11 +114,11 @@ class Twofactor extends User
$values = $this->request->getValues();
if (! empty($values['code']) && $otp->checkTotp(Base32::decode($user['twofactor_secret']), $values['code'])) {
$this->session['2fa_validated'] = true;
$this->session->flash(t('The two factor authentication code is valid.'));
$this->sessionStorage->postAuth['validated'] = true;
$this->flash->success(t('The two factor authentication code is valid.'));
$this->response->redirect($this->helper->url->to('app', 'index'));
} else {
$this->session->flashError(t('The two factor authentication code is not valid.'));
$this->flash->failure(t('The two factor authentication code is not valid.'));
$this->response->redirect($this->helper->url->to('twofactor', 'code'));
}
}

28
app/Controller/User.php
View File

@ -99,10 +99,10 @@ class User extends Base
$this->userNotificationType->saveSelectedTypes($user_id, array(MailNotification::TYPE));
}
$this->session->flash(t('User created successfully.'));
$this->flash->success(t('User created successfully.'));
$this->response->redirect($this->helper->url->to('user', 'show', array('user_id' => $user_id)));
} else {
$this->session->flashError(t('Unable to create your user.'));
$this->flash->failure(t('Unable to create your user.'));
$values['project_id'] = $project_id;
}
}
@ -201,7 +201,7 @@ class User extends Base
if ($this->request->isPost()) {
$values = $this->request->getValues();
$this->userNotification->saveSettings($user['id'], $values);
$this->session->flash(t('User updated successfully.'));
$this->flash->success(t('User updated successfully.'));
$this->response->redirect($this->helper->url->to('user', 'notifications', array('user_id' => $user['id'])));
}
@ -226,7 +226,7 @@ class User extends Base
if ($this->request->isPost()) {
$values = $this->request->getValues();
$this->userMetadata->save($user['id'], $values);
$this->session->flash(t('User updated successfully.'));
$this->flash->success(t('User updated successfully.'));
$this->response->redirect($this->helper->url->to('user', 'integrations', array('user_id' => $user['id'])));
}
@ -264,9 +264,9 @@ class User extends Base
$this->checkCSRFParam();
if ($this->user->{$switch.'PublicAccess'}($user['id'])) {
$this->session->flash(t('User updated successfully.'));
$this->flash->success(t('User updated successfully.'));
} else {
$this->session->flashError(t('Unable to update this user.'));
$this->flash->failure(t('Unable to update this user.'));
}
$this->response->redirect($this->helper->url->to('user', 'share', array('user_id' => $user['id'])));
@ -295,9 +295,9 @@ class User extends Base
if ($valid) {
if ($this->user->update($values)) {
$this->session->flash(t('Password modified successfully.'));
$this->flash->success(t('Password modified successfully.'));
} else {
$this->session->flashError(t('Unable to change the password.'));
$this->flash->failure(t('Unable to change the password.'));
}
$this->response->redirect($this->helper->url->to('user', 'show', array('user_id' => $user['id'])));
@ -344,9 +344,9 @@ class User extends Base
if ($valid) {
if ($this->user->update($values)) {
$this->session->flash(t('User updated successfully.'));
$this->flash->success(t('User updated successfully.'));
} else {
$this->session->flashError(t('Unable to update your user.'));
$this->flash->failure(t('Unable to update your user.'));
}
$this->response->redirect($this->helper->url->to('user', 'show', array('user_id' => $user['id'])));
@ -381,9 +381,9 @@ class User extends Base
if ($valid) {
if ($this->user->update($values)) {
$this->session->flash(t('User updated successfully.'));
$this->flash->success(t('User updated successfully.'));
} else {
$this->session->flashError(t('Unable to update your user.'));
$this->flash->failure(t('Unable to update your user.'));
}
$this->response->redirect($this->helper->url->to('user', 'authentication', array('user_id' => $user['id'])));
@ -410,9 +410,9 @@ class User extends Base
$this->checkCSRFParam();
if ($this->user->remove($user['id'])) {
$this->session->flash(t('User removed successfully.'));
$this->flash->success(t('User removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this user.'));
$this->flash->failure(t('Unable to remove this user.'));
}
$this->response->redirect($this->helper->url->to('user', 'index'));

4
app/Controller/UserImport.php
View File

@ -46,9 +46,9 @@ class UserImport extends Base
$csv->read($filename, array($this->userImport, 'import'));
if ($this->userImport->counter > 0) {
$this->session->flash(t('%d user(s) have been imported successfully.', $this->userImport->counter));
$this->flash->success(t('%d user(s) have been imported successfully.', $this->userImport->counter));
} else {
$this->session->flashError(t('Nothing have been imported!'));
$this->flash->failure(t('Nothing have been imported!'));
}
$this->response->redirect($this->helper->url->to('userImport', 'step1'));

4
app/Core/Base.php
View File

@ -10,6 +10,9 @@ use Pimple\Container;
* @package core
* @author Frederic Guillot
*
* @property \Kanboard\Core\Session\SessionManager $sessionManager
* @property \Kanboard\Core\Session\SessionStorage $sessionStorage
* @property \Kanboard\Core\Session\FlashMessage $flash
* @property \Kanboard\Core\Helper $helper
* @property \Kanboard\Core\Mail\Client $emailClient
* @property \Kanboard\Core\Paginator $paginator
@ -17,7 +20,6 @@ use Pimple\Container;
* @property \Kanboard\Core\Http\Request $request
* @property \Kanboard\Core\Http\Router $router
* @property \Kanboard\Core\Http\Response $response
* @property \Kanboard\Core\Session $session
* @property \Kanboard\Core\Template $template
* @property \Kanboard\Core\OAuth2 $oauth
* @property \Kanboard\Core\Lexer $lexer

2
app/Core/Mail/Client.php
View File

@ -51,7 +51,7 @@ class Client extends Base
$author = 'Kanboard';
if ($this->userSession->isLogged()) {
$author = e('%s via Kanboard', $this->user->getFullname($this->session['user']));
$author = e('%s via Kanboard', $this->helper->user->getFullname());
}
$this->getTransport(MAIL_TRANSPORT)->sendEmail($email, $name, $subject, $html, $author);

10
app/Core/Security/Token.php
View File

@ -38,12 +38,12 @@ class Token extends Base
*/
public function getCSRFToken()
{
if (! isset($_SESSION['csrf_tokens'])) {
$_SESSION['csrf_tokens'] = array();
if (! isset($this->sessionStorage->csrf)) {
$this->sessionStorage->csrf = array();
}
$nonce = self::getToken();
$_SESSION['csrf_tokens'][$nonce] = true;
$this->sessionStorage->csrf[$nonce] = true;
return $nonce;
}
@ -57,8 +57,8 @@ class Token extends Base
*/
public function validateCSRFToken($token)
{
if (isset($_SESSION['csrf_tokens'][$token])) {
unset($_SESSION['csrf_tokens'][$token]);
if (isset($this->sessionStorage->csrf[$token])) {
unset($this->sessionStorage->csrf[$token]);
return true;
}

144
app/Core/Session.php
View File

@ -1,144 +0,0 @@
<?php
namespace Kanboard\Core;
use ArrayAccess;
use Kanboard\Core\Http\Request;
/**
* Session class
*
* @package core
* @author Frederic Guillot
*/
class Session implements ArrayAccess
{
/**
* Return true if the session is open
*
* @static
* @access public
* @return boolean
*/
public static function isOpen()
{
return session_id() !== '';
}
/**
* Open a session
*
* @access public
* @param string $base_path Cookie path
*/
public function open($base_path = '/')
{
// HttpOnly and secure flags for session cookie
session_set_cookie_params(
SESSION_DURATION,
$base_path ?: '/',
null,
Request::isHTTPS(),
true
);
// Avoid session id in the URL
ini_set('session.use_only_cookies', '1');
// Enable strict mode
if (version_compare(PHP_VERSION, '7.0.0') < 0) {
ini_set('session.use_strict_mode', '1');
}
// Ensure session ID integrity
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', '32');
ini_set('session.hash_bits_per_character', 6);
// If the session was autostarted with session.auto_start = 1 in php.ini destroy it
if (isset($_SESSION)) {
session_destroy();
}
// Custom session name
session_name('__S');
// Start the session
session_start();
// Regenerate the session id to avoid session fixation issue
if (empty($_SESSION['__validated'])) {
session_regenerate_id(true);
$_SESSION['__validated'] = 1;
}
}
/**
* Destroy the session
*
* @access public
*/
public function close()
{
// Flush all sessions variables
$_SESSION = array();
// Destroy the session cookie
$params = session_get_cookie_params();
setcookie(
session_name(),
'',
time() - 42000,
$params['path'],
$params['domain'],
$params['secure'],
$params['httponly']
);
// Destroy session data
session_destroy();
}
/**
* Register a flash message (success notification)
*
* @access public
* @param string $message Message
*/
public function flash($message)
{
$_SESSION['flash_message'] = $message;
}
/**
* Register a flash error message (error notification)
*
* @access public
* @param string $message Message
*/
public function flashError($message)
{
$_SESSION['flash_error_message'] = $message;
}
public function offsetSet($offset, $value)
{
$_SESSION[$offset] = $value;
}
public function offsetExists($offset)
{
return isset($_SESSION[$offset]);
}
public function offsetUnset($offset)
{
unset($_SESSION[$offset]);
}
public function offsetGet($offset)
{
return isset($_SESSION[$offset]) ? $_SESSION[$offset] : null;
}
}

71
app/Core/Session/FlashMessage.php Normal file
View File

@ -0,0 +1,71 @@
<?php
namespace Kanboard\Core\Session;
use Kanboard\Core\Base;
/**
* Session Flash Message
*
* @package session
* @author Frederic Guillot
*/
class FlashMessage extends Base
{
/**
* Add success message
*
* @access public
* @param string $message
*/
public function success($message)
{
$this->setMessage('success', $message);
}
/**
* Add failure message
*
* @access public
* @param string $message
*/
public function failure($message)
{
$this->setMessage('failure', $message);
}
/**
* Add new flash message
*
* @access public
* @param string $key
* @param string $message
*/
public function setMessage($key, $message)
{
if (! isset($this->sessionStorage->flash)) {
$this->sessionStorage->flash = array();
}
$this->sessionStorage->flash[$key] = $message;
}
/**
* Get flash message
*
* @access public
* @param string $key
* @return string
*/
public function getMessage($key)
{
$message = '';
if (isset($this->sessionStorage->flash[$key])) {
$message = $this->sessionStorage->flash[$key];
unset($this->sessionStorage->flash[$key]);
}
return $message;
}
}

102
app/Core/Session/SessionManager.php Normal file
View File

@ -0,0 +1,102 @@
<?php
namespace Kanboard\Core\Session;
use Kanboard\Core\Base;
use Kanboard\Core\Http\Request;
/**
* Session Manager
*
* @package session
* @author Frederic Guillot
*/
class SessionManager extends Base
{
/**
* Return true if the session is open
*
* @static
* @access public
* @return boolean
*/
public static function isOpen()
{
return session_id() !== '';
}
/**
* Create a new session
*
* @access public
*/
public function open()
{
$this->configure();
if (ini_get('session.auto_start') == 1) {
session_destroy();
}
session_name('KB_SID');
session_start();
$this->container['sessionStorage']->setStorage($_SESSION);
}
/**
* Destroy the session
*
* @access public
*/
public function close()
{
// Destroy the session cookie
$params = session_get_cookie_params();
setcookie(
session_name(),
'',
time() - 42000,
$params['path'],
$params['domain'],
$params['secure'],
$params['httponly']
);
session_unset();
session_destroy();
}
/**
* Define session settings
*
* @access private
*/
private function configure()
{
// Session cookie: HttpOnly and secure flags
session_set_cookie_params(
SESSION_DURATION,
$this->helper->url->dir() ?: '/',
null,
Request::isHTTPS(),
true
);
// Avoid session id in the URL
ini_set('session.use_only_cookies', '1');
ini_set('session.use_trans_sid', '0');
// Enable strict mode
ini_set('session.use_strict_mode', '1');
// Better session hash
ini_set('session.hash_function', 'sha512');
ini_set('session.hash_bits_per_character', 6);
// Set an additional entropy
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', '256');
}
}

71
app/Core/Session/SessionStorage.php Normal file
View File

@ -0,0 +1,71 @@
<?php
namespace Kanboard\Core\Session;
/**
* Session Storage
*
* @package session
* @author Frederic Guillot
*
* @property array $config
* @property array $user
* @property array $flash
* @property array $csrf
* @property array $postAuth
* @property string $redirectAfterLogin
* @property string $captcha
* @property string $commentSorting
* @property bool $hasSubtaskInProgress
* @property bool $boardCollapsed
*/
class SessionStorage
{
/**
* Pointer to external storage
*
* @access private
* @var array
*/
private $storage = array();
/**
* Set external storage
*
* @access public
* @param array $storage External session storage (example: $_SESSION)
*/
public function setStorage(array &$storage)
{
$this->storage =& $storage;
// Load dynamically existing session variables into object properties
foreach ($storage as $key => $value) {
$this->$key = $value;
}
}
/**
* Get all session variables
*
* @access public
* @return array
*/
public function getAll()
{
$session = get_object_vars($this);
unset($session['storage']);
return $session;
}
/**
* Copy class properties to external storage
*
* @access public
*/
public function __destruct()
{
$this->storage = $this->getAll();
}
}

19
app/Helper/App.php
View File

@ -62,18 +62,17 @@ class App extends \Kanboard\Core\Base
*/
public function flashMessage()
{
$html = '';
$success_message = $this->flash->getMessage('success');
$failure_message = $this->flash->getMessage('failure');
if (isset($this->session['flash_message'])) {
$html = '<div class="alert alert-success alert-fade-out">'.$this->helper->e($this->session['flash_message']).'</div>';
unset($this->session['flash_message']);
unset($this->session['flash_error_message']);
} elseif (isset($this->session['flash_error_message'])) {
$html = '<div class="alert alert-error">'.$this->helper->e($this->session['flash_error_message']).'</div>';
unset($this->session['flash_message']);
unset($this->session['flash_error_message']);
if (! empty($success_message)) {
return '<div class="alert alert-success alert-fade-out">'.$this->helper->e($success_message).'</div>';
}
return $html;
if (! empty($failure_message)) {
return '<div class="alert alert-error">'.$this->helper->e($failure_message).'</div>';
}
return '';
}
}

2
app/Helper/Subtask.php
View File

@ -20,7 +20,7 @@ class Subtask extends \Kanboard\Core\Base
*/
public function toggleStatus(array $subtask, $redirect)
{
if ($subtask['status'] == 0 && isset($this->session['has_subtask_inprogress']) && $this->session['has_subtask_inprogress'] === true) {
if ($subtask['status'] == 0 && isset($this->sessionStorage->hasSubtaskInProgress) && $this->sessionStorage->hasSubtaskInProgress === true) {
return $this->helper->url->link(
trim($this->template->render('subtask/icons', array('subtask' => $subtask))) . $this->helper->e($subtask['title']),
'subtask',

2
app/Helper/User.php
View File

@ -136,7 +136,7 @@ class User extends \Kanboard\Core\Base
*/
public function getFullname(array $user = array())
{
return $this->user->getFullname(empty($user) ? $_SESSION['user'] : $user);
return $this->user->getFullname(empty($user) ? $this->sessionStorage->user : $user);
}
/**

10
app/Model/Authentication.php
View File

@ -45,11 +45,11 @@ class Authentication extends Base
// Check if the user session match an existing user
$userNotFound = ! $this->user->exists($this->userSession->getId());
$reverseProxyWrongUser = REVERSE_PROXY_AUTH && $this->backend('reverseProxy')->getUsername() !== $_SESSION['user']['username'];
$reverseProxyWrongUser = REVERSE_PROXY_AUTH && $this->backend('reverseProxy')->getUsername() !== $this->userSession->getUsername();
if ($userNotFound || $reverseProxyWrongUser) {
$this->backend('rememberMe')->destroy($this->userSession->getId());
$this->session->close();
$this->sessionManager->close();
return false;
}
@ -176,8 +176,12 @@ class Authentication extends Base
public function validateFormCaptcha(array $values)
{
if ($this->hasCaptcha($values['username'])) {
if (! isset($this->sessionStorage->captcha)) {
return false;
}
$builder = new CaptchaBuilder;
$builder->setPhrase($this->session['captcha']);
$builder->setPhrase($this->sessionStorage->captcha);
return $builder->testPhrase(isset($values['captcha']) ? $values['captcha'] : '');
}

22
app/Model/Config.php
View File

@ -4,7 +4,7 @@ namespace Kanboard\Model;
use Kanboard\Core\Translator;
use Kanboard\Core\Security\Token;
use Kanboard\Core\Session;
use Kanboard\Core\Session\SessionManager;
/**
* Config model
@ -145,8 +145,8 @@ class Config extends Setting
*/
public function getCurrentLanguage()
{
if ($this->userSession->isLogged() && ! empty($this->session['user']['language'])) {
return $this->session['user']['language'];
if ($this->userSession->isLogged() && ! empty($this->sessionStorage->user['language'])) {
return $this->sessionStorage->user['language'];
}
return $this->get('application_language', 'en_US');
@ -162,17 +162,17 @@ class Config extends Setting
*/
public function get($name, $default_value = '')
{
if (! Session::isOpen()) {
if (! SessionManager::isOpen()) {
return $this->getOption($name, $default_value);
}
// Cache config in session
if (! isset($this->session['config'][$name])) {
$this->session['config'] = $this->getAll();
if (! isset($this->sessionStorage->config[$name])) {
$this->sessionStorage->config = $this->getAll();
}
if (! empty($this->session['config'][$name])) {
return $this->session['config'][$name];
if (! empty($this->sessionStorage->config[$name])) {
return $this->sessionStorage->config[$name];
}
return $default_value;
@ -185,7 +185,7 @@ class Config extends Setting
*/
public function reload()
{
$this->session['config'] = $this->getAll();
$this->sessionStorage->config = $this->getAll();
$this->setupTranslations();
}
@ -207,8 +207,8 @@ class Config extends Setting
*/
public function getCurrentTimezone()
{
if ($this->userSession->isLogged() && ! empty($this->session['user']['timezone'])) {
return $this->session['user']['timezone'];
if ($this->userSession->isLogged() && ! empty($this->sessionStorage->user['timezone'])) {
return $this->sessionStorage->user['timezone'];
}
return $this->get('application_timezone', 'UTC');

8
app/Model/User.php
View File

@ -5,7 +5,7 @@ namespace Kanboard\Model;
use PicoDb\Database;
use SimpleValidator\Validator;
use SimpleValidator\Validators;
use Kanboard\Core\Session;
use Kanboard\Core\Session\SessionManager;
use Kanboard\Core\Security\Token;
/**
@ -320,8 +320,8 @@ class User extends Base
$result = $this->db->table(self::TABLE)->eq('id', $values['id'])->update($values);
// If the user is connected refresh his session
if (Session::isOpen() && $this->userSession->getId() == $values['id']) {
$this->userSession->refresh();
if (SessionManager::isOpen() && $this->userSession->getId() == $values['id']) {
$this->userSession->initialize($this->getById($this->userSession->getId()));
}
return $result;
@ -587,7 +587,7 @@ class User extends Base
if ($v->execute()) {
// Check password
if ($this->authentication->authenticate($this->session['user']['username'], $values['current_password'])) {
if ($this->authentication->authenticate($this->userSession->getUsername(), $values['current_password'])) {
return array(true, array());
} else {
return array(false, array('current_password' => array(t('Wrong password'))));

70
app/Model/UserSession.php
View File

@ -11,17 +11,13 @@ namespace Kanboard\Model;
class UserSession extends Base
{
/**
* Update user session information
* Update user session
*
* @access public
* @param array $user User data
* @param array $user
*/
public function refresh(array $user = array())
public function initialize(array $user)
{
if (empty($user)) {
$user = $this->user->getById($this->userSession->getId());
}
if (isset($user['password'])) {
unset($user['password']);
}
@ -31,12 +27,13 @@ class UserSession extends Base
}
$user['id'] = (int) $user['id'];
$user['is_admin'] = (bool) $user['is_admin'];
$user['is_project_admin'] = (bool) $user['is_project_admin'];
$user['is_ldap_user'] = (bool) $user['is_ldap_user'];
$user['twofactor_activated'] = (bool) $user['twofactor_activated'];
$user['is_admin'] = isset($user['is_admin']) ? (bool) $user['is_admin'] : false;
$user['is_project_admin'] = isset($user['is_project_admin']) ? (bool) $user['is_project_admin'] : false;
$user['is_ldap_user'] = isset($user['is_ldap_user']) ? (bool) $user['is_ldap_user'] : false;
$user['twofactor_activated'] = isset($user['twofactor_activated']) ? (bool) $user['twofactor_activated'] : false;
$this->session['user'] = $user;
$this->sessionStorage->user = $user;
$this->sessionStorage->postAuth = array('validated' => false);
}
/**
@ -47,7 +44,7 @@ class UserSession extends Base
*/
public function check2FA()
{
return isset($this->session['2fa_validated']) && $this->session['2fa_validated'] === true;
return isset($this->sessionStorage->postAuth['validated']) && $this->sessionStorage->postAuth['validated'] === true;
}
/**
@ -58,7 +55,17 @@ class UserSession extends Base
*/
public function has2FA()
{
return isset($this->session['user']['twofactor_activated']) && $this->session['user']['twofactor_activated'] === true;
return isset($this->sessionStorage->user['twofactor_activated']) && $this->sessionStorage->user['twofactor_activated'] === true;
}
/**
* Disable 2FA for the current session
*
* @access public
*/
public function disable2FA()
{
$this->sessionStorage->user['twofactor_activated'] = false;
}
/**
@ -69,7 +76,7 @@ class UserSession extends Base
*/
public function isAdmin()
{
return isset($this->session['user']['is_admin']) && $this->session['user']['is_admin'] === true;
return isset($this->sessionStorage->user['is_admin']) && $this->sessionStorage->user['is_admin'] === true;
}
/**
@ -80,7 +87,7 @@ class UserSession extends Base
*/
public function isProjectAdmin()
{
return isset($this->session['user']['is_project_admin']) && $this->session['user']['is_project_admin'] === true;
return isset($this->sessionStorage->user['is_project_admin']) && $this->sessionStorage->user['is_project_admin'] === true;
}
/**
@ -91,7 +98,18 @@ class UserSession extends Base
*/
public function getId()
{
return isset($this->session['user']['id']) ? (int) $this->session['user']['id'] : 0;
return isset($this->sessionStorage->user['id']) ? (int) $this->sessionStorage->user['id'] : 0;
}
/**
* Get username
*
* @access public
* @return integer
*/
public function getUsername()
{
return isset($this->sessionStorage->user['username']) ? $this->sessionStorage->user['username'] : '';
}
/**
@ -102,7 +120,7 @@ class UserSession extends Base
*/
public function isLogged()
{
return ! empty($this->session['user']);
return isset($this->sessionStorage->user) && ! empty($this->sessionStorage->user);
}
/**
@ -114,7 +132,7 @@ class UserSession extends Base
*/
public function getFilters($project_id)
{
return ! empty($_SESSION['filters'][$project_id]) ? $_SESSION['filters'][$project_id] : 'status:open';
return ! empty($this->sessionStorage->filters[$project_id]) ? $this->sessionStorage->filters[$project_id] : 'status:open';
}
/**
@ -126,7 +144,7 @@ class UserSession extends Base
*/
public function setFilters($project_id, $filters)
{
$_SESSION['filters'][$project_id] = $filters;
$this->sessionStorage->filters[$project_id] = $filters;
}
/**
@ -138,7 +156,7 @@ class UserSession extends Base
*/
public function isBoardCollapsed($project_id)
{
return ! empty($_SESSION['board_collapsed'][$project_id]) ? $_SESSION['board_collapsed'][$project_id] : false;
return ! empty($this->sessionStorage->boardCollapsed[$project_id]) ? $this->sessionStorage->boardCollapsed[$project_id] : false;
}
/**
@ -146,11 +164,11 @@ class UserSession extends Base
*
* @access public
* @param integer $project_id
* @param boolean $collapsed
* @param boolean $is_collapsed
*/
public function setBoardDisplayMode($project_id, $collapsed)
public function setBoardDisplayMode($project_id, $is_collapsed)
{
$_SESSION['board_collapsed'][$project_id] = $collapsed;
$this->sessionStorage->boardCollapsed[$project_id] = $is_collapsed;
}
/**
@ -161,7 +179,7 @@ class UserSession extends Base
*/
public function setCommentSorting($order)
{
$this->session['comment_sorting'] = $order;
$this->sessionStorage->commentSorting = $order;
}
/**
@ -172,6 +190,6 @@ class UserSession extends Base
*/
public function getCommentSorting()
{
return $this->session['comment_sorting'] ?: 'ASC';
return empty($this->sessionStorage->commentSorting) ? 'ASC' : $this->sessionStorage->commentSorting;
}
}

3
app/ServiceProvider/ClassProvider.php
View File

@ -85,7 +85,6 @@ class ClassProvider implements ServiceProviderInterface
'DateParser',
'Helper',
'Lexer',
'Session',
'Template',
),
'Core\Http' => array(
@ -158,5 +157,7 @@ class ClassProvider implements ServiceProviderInterface
$container['pluginLoader'] = new Loader($container);
$container['cspRules'] = array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:');
return $container;
}
}

2
app/ServiceProvider/DatabaseProvider.php
View File

@ -15,6 +15,8 @@ class DatabaseProvider implements ServiceProviderInterface
$container['db'] = $this->getInstance();
$container['db']->stopwatch = DEBUG;
$container['db']->logQueries = DEBUG;
return $container;
}
/**

2
app/ServiceProvider/EventDispatcherProvider.php
View File

@ -32,5 +32,7 @@ class EventDispatcherProvider implements ServiceProviderInterface
// Automatic actions
$container['action']->attachEvents();
return $container;
}
}

2
app/ServiceProvider/LoggingProvider.php
View File

@ -26,5 +26,7 @@ class LoggingProvider implements ServiceProviderInterface
}
$container['logger'] = $logger;
return $container;
}
}

29
app/ServiceProvider/SessionProvider.php Normal file
View File

@ -0,0 +1,29 @@
<?php
namespace Kanboard\ServiceProvider;
use Pimple\Container;
use Pimple\ServiceProviderInterface;
use Kanboard\Core\Session\SessionManager;
use Kanboard\Core\Session\SessionStorage;
use Kanboard\Core\Session\FlashMessage;
class SessionProvider implements ServiceProviderInterface
{
public function register(Container $container)
{
$container['sessionStorage'] = function() {
return new SessionStorage;
};
$container['sessionManager'] = function($c) {
return new SessionManager($c);
};
$container['flash'] = function($c) {
return new FlashMessage($c);
};
return $container;
}
}

1
app/common.php
View File

@ -23,6 +23,7 @@ require __DIR__.'/constants.php';
require __DIR__.'/check_setup.php';
$container = new Pimple\Container;
$container->register(new Kanboard\ServiceProvider\SessionProvider);
$container->register(new Kanboard\ServiceProvider\LoggingProvider);
$container->register(new Kanboard\ServiceProvider\DatabaseProvider);
$container->register(new Kanboard\ServiceProvider\ClassProvider);

7
tests/units/Action/TaskAssignCurrentUserTest.php
View File

@ -43,19 +43,16 @@ class TaskAssignCurrentUserTest extends Base
public function testExecute()
{
$this->container['sessionStorage']->user = array('id' => 5);
$action = new TaskAssignCurrentUser($this->container, 1, Task::EVENT_MOVE_COLUMN);
$action->setParam('column_id', 2);
$_SESSION = array(
'user' => array('id' => 5)
);
// We create a task in the first column
$tc = new TaskCreation($this->container);
$tf = new TaskFinder($this->container);
$p = new Project($this->container);
$us = new UserSession($this->container);
$this->assertEquals(5, $us->getId());
$this->assertEquals(1, $p->create(array('name' => 'test')));
$this->assertEquals(1, $tc->create(array('title' => 'test', 'project_id' => 1, 'column_id' => 1)));

16
tests/units/Auth/LdapTest.php
View File

@ -402,7 +402,7 @@ class LdapTest extends \Base
$this->container['userSession'] = $this
->getMockBuilder('\Kanboard\Model\UserSession')
->setConstructorArgs(array($this->container))
->setMethods(array('refresh'))
->setMethods(array('initialize'))
->getMock();
$this->container['user'] = $this
@ -436,7 +436,7 @@ class LdapTest extends \Base
$this->container['userSession']
->expects($this->once())
->method('refresh');
->method('initialize');
$this->assertTrue($ldap->authenticate('user', 'password'));
}
@ -446,7 +446,7 @@ class LdapTest extends \Base
$this->container['userSession'] = $this
->getMockBuilder('\Kanboard\Model\UserSession')
->setConstructorArgs(array($this->container))
->setMethods(array('refresh'))
->setMethods(array('initialize'))
->getMock();
$this->container['user'] = $this
@ -480,7 +480,7 @@ class LdapTest extends \Base
$this->container['userSession']
->expects($this->never())
->method('refresh');
->method('initialize');
$this->assertFalse($ldap->authenticate('user', 'password'));
}
@ -492,7 +492,7 @@ class LdapTest extends \Base
$this->container['userSession'] = $this
->getMockBuilder('\Kanboard\Model\UserSession')
->setConstructorArgs(array($this->container))
->setMethods(array('refresh'))
->setMethods(array('initialize'))
->getMock();
$this->container['user'] = $this
@ -542,7 +542,7 @@ class LdapTest extends \Base
$this->container['userSession']
->expects($this->once())
->method('refresh');
->method('initialize');
$this->assertTrue($ldap->authenticate('user', 'password'));
}
@ -554,7 +554,7 @@ class LdapTest extends \Base
$this->container['userSession'] = $this
->getMockBuilder('\Kanboard\Model\UserSession')
->setConstructorArgs(array($this->container))
->setMethods(array('refresh'))
->setMethods(array('initialize'))
->getMock();
$this->container['user'] = $this
@ -596,7 +596,7 @@ class LdapTest extends \Base
$this->container['userSession']
->expects($this->never())
->method('refresh');
->method('initialize');
$this->assertFalse($ldap->authenticate('user', 'password'));
}

8
tests/units/Base.php
View File

@ -8,6 +8,8 @@ use Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher;
use Symfony\Component\Stopwatch\Stopwatch;
use SimpleLogger\Logger;
use SimpleLogger\File;
use Kanboard\Core\Session\FlashMessage;
use Kanboard\Core\Session\SessionStorage;
class FakeHttpClient
{
@ -93,6 +95,12 @@ abstract class Base extends PHPUnit_Framework_TestCase
->setConstructorArgs(array($this->container))
->setMethods(array('getType', 'getSelectedTypes'))
->getMock();
$this->container['sessionStorage'] = new SessionStorage;
$this->container['flash'] = function($c) {
return new FlashMessage($c);
};
}
public function tearDown()

23
tests/units/Core/Session/FlashMessageTest.php Normal file
View File

@ -0,0 +1,23 @@
<?php
require_once __DIR__.'/../../Base.php';
use Kanboard\Core\Session\FlashMessage;
class FlashMessageTest extends Base
{
public function testMessage()
{
$flash = new FlashMessage($this->container);
$flash->success('my message');
$this->assertEquals('my message', $flash->getMessage('success'));
$this->assertEmpty($flash->getMessage('success'));
$flash->failure('my error message');
$this->assertEquals('my error message', $flash->getMessage('failure'));
$this->assertEmpty($flash->getMessage('failure'));
$this->assertEmpty($flash->getMessage('not found'));
}
}

38
tests/units/Core/Session/SessionStorageTest.php Normal file
View File

@ -0,0 +1,38 @@
<?php
require_once __DIR__.'/../../Base.php';
use Kanboard\Core\Session\SessionStorage;
class SessionStorageTest extends Base
{
public function testNotPersistentStorage()
{
$storage = new SessionStorage();
$storage->something = array('a' => 'b');
$this->assertEquals(array('a' => 'b'), $storage->something);
$this->assertTrue(isset($storage->something));
$this->assertFalse(isset($storage->something->x));
$this->assertFalse(isset($storage->notFound));
$this->assertFalse(isset($storage->notFound->x));
$this->assertFalse(isset($storage->notFound['x']));
}
public function testPersistentStorage()
{
$session = array('d' => 'e');
$storage = new SessionStorage();
$storage->setStorage($session);
$storage->something = array('a' => 'b');
$this->assertEquals(array('a' => 'b'), $storage->something);
$this->assertEquals('e', $storage->d);
$storage->something['a'] = 'c';
$this->assertEquals('c', $storage->something['a']);
$storage = null;
$this->assertEquals(array('something' => array('a' => 'c'), 'd' => 'e'), $session);
}
}

10
tests/units/Helper/AppHelperTest.php
View File

@ -2,7 +2,7 @@
require_once __DIR__.'/../Base.php';
use Kanboard\Core\Session;
use Kanboard\Core\Session\FlashMessage;
use Kanboard\Helper\App;
use Kanboard\Model\Config;
@ -23,15 +23,15 @@ class AppHelperTest extends Base
public function testFlashMessage()
{
$h = new App($this->container);
$s = new Session;
$f = new FlashMessage($this->container);
$this->assertEmpty($h->flashMessage());
$s->flash('test & test');
$f->success('test & test');
$this->assertEquals('<div class="alert alert-success alert-fade-out">test &amp; test</div>', $h->flashMessage());
$this->assertEmpty($h->flashMessage());
$this->assertEmpty($h->flashMessage());
$s->flashError('test & test');
$f->failure('test & test');
$this->assertEquals('<div class="alert alert-error">test &amp; test</div>', $h->flashMessage());
$this->assertEmpty($h->flashMessage());
}

19
tests/units/Helper/UserHelperTest.php
View File

@ -6,7 +6,6 @@ use Kanboard\Helper\User;
use Kanboard\Model\Project;
use Kanboard\Model\ProjectPermission;
use Kanboard\Model\User as UserModel;
use Kanboard\Core\Session;
class UserHelperTest extends Base
{
@ -24,7 +23,6 @@ class UserHelperTest extends Base
$p = new Project($this->container);
$pp = new ProjectPermission($this->container);
$u = new UserModel($this->container);
$session = new Session;
// We create our user
$this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
@ -36,7 +34,7 @@ class UserHelperTest extends Base
$this->assertFalse($pp->isManager(1, 2));
// We fake a session for him
$session['user'] = array(
$this->container['sessionStorage']->user = array(
'id' => 2,
'is_admin' => false,
'is_project_admin' => true,
@ -51,7 +49,6 @@ class UserHelperTest extends Base
$p = new Project($this->container);
$pp = new ProjectPermission($this->container);
$u = new UserModel($this->container);
$session = new Session;
// We create our user
$this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
@ -63,7 +60,7 @@ class UserHelperTest extends Base
$this->assertFalse($pp->isManager(1, 2));
// We fake a session for him
$session['user'] = array(
$this->container['sessionStorage']->user = array(
'id' => 2,
'is_admin' => false,
'is_project_admin' => false,
@ -78,7 +75,6 @@ class UserHelperTest extends Base
$p = new Project($this->container);
$pp = new ProjectPermission($this->container);
$u = new UserModel($this->container);
$session = new Session;
// We create our user
$this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
@ -90,7 +86,7 @@ class UserHelperTest extends Base
$this->assertTrue($pp->isManager(1, 2));
// We fake a session for him
$session['user'] = array(
$this->container['sessionStorage']->user = array(
'id' => 2,
'is_admin' => false,
'is_project_admin' => false,
@ -105,7 +101,6 @@ class UserHelperTest extends Base
$p = new Project($this->container);
$pp = new ProjectPermission($this->container);
$u = new UserModel($this->container);
$session = new Session;
// We create our user
$this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
@ -117,7 +112,7 @@ class UserHelperTest extends Base
$this->assertFalse($pp->isManager(1, 2));
// We fake a session for him
$session['user'] = array(
$this->container['sessionStorage']->user = array(
'id' => 2,
'is_admin' => false,
'is_project_admin' => true,
@ -132,7 +127,6 @@ class UserHelperTest extends Base
$p = new Project($this->container);
$pp = new ProjectPermission($this->container);
$u = new UserModel($this->container);
$session = new Session;
// We create our user
$this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
@ -144,7 +138,7 @@ class UserHelperTest extends Base
$this->assertFalse($pp->isManager(1, 2));
// We fake a session for him
$session['user'] = array(
$this->container['sessionStorage']->user = array(
'id' => 2,
'is_admin' => false,
'is_project_admin' => false,
@ -159,7 +153,6 @@ class UserHelperTest extends Base
$p = new Project($this->container);
$pp = new ProjectPermission($this->container);
$u = new UserModel($this->container);
$session = new Session;
// We create our user
$this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
@ -171,7 +164,7 @@ class UserHelperTest extends Base
$this->assertTrue($pp->isManager(1, 2));
// We fake a session for him
$session['user'] = array(
$this->container['sessionStorage']->user = array(
'id' => 2,
'is_admin' => false,
'is_project_admin' => false,

24
tests/units/Model/AclTest.php
View File

@ -2,7 +2,6 @@
require_once __DIR__.'/../Base.php';
use Kanboard\Core\Session;
use Kanboard\Model\Acl;
use Kanboard\Model\Project;
use Kanboard\Model\ProjectPermission;
@ -86,8 +85,6 @@ class AclTest extends Base
public function testPageAccessNoSession()
{
$acl = new Acl($this->container);
$session = new Session;
$session = array();
$this->assertFalse($acl->isAllowed('board', 'readonly'));
$this->assertFalse($acl->isAllowed('task', 'show'));
@ -100,8 +97,7 @@ class AclTest extends Base
public function testPageAccessEmptySession()
{
$acl = new Acl($this->container);
$session = new Session;
$session['user'] = array();
$this->container['sessionStorage']->user = array();
$this->assertFalse($acl->isAllowed('board', 'readonly'));
$this->assertFalse($acl->isAllowed('task', 'show'));
@ -114,9 +110,7 @@ class AclTest extends Base
public function testPageAccessAdminUser()
{
$acl = new Acl($this->container);
$session = new Session;
$session['user'] = array(
$this->container['sessionStorage']->user = array(
'is_admin' => true,
);
@ -140,7 +134,6 @@ class AclTest extends Base
$p = new Project($this->container);
$pp = new ProjectPermission($this->container);
$u = new User($this->container);
$session = new Session;
// We create our user
$this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
@ -152,7 +145,7 @@ class AclTest extends Base
$this->assertFalse($pp->isManager(1, 2));
// We fake a session for him
$session['user'] = array(
$this->container['sessionStorage']->user = array(
'id' => 2,
'is_admin' => false,
'is_project_admin' => true,
@ -184,7 +177,6 @@ class AclTest extends Base
$p = new Project($this->container);
$pp = new ProjectPermission($this->container);
$u = new User($this->container);
$session = new Session;
// We create our user
$this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
@ -195,7 +187,7 @@ class AclTest extends Base
$this->assertTrue($pp->isManager(1, 2));
// We fake a session for him
$session['user'] = array(
$this->container['sessionStorage']->user = array(
'id' => 2,
'is_admin' => false,
);
@ -237,9 +229,7 @@ class AclTest extends Base
$this->assertTrue($pp->isMember(1, 2));
$this->assertFalse($pp->isManager(1, 2));
$session = new Session;
$session['user'] = array(
$this->container['sessionStorage']->user = array(
'id' => 2,
'is_admin' => false,
);
@ -276,9 +266,7 @@ class AclTest extends Base
$this->assertFalse($pp->isMember(1, 2));
$this->assertFalse($pp->isManager(1, 2));
$session = new Session;
$session['user'] = array(
$this->container['sessionStorage']->user = array(
'id' => 2,
'is_admin' => false,
);

10
tests/units/Model/ConfigTest.php
View File

@ -3,7 +3,7 @@
require_once __DIR__.'/../Base.php';
use Kanboard\Model\Config;
use Kanboard\Core\Session;
use Kanboard\Core\Session\SessionManager;
class ConfigTest extends Base
{
@ -73,17 +73,15 @@ class ConfigTest extends Base
public function testGetWithSession()
{
$this->container['session'] = new Session;
$c = new Config($this->container);
session_id('test');
$this->assertTrue(Session::isOpen());
$this->assertTrue(SessionManager::isOpen());
$this->assertEquals('', $c->get('board_columns'));
$this->assertEquals('test', $c->get('board_columns', 'test'));
$this->container['session']['config'] = array(
$this->container['sessionStorage']->config = array(
'board_columns' => 'foo',
'empty_value' => 0
);
@ -93,6 +91,6 @@ class ConfigTest extends Base
$this->assertEquals('test', $c->get('empty_value', 'test'));
session_id('');
unset($this->container['session']);
$this->assertFalse(SessionManager::isOpen());
}
}

4
tests/units/Model/SubtaskTest.php
View File

@ -8,7 +8,6 @@ use Kanboard\Model\Subtask;
use Kanboard\Model\Project;
use Kanboard\Model\Category;
use Kanboard\Model\User;
use Kanboard\Core\Session;
use Kanboard\Model\UserSession;
class SubtaskTest extends Base
@ -190,7 +189,6 @@ class SubtaskTest extends Base
$tc = new TaskCreation($this->container);
$s = new Subtask($this->container);
$p = new Project($this->container);
$ss = new Session;
$us = new UserSession($this->container);
$this->assertEquals(1, $p->create(array('name' => 'test1')));
@ -205,7 +203,7 @@ class SubtaskTest extends Base
$this->assertEquals(1, $subtask['task_id']);
// Set the current logged user
$ss['user'] = array('id' => 1);
$this->container['sessionStorage']->user = array('id' => 1);
$this->assertTrue($s->toggleStatus(1));

4
tests/units/Model/SubtaskTimeTrackingTest.php
View File

@ -9,7 +9,6 @@ use Kanboard\Model\SubtaskTimeTracking;
use Kanboard\Model\Project;
use Kanboard\Model\Category;
use Kanboard\Model\User;
use Kanboard\Core\Session;
class SubtaskTimeTrackingTest extends Base
{
@ -38,9 +37,8 @@ class SubtaskTimeTrackingTest extends Base
$s = new Subtask($this->container);
$st = new SubtaskTimeTracking($this->container);
$p = new Project($this->container);
$ss = new Session;
$ss['user'] = array('id' => 1);
$this->container['sessionStorage']->user = array('id' => 1);
$this->assertEquals(1, $p->create(array('name' => 'test1')));
$this->assertEquals(1, $tc->create(array('title' => 'test 1', 'project_id' => 1, 'column_id' => 1, 'owner_id' => 1)));

5
tests/units/Model/TaskCreationTest.php
View File

@ -182,8 +182,7 @@ class TaskCreationTest extends Base
$tc = new TaskCreation($this->container);
$tf = new TaskFinder($this->container);
$_SESSION = array();
$_SESSION['user']['id'] = 1;
$this->container['sessionStorage']->user = array('id' => 1);
$this->assertEquals(1, $p->create(array('name' => 'test')));
$this->assertEquals(1, $tc->create(array('project_id' => 1, 'title' => 'test')));
@ -194,8 +193,6 @@ class TaskCreationTest extends Base
$this->assertEquals(1, $task['id']);
$this->assertEquals(1, $task['creator_id']);
$_SESSION = array();
}
public function testColumnId()

5
tests/units/Model/TaskDuplicationTest.php
View File

@ -31,8 +31,7 @@ class TaskDuplicationTest extends Base
$this->assertEquals(1, $task['project_id']);
$this->assertEquals(0, $task['creator_id']);
$_SESSION = array();
$_SESSION['user']['id'] = 1;
$this->container['sessionStorage']->user = array('id' => 1);
// We duplicate our task
$this->assertEquals(2, $td->duplicate(1));
@ -41,8 +40,6 @@ class TaskDuplicationTest extends Base
$task = $tf->getById(2);
$this->assertNotEmpty($task);
$this->assertEquals(1, $task['creator_id']);
$_SESSION = array();
}
public function testDuplicateSameProject()

16
tests/units/Model/TaskPermissionTest.php
View File

@ -33,7 +33,7 @@ class TaskPermissionTest extends Base
// User #1 can remove everything
$user = $u->getbyId(1);
$this->assertNotEmpty($user);
$us->refresh($user);
$us->initialize($user);
$task = $tf->getbyId(1);
$this->assertNotEmpty($task);
@ -42,7 +42,7 @@ class TaskPermissionTest extends Base
// User #2 can't remove the task #1
$user = $u->getbyId(2);
$this->assertNotEmpty($user);
$us->refresh($user);
$us->initialize($user);
$task = $tf->getbyId(1);
$this->assertNotEmpty($task);
@ -51,7 +51,7 @@ class TaskPermissionTest extends Base
// User #1 can remove everything
$user = $u->getbyId(1);
$this->assertNotEmpty($user);
$us->refresh($user);
$us->initialize($user);
$task = $tf->getbyId(2);
$this->assertNotEmpty($task);
@ -60,7 +60,7 @@ class TaskPermissionTest extends Base
// User #2 can remove his own task
$user = $u->getbyId(2);
$this->assertNotEmpty($user);
$us->refresh($user);
$us->initialize($user);
$task = $tf->getbyId(2);
$this->assertNotEmpty($task);
@ -69,7 +69,7 @@ class TaskPermissionTest extends Base
// User #1 can remove everything
$user = $u->getbyId(1);
$this->assertNotEmpty($user);
$us->refresh($user);
$us->initialize($user);
$task = $tf->getbyId(3);
$this->assertNotEmpty($task);
@ -78,7 +78,7 @@ class TaskPermissionTest extends Base
// User #2 can't remove the task #3
$user = $u->getbyId(2);
$this->assertNotEmpty($user);
$us->refresh($user);
$us->initialize($user);
$task = $tf->getbyId(3);
$this->assertNotEmpty($task);
@ -87,7 +87,7 @@ class TaskPermissionTest extends Base
// User #1 can remove everything
$user = $u->getbyId(1);
$this->assertNotEmpty($user);
$us->refresh($user);
$us->initialize($user);
$task = $tf->getbyId(4);
$this->assertNotEmpty($task);
@ -96,7 +96,7 @@ class TaskPermissionTest extends Base
// User #2 can't remove the task #4
$user = $u->getbyId(2);
$this->assertNotEmpty($user);
$us->refresh($user);
$us->initialize($user);
$task = $tf->getbyId(4);
$this->assertNotEmpty($task);

144
tests/units/Model/UserSessionTest.php
View File

@ -2,31 +2,157 @@
require_once __DIR__.'/../Base.php';
use Kanboard\Core\Session;
use Kanboard\Model\UserSession;
class UserSessionTest extends Base
{
public function testInitialize()
{
$us = new UserSession($this->container);
$user = array(
'id' => '123',
'username' => 'john',
'password' => 'something',
'twofactor_secret' => 'something else',
'is_admin' => '1',
'is_project_admin' => '0',
'is_ldap_user' => '0',
'twofactor_activated' => '0',
);
$us->initialize($user);
$session = $this->container['sessionStorage']->getAll();
$this->assertNotEmpty($session);
$this->assertEquals(123, $session['user']['id']);
$this->assertEquals('john', $session['user']['username']);
$this->assertTrue($session['user']['is_admin']);
$this->assertFalse($session['user']['is_project_admin']);
$this->assertFalse($session['user']['is_ldap_user']);
$this->assertFalse($session['user']['twofactor_activated']);
$this->assertArrayNotHasKey('password', $session['user']);
$this->assertArrayNotHasKey('twofactor_secret', $session['user']);
$this->assertEquals('john', $us->getUsername());
}
public function testGetId()
{
$us = new UserSession($this->container);
$this->assertEquals(0, $us->getId());
$this->container['sessionStorage']->user = array('id' => 2);
$this->assertEquals(2, $us->getId());
$this->container['sessionStorage']->user = array('id' => '2');
$this->assertEquals(2, $us->getId());
}
public function testIsLogged()
{
$us = new UserSession($this->container);
$this->assertFalse($us->isLogged());
$this->container['sessionStorage']->user = array();
$this->assertFalse($us->isLogged());
$this->container['sessionStorage']->user = array('id' => 1);
$this->assertTrue($us->isLogged());
}
public function testIsAdmin()
{
$s = new Session;
$us = new UserSession($this->container);
$this->assertFalse($us->isAdmin());
$s['user'] = array();
$this->container['sessionStorage']->user = array('is_admin' => '1');
$this->assertFalse($us->isAdmin());
$s['user'] = array('is_admin' => '1');
$this->container['sessionStorage']->user = array('is_admin' => '2');
$this->assertFalse($us->isAdmin());
$s['user'] = array('is_admin' => false);
$this->container['sessionStorage']->user = array('is_admin' => false);
$this->assertFalse($us->isAdmin());
$s['user'] = array('is_admin' => '2');
$this->assertFalse($us->isAdmin());
$s['user'] = array('is_admin' => true);
$this->container['sessionStorage']->user = array('is_admin' => true);
$this->assertTrue($us->isAdmin());
}
public function testIsProjectAdmin()
{
$us = new UserSession($this->container);
$this->assertFalse($us->isProjectAdmin());
$this->container['sessionStorage']->user = array('is_project_admin' => false);
$this->assertFalse($us->isProjectAdmin());
$this->container['sessionStorage']->user = array('is_project_admin' => true);
$this->assertTrue($us->isProjectAdmin());
}
public function testCommentSorting()
{
$us = new UserSession($this->container);
$this->assertEquals('ASC', $us->getCommentSorting());
$us->setCommentSorting('DESC');
$this->assertEquals('DESC', $us->getCommentSorting());
}
public function testBoardCollapseMode()
{
$us = new UserSession($this->container);
$this->assertFalse($us->isBoardCollapsed(2));
$us->setBoardDisplayMode(3, false);
$this->assertFalse($us->isBoardCollapsed(3));
$us->setBoardDisplayMode(3, true);
$this->assertTrue($us->isBoardCollapsed(3));
}
public function testFilters()
{
$us = new UserSession($this->container);
$this->assertEquals('status:open', $us->getFilters(1));
$us->setFilters(1, 'assignee:me');
$this->assertEquals('assignee:me', $us->getFilters(1));
$this->assertEquals('status:open', $us->getFilters(2));
$us->setFilters(2, 'assignee:bob');
$this->assertEquals('assignee:bob', $us->getFilters(2));
}
public function test2FA()
{
$us = new UserSession($this->container);
$this->assertFalse($us->check2FA());
$this->container['sessionStorage']->postAuth = array('validated' => false);
$this->assertFalse($us->check2FA());
$this->container['sessionStorage']->postAuth = array('validated' => true);
$this->assertTrue($us->check2FA());
$this->container['sessionStorage']->user = array();
$this->assertFalse($us->has2FA());
$this->container['sessionStorage']->user = array('twofactor_activated' => false);
$this->assertFalse($us->has2FA());
$this->container['sessionStorage']->user = array('twofactor_activated' => true);
$this->assertTrue($us->has2FA());
$us->disable2FA();
$this->assertFalse($us->has2FA());
}
}