code review

This commit is contained in:
Jean-Christian Denis 2023-04-22 12:26:06 +02:00
parent 4dbdb4390e
commit daf242ce90
Signed by: JcDenis
GPG key ID: 1B5B8C5B90B6C951
6 changed files with 61 additions and 18 deletions

View file

@ -14,7 +14,6 @@ declare(strict_types=1);
namespace Dotclear\Plugin\httpPassword;
use dcAuth;
use dcAdmin;
use dcCore;
use dcPage;
@ -31,10 +30,11 @@ class Backend extends dcNsProcess
public static function process(): bool
{
if (!static::$init) {
if (!static::$init || is_null(dcCore::app()->auth) || is_null(dcCore::app()->blog) || is_null(dcCore::app()->adminurl)) {
return false;
}
// add backend sidebar menu icon
dcCore::app()->menu[dcAdmin::MENU_PLUGINS]->addItem(
My::name(),
dcCore::app()->adminurl->get('admin.plugin.' . My::id()),

View file

@ -33,7 +33,12 @@ class Frontend extends dcNsProcess
return false;
}
// check password on frontend
dcCore::app()->addBehavior('publicPrependV2', function (): void {
// nullsafe
if (is_null(dcCore::app()->blog)) {
return;
}
$PHP_AUTH_USER = $PHP_AUTH_PW = '';
if (isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW'])) {

View file

@ -22,14 +22,15 @@ class Install extends dcNsProcess
{
public static function init(): bool
{
static::$init = defined('DC_CONTEXT_ADMIN') && dcCore::app()->newVersion(My::id(), dcCore::app()->plugins->moduleInfo(My::id(), 'version'));
static::$init = defined('DC_CONTEXT_ADMIN')
&& dcCore::app()->newVersion(My::id(), dcCore::app()->plugins->moduleInfo(My::id(), 'version'));
return static::$init;
}
public static function process(): bool
{
if (!static::$init) {
if (!static::$init || is_null(dcCore::app()->blog)) {
return false;
}

View file

@ -40,18 +40,21 @@ class Manage extends dcNsProcess
{
public static function init(): bool
{
static::$init = defined('DC_CONTEXT_ADMIN') && dcCore::app()->auth->check(
dcCore::app()->auth->makePermissions([
My::PERMISSION,
]), dcCore::app()->blog->id
);
static::$init = defined('DC_CONTEXT_ADMIN')
&& !is_null(dcCore::app()->auth) && !is_null(dcCore::app()->blog) // nullsafe
&& dcCore::app()->auth->check(
dcCore::app()->auth->makePermissions([
My::PERMISSION,
]),
dcCore::app()->blog->id
);
return static::$init;
}
public static function process(): bool
{
if (!static::$init) {
if (!static::$init || is_null(dcCore::app()->blog) || is_null(dcCore::app()->adminurl)) {
return false;
}
@ -67,6 +70,7 @@ class Manage extends dcNsProcess
return true;
}
// save settings
if ('savesettings' == $action) {
$s = dcCore::app()->blog->settings->get(My::id());
$s->put('active', !empty($_POST['active']));
@ -85,6 +89,7 @@ class Manage extends dcNsProcess
);
}
// delete users logins
if ('savelogins' == $action) {
$logs = dcCore::app()->log->getLogs(['log_table' => My::id()]);
if (!$logs->isEmpty()) {
@ -105,6 +110,7 @@ class Manage extends dcNsProcess
}
}
// save users logins / passwords in frontend passwords file
if ('savepasswords' == $action) {
$passwords = self::getPasswords();
$lines = [];
@ -153,7 +159,7 @@ class Manage extends dcNsProcess
public static function render(): void
{
if (!static::$init) {
if (!static::$init || is_null(dcCore::app()->blog) || is_null(dcCore::app()->adminurl)) {
return;
}
@ -173,7 +179,7 @@ class Manage extends dcNsProcess
]) .
dcPage::notices() .
# Filters select menu list
// Filters select menu list
(new Form('section_menu'))->action(dcCore::app()->adminurl->get('admin.plugin.' . My::id()))->method('get')->fields([
(new Para())->class('anchor-nav')->items([
(new Label(__('Select section:')))->for('part')->class('classic'),
@ -185,6 +191,7 @@ class Manage extends dcNsProcess
'<h3>' . array_search($part, My::sectionCombo()) . '</h3>';
// settigns form
if ('settings' == $part) {
echo
(new Form('section_settings'))->action(dcCore::app()->adminurl->get('admin.plugin.' . My::id(), ['part' => 'settings']))->method('post')->fields([
@ -214,6 +221,7 @@ class Manage extends dcNsProcess
])->render();
}
// delete logins form
if ('logins' == $part) {
$logs = dcCore::app()->log->getLogs(['log_table' => My::id()]);
if ($logs->isEmpty()) {
@ -250,6 +258,7 @@ class Manage extends dcNsProcess
}
}
// existing logins/passwords form
if ('passwords' == $part) {
$passwords = self::getPasswords();
@ -295,6 +304,7 @@ class Manage extends dcNsProcess
])->render();
}
// new login form
echo
(new Form('section_new'))->action(dcCore::app()->adminurl->get('admin.plugin.' . My::id(), ['part' => $part]))->method('post')->fields([
(new Text('h3', Html::escapeHTML(__('Add a user')))),
@ -320,6 +330,11 @@ class Manage extends dcNsProcess
dcPage::closeModule();
}
/**
* Get page section.
*
* @return string The section
*/
private static function getSection(): string
{
$part = $_REQUEST['part'] ?? 'settings';
@ -330,6 +345,11 @@ class Manage extends dcNsProcess
return $part;
}
/**
* Get existing passwords from file.
*
* @return array<string,string> The passwords list
*/
private static function getPasswords(): array
{
$passwords = [];

View file

@ -28,10 +28,11 @@ class Prepend extends dcNsProcess
public static function process(): bool
{
if (!static::$init) {
if (!static::$init || is_null(dcCore::app()->auth)) {
return false;
}
// register module permission
dcCore::app()->auth->setPermissionType(
My::PERMISSION,
__('Manage http password blog protection')

View file

@ -20,9 +20,15 @@ class Utils
{
/**
* Crypt password
*
* @param string $secret The secret
*
* @return string The crypt password (empty on error)
*/
public static function crypt(?string $secret): string
{
$secret = (string) $secret;
switch (self::cryptMethod()) {
case 'plaintext':
$saltlen = -1;
@ -72,43 +78,53 @@ class Utils
$secret = crypt($secret, $salt);
}
return($secret);
return $secret;
}
/**
* Setting: active
*
* @return bool True if module is active
*/
public static function isActive(): bool
{
return (bool) dcCore::app()->blog->settings->get(My::id())->get('active');
return !is_null(dcCore::app()->blog) && (bool) dcCore::app()->blog->settings->get(My::id())->get('active');
}
/**
* Setting: crypt
*
* @return string The crypt method
*/
public static function cryptMethod(): string
{
return (string) dcCore::app()->blog->settings->get(My::id())->get('crypt');
return is_null(dcCore::app()->blog) ? '' : (string) dcCore::app()->blog->settings->get(My::id())->get('crypt');
}
/**
* Setting: message
*
* @return string The frontend message
*/
public static function httpMessage(): string
{
return (string) dcCore::app()->blog->settings->get(My::id())->get('message');
return is_null(dcCore::app()->blog) ? '' : (string) dcCore::app()->blog->settings->get(My::id())->get('message');
}
/**
* Get passwords file path
*
* @return string The passwords file path (empty on error)
*/
public static function passwordFile(): string
{
return dcCore::app()->blog->public_path . DIRECTORY_SEPARATOR . My::FILE_PASSWORD;
return is_null(dcCore::app()->blog) ? '' : dcCore::app()->blog->public_path . DIRECTORY_SEPARATOR . My::FILE_PASSWORD;
}
/**
* Check passwords file
*
* @return bool True if passwords file is writable
*/
public static function isWritable(): bool
{