code review

This commit is contained in:
Jean-Christian Denis 2023-04-22 12:26:06 +02:00
parent 4dbdb4390e
commit daf242ce90
Signed by: JcDenis
GPG key ID: 1B5B8C5B90B6C951
6 changed files with 61 additions and 18 deletions

View file

@ -14,7 +14,6 @@ declare(strict_types=1);
namespace Dotclear\Plugin\httpPassword; namespace Dotclear\Plugin\httpPassword;
use dcAuth;
use dcAdmin; use dcAdmin;
use dcCore; use dcCore;
use dcPage; use dcPage;
@ -31,10 +30,11 @@ class Backend extends dcNsProcess
public static function process(): bool public static function process(): bool
{ {
if (!static::$init) { if (!static::$init || is_null(dcCore::app()->auth) || is_null(dcCore::app()->blog) || is_null(dcCore::app()->adminurl)) {
return false; return false;
} }
// add backend sidebar menu icon
dcCore::app()->menu[dcAdmin::MENU_PLUGINS]->addItem( dcCore::app()->menu[dcAdmin::MENU_PLUGINS]->addItem(
My::name(), My::name(),
dcCore::app()->adminurl->get('admin.plugin.' . My::id()), dcCore::app()->adminurl->get('admin.plugin.' . My::id()),

View file

@ -33,7 +33,12 @@ class Frontend extends dcNsProcess
return false; return false;
} }
// check password on frontend
dcCore::app()->addBehavior('publicPrependV2', function (): void { dcCore::app()->addBehavior('publicPrependV2', function (): void {
// nullsafe
if (is_null(dcCore::app()->blog)) {
return;
}
$PHP_AUTH_USER = $PHP_AUTH_PW = ''; $PHP_AUTH_USER = $PHP_AUTH_PW = '';
if (isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW'])) { if (isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW'])) {

View file

@ -22,14 +22,15 @@ class Install extends dcNsProcess
{ {
public static function init(): bool public static function init(): bool
{ {
static::$init = defined('DC_CONTEXT_ADMIN') && dcCore::app()->newVersion(My::id(), dcCore::app()->plugins->moduleInfo(My::id(), 'version')); static::$init = defined('DC_CONTEXT_ADMIN')
&& dcCore::app()->newVersion(My::id(), dcCore::app()->plugins->moduleInfo(My::id(), 'version'));
return static::$init; return static::$init;
} }
public static function process(): bool public static function process(): bool
{ {
if (!static::$init) { if (!static::$init || is_null(dcCore::app()->blog)) {
return false; return false;
} }

View file

@ -40,18 +40,21 @@ class Manage extends dcNsProcess
{ {
public static function init(): bool public static function init(): bool
{ {
static::$init = defined('DC_CONTEXT_ADMIN') && dcCore::app()->auth->check( static::$init = defined('DC_CONTEXT_ADMIN')
dcCore::app()->auth->makePermissions([ && !is_null(dcCore::app()->auth) && !is_null(dcCore::app()->blog) // nullsafe
My::PERMISSION, && dcCore::app()->auth->check(
]), dcCore::app()->blog->id dcCore::app()->auth->makePermissions([
); My::PERMISSION,
]),
dcCore::app()->blog->id
);
return static::$init; return static::$init;
} }
public static function process(): bool public static function process(): bool
{ {
if (!static::$init) { if (!static::$init || is_null(dcCore::app()->blog) || is_null(dcCore::app()->adminurl)) {
return false; return false;
} }
@ -67,6 +70,7 @@ class Manage extends dcNsProcess
return true; return true;
} }
// save settings
if ('savesettings' == $action) { if ('savesettings' == $action) {
$s = dcCore::app()->blog->settings->get(My::id()); $s = dcCore::app()->blog->settings->get(My::id());
$s->put('active', !empty($_POST['active'])); $s->put('active', !empty($_POST['active']));
@ -85,6 +89,7 @@ class Manage extends dcNsProcess
); );
} }
// delete users logins
if ('savelogins' == $action) { if ('savelogins' == $action) {
$logs = dcCore::app()->log->getLogs(['log_table' => My::id()]); $logs = dcCore::app()->log->getLogs(['log_table' => My::id()]);
if (!$logs->isEmpty()) { if (!$logs->isEmpty()) {
@ -105,6 +110,7 @@ class Manage extends dcNsProcess
} }
} }
// save users logins / passwords in frontend passwords file
if ('savepasswords' == $action) { if ('savepasswords' == $action) {
$passwords = self::getPasswords(); $passwords = self::getPasswords();
$lines = []; $lines = [];
@ -153,7 +159,7 @@ class Manage extends dcNsProcess
public static function render(): void public static function render(): void
{ {
if (!static::$init) { if (!static::$init || is_null(dcCore::app()->blog) || is_null(dcCore::app()->adminurl)) {
return; return;
} }
@ -173,7 +179,7 @@ class Manage extends dcNsProcess
]) . ]) .
dcPage::notices() . dcPage::notices() .
# Filters select menu list // Filters select menu list
(new Form('section_menu'))->action(dcCore::app()->adminurl->get('admin.plugin.' . My::id()))->method('get')->fields([ (new Form('section_menu'))->action(dcCore::app()->adminurl->get('admin.plugin.' . My::id()))->method('get')->fields([
(new Para())->class('anchor-nav')->items([ (new Para())->class('anchor-nav')->items([
(new Label(__('Select section:')))->for('part')->class('classic'), (new Label(__('Select section:')))->for('part')->class('classic'),
@ -185,6 +191,7 @@ class Manage extends dcNsProcess
'<h3>' . array_search($part, My::sectionCombo()) . '</h3>'; '<h3>' . array_search($part, My::sectionCombo()) . '</h3>';
// settigns form
if ('settings' == $part) { if ('settings' == $part) {
echo echo
(new Form('section_settings'))->action(dcCore::app()->adminurl->get('admin.plugin.' . My::id(), ['part' => 'settings']))->method('post')->fields([ (new Form('section_settings'))->action(dcCore::app()->adminurl->get('admin.plugin.' . My::id(), ['part' => 'settings']))->method('post')->fields([
@ -214,6 +221,7 @@ class Manage extends dcNsProcess
])->render(); ])->render();
} }
// delete logins form
if ('logins' == $part) { if ('logins' == $part) {
$logs = dcCore::app()->log->getLogs(['log_table' => My::id()]); $logs = dcCore::app()->log->getLogs(['log_table' => My::id()]);
if ($logs->isEmpty()) { if ($logs->isEmpty()) {
@ -250,6 +258,7 @@ class Manage extends dcNsProcess
} }
} }
// existing logins/passwords form
if ('passwords' == $part) { if ('passwords' == $part) {
$passwords = self::getPasswords(); $passwords = self::getPasswords();
@ -295,6 +304,7 @@ class Manage extends dcNsProcess
])->render(); ])->render();
} }
// new login form
echo echo
(new Form('section_new'))->action(dcCore::app()->adminurl->get('admin.plugin.' . My::id(), ['part' => $part]))->method('post')->fields([ (new Form('section_new'))->action(dcCore::app()->adminurl->get('admin.plugin.' . My::id(), ['part' => $part]))->method('post')->fields([
(new Text('h3', Html::escapeHTML(__('Add a user')))), (new Text('h3', Html::escapeHTML(__('Add a user')))),
@ -320,6 +330,11 @@ class Manage extends dcNsProcess
dcPage::closeModule(); dcPage::closeModule();
} }
/**
* Get page section.
*
* @return string The section
*/
private static function getSection(): string private static function getSection(): string
{ {
$part = $_REQUEST['part'] ?? 'settings'; $part = $_REQUEST['part'] ?? 'settings';
@ -330,6 +345,11 @@ class Manage extends dcNsProcess
return $part; return $part;
} }
/**
* Get existing passwords from file.
*
* @return array<string,string> The passwords list
*/
private static function getPasswords(): array private static function getPasswords(): array
{ {
$passwords = []; $passwords = [];

View file

@ -28,10 +28,11 @@ class Prepend extends dcNsProcess
public static function process(): bool public static function process(): bool
{ {
if (!static::$init) { if (!static::$init || is_null(dcCore::app()->auth)) {
return false; return false;
} }
// register module permission
dcCore::app()->auth->setPermissionType( dcCore::app()->auth->setPermissionType(
My::PERMISSION, My::PERMISSION,
__('Manage http password blog protection') __('Manage http password blog protection')

View file

@ -20,9 +20,15 @@ class Utils
{ {
/** /**
* Crypt password * Crypt password
*
* @param string $secret The secret
*
* @return string The crypt password (empty on error)
*/ */
public static function crypt(?string $secret): string public static function crypt(?string $secret): string
{ {
$secret = (string) $secret;
switch (self::cryptMethod()) { switch (self::cryptMethod()) {
case 'plaintext': case 'plaintext':
$saltlen = -1; $saltlen = -1;
@ -72,43 +78,53 @@ class Utils
$secret = crypt($secret, $salt); $secret = crypt($secret, $salt);
} }
return($secret); return $secret;
} }
/** /**
* Setting: active * Setting: active
*
* @return bool True if module is active
*/ */
public static function isActive(): bool public static function isActive(): bool
{ {
return (bool) dcCore::app()->blog->settings->get(My::id())->get('active'); return !is_null(dcCore::app()->blog) && (bool) dcCore::app()->blog->settings->get(My::id())->get('active');
} }
/** /**
* Setting: crypt * Setting: crypt
*
* @return string The crypt method
*/ */
public static function cryptMethod(): string public static function cryptMethod(): string
{ {
return (string) dcCore::app()->blog->settings->get(My::id())->get('crypt'); return is_null(dcCore::app()->blog) ? '' : (string) dcCore::app()->blog->settings->get(My::id())->get('crypt');
} }
/** /**
* Setting: message * Setting: message
*
* @return string The frontend message
*/ */
public static function httpMessage(): string public static function httpMessage(): string
{ {
return (string) dcCore::app()->blog->settings->get(My::id())->get('message'); return is_null(dcCore::app()->blog) ? '' : (string) dcCore::app()->blog->settings->get(My::id())->get('message');
} }
/** /**
* Get passwords file path * Get passwords file path
*
* @return string The passwords file path (empty on error)
*/ */
public static function passwordFile(): string public static function passwordFile(): string
{ {
return dcCore::app()->blog->public_path . DIRECTORY_SEPARATOR . My::FILE_PASSWORD; return is_null(dcCore::app()->blog) ? '' : dcCore::app()->blog->public_path . DIRECTORY_SEPARATOR . My::FILE_PASSWORD;
} }
/** /**
* Check passwords file * Check passwords file
*
* @return bool True if passwords file is writable
*/ */
public static function isWritable(): bool public static function isWritable(): bool
{ {