Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed unnecessary entries in table api-session when using insta-login in API calls #3477

Merged
merged 6 commits into from
Sep 5, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 25 additions & 35 deletions app/code/core/Mage/Api/Model/Server/Handler/Abstract.php
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,21 @@ protected function _startSession($sessionId = null)
return $this;
}

/**
* Allow insta-login via HTTP Basic Auth
*
* @param string $sessionId
* @return $this
*/
protected function _instaLogin(&$sessionId)
{
if ($sessionId === null && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$this->_getSession()->setIsInstaLogin();
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
return $this;
}

/**
* Check current user permission on resource and privilege
*
Expand All @@ -100,16 +115,6 @@ protected function _isAllowed($resource, $privilege = null)
return $this->_getSession()->isAllowed($resource, $privilege);
}

/**
* Check session expiration
*
* @return bool
*/
protected function _isSessionExpired()
{
return $this->_getSession()->isSessionExpired();
fballiano marked this conversation as resolved.
Show resolved Hide resolved
}

/**
* Dispatch webservice fault
*
Expand Down Expand Up @@ -225,11 +230,8 @@ public function login($username, $apiKey = null)
*/
public function call($sessionId, $apiPath, $args = [])
{
// Allow insta-login via HTTP Basic Auth
if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$this->_startSession($sessionId);
$this->_instaLogin($sessionId)
->_startSession($sessionId);

if (!$this->_getSession()->isLoggedIn($sessionId)) {
return $this->_fault('session_expired');
Expand Down Expand Up @@ -313,11 +315,8 @@ public function call($sessionId, $apiPath, $args = [])
*/
public function multiCall($sessionId, array $calls = [], $options = [])
{
// Allow insta-login via HTTP Basic Auth
if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$this->_startSession($sessionId);
$this->_instaLogin($sessionId)
->_startSession($sessionId);

if (!$this->_getSession()->isLoggedIn($sessionId)) {
return $this->_fault('session_expired');
Expand Down Expand Up @@ -445,11 +444,8 @@ public function multiCall($sessionId, array $calls = [], $options = [])
*/
public function resources($sessionId)
{
// Allow insta-login via HTTP Basic Auth
if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$this->_startSession($sessionId);
$this->_instaLogin($sessionId)
->_startSession($sessionId);

if (!$this->_getSession()->isLoggedIn($sessionId)) {
return $this->_fault('session_expired');
Expand Down Expand Up @@ -513,11 +509,8 @@ public function resources($sessionId)
*/
public function resourceFaults($sessionId, $resourceName)
{
// Allow insta-login via HTTP Basic Auth
if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$this->_startSession($sessionId);
$this->_instaLogin($sessionId)
->_startSession($sessionId);

if (!$this->_getSession()->isLoggedIn($sessionId)) {
return $this->_fault('session_expired');
Expand Down Expand Up @@ -553,11 +546,8 @@ public function resourceFaults($sessionId, $resourceName)
*/
public function globalFaults($sessionId)
{
// Allow insta-login via HTTP Basic Auth
if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$this->_startSession($sessionId);
$this->_instaLogin($sessionId)
->_startSession($sessionId);
return array_values($this->_getConfig()->getFaults());
}

Expand Down
33 changes: 31 additions & 2 deletions app/code/core/Mage/Api/Model/Session.php
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,28 @@ public function clear()
return true;
}

/**
* Flag login as HTTP Basic Auth.
*
* @param bool $isInstaLogin
* @return $this
*/
public function setIsInstaLogin(bool $isInstaLogin = true)
{
$this->setData('is_insta_login', $isInstaLogin);
return $this;
}

/**
* Is insta-login?
*
* @return bool
*/
public function getIsInstaLogin(): bool
{
return (bool) $this->getData('is_insta_login');
}

/**
* @param string $username
* @param string $apiKey
Expand All @@ -105,8 +127,15 @@ public function clear()
public function login($username, $apiKey)
{
$user = Mage::getModel('api/user')
->setSessid($this->getSessionId())
->login($username, $apiKey);
->setSessid($this->getSessionId());
if ($this->getIsInstaLogin() && $user->authenticate($username, $apiKey)) {
Mage::dispatchEvent('api_user_authenticated', [
fballiano marked this conversation as resolved.
Show resolved Hide resolved
'model' => $user,
'api_key' => $apiKey,
]);
} else {
$user->login($username, $apiKey);
}

if ($user->getId() && $user->getIsActive() != '1') {
Mage::throwException(Mage::helper('api')->__('Your account has been deactivated.'));
Expand Down
5 changes: 0 additions & 5 deletions phpstan.dist.baseline.neon
Original file line number Diff line number Diff line change
Expand Up @@ -765,11 +765,6 @@ parameters:
count: 2
path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php

-
message: "#^Method Mage_Api_Model_Session\\:\\:isSessionExpired\\(\\) invoked with 0 parameters, 1 required\\.$#"
count: 1
path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php

-
message: "#^Result of method SoapServer\\:\\:handle\\(\\) \\(void\\) is used\\.$#"
count: 1
Expand Down
Loading