Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: customizable session driver #3610

Merged
merged 13 commits into from
Sep 14, 2022
Merged

feat: customizable session driver #3610

merged 13 commits into from
Sep 14, 2022

Conversation

SychO9
Copy link
Member

@SychO9 SychO9 commented Aug 22, 2022
edited
Loading

Part of the security roadmap

Changes proposed in this pull request:

  • Makes the session driver interchangeable (currently, a driver can be selected by setting session.driver in config.php, in the future probably through an advanced admin page UI).
  • Introduces the needed extension API.
  • Adds tests.
  • Adds session driver to info command.

Reviewers should focus on:

  • Currently if the driver is configured to a driver that doesn't exist an exception is thrown, would we rather silently fallback to the default? I feel like that might be more convenient as an admin might disable the extension that provides the driver and crashing with an exception wouldn't be nice.

Necessity

  • Has the problem that is being solved here been clearly explained?
  • If applicable, have various options for solving this problem been considered?
  • For core PRs, does this need to be in core, or could it be in an extension?
  • Are we willing to maintain this for years / potentially forever?

Confirmed

  • Frontend changes: tested on a local Flarum installation.
  • Backend changes: tests are green (run composer test).
  • Core developer confirmed locally this works as intended.
  • Tests have been added, or are not appropriate here.

SychO9 added 3 commits August 22, 2022 18:46
@SychO9
feat: add session driver extension API
b77421e 
Signed-off-by: Sami Mazouz <ilyasmazouz@gmail.com>
@SychO9
chore: no need to inject into SessionManager
12eb9b9 
Signed-off-by: Sami Mazouz <ilyasmazouz@gmail.com>
@SychO9
chore: improve current session driver detection
ccb2799 
Signed-off-by: Sami Mazouz <ilyasmazouz@gmail.com>
@SychO9 SychO9 self-assigned this Aug 22, 2022
@SychO9
chore: silently fallback to default if configured driver is unavailable
8030d11 
Signed-off-by: Sami Mazouz <ilyasmazouz@gmail.com>
@luceos
Copy link
Member

luceos commented Aug 23, 2022

  • Currently if the driver is configured to a driver that doesn't exist an exception is thrown, would we rather silently fallback to the default? I feel like that might be more convenient as an admin might disable the extension that provides the driver and crashing with an exception wouldn't be nice.

I think that makes the most sense. It would however be necessary to add an entry to the logs (error/critical) that provides feedback about this failure to the webmaster.

luceos
luceos approved these changes Aug 23, 2022
edited
Loading
View reviewed changes
@SychO9
chore: log a critical error if the configured session driver is unava…
8bd47b6 
…ilable.

Signed-off-by: Sami Mazouz <ilyasmazouz@gmail.com>
askvortsov1
askvortsov1 requested changes Aug 23, 2022
View reviewed changes
framework/core/src/User/SessionServiceProvider.php Show resolved Hide resolved
framework/core/src/User/SessionManager.php Outdated Show resolved Hide resolved
framework/core/src/User/SessionManager.php Outdated Show resolved Hide resolved
framework/core/src/User/SessionServiceProvider.php Show resolved Hide resolved
framework/core/src/User/SessionManager.php Outdated Show resolved Hide resolved
@SychO9
fix(review): simplify session manager logic
7b7e65e 
Signed-off-by: Sami Mazouz <ilyasmazouz@gmail.com>
@SychO9 SychO9 requested a review from askvortsov1 August 24, 2022 10:22
askvortsov1
askvortsov1 requested changes Sep 6, 2022
View reviewed changes
framework/core/src/Foundation/Console/InfoCommand.php Outdated Show resolved Hide resolved
framework/core/src/Foundation/Console/InfoCommand.php Outdated Show resolved Hide resolved
framework/core/src/User/SessionManager.php Outdated Show resolved Hide resolved
@SychO9 SychO9 added this to the 1.6 milestone Sep 6, 2022
@SychO9
chore(review): clearer error message
9bb2fb9 
Signed-off-by: Sami Mazouz <sychocouldy@gmail.com>
@SychO9
chore(review): improve InfoCommand code readability
6e53566 
Signed-off-by: Sami Mazouz <sychocouldy@gmail.com>
@SychO9 SychO9 requested a review from a team as a code owner September 6, 2022 21:48
StyleCIBot and others added 2 commits September 6, 2022 21:48
@SychO9 SychO9 requested a review from askvortsov1 September 6, 2022 21:52
askvortsov1
askvortsov1 approved these changes Sep 10, 2022
View reviewed changes
Copy link
Member

@askvortsov1 askvortsov1 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me!

@SychO9 SychO9 merged commit f676184 into main Sep 14, 2022
@SychO9 SychO9 deleted the sm/session-driver branch September 14, 2022 17:10
@luceos luceos mentioned this pull request Nov 10, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@askvortsov1 askvortsov1 askvortsov1 approved these changes

@luceos luceos luceos approved these changes

Assignees

@SychO9 SychO9

Labels
needs-documentation type/feature
Projects
Roadmap
Status: completed
Milestone
1.6
Development

Successfully merging this pull request may close these issues.
4 participants
@SychO9 @luceos @askvortsov1 @StyleCIBot