diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2021-08-14 12:22:42 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2021-08-14 12:22:42 +0200 |
| commit | 7d83321286efc37162521f4302cf17f03c317020 (patch) | |
| tree | 4306a63572b04de0bc94e4ced0fff3d0c23866ed /app | |
| parent | 92ae9c89a4356abc94f2ec5c96a1b783f933fb18 (diff) | |
Better catch when a user does not exists (#3751)
#fix https://github.com/FreshRSS/FreshRSS/issues/3735
Before, we were relying on an exception during the first stages of user initalisation. Now the check is explicit and cleaner, producing a more appropriate HTTP response for the API.
Diffstat (limited to 'app')
| -rw-r--r-- | app/Controllers/userController.php | 4 | ||||
| -rw-r--r-- | app/Models/Context.php | 5 | ||||
| -rw-r--r-- | app/install.php | 2 |
3 files changed, 8 insertions, 3 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 0b23ff953..81f8b20a8 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -14,6 +14,10 @@ class FreshRSS_user_Controller extends Minz_ActionController { return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1; } + public static function userExists($username) { + return @file_exists(USERS_PATH . '/' . $username . '/config.php'); + } + public static function updateUser($user, $email, $passwordPlain, $userConfigUpdated = array()) { $userConfig = get_user_configuration($user); if ($userConfig === null) { diff --git a/app/Models/Context.php b/app/Models/Context.php index 4f18165c0..14bca866c 100644 --- a/app/Models/Context.php +++ b/app/Models/Context.php @@ -60,7 +60,7 @@ class FreshRSS_Context { /** * Initialize the context for the current user. */ - public static function initUser($username = '') { + public static function initUser($username = '', $userMustExist = true) { FreshRSS_Context::$user_conf = null; if (!isset($_SESSION)) { Minz_Session::init('FreshRSS'); @@ -70,7 +70,8 @@ class FreshRSS_Context { if ($username == '') { $username = Minz_Session::param('currentUser', ''); } - if ($username === '_' || FreshRSS_user_Controller::checkUsername($username)) { + if (($username === '_' || FreshRSS_user_Controller::checkUsername($username)) && + (!$userMustExist || FreshRSS_user_Controller::userExists($username))) { try { //TODO: Keep in session what we need instead of always reloading from disk Minz_Configuration::register('user', diff --git a/app/install.php b/app/install.php index 11f691b91..8e3d857a7 100644 --- a/app/install.php +++ b/app/install.php @@ -71,7 +71,7 @@ function saveStep1() { // First, we try to get previous configurations FreshRSS_Context::initSystem(); - FreshRSS_Context::initUser(FreshRSS_Context::$system_conf->default_user); + FreshRSS_Context::initUser(FreshRSS_Context::$system_conf->default_user, false); // Then, we set $_SESSION vars Minz_Session::_params([ |