aboutsummaryrefslogtreecommitdiff
path: root/app/Controllers/authController.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/Controllers/authController.php')
-rw-r--r--app/Controllers/authController.php63
1 files changed, 33 insertions, 30 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index 06eca7d9e..85a722761 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -28,23 +28,26 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
$anon = Minz_Request::paramBoolean('anon_access');
$anon_refresh = Minz_Request::paramBoolean('anon_refresh');
- $auth_type = Minz_Request::paramString('auth_type') ?: 'none';
+ $auth_type = Minz_Request::paramString('auth_type') ?: 'form';
$unsafe_autologin = Minz_Request::paramBoolean('unsafe_autologin');
$api_enabled = Minz_Request::paramBoolean('api_enabled');
- if ($anon !== FreshRSS_Context::$system_conf->allow_anonymous ||
- $auth_type !== FreshRSS_Context::$system_conf->auth_type ||
- $anon_refresh !== FreshRSS_Context::$system_conf->allow_anonymous_refresh ||
- $unsafe_autologin !== FreshRSS_Context::$system_conf->unsafe_autologin_enabled ||
- $api_enabled !== FreshRSS_Context::$system_conf->api_enabled) {
-
- // TODO: test values from form
- FreshRSS_Context::$system_conf->auth_type = $auth_type;
- FreshRSS_Context::$system_conf->allow_anonymous = $anon;
- FreshRSS_Context::$system_conf->allow_anonymous_refresh = $anon_refresh;
- FreshRSS_Context::$system_conf->unsafe_autologin_enabled = $unsafe_autologin;
- FreshRSS_Context::$system_conf->api_enabled = $api_enabled;
-
- $ok &= FreshRSS_Context::$system_conf->save();
+ if ($anon !== FreshRSS_Context::systemConf()->allow_anonymous ||
+ $auth_type !== FreshRSS_Context::systemConf()->auth_type ||
+ $anon_refresh !== FreshRSS_Context::systemConf()->allow_anonymous_refresh ||
+ $unsafe_autologin !== FreshRSS_Context::systemConf()->unsafe_autologin_enabled ||
+ $api_enabled !== FreshRSS_Context::systemConf()->api_enabled) {
+
+ if (in_array($auth_type, ['form', 'http_auth', 'none'], true)) {
+ FreshRSS_Context::systemConf()->auth_type = $auth_type;
+ } else {
+ FreshRSS_Context::systemConf()->auth_type = 'form';
+ }
+ FreshRSS_Context::systemConf()->allow_anonymous = $anon;
+ FreshRSS_Context::systemConf()->allow_anonymous_refresh = $anon_refresh;
+ FreshRSS_Context::systemConf()->unsafe_autologin_enabled = $unsafe_autologin;
+ FreshRSS_Context::systemConf()->api_enabled = $api_enabled;
+
+ $ok &= FreshRSS_Context::systemConf()->save();
}
invalidateHttpCache();
@@ -69,7 +72,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
Minz_Request::forward(['c' => 'index', 'a' => 'index'], true);
}
- $auth_type = FreshRSS_Context::$system_conf->auth_type;
+ $auth_type = FreshRSS_Context::systemConf()->auth_type;
FreshRSS_Context::initUser(Minz_User::INTERNAL_USER, false);
switch ($auth_type) {
case 'form':
@@ -114,7 +117,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
FreshRSS_View::prependTitle(_t('gen.auth.login') . ' · ');
FreshRSS_View::appendScript(Minz_Url::display('/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js')));
- $limits = FreshRSS_Context::$system_conf->limits;
+ $limits = FreshRSS_Context::systemConf()->limits;
$this->view->cookie_days = (int)round($limits['cookie_duration'] / 86400, 1);
$isPOST = Minz_Request::isPost() && !Minz_Session::paramBoolean('POST_to_GET');
@@ -128,39 +131,39 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
usleep(random_int(100, 10000)); //Primitive mitigation of timing attacks, in μs
FreshRSS_Context::initUser($username);
- if (FreshRSS_Context::$user_conf == null) {
+ if (!FreshRSS_Context::hasUserConf()) {
// Initialise the default user to be able to display the error page
- FreshRSS_Context::initUser(FreshRSS_Context::$system_conf->default_user);
+ FreshRSS_Context::initUser(FreshRSS_Context::systemConf()->default_user);
Minz_Error::error(403, _t('feedback.auth.login.invalid'), false);
return;
}
- if (!FreshRSS_Context::$user_conf->enabled || FreshRSS_Context::$user_conf->passwordHash == '') {
+ if (!FreshRSS_Context::userConf()->enabled || FreshRSS_Context::userConf()->passwordHash == '') {
usleep(random_int(100, 5000)); //Primitive mitigation of timing attacks, in μs
Minz_Error::error(403, _t('feedback.auth.login.invalid'), false);
return;
}
$ok = FreshRSS_FormAuth::checkCredentials(
- $username, FreshRSS_Context::$user_conf->passwordHash, $nonce, $challenge
+ $username, FreshRSS_Context::userConf()->passwordHash, $nonce, $challenge
);
if ($ok) {
// Set session parameter to give access to the user.
Minz_Session::_params([
Minz_User::CURRENT_USER => $username,
- 'passwordHash' => FreshRSS_Context::$user_conf->passwordHash,
+ 'passwordHash' => FreshRSS_Context::userConf()->passwordHash,
'csrf' => false,
]);
FreshRSS_Auth::giveAccess();
// Set cookie parameter if needed.
if (Minz_Request::paramBoolean('keep_logged_in')) {
- FreshRSS_FormAuth::makeCookie($username, FreshRSS_Context::$user_conf->passwordHash);
+ FreshRSS_FormAuth::makeCookie($username, FreshRSS_Context::userConf()->passwordHash);
} else {
FreshRSS_FormAuth::deleteCookie();
}
- Minz_Translate::init(FreshRSS_Context::$user_conf->language);
+ Minz_Translate::init(FreshRSS_Context::userConf()->language);
// All is good, go back to the original request or the index.
$url = Minz_Url::unserialize(Minz_Request::paramString('original_request'));
@@ -176,7 +179,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
Minz_Request::setBadNotification(_t('feedback.auth.login.invalid'));
Minz_Request::forward(['c' => 'auth', 'a' => 'login'], false);
}
- } elseif (FreshRSS_Context::$system_conf->unsafe_autologin_enabled) {
+ } elseif (FreshRSS_Context::systemConf()->unsafe_autologin_enabled) {
$username = Minz_Request::paramString('u');
$password = Minz_Request::paramString('p');
Minz_Request::_param('p');
@@ -188,11 +191,11 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
FreshRSS_FormAuth::deleteCookie();
FreshRSS_Context::initUser($username);
- if (FreshRSS_Context::$user_conf == null) {
+ if (!FreshRSS_Context::hasUserConf()) {
return;
}
- $s = FreshRSS_Context::$user_conf->passwordHash;
+ $s = FreshRSS_Context::userConf()->passwordHash;
$ok = password_verify($password, $s);
unset($password);
if ($ok) {
@@ -203,7 +206,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
]);
FreshRSS_Auth::giveAccess();
- Minz_Translate::init(FreshRSS_Context::$user_conf->language);
+ Minz_Translate::init(FreshRSS_Context::userConf()->language);
Minz_Request::good(_t('feedback.auth.login.success'), ['c' => 'index', 'a' => 'index']);
} else {
@@ -242,8 +245,8 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
}
$this->view->show_tos_checkbox = file_exists(TOS_FILENAME);
- $this->view->show_email_field = FreshRSS_Context::$system_conf->force_email_validation;
- $this->view->preferred_language = Minz_Translate::getLanguage(null, Minz_Request::getPreferredLanguages(), FreshRSS_Context::$system_conf->language);
+ $this->view->show_email_field = FreshRSS_Context::systemConf()->force_email_validation;
+ $this->view->preferred_language = Minz_Translate::getLanguage(null, Minz_Request::getPreferredLanguages(), FreshRSS_Context::systemConf()->language);
FreshRSS_View::prependTitle(_t('gen.auth.registration.title') . ' · ');
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 08:52:34 +0000