From 7d83321286efc37162521f4302cf17f03c317020 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 14 Aug 2021 12:22:42 +0200
Subject: Better catch when a user does not exists (#3751)

#fix https://github.com/FreshRSS/FreshRSS/issues/3735
Before, we were relying on an exception during the first stages of user initalisation. Now the check is explicit and cleaner, producing a more appropriate HTTP response for the API.
---
 app/Controllers/userController.php | 4 ++++
 app/Models/Context.php             | 5 +++--
 app/install.php                    | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 0b23ff953..81f8b20a8 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -14,6 +14,10 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1;
 	}
 
+	public static function userExists($username) {
+		return @file_exists(USERS_PATH . '/' . $username . '/config.php');
+	}
+
 	public static function updateUser($user, $email, $passwordPlain, $userConfigUpdated = array()) {
 		$userConfig = get_user_configuration($user);
 		if ($userConfig === null) {
diff --git a/app/Models/Context.php b/app/Models/Context.php
index 4f18165c0..14bca866c 100644
--- a/app/Models/Context.php
+++ b/app/Models/Context.php
@@ -60,7 +60,7 @@ class FreshRSS_Context {
 	/**
 	 * Initialize the context for the current user.
 	 */
-	public static function initUser($username = '') {
+	public static function initUser($username = '', $userMustExist = true) {
 		FreshRSS_Context::$user_conf = null;
 		if (!isset($_SESSION)) {
 			Minz_Session::init('FreshRSS');
@@ -70,7 +70,8 @@ class FreshRSS_Context {
 		if ($username == '') {
 			$username = Minz_Session::param('currentUser', '');
 		}
-		if ($username === '_' || FreshRSS_user_Controller::checkUsername($username)) {
+		if (($username === '_' || FreshRSS_user_Controller::checkUsername($username)) &&
+			(!$userMustExist || FreshRSS_user_Controller::userExists($username))) {
 			try {
 				//TODO: Keep in session what we need instead of always reloading from disk
 				Minz_Configuration::register('user',
diff --git a/app/install.php b/app/install.php
index 11f691b91..8e3d857a7 100644
--- a/app/install.php
+++ b/app/install.php
@@ -71,7 +71,7 @@ function saveStep1() {
 
 		// First, we try to get previous configurations
 		FreshRSS_Context::initSystem();
-		FreshRSS_Context::initUser(FreshRSS_Context::$system_conf->default_user);
+		FreshRSS_Context::initUser(FreshRSS_Context::$system_conf->default_user, false);
 
 		// Then, we set $_SESSION vars
 		Minz_Session::_params([
-- 
cgit v1.2.3