From 888e566f0a8086cfabf0a8f50eca77e38329b874 Mon Sep 17 00:00:00 2001 From: Fabrizio Balliano Date: Tue, 5 Sep 2023 01:10:39 +0100 Subject: [PATCH 1/2] Added composer patch to get.php, ref. #3453 (#3476) --- get.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/get.php b/get.php index 05d0fb28c21..01a73752c64 100644 --- a/get.php +++ b/get.php @@ -28,7 +28,7 @@ /** * Set include path */ - +$paths = []; $paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'local'; $paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'community'; $paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'core'; @@ -36,12 +36,22 @@ $appPath = implode($ps, $paths); set_include_path($appPath . $ps . get_include_path()); - include_once 'Mage/Core/functions.php'; include_once 'Varien/Autoload.php'; Varien_Autoload::register(); +/** AUTOLOADER PATCH **/ +$autoloaderPath = getenv('COMPOSER_VENDOR_PATH'); +if (!$autoloaderPath) { + $autoloaderPath = dirname($bp) . $ds . 'vendor'; + if (!is_dir($autoloaderPath)) { + $autoloaderPath = $bp . $ds . 'vendor'; + } +} +require $autoloaderPath . $ds . 'autoload.php'; +/** AUTOLOADER PATCH **/ + $varDirectory = $bp . $ds . Mage_Core_Model_Config_Options::VAR_DIRECTORY; $configCacheFile = $varDirectory . $ds . 'resource_config.json'; From 0f032f375598b50d1c9c553206a9c750796bf1d6 Mon Sep 17 00:00:00 2001 From: Ng Kiat Siong Date: Tue, 5 Sep 2023 17:09:06 +0800 Subject: [PATCH 2/2] Fixed unnecessary entries in table `api-session` when using insta-login in API calls (#3477) * Fixed unnecessary entries in table `api-session` when using insta-login in API calls. * CX-fixer * Removed unused method _isSessionExpired() which has a bug. * Update phpstan.dist.baseline.neon * Update app/code/core/Mage/Api/Model/Server/Handler/Abstract.php Co-authored-by: Mohamed ELIDRISSI <67818913+elidrissidev@users.noreply.github.com> --------- Co-authored-by: Fabrizio Balliano Co-authored-by: Mohamed ELIDRISSI <67818913+elidrissidev@users.noreply.github.com> --- .../Api/Model/Server/Handler/Abstract.php | 60 ++++++++----------- app/code/core/Mage/Api/Model/Session.php | 33 +++++++++- phpstan.dist.baseline.neon | 5 -- 3 files changed, 56 insertions(+), 42 deletions(-) diff --git a/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php b/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php index 78e3eb1f909..5ad0ad18ad8 100644 --- a/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php +++ b/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php @@ -87,6 +87,21 @@ protected function _startSession($sessionId = null) return $this; } + /** + * Allow insta-login via HTTP Basic Auth + * + * @param string $sessionId + * @return $this + */ + protected function _instaLogin(&$sessionId) + { + if ($sessionId === null && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { + $this->_getSession()->setIsInstaLogin(); + $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); + } + return $this; + } + /** * Check current user permission on resource and privilege * @@ -100,16 +115,6 @@ protected function _isAllowed($resource, $privilege = null) return $this->_getSession()->isAllowed($resource, $privilege); } - /** - * Check session expiration - * - * @return bool - */ - protected function _isSessionExpired() - { - return $this->_getSession()->isSessionExpired(); - } - /** * Dispatch webservice fault * @@ -225,11 +230,8 @@ public function login($username, $apiKey = null) */ public function call($sessionId, $apiPath, $args = []) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -313,11 +315,8 @@ public function call($sessionId, $apiPath, $args = []) */ public function multiCall($sessionId, array $calls = [], $options = []) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -445,11 +444,8 @@ public function multiCall($sessionId, array $calls = [], $options = []) */ public function resources($sessionId) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -513,11 +509,8 @@ public function resources($sessionId) */ public function resourceFaults($sessionId, $resourceName) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -553,11 +546,8 @@ public function resourceFaults($sessionId, $resourceName) */ public function globalFaults($sessionId) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); return array_values($this->_getConfig()->getFaults()); } diff --git a/app/code/core/Mage/Api/Model/Session.php b/app/code/core/Mage/Api/Model/Session.php index 07952339dcf..e91e6b71b02 100644 --- a/app/code/core/Mage/Api/Model/Session.php +++ b/app/code/core/Mage/Api/Model/Session.php @@ -96,6 +96,28 @@ public function clear() return true; } + /** + * Flag login as HTTP Basic Auth. + * + * @param bool $isInstaLogin + * @return $this + */ + public function setIsInstaLogin(bool $isInstaLogin = true) + { + $this->setData('is_insta_login', $isInstaLogin); + return $this; + } + + /** + * Is insta-login? + * + * @return bool + */ + public function getIsInstaLogin(): bool + { + return (bool) $this->getData('is_insta_login'); + } + /** * @param string $username * @param string $apiKey @@ -105,8 +127,15 @@ public function clear() public function login($username, $apiKey) { $user = Mage::getModel('api/user') - ->setSessid($this->getSessionId()) - ->login($username, $apiKey); + ->setSessid($this->getSessionId()); + if ($this->getIsInstaLogin() && $user->authenticate($username, $apiKey)) { + Mage::dispatchEvent('api_user_authenticated', [ + 'model' => $user, + 'api_key' => $apiKey, + ]); + } else { + $user->login($username, $apiKey); + } if ($user->getId() && $user->getIsActive() != '1') { Mage::throwException(Mage::helper('api')->__('Your account has been deactivated.')); diff --git a/phpstan.dist.baseline.neon b/phpstan.dist.baseline.neon index 44909be6289..8a1e7f903af 100644 --- a/phpstan.dist.baseline.neon +++ b/phpstan.dist.baseline.neon @@ -765,11 +765,6 @@ parameters: count: 2 path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php - - - message: "#^Method Mage_Api_Model_Session\\:\\:isSessionExpired\\(\\) invoked with 0 parameters, 1 required\\.$#" - count: 1 - path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php - - message: "#^Result of method SoapServer\\:\\:handle\\(\\) \\(void\\) is used\\.$#" count: 1