From 934cad44b5c6e5ebd838a48d8b0674bc7913ae31 Mon Sep 17 00:00:00 2001 From: Robb Ebright Date: Tue, 21 Mar 2017 15:02:31 -0400 Subject: [PATCH 1/2] Fixing dependence upon hard-coded password by modifying playlist build to not require authentication --- .../common/AutoPlaylistManager.php | 45 ++++--------------- airtime_mvc/application/models/Scheduler.php | 2 +- .../application/models/ShowInstance.php | 1 + 3 files changed, 11 insertions(+), 37 deletions(-) diff --git a/airtime_mvc/application/common/AutoPlaylistManager.php b/airtime_mvc/application/common/AutoPlaylistManager.php index 36e97b20d..7137619a9 100644 --- a/airtime_mvc/application/common/AutoPlaylistManager.php +++ b/airtime_mvc/application/common/AutoPlaylistManager.php @@ -18,53 +18,26 @@ class AutoPlaylistManager { return empty($lastPolled) || (microtime(true) > $lastPolled + self::$_AUTOPLAYLIST_POLL_INTERVAL_SECONDS); } - /* - * This function is copied from the TestUser class and is used to instantiate a user so that - * the Scheduler model can be utilized by buildAutoPlaylist. - * Not sure if this is the best strategy but it works. - */ - public static function loginUser() - { - $authAdapter = Application_Model_Auth::getAuthAdapter(); - - //pass to the adapter the submitted username and password - $authAdapter->setIdentity('admin') - ->setCredential('admin'); - - $auth = Zend_Auth::getInstance(); - $result = $auth->authenticate($authAdapter); - if ($result->isValid()) { - //all info about this user from the login table omit only the password - $userInfo = $authAdapter->getResultRowObject(null, 'password'); - - //the default storage is a session with namespace Zend_Auth - $authStorage = $auth->getStorage(); - $authStorage->write($userInfo); - } - } - /** * Find all shows with autoplaylists who have yet to have their playlists built and added to the schedule * */ public static function buildAutoPlaylist() { - // Starting a session so that the User can be created - Zend_Session::start(); - static::loginUser(); - Logging::info("Checking to run Auto Playlist"); - $autoPlaylists = static::_upcomingAutoPlaylistShows(); - foreach ($autoPlaylists as $autoplaylist) { + // Starting a session + Zend_Session::start(); + Logging::info("Checking to run Auto Playlist"); + $autoPlaylists = static::_upcomingAutoPlaylistShows(); + foreach ($autoPlaylists as $autoplaylist) { // creates a ShowInstance object to build the playlist in from the ShowInstancesQuery Object - $si = new Application_Model_ShowInstance($autoplaylist->getDbId()); - $playlistid = $si->GetAutoPlaylistId(); + $si = new Application_Model_ShowInstance($autoplaylist->getDbId()); + $playlistid = $si->GetAutoPlaylistId(); Logging::info("Scheduling $playlistid"); // call the addPlaylist to show function and don't check for user permission to avoid call to non-existant user object $si->addPlaylistToShow($playlistid, false); $si->setAutoPlaylistBuilt(true); - } - Application_Model_Preference::setAutoPlaylistPollLock(microtime(true)); - Zend_Session::stop(); + Application_Model_Preference::setAutoPlaylistPollLock(microtime(true)); + Zend_Session::stop(); } /** diff --git a/airtime_mvc/application/models/Scheduler.php b/airtime_mvc/application/models/Scheduler.php index f3f0c508c..42fcecb34 100644 --- a/airtime_mvc/application/models/Scheduler.php +++ b/airtime_mvc/application/models/Scheduler.php @@ -76,7 +76,7 @@ class Application_Model_Scheduler } /* - * make sure any incoming requests for scheduling are ligit. + * make sure any incoming requests for scheduling are legit. * * @param array $items, an array containing pks of cc_schedule items. */ diff --git a/airtime_mvc/application/models/ShowInstance.php b/airtime_mvc/application/models/ShowInstance.php index bbccd538d..25f5e906f 100644 --- a/airtime_mvc/application/models/ShowInstance.php +++ b/airtime_mvc/application/models/ShowInstance.php @@ -230,6 +230,7 @@ SQL; $id = $this->_showInstance->getDbId(); $scheduler = new Application_Model_Scheduler(); + $scheduler->setCheckUserPermissions($checkUserPerm); $scheduler->scheduleAfter( array(array("id" => 0, "instance" => $id, "timestamp" => $ts)), array(array("id" => $pl_id, "type" => "playlist")) From 1fc1e6a1996c4a09d41775facb193f4892804cf0 Mon Sep 17 00:00:00 2001 From: Lucas Bickel Date: Wed, 22 Mar 2017 12:26:18 +0100 Subject: [PATCH 2/2] Get rid of session use in auto playlist The user object was triggering the creation of a user context that tried to grab something from the session. The later code never tried to use this due to the checkPerm flag. I'm assuming the user model used to have a sane constructor w/o side effects in the times where this code had it's heyday. --- .../common/AutoPlaylistManager.php | 19 ++++++++----------- airtime_mvc/application/models/Scheduler.php | 10 +++++++--- .../application/models/ShowInstance.php | 3 +-- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/airtime_mvc/application/common/AutoPlaylistManager.php b/airtime_mvc/application/common/AutoPlaylistManager.php index 7137619a9..eefc6377f 100644 --- a/airtime_mvc/application/common/AutoPlaylistManager.php +++ b/airtime_mvc/application/common/AutoPlaylistManager.php @@ -23,21 +23,18 @@ class AutoPlaylistManager { * */ public static function buildAutoPlaylist() { - // Starting a session - Zend_Session::start(); - Logging::info("Checking to run Auto Playlist"); - $autoPlaylists = static::_upcomingAutoPlaylistShows(); - foreach ($autoPlaylists as $autoplaylist) { - // creates a ShowInstance object to build the playlist in from the ShowInstancesQuery Object - $si = new Application_Model_ShowInstance($autoplaylist->getDbId()); - $playlistid = $si->GetAutoPlaylistId(); + Logging::info("Checking to run Auto Playlist"); + $autoPlaylists = static::_upcomingAutoPlaylistShows(); + foreach ($autoPlaylists as $autoplaylist) { + // creates a ShowInstance object to build the playlist in from the ShowInstancesQuery Object + $si = new Application_Model_ShowInstance($autoplaylist->getDbId()); + $playlistid = $si->GetAutoPlaylistId(); Logging::info("Scheduling $playlistid"); // call the addPlaylist to show function and don't check for user permission to avoid call to non-existant user object $si->addPlaylistToShow($playlistid, false); $si->setAutoPlaylistBuilt(true); - } - Application_Model_Preference::setAutoPlaylistPollLock(microtime(true)); - Zend_Session::stop(); + } + Application_Model_Preference::setAutoPlaylistPollLock(microtime(true)); } /** diff --git a/airtime_mvc/application/models/Scheduler.php b/airtime_mvc/application/models/Scheduler.php index 42fcecb34..cf542dce5 100644 --- a/airtime_mvc/application/models/Scheduler.php +++ b/airtime_mvc/application/models/Scheduler.php @@ -1,6 +1,6 @@ con = Propel::getConnection(CcSchedulePeer::DATABASE_NAME); @@ -40,7 +40,11 @@ class Application_Model_Scheduler $this->nowDT = DateTime::createFromFormat("U", time(), new DateTimeZone("UTC")); } - $this->user = Application_Model_User::getCurrentUser(); + $this->setCheckUserPermissions($checkUserPermissions); + + if ($this->checkUserPermissions) { + $this->user = Application_Model_User::getCurrentUser(); + } $this->crossfadeDuration = Application_Model_Preference::GetDefaultCrossfadeDuration(); } diff --git a/airtime_mvc/application/models/ShowInstance.php b/airtime_mvc/application/models/ShowInstance.php index 25f5e906f..a87d53951 100644 --- a/airtime_mvc/application/models/ShowInstance.php +++ b/airtime_mvc/application/models/ShowInstance.php @@ -229,8 +229,7 @@ SQL; $ts = intval($this->_showInstance->getDbLastScheduled("U")) ? : 0; $id = $this->_showInstance->getDbId(); - $scheduler = new Application_Model_Scheduler(); - $scheduler->setCheckUserPermissions($checkUserPerm); + $scheduler = new Application_Model_Scheduler($checkUserPerm); $scheduler->scheduleAfter( array(array("id" => 0, "instance" => $id, "timestamp" => $ts)), array(array("id" => $pl_id, "type" => "playlist"))