Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'saas-sessionoptimizations' into saas-3.x-sessionoptimizations

Browse source 
Conflicts:
	airtime_mvc/application/Bootstrap.php
	airtime_mvc/application/configs/constants.php
	airtime_mvc/application/controllers/LoginController.php
	airtime_mvc/application/controllers/UserController.php
	airtime_mvc/public/js/airtime/preferences/preferences.js
This commit is contained in:
Albert Santoni 2015-09-29 18:58:55 -04:00
commit 8b33acacd3
19 changed files with 395 additions and 216 deletions
Download patch file Download diff file Expand all files Collapse all files

15
airtime_mvc/application/controllers/plugins/Acl_plugin.php
View file

@ -109,9 +109,10 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controller = strtolower($request->getControllerName());
Application_Model_Auth::pinSessionToClient(Zend_Auth::getInstance());
if (in_array($controller, array(
"index",
"login",
"api",
"auth",
"error",
@ -123,7 +124,10 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
)))
{
$this->setRoleName("G");
} elseif (!Zend_Auth::getInstance()->hasIdentity()) {
}
elseif (Zend_Session::isStarted() && !Zend_Auth::getInstance()->hasIdentity()) {
//The controller uses sessions but we don't have an identity yet.
// If we don't have an identity and we're making a RESTful request,
// we need to do API key verification
@ -165,6 +169,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
}
}
} else { //We have a session/identity.
// If we have an identity and we're making a RESTful request,
// we need to check the CSRF token
if ($_SERVER['REQUEST_METHOD'] != "GET" && $request->getModuleName() == "rest") {
@ -223,11 +228,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
}
private function verifyCSRFToken($token) {
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
$observed_csrf_token = $token;
$expected_csrf_token = $current_namespace->authtoken;
return ($observed_csrf_token == $expected_csrf_token);
return SecurityHelper::verifyCSRFToken($token);
}
private function verifyAPIKey() {