Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

SAAS-1085: Optimization - Don't start sessions unless we actually need them.

Browse source
This commit is contained in:
Albert Santoni 2015-09-25 10:41:51 -04:00
parent a86e3ed4a8
commit c03e9cbe9a
13 changed files with 334 additions and 197 deletions
Download patch file Download diff file Expand all files Collapse all files

15
airtime_mvc/application/controllers/plugins/Acl_plugin.php
View file

@ -109,9 +109,10 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controller = strtolower($request->getControllerName());
Application_Model_Auth::pinSessionToClient(Zend_Auth::getInstance());
if (in_array($controller, array(
"index",
"login",
"api",
"auth",
"error",
@ -123,7 +124,10 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
)))
{
$this->setRoleName("G");
} elseif (!Zend_Auth::getInstance()->hasIdentity()) {
}
elseif (Zend_Session::isStarted() && !Zend_Auth::getInstance()->hasIdentity()) {
//The controller uses sessions but we don't have an identity yet.
// If we don't have an identity and we're making a RESTful request,
// we need to do API key verification
@ -165,6 +169,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
}
}
} else { //We have a session/identity.
// If we have an identity and we're making a RESTful request,
// we need to check the CSRF token
if ($_SERVER['REQUEST_METHOD'] != "GET" && $request->getModuleName() == "rest") {
@ -222,11 +227,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
}
private function verifyCSRFToken($token) {
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
$observed_csrf_token = $token;
$expected_csrf_token = $current_namespace->authtoken;
return ($observed_csrf_token == $expected_csrf_token);
SecurityHelper::verifyCSRFToken($token);
}
private function verifyAPIKey() {