Create some exceptions handling for session errors

glpi-project · Sep 23, 2024 · 454b635 · 454b635
1 parent edc000c
commit 454b635
Show file tree

Hide file tree

Showing 5 changed files with 190 additions and 8 deletions.
diff --git a/src/Glpi/Exception/Access/AccessException.php b/src/Glpi/Exception/Access/AccessException.php
@@ -0,0 +1,50 @@
+<?php
+
+/**
+ * ---------------------------------------------------------------------
+ *
+ * GLPI - Gestionnaire Libre de Parc Informatique
+ *
+ * http://glpi-project.org
+ *
+ * @copyright 2015-2024 Teclib' and contributors.
+ * @licence   https://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * ---------------------------------------------------------------------
+ *
+ * LICENSE
+ *
+ * This file is part of GLPI.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * ---------------------------------------------------------------------
+ */
+
+namespace Glpi\Exception\Access;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+abstract class AccessException extends \RuntimeException
+{
+    protected Request $request;
+
+    public function setRequest(Request $request): void
+    {
+        $this->request = $request;
+    }
+
+    abstract public function asResponse(): Response;
+}
diff --git a/src/Glpi/Exception/Access/RequiresHttpsException.php b/src/Glpi/Exception/Access/RequiresHttpsException.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace Glpi\Exception\Access;
+
+use Glpi\Application\View\TemplateRenderer;
+use Symfony\Component\HttpFoundation\Response;
+
+class RequiresHttpsException extends AccessException
+{
+    public function asResponse(): Response
+    {
+        $cnt = TemplateRenderer::getInstance()->render(
+            'pages/https_only.html.twig',
+            [
+                'secured_url' => 'https://' . $this->request->getHost() . $this->request->getUri(),
+            ]
+        );
+
+        return new Response($cnt);
+    }
+}
diff --git a/src/Glpi/Exception/Access/SessionExpiredException.php b/src/Glpi/Exception/Access/SessionExpiredException.php
@@ -0,0 +1,49 @@
+<?php
+
+/**
+ * ---------------------------------------------------------------------
+ *
+ * GLPI - Gestionnaire Libre de Parc Informatique
+ *
+ * http://glpi-project.org
+ *
+ * @copyright 2015-2024 Teclib' and contributors.
+ * @licence   https://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * ---------------------------------------------------------------------
+ *
+ * LICENSE
+ *
+ * This file is part of GLPI.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * ---------------------------------------------------------------------
+ */
+
+namespace Glpi\Exception\Access;
+
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Response;
+
+/**
+ * Used when there is no session, or session cookies have expired.
+ */
+class SessionExpiredException extends AccessException
+{
+    public function asResponse(): Response
+    {
+        return new RedirectResponse('/front/login.php');
+    }
+}
diff --git a/src/Glpi/Http/AccessErrorListener.php b/src/Glpi/Http/AccessErrorListener.php
@@ -0,0 +1,66 @@
+<?php
+
+/**
+ * ---------------------------------------------------------------------
+ *
+ * GLPI - Gestionnaire Libre de Parc Informatique
+ *
+ * http://glpi-project.org
+ *
+ * @copyright 2015-2024 Teclib' and contributors.
+ * @licence   https://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * ---------------------------------------------------------------------
+ *
+ * LICENSE
+ *
+ * This file is part of GLPI.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * ---------------------------------------------------------------------
+ */
+
+namespace Glpi\Http;
+
+use Glpi\Exception\Access\AccessException;
+use Glpi\Exception\Access\RequiresHttpsException;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpKernel\Event\ExceptionEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
+
+class AccessErrorListener implements EventSubscriberInterface
+{
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            KernelEvents::EXCEPTION => 'onKernelException',
+        ];
+    }
+
+    public function onKernelException(ExceptionEvent $event): void
+    {
+        $e = $event->getThrowable();
+
+        if (!$e instanceof AccessException) {
+            return;
+        }
+
+        $req = $event->getRequest();
+
+        $e->setRequest($req);
+
+        $event->setResponse($e->asResponse());
+    }
+}
diff --git a/src/Session.php b/src/Session.php
@@ -37,6 +37,8 @@
 use Glpi\Cache\CacheManager;
 use Glpi\Cache\I18nCache;
 use Glpi\Event;
+use Glpi\Exception\Access\RequiresHttpsException;
+use Glpi\Exception\Access\SessionExpiredException;
 use Glpi\Plugin\Hooks;
 use Glpi\Session\SessionInfo;
 
@@ -1021,13 +1023,7 @@ public static function checkCookieSecureConfig(): void
         $cookie_secure = filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN);
         $is_https_request = ($_SERVER['HTTPS'] ?? 'off') === 'on' || (int)($_SERVER['SERVER_PORT'] ?? null) == 443;
         if ($is_https_request === false && $cookie_secure === true) {
-            TemplateRenderer::getInstance()->display(
-                'pages/https_only.html.twig',
-                [
-                    'secured_url' => 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'],
-                ]
-            );
-            exit();
+            throw new RequiresHttpsException();
         }
     }
 
@@ -1049,7 +1045,7 @@ public static function checkValidSessionId()
             !isset($_SESSION['valid_id'])
             || ($_SESSION['valid_id'] !== session_id())
         ) {
-            Html::redirectToLogin('error=3');
+            throw new SessionExpiredException();
         }
 
         $user_id    = self::getLoginUserID();