From 8c15e451c61a5bb721ccc5bcbd61077b82846039 Mon Sep 17 00:00:00 2001
From: Sam Minnee <sam@silverstripe.com>
Date: Fri, 25 Aug 2017 13:06:12 +1200
Subject: [PATCH] FIX: Removed unnecessary database_is_ready call.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This shaves about 45ms from every request (PHP 7.1 on a 2013 rMBP),
cutting down execution time of a “hello world” controller by about 33%.

database_is_ready is still used in dev/build and ?flush=1 to stop people
from people bypassing security by DOSing the database or otherwise
forcing a DatabaseException
---
 src/Security/AuthenticationMiddleware.php     | 23 +++++++--------
 src/Security/BasicAuth.php                    | 28 +++++++++++--------
 .../CookieAuthenticationHandler.php           |  3 +-
 3 files changed, 30 insertions(+), 24 deletions(-)

diff --git a/src/Security/AuthenticationMiddleware.php b/src/Security/AuthenticationMiddleware.php
index 525b25277..d4bd88ae0 100644
--- a/src/Security/AuthenticationMiddleware.php
+++ b/src/Security/AuthenticationMiddleware.php
@@ -7,6 +7,7 @@ use SilverStripe\Control\HTTPResponse;
 use SilverStripe\Control\Middleware\HTTPMiddleware;
 use SilverStripe\Core\Config\Configurable;
 use SilverStripe\ORM\ValidationException;
+use SilverStripe\ORM\Connect\DatabaseException;
 
 class AuthenticationMiddleware implements HTTPMiddleware
 {
@@ -44,17 +45,17 @@ class AuthenticationMiddleware implements HTTPMiddleware
      */
     public function process(HTTPRequest $request, callable $delegate)
     {
-        if (Security::database_is_ready()) {
-            try {
-                $this
-                    ->getAuthenticationHandler()
-                    ->authenticateRequest($request);
-            } catch (ValidationException $e) {
-                return new HTTPResponse(
-                    "Bad log-in details: " . $e->getMessage(),
-                    400
-                );
-            }
+        try {
+            $this
+                ->getAuthenticationHandler()
+                ->authenticateRequest($request);
+        } catch (ValidationException $e) {
+            return new HTTPResponse(
+                "Bad log-in details: " . $e->getMessage(),
+                400
+            );
+        } catch (DatabaseException $e) {
+            // Database isn't ready, carry on.
         }
 
         return $delegate($request);
diff --git a/src/Security/BasicAuth.php b/src/Security/BasicAuth.php
index cc9ca0bd9..604142e08 100644
--- a/src/Security/BasicAuth.php
+++ b/src/Security/BasicAuth.php
@@ -10,6 +10,7 @@ use SilverStripe\Control\HTTPResponse_Exception;
 use SilverStripe\Core\Config\Configurable;
 use SilverStripe\Dev\Debug;
 use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;
+use SilverStripe\ORM\Connect\DatabaseException;
 
 /**
  * Provides an interface to HTTP basic authentication.
@@ -72,7 +73,7 @@ class BasicAuth
         $permissionCode = null,
         $tryUsingSessionLogin = true
     ) {
-        if (!Security::database_is_ready() || (Director::is_cli() && static::config()->get('ignore_cli'))) {
+        if ((Director::is_cli() && static::config()->get('ignore_cli'))) {
             return true;
         }
 
@@ -94,19 +95,24 @@ class BasicAuth
 
         $member = null;
 
-        if ($request->getHeader('PHP_AUTH_USER') && $request->getHeader('PHP_AUTH_PW')) {
-            /** @var MemberAuthenticator $authenticator */
-            $authenticators = Security::singleton()->getApplicableAuthenticators(Authenticator::LOGIN);
+        try {
+            if ($request->getHeader('PHP_AUTH_USER') && $request->getHeader('PHP_AUTH_PW')) {
+                /** @var MemberAuthenticator $authenticator */
+                $authenticators = Security::singleton()->getApplicableAuthenticators(Authenticator::LOGIN);
 
-            foreach ($authenticators as $name => $authenticator) {
-                $member = $authenticator->authenticate([
-                    'Email' => $request->getHeader('PHP_AUTH_USER'),
-                    'Password' => $request->getHeader('PHP_AUTH_PW'),
-                ], $request);
-                if ($member instanceof Member) {
-                    break;
+                foreach ($authenticators as $name => $authenticator) {
+                    $member = $authenticator->authenticate([
+                        'Email' => $request->getHeader('PHP_AUTH_USER'),
+                        'Password' => $request->getHeader('PHP_AUTH_PW'),
+                    ], $request);
+                    if ($member instanceof Member) {
+                        break;
+                    }
                 }
             }
+        } catch (DatabaseException $e) {
+            // Database isn't ready, let people in
+            return true;
         }
 
         if ($member instanceof Member) {
diff --git a/src/Security/MemberAuthenticator/CookieAuthenticationHandler.php b/src/Security/MemberAuthenticator/CookieAuthenticationHandler.php
index 8ed7559f8..d481f43bb 100644
--- a/src/Security/MemberAuthenticator/CookieAuthenticationHandler.php
+++ b/src/Security/MemberAuthenticator/CookieAuthenticationHandler.php
@@ -107,8 +107,7 @@ class CookieAuthenticationHandler implements AuthenticationHandler
         $uidAndToken = Cookie::get($this->getTokenCookieName());
         $deviceID = Cookie::get($this->getDeviceCookieName());
 
-        // @todo Consider better placement of database_is_ready test
-        if ($deviceID === null || strpos($uidAndToken, ':') === false || !Security::database_is_ready()) {
+        if ($deviceID === null || strpos($uidAndToken, ':') === false) {
             return null;
         }