API: Remove $sid argument of Session::start()

NEW: Pass HTTPRequest to session
NEW: Pass HTTPReuqest optionally to Director statics

The session handler now expects to operate on a specific
HTTPRequest object.
This commit is contained in:
Sam Minnee 2017-06-25 14:13:36 +12:00 committed by Damian Mooyman
parent ccc86306b6
commit e92c63c545
4 changed files with 25 additions and 24 deletions

View File

@ -509,7 +509,7 @@ class Director implements TemplateGlobalProvider
*
* @return string
*/
public static function host()
public static function host(HTTPRequest $request = null)
{
// Check if overridden by alternate_base_url
if ($baseURL = self::config()->get('alternate_base_url')) {
@ -520,7 +520,9 @@ class Director implements TemplateGlobalProvider
}
}
$request = Injector::inst()->get(HTTPRequest::class);
if (!$request) {
$request = Injector::inst()->get(HTTPRequest::class, true, ['GET', '/']);
}
if ($request && $host = $request->getHeader('Host')) {
return $host;
}
@ -549,9 +551,9 @@ class Director implements TemplateGlobalProvider
*
* @return bool|string
*/
public static function protocolAndHost()
public static function protocolAndHost(HTTPRequest $request = null)
{
return static::protocol() . static::host();
return static::protocol($request) . static::host($request);
}
/**
@ -559,9 +561,9 @@ class Director implements TemplateGlobalProvider
*
* @return string
*/
public static function protocol()
public static function protocol(HTTPRequest $request = null)
{
return (self::is_https()) ? 'https://' : 'http://';
return (self::is_https($request)) ? 'https://' : 'http://';
}
/**
@ -569,7 +571,7 @@ class Director implements TemplateGlobalProvider
*
* @return bool
*/
public static function is_https()
public static function is_https(HTTPRequest $request = null)
{
// Check override from alternate_base_url
if ($baseURL = self::config()->uninherited('alternate_base_url')) {
@ -581,7 +583,9 @@ class Director implements TemplateGlobalProvider
}
// Check the current request
$request = Injector::inst()->get(HTTPRequest::class);
if (!$request) {
$request = Injector::inst()->get(HTTPRequest::class, true, ['GET', '/']);
}
if ($request && $host = $request->getHeader('Host')) {
return $request->getScheme() === 'https';
}

View File

@ -172,10 +172,10 @@ class Session
/**
* Init this session instance before usage
*/
public function init()
public function init(HTTPRequest $request)
{
if (!$this->isStarted()) {
$this->start();
$this->start($request);
}
// Funny business detected!
@ -183,7 +183,7 @@ class Session
if ($this->data['HTTP_USER_AGENT'] !== $this->userAgent()) {
$this->clearAll();
$this->destroy();
$this->start();
$this->start($request);
}
}
}
@ -191,10 +191,10 @@ class Session
/**
* Destroy existing session and restart
*/
public function restart()
public function restart(HTTPRequest $request)
{
$this->destroy();
$this->init();
$this->init($request);
}
/**
@ -210,9 +210,9 @@ class Session
/**
* Begin session
*
* @param string $sid
* @param $request The request for which to start a session
*/
public function start($sid = null)
public function start(HTTPRequest $request)
{
if ($this->isStarted()) {
throw new BadMethodCallException("Session has already started");
@ -223,7 +223,7 @@ class Session
$path = Director::baseURL();
}
$domain = $this->config()->get('cookie_domain');
$secure = Director::is_https() && $this->config()->get('cookie_secure');
$secure = Director::is_https($request) && $this->config()->get('cookie_secure');
$session_path = $this->config()->get('session_store_path');
$timeout = $this->config()->get('timeout');
@ -255,9 +255,6 @@ class Session
session_name('SECSESSID');
}
if ($sid) {
session_id($sid);
}
session_start();
$this->data = isset($_SESSION) ? $_SESSION : array();
@ -480,13 +477,13 @@ class Session
* Save data to session
* Only save the changes, so that anyone manipulating $_SESSION directly doesn't get burned.
*/
public function save()
public function save(HTTPRequest $request)
{
if ($this->changedData) {
$this->finalize();
if (!$this->isStarted()) {
$this->start();
$this->start($request);
}
$this->recursivelyApply($this->changedData, $_SESSION);

View File

@ -12,7 +12,7 @@ class SessionMiddleware implements HTTPMiddleware
{
try {
// Start session and execute
$request->getSession()->init();
$request->getSession()->init($request);
// Generate output
$response = $delegate($request);
@ -20,7 +20,7 @@ class SessionMiddleware implements HTTPMiddleware
// Save session data, even if there was an exception.
// Note that save() will start/resume the session if required.
} finally {
$request->getSession()->save();
$request->getSession()->save($request);
}
return $response;

View File

@ -84,7 +84,7 @@ class ErrorControlChainMiddleware implements HTTPMiddleware
$this->getApplication()->getKernel()->boot(false);
// Ensure session is started
$request->getSession()->init();
$request->getSession()->init($request);
// Next, check if we're in dev mode, or the database doesn't have any security data, or we are admin
if (Director::isDev() || !Security::database_is_ready() || Permission::check('ADMIN')) {