Fixed unnecessary entries in table api-session when using insta-log…

…in in API calls (#3477) * Fixed unnecessary entries in table `api-session` when using insta-login in API calls. * CX-fixer * Removed unused method _isSessionExpired() which has a bug. * Update phpstan.dist.baseline.neon * Update app/code/core/Mage/Api/Model/Server/Handler/Abstract.php Co-authored-by: Mohamed ELIDRISSI <[email protected]> --------- Co-authored-by: Fabrizio Balliano <[email protected]> Co-authored-by: Mohamed ELIDRISSI <[email protected]>
OpenMage · Sep 5, 2023 · 0f032f3 · 0f032f3
1 parent 888e566
commit 0f032f3
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 42 deletions.
diff --git a/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php b/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php
@@ -87,6 +87,21 @@ protected function _startSession($sessionId = null)
         return $this;
     }
 
+    /**
+     * Allow insta-login via HTTP Basic Auth
+     *
+     * @param string $sessionId
+     * @return $this
+     */
+    protected function _instaLogin(&$sessionId)
+    {
+        if ($sessionId === null && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
+            $this->_getSession()->setIsInstaLogin();
+            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+        }
+        return $this;
+    }
+
     /**
      * Check current user permission on resource and privilege
      *
@@ -100,16 +115,6 @@ protected function _isAllowed($resource, $privilege = null)
         return $this->_getSession()->isAllowed($resource, $privilege);
     }
 
-    /**
-     *  Check session expiration
-     *
-     *  @return  bool
-     */
-    protected function _isSessionExpired()
-    {
-        return $this->_getSession()->isSessionExpired();
-    }
-
     /**
      * Dispatch webservice fault
      *
@@ -225,11 +230,8 @@ public function login($username, $apiKey = null)
      */
     public function call($sessionId, $apiPath, $args = [])
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -313,11 +315,8 @@ public function call($sessionId, $apiPath, $args = [])
      */
     public function multiCall($sessionId, array $calls = [], $options = [])
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -445,11 +444,8 @@ public function multiCall($sessionId, array $calls = [], $options = [])
      */
     public function resources($sessionId)
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -513,11 +509,8 @@ public function resources($sessionId)
      */
     public function resourceFaults($sessionId, $resourceName)
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -553,11 +546,8 @@ public function resourceFaults($sessionId, $resourceName)
      */
     public function globalFaults($sessionId)
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
         return array_values($this->_getConfig()->getFaults());
     }
 

diff --git a/app/code/core/Mage/Api/Model/Session.php b/app/code/core/Mage/Api/Model/Session.php
@@ -96,6 +96,28 @@ public function clear()
         return true;
     }
 
+    /**
+     * Flag login as HTTP Basic Auth.
+     *
+     * @param bool $isInstaLogin
+     * @return $this
+     */
+    public function setIsInstaLogin(bool $isInstaLogin = true)
+    {
+        $this->setData('is_insta_login', $isInstaLogin);
+        return $this;
+    }
+
+    /**
+     * Is insta-login?
+     *
+     * @return bool
+     */
+    public function getIsInstaLogin(): bool
+    {
+        return (bool) $this->getData('is_insta_login');
+    }
+
     /**
      * @param string $username
      * @param string $apiKey
@@ -105,8 +127,15 @@ public function clear()
     public function login($username, $apiKey)
     {
         $user = Mage::getModel('api/user')
-            ->setSessid($this->getSessionId())
-            ->login($username, $apiKey);
+            ->setSessid($this->getSessionId());
+        if ($this->getIsInstaLogin() && $user->authenticate($username, $apiKey)) {
+            Mage::dispatchEvent('api_user_authenticated', [
+                'model'    => $user,
+                'api_key'  => $apiKey,
+            ]);
+        } else {
+            $user->login($username, $apiKey);
+        }
 
         if ($user->getId() && $user->getIsActive() != '1') {
             Mage::throwException(Mage::helper('api')->__('Your account has been deactivated.'));

diff --git a/phpstan.dist.baseline.neon b/phpstan.dist.baseline.neon
@@ -765,11 +765,6 @@ parameters:
 			count: 2
 			path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php
 
-		-
-			message: "#^Method Mage_Api_Model_Session\\:\\:isSessionExpired\\(\\) invoked with 0 parameters, 1 required\\.$#"
-			count: 1
-			path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php
-
 		-
 			message: "#^Result of method SoapServer\\:\\:handle\\(\\) \\(void\\) is used\\.$#"
 			count: 1