allow sessions to file. fixes #2001, #2186 and refs #3454

zikula · Apr 5, 2017 · cbbc2c6 · cbbc2c6
1 parent c4b4e10
commit cbbc2c6
Show file tree

Hide file tree

Showing 17 changed files with 92 additions and 46 deletions.
diff --git a/src/app/config/config.yml b/src/app/config/config.yml
@@ -26,8 +26,9 @@ framework:
     trusted_proxies: ~
     session:
         name: "%zikula.session.name%"
-        handler_id: zikula_core.bridge.http_foundation.doctrine_session_handler
-        storage_id: zikula_core.bridge.http_foundation.zikula_session_storage
+        handler_id: "%zikula.session.handler_id%"
+        storage_id: "%zikula.session.storage_id%"
+        save_path: "%zikula.session.save_path%"
         cookie_httponly: false # must be false for ajax tokens to work but increases chance of XSS attack
     fragments:       ~
 

diff --git a/src/app/config/dynamic/default.yml b/src/app/config/dynamic/default.yml
@@ -18,6 +18,9 @@ swiftmailer:
     disable_delivery: false
 parameters:
     zikula.session.name: _zsid
+    zikula.session.handler_id: 'session.handler.native_file' #default symfony value
+    zikula.session.storage_id: 'zikula_core.bridge.http_foundation.zikula_session_storage_file' #'session.storage.native' default symfony value
+    zikula.session.save_path: '%kernel.cache_dir%/sessions' #default symfony value
     # multisites configuration does nothing unless the Multisites module is installed and configured properly.
     multisites:
         enabled: false

diff --git a/src/app/config/parameters.yml b/src/app/config/parameters.yml
@@ -31,7 +31,6 @@ parameters:
     secret:            ThisTokenIsNotSoSecretChangeIt
     url_secret:        ~
 
-    zikula.session.name: _zsid
     assets_version: ~ #e.g. 'v1'
     zikula_asset_manager.combine: true
     zikula_asset_manager.lifetime: "1 day"

diff --git a/src/docs/Core-2.0/Session.md b/src/docs/Core-2.0/Session.md
@@ -0,0 +1,17 @@
+Session Information
+===================
+
+Sessions can be stored in the Database or in the Filesystem. This choice as well as a few configuration options
+can be set in the ZikulaSecurityModule:
+
+The following configuration options are converted to a dynamic config and stored in `/src/app/config/dynamic/generated.yml`
+ - zikula.session.name: _zsid
+ - zikula.session.handler_id: 
+    'session.handler.native_file' #default 
+    or 
+    'zikula_core.bridge.http_foundation.doctrine_session_handler'
+ - zikula.session.storage_id: 
+    'zikula_core.bridge.http_foundation.zikula_session_storage_doctrine' #default 
+    or 
+    'zikula_core.bridge.http_foundation.zikula_session_storage_file'
+ - zikula.session.save_path: '%kernel.cache_dir%/sessions' #default symfony value
diff --git a/src/lib/Zikula/Bundle/CoreBundle/Resources/config/session.yml b/src/lib/Zikula/Bundle/CoreBundle/Resources/config/session.yml
@@ -7,10 +7,9 @@ services:
             - "@zikula_extensions_module.api.variable"
             - "%installed%"
         calls:
-            - [setStorage, ["@zikula_core.bridge.http_foundation.zikula_session_storage"]]
+            - [setStorage, ["@zikula_core.bridge.http_foundation.zikula_session_storage_doctrine"]]
 
-
-    zikula_core.bridge.http_foundation.zikula_session_storage:
+    zikula_core.bridge.http_foundation.zikula_session_storage_doctrine:
         class: Zikula\Bridge\HttpFoundation\ZikulaSessionStorage
         arguments:
             - "@zikula_extensions_module.api.variable"
@@ -19,3 +18,13 @@ services:
             - "@=null"
         calls:
             - [setSaveHandler, ["@zikula_core.bridge.http_foundation.doctrine_session_handler"]]
+
+    zikula_core.bridge.http_foundation.zikula_session_storage_file:
+        class: Zikula\Bridge\HttpFoundation\ZikulaSessionStorage
+        arguments:
+            - "@zikula_extensions_module.api.variable"
+            - "%session.storage.options%"
+            - "@=null"
+            - "@=null"
+        calls:
+            - [setSaveHandler, ["@session.handler.native_file"]]
diff --git a/src/lib/Zikula/Bundle/CoreInstallerBundle/Controller/AjaxInstallController.php b/src/lib/Zikula/Bundle/CoreInstallerBundle/Controller/AjaxInstallController.php
@@ -178,19 +178,13 @@ private function updateAdmin()
     {
         $entityManager = $this->container->get('doctrine')->getManager();
         $params = $this->decodeParameters($this->yamlManager->getParameters());
-
-        // prepare the data
-        $username = mb_strtolower($params['username']);
-
-        $nowUTC = new \DateTime(null, new \DateTimeZone('UTC'));
-
         /** @var \Zikula\UsersModule\Entity\UserEntity $userEntity */
         $userEntity = $entityManager->find('ZikulaUsersModule:UserEntity', 2);
         $userEntity->setUname($params['username']);
         $userEntity->setEmail($params['email']);
         $userEntity->setActivated(1);
-        $userEntity->setUser_Regdate($nowUTC);
-        $userEntity->setLastlogin($nowUTC);
+        $userEntity->setUser_Regdate(new \DateTime());
+        $userEntity->setLastlogin(new \DateTime());
         $entityManager->persist($userEntity);
 
         $mapping = new AuthenticationMappingEntity();

diff --git a/src/lib/Zikula/Bundle/CoreInstallerBundle/Form/Type/CreateAdminType.php b/src/lib/Zikula/Bundle/CoreInstallerBundle/Form/Type/CreateAdminType.php
@@ -79,11 +79,7 @@ public function getBlockPrefix()
     public function configureOptions(OptionsResolver $resolver)
     {
         $resolver->setDefaults([
-            'csrf_protection' => false,
             'translator' => new IdentityTranslator()
-//                'csrf_field_name' => '_token',
-//                // a unique key to help generate the secret token
-//                'intention'       => '_zk_bdcreds',
         ]);
     }
 }
diff --git a/src/lib/Zikula/Bundle/CoreInstallerBundle/Form/Type/DbCredsType.php b/src/lib/Zikula/Bundle/CoreInstallerBundle/Form/Type/DbCredsType.php
@@ -119,11 +119,7 @@ public function configureOptions(OptionsResolver $resolver)
     {
         $resolver->setDefaults([
             'constraints' => new ValidPdoConnection(),
-            'csrf_protection' => false,
             'translator' => new IdentityTranslator()
-//                'csrf_field_name' => '_token',
-//                // a unique key to help generate the secret token
-//                'intention'       => '_zk_bdcreds',
         ]);
     }
 }
diff --git a/src/lib/Zikula/Bundle/CoreInstallerBundle/Form/Type/LocaleType.php b/src/lib/Zikula/Bundle/CoreInstallerBundle/Form/Type/LocaleType.php
@@ -42,13 +42,9 @@ public function getBlockPrefix()
     public function configureOptions(OptionsResolver $resolver)
     {
         $resolver->setDefaults([
-            'csrf_protection' => false,
             'choices' => ['English' => 'en'],
             'choice' => 'en',
             'translator' => new IdentityTranslator()
-//                'csrf_field_name' => '_token',
-//                // a unique key to help generate the secret token
-//                'intention'       => '_zk_bdcreds',
         ]);
     }
 }
diff --git a/src/lib/Zikula/Bundle/CoreInstallerBundle/Form/Type/LoginType.php b/src/lib/Zikula/Bundle/CoreInstallerBundle/Form/Type/LoginType.php
@@ -55,11 +55,7 @@ public function configureOptions(OptionsResolver $resolver)
     {
         $resolver->setDefaults([
             'constraints' => new AuthenticateAdminLogin(),
-            'csrf_protection' => false,
             'translator' => new IdentityTranslator()
-//                'csrf_field_name' => '_token',
-//                // a unique key to help generate the secret token
-//                'intention'       => '_zk_bdcreds',
         ]);
     }
 }
diff --git a/src/lib/Zikula/Bundle/CoreInstallerBundle/Form/Type/RequestContextType.php b/src/lib/Zikula/Bundle/CoreInstallerBundle/Form/Type/RequestContextType.php
@@ -61,11 +61,7 @@ public function getBlockPrefix()
     public function configureOptions(OptionsResolver $resolver)
     {
         $resolver->setDefaults([
-            'csrf_protection' => false,
             'translator' => new IdentityTranslator()
-//                'csrf_field_name' => '_token',
-//                // a unique key to help generate the secret token
-//                'intention'       => '_zk_bdcreds',
         ]);
     }
 }
diff --git a/src/lib/Zikula/Bundle/CoreInstallerBundle/Stage/Install/CompleteStage.php b/src/lib/Zikula/Bundle/CoreInstallerBundle/Stage/Install/CompleteStage.php
@@ -60,14 +60,19 @@ public function getTemplateParams()
 
     public function getResponse(Request $request)
     {
+        $router = $this->container->get('router');
         if ($this->sendEmailToAdmin($request)) {
             $request->getSession()->getFlashBag()->add('success', $this->__('Congratulations! Zikula has been successfully installed.'));
+            $request->getSession()->getFlashBag()->add('info', $this->__f(
+                'Session are currently configured to use the filesystem. It is recommended that you change this to use the database. Click %here% to configure.',
+                ['%here%' => '<a href="' . $router->generate('zikulasecuritycentermodule_config_config') . '">' . $this->__('Security Center') . '</a>']
+            ));
 
-            return new RedirectResponse($this->container->get('router')->generate('zikulaadminmodule_admin_adminpanel', [], RouterInterface::ABSOLUTE_URL));
+            return new RedirectResponse($router->generate('zikulaadminmodule_admin_adminpanel', [], RouterInterface::ABSOLUTE_URL));
         } else {
             $request->getSession()->getFlashBag()->add('warning', $this->__('Email settings are not yet configured. Please configure them below.'));
 
-            return new RedirectResponse($this->container->get('router')->generate('zikulamailermodule_config_config', [], RouterInterface::ABSOLUTE_URL));
+            return new RedirectResponse($router->generate('zikulamailermodule_config_config', [], RouterInterface::ABSOLUTE_URL));
         }
     }
 

diff --git a/src/system/SecurityCenterModule/Constant.php b/src/system/SecurityCenterModule/Constant.php
@@ -0,0 +1,18 @@
+<?php
+
+/*
+ * This file is part of the Zikula package.
+ *
+ * Copyright Zikula Foundation - http://zikula.org/
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Zikula\SecurityCenterModule;
+
+class Constant
+{
+    const SESSION_STORAGE_DATABASE = 0;
+    const SESSION_STORAGE_FILE = 1;
+}
diff --git a/src/system/SecurityCenterModule/Controller/ConfigController.php b/src/system/SecurityCenterModule/Controller/ConfigController.php
@@ -24,6 +24,8 @@
 use Zikula\Bundle\CoreBundle\HttpKernel\ZikulaKernel;
 use Zikula\Core\Controller\AbstractController;
 use Zikula\ExtensionsModule\Api\VariableApi;
+use Zikula\SecurityCenterModule\Constant;
+use Zikula\SecurityCenterModule\Form\Type\ConfigType;
 use Zikula\ThemeModule\Engine\Annotation\Theme;
 
 /**
@@ -68,7 +70,6 @@ public function configAction(Request $request)
             if ($form->get('save')->isClicked()) {
                 $formData = $form->getData();
 
-                // Update module variables.
                 $updateCheck = isset($formData['updatecheck']) ? $formData['updatecheck'] : 1;
                 $this->setSystemVar('updatecheck', $updateCheck);
 
@@ -128,12 +129,13 @@ public function configAction(Request $request)
 
                     // check if sessionsavepath is a dir and if it is writable
                     // if yes, we need to logout
-                    $causeLogout = is_dir($sessionSavePath) ? is_writable($sessionSavePath) : false;
-                    $storeTypeCanBeWritten = $causeLogout;
+                    $storeTypeCanBeWritten = is_dir($sessionSavePath) ? is_writable($sessionSavePath) : false;
+                    $causeLogout = $storeTypeCanBeWritten;
 
-                    if ($causeLogout == false) {
+                    if ($storeTypeCanBeWritten == false) {
                         // an error occured - we do not change the way of storing session data
                         $this->addFlash('error', $this->__('Error! Session path not writeable!'));
+                        $sessionSavePath = '';
                     }
                 }
                 if ($storeTypeCanBeWritten == true) {
@@ -180,9 +182,15 @@ public function configAction(Request $request)
                     $causeLogout = true;
                 }
 
-                // set the session name in custom_parameters.yml
+                // set the session information in /src/app/config/dynamic/generated.yml
                 $configDumper = $this->get('zikula.dynamic_config_dumper');
                 $configDumper->setParameter('zikula.session.name', $newSessionName);
+                $sessionHandlerId = $sessionStoreToFile == Constant::SESSION_STORAGE_FILE ? 'session.handler.native_file' : 'zikula_core.bridge.http_foundation.doctrine_session_handler';
+                $configDumper->setParameter('zikula.session.handler_id', $sessionHandlerId);
+                $sessionStorageId = $sessionStoreToFile == Constant::SESSION_STORAGE_FILE ? 'zikula_core.bridge.http_foundation.zikula_session_storage_file' : 'zikula_core.bridge.http_foundation.zikula_session_storage_doctrine';
+                $configDumper->setParameter('zikula.session.storage_id', $sessionStorageId); // Symfony default is 'session.storage.native'
+                $zikulaSessionSavePath = empty($sessionSavePath) ? '%kernel.cache_dir%/sessions' : $sessionSavePath;
+                $configDumper->setParameter('zikula.session.save_path', $zikulaSessionSavePath);
 
                 // set the session name in the current container
                 $this->get('service_container')->setParameter('zikula.session.name', $newSessionName);

diff --git a/src/system/SecurityCenterModule/Form/Type/ConfigType.php b/src/system/SecurityCenterModule/Form/Type/ConfigType.php
@@ -14,6 +14,7 @@
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
+use Zikula\SecurityCenterModule\Constant;
 
 /**
  * Configuration form type class.
@@ -134,8 +135,8 @@ public function buildForm(FormBuilderInterface $builder, array $options)
                 'label' => $translator->__('Store sessions'),
                 'empty_data' => 0,
                 'choices' => [
-                    $translator->__('File') => 1,
-                    $translator->__('Database (recommended)') => 0
+                    $translator->__('File') => Constant::SESSION_STORAGE_FILE,
+                    $translator->__('Database (recommended)') => Constant::SESSION_STORAGE_DATABASE
                 ],
                 'choices_as_values' => true,
                 'expanded' => true,
@@ -146,7 +147,7 @@ public function buildForm(FormBuilderInterface $builder, array $options)
                 'label' => $translator->__('Path for saving session files'),
                 'empty_data' => '',
                 'required' => false,
-                'alert' => [$translator->__("Notice: If you change 'Where to save sessions' to 'File' then you must enter a path in the 'Path for saving session files' box above. The path must be writeable.") => 'info'],
+                'alert' => [$translator->__("Notice: If you change 'Where to save sessions' to 'File' then you must enter a path in the 'Path for saving session files' box above. The path must be writeable. Leave value empty for default location '%kernel.cache_dir%/sessions'") => 'info'],
                 'help' => $translator->__('More information: http://www.php.net/manual/en/session.configuration.php#ini.session.save-path')
             ])
             ->add('gc_probability', 'Symfony\Component\Form\Extension\Core\Type\IntegerType', [

diff --git a/src/system/SecurityCenterModule/SecurityCenterModuleInstaller.php b/src/system/SecurityCenterModule/SecurityCenterModuleInstaller.php
@@ -52,7 +52,7 @@ public function install()
         $this->setSystemVar('seclevel', 'Medium');
         $this->setSystemVar('secmeddays', 7);
         $this->setSystemVar('secinactivemins', 20);
-        $this->setSystemVar('sessionstoretofile', 0);
+        $this->setSystemVar('sessionstoretofile', Constant::SESSION_STORAGE_FILE);
         $this->setSystemVar('sessionsavepath', '');
         $this->setSystemVar('gc_probability', 100);
         $this->setSystemVar('sessioncsrftokenonetime', 1);  // 1 means use same token for entire session
@@ -242,6 +242,17 @@ public function upgrade($oldVersion)
                     $this->setSystemVar('idsrulepath', 'system/SecurityCenterModule/Resources/config/phpids_zikula_default.xml');
                 }
             case '1.5.1':
+                // set the session information in /src/app/config/dynamic/generated.yml
+                $configDumper = $this->container->get('zikula.dynamic_config_dumper');
+                $sessionStoreToFile = $this->container->get('zikula_extensions_module.api.variable')->getSystemVar('sessionstoretofile', Constant::SESSION_STORAGE_DATABASE);
+                $sessionHandlerId = $sessionStoreToFile == Constant::SESSION_STORAGE_FILE ? 'session.handler.native_file' : 'zikula_core.bridge.http_foundation.doctrine_session_handler';
+                $configDumper->setParameter('zikula.session.handler_id', $sessionHandlerId);
+                $sessionStorageId = $sessionStoreToFile == Constant::SESSION_STORAGE_FILE ? 'zikula_core.bridge.http_foundation.zikula_session_storage_file' : 'zikula_core.bridge.http_foundation.zikula_session_storage_doctrine';
+                $configDumper->setParameter('zikula.session.storage_id', $sessionStorageId); // Symfony default is 'session.storage.native'
+                $sessionSavePath = $this->container->get('zikula_extensions_module.api.variable')->getSystemVar('sessionsavepath', '');
+                $zikulaSessionSavePath = empty($sessionSavePath) ? '%kernel.cache_dir%/sessions' : $sessionSavePath;
+                $configDumper->setParameter('zikula.session.save_path', $zikulaSessionSavePath);
+            case '1.5.2':
                 // current version
         }
 

diff --git a/src/system/SecurityCenterModule/composer.json b/src/system/SecurityCenterModule/composer.json
@@ -1,6 +1,6 @@
 {
     "name": "zikula/securitycenter-module",
-    "version": "1.5.1",
+    "version": "1.5.2",
     "description": "Security administration",
     "type": "zikula-module",
     "license": "LGPL-3.0+",