refactor(pages): replace superglobals with request/session abstractions
This commit is contained in:
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Http\RequestRuntimeInterface;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Auth\AuthServicesFactory;
|
||||
use MintyPHP\Service\Security\SecurityServicesFactory;
|
||||
@@ -8,7 +10,11 @@ use MintyPHP\Service\User\UserServicesFactory;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
|
||||
if (!empty($_SESSION['user']['id'])) {
|
||||
$requestRuntime = app(RequestRuntimeInterface::class);
|
||||
$sessionStore = app(SessionStoreInterface::class);
|
||||
$session = $sessionStore->all();
|
||||
|
||||
if (!empty($session['user']['id'])) {
|
||||
if (Flash::has()) {
|
||||
Flash::keep();
|
||||
}
|
||||
@@ -146,7 +152,7 @@ if (requestInput()->method() === 'POST') {
|
||||
} else {
|
||||
$postedStage = trim((string) (requestInput()->bodyAll()['stage'] ?? 'resolve_email'));
|
||||
$email = trim((string) (requestInput()->bodyAll()['email'] ?? ''));
|
||||
$clientIp = trim((string) ($_SERVER['REMOTE_ADDR'] ?? ''));
|
||||
$clientIp = trim((string) ($requestRuntime->ip()));
|
||||
if ($clientIp === '') {
|
||||
$clientIp = 'unknown';
|
||||
}
|
||||
@@ -253,7 +259,7 @@ if (requestInput()->method() === 'POST') {
|
||||
$result = $authService->login($email, $password);
|
||||
if (!($result['ok'] ?? false)) {
|
||||
if (!empty($result['needs_verification'])) {
|
||||
$_SESSION['email_verification_email'] = $result['email'] ?? $email;
|
||||
$sessionStore->set('email_verification_email', $result['email'] ?? $email);
|
||||
Flash::error(t('Please verify your email first'), 'verify-email', 'login_not_verified');
|
||||
Router::redirect('verify-email');
|
||||
return;
|
||||
@@ -270,7 +276,8 @@ if (requestInput()->method() === 'POST') {
|
||||
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
|
||||
}
|
||||
} else {
|
||||
$userId = (int) ($_SESSION['user']['id'] ?? 0);
|
||||
$authenticatedUser = $sessionStore->get('user', []);
|
||||
$userId = (int) (is_array($authenticatedUser) ? ($authenticatedUser['id'] ?? 0) : 0);
|
||||
if ($userId <= 0 || !$authService->canLoginToTenant($userId, $selectedTenantId)) {
|
||||
$authService->logout();
|
||||
$setLoginWarning(t('No access to this tenant'));
|
||||
|
||||
Reference in New Issue
Block a user