Merge pull request #17901 from MauricioFauth/auth-plugin

MauricioFauth · web-flow · commit a5dd1b6b4c2d · 2022-11-17T14:08:09.000-03:00
Refactor authentication plugin creation
diff --git a/libraries/classes/Common.php b/libraries/classes/Common.php
@@ -8,11 +8,13 @@
 use PhpMyAdmin\ConfigStorage\Relation;
 use PhpMyAdmin\Dbal\DatabaseName;
 use PhpMyAdmin\Dbal\TableName;
+use PhpMyAdmin\Exceptions\AuthenticationPluginException;
 use PhpMyAdmin\Exceptions\ConfigException;
 use PhpMyAdmin\Exceptions\MissingExtensionException;
 use PhpMyAdmin\Http\Factory\ServerRequestFactory;
 use PhpMyAdmin\Http\ServerRequest;
 use PhpMyAdmin\Plugins\AuthenticationPlugin;
+use PhpMyAdmin\Plugins\AuthenticationPluginFactory;
 use PhpMyAdmin\SqlParser\Lexer;
 use RuntimeException;
 use Symfony\Component\DependencyInjection\ContainerInterface;
@@ -86,7 +88,6 @@ final class Common
     public static function run(bool $isSetupPage = false): void
     {
         $GLOBALS['lang'] = $GLOBALS['lang'] ?? null;
-        $GLOBALS['auth_plugin'] = $GLOBALS['auth_plugin'] ?? null;
         $GLOBALS['theme'] = $GLOBALS['theme'] ?? null;
         $GLOBALS['urlParams'] = $GLOBALS['urlParams'] ?? null;
         $GLOBALS['token_mismatch'] = $GLOBALS['token_mismatch'] ?? null;
@@ -228,8 +229,17 @@ public static function run(bool $isSetupPage = false): void
         if (! empty($GLOBALS['cfg']['Server'])) {
             $config->getLoginCookieValidityFromCache($GLOBALS['server']);
 
-            $GLOBALS['auth_plugin'] = Plugins::getAuthPlugin();
-            $GLOBALS['auth_plugin']->authenticate();
+            /** @var AuthenticationPluginFactory $authPluginFactory */
+            $authPluginFactory = $container->get(AuthenticationPluginFactory::class);
+            try {
+                $authPlugin = $authPluginFactory->create();
+            } catch (AuthenticationPluginException $exception) {
+                echo self::getGenericError($exception->getMessage());
+
+                return;
+            }
+
+            $authPlugin->authenticate();
 
             /* Enable LOAD DATA LOCAL INFILE for LDI plugin */
             if ($route === '/import' && ($_POST['format'] ?? '') === 'ldi') {
@@ -239,11 +249,9 @@ public static function run(bool $isSetupPage = false): void
                 // phpcs:enable
             }
 
-            self::connectToDatabaseServer($GLOBALS['dbi'], $GLOBALS['auth_plugin']);
-
-            $GLOBALS['auth_plugin']->rememberCredentials();
-
-            $GLOBALS['auth_plugin']->checkTwoFactor();
+            self::connectToDatabaseServer($GLOBALS['dbi'], $authPlugin);
+            $authPlugin->rememberCredentials();
+            $authPlugin->checkTwoFactor();
 
             /* Log success */
             Logging::logUser($GLOBALS['cfg']['Server']['user']);
diff --git a/libraries/classes/Controllers/LogoutController.php b/libraries/classes/Controllers/LogoutController.php
@@ -6,20 +6,27 @@
 
 use PhpMyAdmin\Core;
 use PhpMyAdmin\Http\ServerRequest;
+use PhpMyAdmin\Plugins\AuthenticationPluginFactory;
 
 class LogoutController
 {
-    public function __invoke(ServerRequest $request): void
+    /** @var AuthenticationPluginFactory */
+    private $authPluginFactory;
+
+    public function __construct(AuthenticationPluginFactory $authPluginFactory)
     {
-        $GLOBALS['auth_plugin'] = $GLOBALS['auth_plugin'] ?? null;
-        $GLOBALS['token_mismatch'] = $GLOBALS['token_mismatch'] ?? null;
+        $this->authPluginFactory = $authPluginFactory;
+    }
 
-        if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST' || $GLOBALS['token_mismatch']) {
+    public function __invoke(ServerRequest $request): void
+    {
+        if (! $request->isPost() || $GLOBALS['token_mismatch']) {
             Core::sendHeaderLocation('./index.php?route=/');
 
             return;
         }
 
-        $GLOBALS['auth_plugin']->logOut();
+        $authPlugin = $this->authPluginFactory->create();
+        $authPlugin->logOut();
     }
 }
diff --git a/libraries/classes/Exceptions/AuthenticationPluginException.php b/libraries/classes/Exceptions/AuthenticationPluginException.php
@@ -0,0 +1,11 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpMyAdmin\Exceptions;
+
+use Exception;
+
+class AuthenticationPluginException extends Exception
+{
+}
diff --git a/libraries/classes/Plugins.php b/libraries/classes/Plugins.php
@@ -6,7 +6,6 @@
 
 use FilesystemIterator;
 use PhpMyAdmin\Html\MySQLDocumentation;
-use PhpMyAdmin\Plugins\AuthenticationPlugin;
 use PhpMyAdmin\Plugins\ExportPlugin;
 use PhpMyAdmin\Plugins\ImportPlugin;
 use PhpMyAdmin\Plugins\Plugin;
@@ -27,7 +26,6 @@
 use function __;
 use function class_exists;
 use function count;
-use function defined;
 use function get_class;
 use function htmlspecialchars;
 use function is_subclass_of;
@@ -42,8 +40,6 @@
 use function str_starts_with;
 use function strcasecmp;
 use function strcmp;
-use function strtolower;
-use function ucfirst;
 use function usort;
 
 class Plugins
@@ -621,29 +617,4 @@ public static function getOptions($section, array $list)
 
         return $ret;
     }
-
-    public static function getAuthPlugin(): AuthenticationPlugin
-    {
-        /** @psalm-var class-string $class */
-        $class = 'PhpMyAdmin\\Plugins\\Auth\\Authentication'
-            . ucfirst(strtolower($GLOBALS['cfg']['Server']['auth_type']));
-
-        if (! class_exists($class)) {
-            echo (new Template())->render('error/generic', [
-                'lang' => $GLOBALS['lang'] ?? 'en',
-                'dir' => $GLOBALS['text_dir'] ?? 'ltr',
-                'error_message' => __('Invalid authentication method set in configuration:')
-                    . ' ' . $GLOBALS['cfg']['Server']['auth_type'],
-            ]);
-
-            if (! defined('TESTSUITE')) {
-                exit;
-            }
-        }
-
-        /** @var AuthenticationPlugin $plugin */
-        $plugin = new $class();
-
-        return $plugin;
-    }
 }
diff --git a/libraries/classes/Plugins/AuthenticationPluginFactory.php b/libraries/classes/Plugins/AuthenticationPluginFactory.php
@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpMyAdmin\Plugins;
+
+use PhpMyAdmin\Exceptions\AuthenticationPluginException;
+
+use function __;
+use function class_exists;
+use function is_subclass_of;
+use function strtolower;
+use function ucfirst;
+
+class AuthenticationPluginFactory
+{
+    /** @var AuthenticationPlugin|null */
+    private $plugin = null;
+
+    /**
+     * @throws AuthenticationPluginException
+     */
+    public function create(): AuthenticationPlugin
+    {
+        if ($this->plugin instanceof AuthenticationPlugin) {
+            return $this->plugin;
+        }
+
+        $authType = $GLOBALS['cfg']['Server']['auth_type'];
+        $class = 'PhpMyAdmin\\Plugins\\Auth\\Authentication' . ucfirst(strtolower($authType));
+        if (! class_exists($class) || ! is_subclass_of($class, AuthenticationPlugin::class)) {
+            throw new AuthenticationPluginException(
+                __('Invalid authentication method set in configuration:') . ' ' . $authType
+            );
+        }
+
+        $this->plugin = new $class();
+
+        return $this->plugin;
+    }
+}
diff --git a/libraries/classes/UserPassword.php b/libraries/classes/UserPassword.php
@@ -5,6 +5,7 @@
 namespace PhpMyAdmin;
 
 use PhpMyAdmin\Html\Generator;
+use PhpMyAdmin\Plugins\AuthenticationPluginFactory;
 use PhpMyAdmin\Query\Compatibility;
 use PhpMyAdmin\Server\Privileges;
 
@@ -19,12 +20,13 @@ class UserPassword
     /** @var Privileges */
     private $serverPrivileges;
 
-    /**
-     * @param Privileges $serverPrivileges Privileges object
-     */
-    public function __construct(Privileges $serverPrivileges)
+    /** @var AuthenticationPluginFactory */
+    private $authPluginFactory;
+
+    public function __construct(Privileges $serverPrivileges, AuthenticationPluginFactory $authPluginFactory)
     {
         $this->serverPrivileges = $serverPrivileges;
+        $this->authPluginFactory = $authPluginFactory;
     }
 
     /**
@@ -65,8 +67,6 @@ public function setChangePasswordMsg(string $pmaPw, string $pmaPw2, bool $skipPa
      */
     public function changePassword($password, ?string $authenticationPlugin): string
     {
-        $GLOBALS['auth_plugin'] = $GLOBALS['auth_plugin'] ?? null;
-
         $hashing_function = $this->changePassHashingFunction($authenticationPlugin);
 
         [$username, $hostname] = $GLOBALS['dbi']->getCurrentUserAndHost();
@@ -114,7 +114,8 @@ public function changePassword($password, ?string $authenticationPlugin): string
             $orig_auth_plugin
         );
 
-        $GLOBALS['auth_plugin']->handlePasswordChange($password);
+        $authPlugin = $this->authPluginFactory->create();
+        $authPlugin->handlePasswordChange($password);
 
         return $sql_query;
     }
diff --git a/libraries/services.php b/libraries/services.php
@@ -4,6 +4,7 @@
 
 use PhpMyAdmin\ConfigStorage\Relation;
 use PhpMyAdmin\ConfigStorage\RelationCleanup;
+use PhpMyAdmin\Plugins\AuthenticationPluginFactory;
 
 return [
     'services' => [
@@ -132,6 +133,9 @@
             'class' => PhpMyAdmin\Partitioning\Maintenance::class,
             'arguments' => ['$dbi' => '@dbi'],
         ],
+        AuthenticationPluginFactory::class => [
+            'class' => AuthenticationPluginFactory::class,
+        ],
         'relation' => [
             'class' => Relation::class,
             'arguments' => ['$dbi' => '@dbi'],
@@ -251,7 +255,7 @@
         ],
         'user_password' => [
             'class' => PhpMyAdmin\UserPassword::class,
-            'arguments' => ['@server_privileges'],
+            'arguments' => ['@server_privileges', '@' . AuthenticationPluginFactory::class],
         ],
         'user_preferences' => [
             'class' => PhpMyAdmin\UserPreferences::class,
diff --git a/libraries/services_controllers.php b/libraries/services_controllers.php
@@ -37,6 +37,7 @@
 use PhpMyAdmin\Controllers\UserPasswordController;
 use PhpMyAdmin\Controllers\VersionCheckController;
 use PhpMyAdmin\Controllers\View;
+use PhpMyAdmin\Plugins\AuthenticationPluginFactory;
 
 return [
     'services' => [
@@ -585,6 +586,7 @@
         ],
         LogoutController::class => [
             'class' => LogoutController::class,
+            'arguments' => ['@' . AuthenticationPluginFactory::class],
         ],
         NavigationController::class => [
             'class' => NavigationController::class,
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
@@ -222,8 +222,7 @@
       <code>$GLOBALS['cfg']['MysqlMinVersion']['internal']</code>
       <code>$GLOBALS['cfg']['Server']['user']</code>
     </MixedArrayAccess>
-    <MixedAssignment occurrences="6">
-      <code>$GLOBALS['auth_plugin']</code>
+    <MixedAssignment occurrences="5">
       <code>$GLOBALS['back']</code>
       <code>$GLOBALS['theme']</code>
       <code>$controlLink</code>
@@ -2312,17 +2311,6 @@
       <code>$options</code>
     </MixedAssignment>
   </file>
-  <file src="libraries/classes/Controllers/LogoutController.php">
-    <MixedAssignment occurrences="1">
-      <code>$GLOBALS['auth_plugin']</code>
-    </MixedAssignment>
-    <MixedMethodCall occurrences="1">
-      <code>logOut</code>
-    </MixedMethodCall>
-    <PossiblyNullReference occurrences="1">
-      <code>logOut</code>
-    </PossiblyNullReference>
-  </file>
   <file src="libraries/classes/Controllers/NavigationController.php">
     <PossiblyInvalidArgument occurrences="9">
       <code>! empty($_POST['tableName']) ? $_POST['tableName'] : null</code>
@@ -9256,10 +9244,9 @@
       <code>$val</code>
       <code>$val</code>
     </MixedAssignment>
-    <MixedMethodCall occurrences="3">
+    <MixedMethodCall occurrences="2">
       <code>getProperties</code>
       <code>new $class()</code>
-      <code>new $class()</code>
     </MixedMethodCall>
     <PossiblyInvalidArgument occurrences="4">
       <code>$_GET[$opt]</code>
@@ -9300,9 +9287,6 @@
     <RedundantConditionGivenDocblockType occurrences="1">
       <code>$properties != null</code>
     </RedundantConditionGivenDocblockType>
-    <RedundantFunctionCall occurrences="1">
-      <code>strtolower</code>
-    </RedundantFunctionCall>
     <UnnecessaryVarAnnotation occurrences="3">
       <code>RadioPropertyItem</code>
       <code>SelectPropertyItem</code>
@@ -9439,6 +9423,14 @@
       <code>issetCookie</code>
     </PossiblyNullReference>
   </file>
+  <file src="libraries/classes/Plugins/AuthenticationPluginFactory.php">
+    <RedundantFunctionCall occurrences="1">
+      <code>strtolower</code>
+    </RedundantFunctionCall>
+    <UnsafeInstantiation occurrences="1">
+      <code>new $class()</code>
+    </UnsafeInstantiation>
+  </file>
   <file src="libraries/classes/Plugins/Export/ExportCodegen.php">
     <PossiblyNullArgument occurrences="4">
       <code>$row[0]</code>
@@ -14196,21 +14188,12 @@
       <code>$username</code>
       <code>$username</code>
     </MixedArgument>
-    <MixedAssignment occurrences="1">
-      <code>$GLOBALS['auth_plugin']</code>
-    </MixedAssignment>
-    <MixedMethodCall occurrences="1">
-      <code>handlePasswordChange</code>
-    </MixedMethodCall>
     <PossiblyInvalidArgument occurrences="1">
       <code>$_POST['pma_pw']</code>
     </PossiblyInvalidArgument>
     <PossiblyInvalidCast occurrences="1">
       <code>$_POST['pma_pw']</code>
     </PossiblyInvalidCast>
-    <PossiblyNullReference occurrences="1">
-      <code>handlePasswordChange</code>
-    </PossiblyNullReference>
   </file>
   <file src="libraries/classes/UserPreferences.php">
     <DeprecatedMethod occurrences="7">
diff --git a/test/classes/Controllers/LogoutControllerTest.php b/test/classes/Controllers/LogoutControllerTest.php
diff --git a/test/classes/Plugins/AuthenticationPluginFactoryTest.php b/test/classes/Plugins/AuthenticationPluginFactoryTest.php
diff --git a/test/classes/UserPasswordTest.php b/test/classes/UserPasswordTest.php

Original file line number	Diff line number	Diff line change
`@@ -6,20 +6,27 @@`
`6`	`6`
`7`	`7`	`use PhpMyAdmin\Core;`
`8`	`8`	`use PhpMyAdmin\Http\ServerRequest;`
	`9`	`+use PhpMyAdmin\Plugins\AuthenticationPluginFactory;`
`9`	`10`
`10`	`11`	`class LogoutController`
`11`	`12`	`{`
`12`		`- public function __invoke(ServerRequest $request): void`
	`13`	`+ /** @var AuthenticationPluginFactory */`
	`14`	`+ private $authPluginFactory;`
	`15`	`+`
	`16`	`+ public function __construct(AuthenticationPluginFactory $authPluginFactory)`
`13`	`17`	`{`
`14`		`- $GLOBALS['auth_plugin'] = $GLOBALS['auth_plugin'] ?? null;`
`15`		`- $GLOBALS['token_mismatch'] = $GLOBALS['token_mismatch'] ?? null;`
	`18`	`+ $this->authPluginFactory = $authPluginFactory;`
	`19`	`+ }`
`16`	`20`
`17`		`- if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST' \|\| $GLOBALS['token_mismatch']) {`
	`21`	`+ public function __invoke(ServerRequest $request): void`
	`22`	`+ {`
	`23`	`+ if (! $request->isPost() \|\| $GLOBALS['token_mismatch']) {`
`18`	`24`	`Core::sendHeaderLocation('./index.php?route=/');`
`19`	`25`
`20`	`26`	`return;`
`21`	`27`	`}`
`22`	`28`
`23`		`- $GLOBALS['auth_plugin']->logOut();`
	`29`	`+ $authPlugin = $this->authPluginFactory->create();`
	`30`	`+ $authPlugin->logOut();`
`24`	`31`	`}`
`25`	`32`	`}`