Merge branch 'main' into next

empiricompany · Sep 5, 2023 · fdb003a · fdb003a
2 parents 6e42c67 + 0f032f3
commit fdb003a
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 44 deletions.
diff --git a/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php b/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php
@@ -87,6 +87,21 @@ protected function _startSession($sessionId = null)
         return $this;
     }
 
+    /**
+     * Allow insta-login via HTTP Basic Auth
+     *
+     * @param string $sessionId
+     * @return $this
+     */
+    protected function _instaLogin(&$sessionId)
+    {
+        if ($sessionId === null && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
+            $this->_getSession()->setIsInstaLogin();
+            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+        }
+        return $this;
+    }
+
     /**
      * Check current user permission on resource and privilege
      *
@@ -100,16 +115,6 @@ protected function _isAllowed($resource, $privilege = null)
         return $this->_getSession()->isAllowed($resource, $privilege);
     }
 
-    /**
-     *  Check session expiration
-     *
-     *  @return  bool
-     */
-    protected function _isSessionExpired()
-    {
-        return $this->_getSession()->isSessionExpired();
-    }
-
     /**
      * Dispatch webservice fault
      *
@@ -225,11 +230,8 @@ public function login($username, $apiKey = null)
      */
     public function call($sessionId, $apiPath, $args = [])
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -313,11 +315,8 @@ public function call($sessionId, $apiPath, $args = [])
      */
     public function multiCall($sessionId, array $calls = [], $options = [])
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -445,11 +444,8 @@ public function multiCall($sessionId, array $calls = [], $options = [])
      */
     public function resources($sessionId)
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -513,11 +509,8 @@ public function resources($sessionId)
      */
     public function resourceFaults($sessionId, $resourceName)
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -553,11 +546,8 @@ public function resourceFaults($sessionId, $resourceName)
      */
     public function globalFaults($sessionId)
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
         return array_values($this->_getConfig()->getFaults());
     }
 

diff --git a/app/code/core/Mage/Api/Model/Session.php b/app/code/core/Mage/Api/Model/Session.php
@@ -96,6 +96,28 @@ public function clear()
         return true;
     }
 
+    /**
+     * Flag login as HTTP Basic Auth.
+     *
+     * @param bool $isInstaLogin
+     * @return $this
+     */
+    public function setIsInstaLogin(bool $isInstaLogin = true)
+    {
+        $this->setData('is_insta_login', $isInstaLogin);
+        return $this;
+    }
+
+    /**
+     * Is insta-login?
+     *
+     * @return bool
+     */
+    public function getIsInstaLogin(): bool
+    {
+        return (bool) $this->getData('is_insta_login');
+    }
+
     /**
      * @param string $username
      * @param string $apiKey
@@ -105,8 +127,15 @@ public function clear()
     public function login($username, $apiKey)
     {
         $user = Mage::getModel('api/user')
-            ->setSessid($this->getSessionId())
-            ->login($username, $apiKey);
+            ->setSessid($this->getSessionId());
+        if ($this->getIsInstaLogin() && $user->authenticate($username, $apiKey)) {
+            Mage::dispatchEvent('api_user_authenticated', [
+                'model'    => $user,
+                'api_key'  => $apiKey,
+            ]);
+        } else {
+            $user->login($username, $apiKey);
+        }
 
         if ($user->getId() && $user->getIsActive() != '1') {
             Mage::throwException(Mage::helper('api')->__('Your account has been deactivated.'));

diff --git a/get.php b/get.php
@@ -28,20 +28,30 @@
 /**
  * Set include path
  */
-
+$paths = [];
 $paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'local';
 $paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'community';
 $paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'core';
 $paths[] = $bp . $ds . 'lib';
 
 $appPath = implode($ps, $paths);
 set_include_path($appPath . $ps . get_include_path());
-
 include_once 'Mage/Core/functions.php';
 include_once 'Varien/Autoload.php';
 
 Varien_Autoload::register();
 
+/** AUTOLOADER PATCH **/
+$autoloaderPath = getenv('COMPOSER_VENDOR_PATH');
+if (!$autoloaderPath) {
+    $autoloaderPath = dirname($bp) . $ds .  'vendor';
+    if (!is_dir($autoloaderPath)) {
+        $autoloaderPath = $bp . $ds . 'vendor';
+    }
+}
+require $autoloaderPath . $ds . 'autoload.php';
+/** AUTOLOADER PATCH **/
+
 $varDirectory = $bp . $ds . Mage_Core_Model_Config_Options::VAR_DIRECTORY;
 
 $configCacheFile = $varDirectory . $ds . 'resource_config.json';

diff --git a/phpstan.dist.baseline.neon b/phpstan.dist.baseline.neon
@@ -765,11 +765,6 @@ parameters:
 			count: 2
 			path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php
 
-		-
-			message: "#^Method Mage_Api_Model_Session\\:\\:isSessionExpired\\(\\) invoked with 0 parameters, 1 required\\.$#"
-			count: 1
-			path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php
-
 		-
 			message: "#^Result of method SoapServer\\:\\:handle\\(\\) \\(void\\) is used\\.$#"
 			count: 1