diff --git a/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php b/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php index 78e3eb1f909..5ad0ad18ad8 100644 --- a/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php +++ b/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php @@ -87,6 +87,21 @@ protected function _startSession($sessionId = null) return $this; } + /** + * Allow insta-login via HTTP Basic Auth + * + * @param string $sessionId + * @return $this + */ + protected function _instaLogin(&$sessionId) + { + if ($sessionId === null && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { + $this->_getSession()->setIsInstaLogin(); + $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); + } + return $this; + } + /** * Check current user permission on resource and privilege * @@ -100,16 +115,6 @@ protected function _isAllowed($resource, $privilege = null) return $this->_getSession()->isAllowed($resource, $privilege); } - /** - * Check session expiration - * - * @return bool - */ - protected function _isSessionExpired() - { - return $this->_getSession()->isSessionExpired(); - } - /** * Dispatch webservice fault * @@ -225,11 +230,8 @@ public function login($username, $apiKey = null) */ public function call($sessionId, $apiPath, $args = []) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -313,11 +315,8 @@ public function call($sessionId, $apiPath, $args = []) */ public function multiCall($sessionId, array $calls = [], $options = []) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -445,11 +444,8 @@ public function multiCall($sessionId, array $calls = [], $options = []) */ public function resources($sessionId) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -513,11 +509,8 @@ public function resources($sessionId) */ public function resourceFaults($sessionId, $resourceName) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -553,11 +546,8 @@ public function resourceFaults($sessionId, $resourceName) */ public function globalFaults($sessionId) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); return array_values($this->_getConfig()->getFaults()); } diff --git a/app/code/core/Mage/Api/Model/Session.php b/app/code/core/Mage/Api/Model/Session.php index 07952339dcf..e91e6b71b02 100644 --- a/app/code/core/Mage/Api/Model/Session.php +++ b/app/code/core/Mage/Api/Model/Session.php @@ -96,6 +96,28 @@ public function clear() return true; } + /** + * Flag login as HTTP Basic Auth. + * + * @param bool $isInstaLogin + * @return $this + */ + public function setIsInstaLogin(bool $isInstaLogin = true) + { + $this->setData('is_insta_login', $isInstaLogin); + return $this; + } + + /** + * Is insta-login? + * + * @return bool + */ + public function getIsInstaLogin(): bool + { + return (bool) $this->getData('is_insta_login'); + } + /** * @param string $username * @param string $apiKey @@ -105,8 +127,15 @@ public function clear() public function login($username, $apiKey) { $user = Mage::getModel('api/user') - ->setSessid($this->getSessionId()) - ->login($username, $apiKey); + ->setSessid($this->getSessionId()); + if ($this->getIsInstaLogin() && $user->authenticate($username, $apiKey)) { + Mage::dispatchEvent('api_user_authenticated', [ + 'model' => $user, + 'api_key' => $apiKey, + ]); + } else { + $user->login($username, $apiKey); + } if ($user->getId() && $user->getIsActive() != '1') { Mage::throwException(Mage::helper('api')->__('Your account has been deactivated.')); diff --git a/phpstan.dist.baseline.neon b/phpstan.dist.baseline.neon index 44909be6289..8a1e7f903af 100644 --- a/phpstan.dist.baseline.neon +++ b/phpstan.dist.baseline.neon @@ -765,11 +765,6 @@ parameters: count: 2 path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php - - - message: "#^Method Mage_Api_Model_Session\\:\\:isSessionExpired\\(\\) invoked with 0 parameters, 1 required\\.$#" - count: 1 - path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php - - message: "#^Result of method SoapServer\\:\\:handle\\(\\) \\(void\\) is used\\.$#" count: 1