refactor: simplified session usage in controllers

Author: thorsten

phpmyfaq/src/phpMyFAQ/Controller/AbstractController.php

@@ -35,6 +35,7 @@
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
 use Twig\Error\LoaderError;
 use Twig\Extension\ExtensionInterface;
@@ -57,6 +58,8 @@ abstract class AbstractController
 
     protected ?CurrentUser $currentUser = null;
 
+    protected ?SessionInterface $session = null;
+
     /** @var ExtensionInterface[] */
     private array $twigExtensions = [];
 
@@ -66,14 +69,15 @@ abstract class AbstractController
     /**
      * Check if the FAQ should be secured.
      *
-     * @throws Exception
      * @throws \Exception
      */
     public function __construct()
     {
         $this->container = $this->createContainer();
         $this->configuration = $this->container->get(id: 'phpmyfaq.configuration');
         $this->currentUser = $this->container->get(id: 'phpmyfaq.user.current_user');
+        $this->session = $this->container->get(id: 'session');
+
         TwigWrapper::setTemplateSetName($this->configuration->getTemplateSet());
         $this->isSecured();
     }

phpmyfaq/src/phpMyFAQ/Controller/Administration/AbstractAdministrationController.php

@@ -45,8 +45,6 @@ protected function getHeader(Request $request): array
         $adminHelper = $this->container->get(id: 'phpmyfaq.admin.helper');
         $adminHelper->setUser($this->currentUser);
 
-        $session = $this->container->get(id: 'session');
-
         $secLevelEntries = $this->getSecondLevelEntries($adminHelper);
         $pageFlags = $this->getPageFlags($request);
         $gravatarImage = $this->getGravatarImage();
@@ -71,7 +69,7 @@ protected function getHeader(Request $request): array
             'hasGravatarSupport' => $this->configuration->get(item: 'main.enableGravatarSupport'),
             'gravatarImage' => $gravatarImage,
             'msgChangePassword' => Translation::get(key: 'ad_menu_passwd'),
-            'csrfTokenLogout' => Token::getInstance($session)->getTokenString('admin-logout'),
+            'csrfTokenLogout' => Token::getInstance($this->session)->getTokenString('admin-logout'),
             'msgLogout' => Translation::get(key: 'admin_mainmenu_logout'),
             'secondLevelEntries' => $secLevelEntries,
             'menuUsers' => Translation::get(key: 'admin_mainmenu_users'),

phpmyfaq/src/phpMyFAQ/Controller/Administration/AdminLogController.php

@@ -46,7 +46,6 @@ public function index(Request $request): Response
         $this->userHasPermission(PermissionType::STATISTICS_ADMINLOG);
 
         $adminLog = $this->container->get(id: 'phpmyfaq.admin.admin-log');
-        $session = $this->container->get(id: 'session');
 
         $itemsPerPage = 15;
         $page = Filter::filterVar($request->attributes->get('page'), FILTER_VALIDATE_INT, 1);
@@ -72,7 +71,7 @@ public function index(Request $request): Response
             ...$this->getFooter(),
             'headerAdminLog' => Translation::get(key: 'ad_menu_adminlog'),
             'buttonDeleteAdminLog' => Translation::get(key: 'ad_adminlog_del_older_30d'),
-            'csrfDeleteAdminLogToken' => Token::getInstance($session)->getTokenString('delete-adminlog'),
+            'csrfDeleteAdminLogToken' => Token::getInstance($this->session)->getTokenString('delete-adminlog'),
             'currentLocale' => $this->configuration->getLanguage()->getLanguage(),
             'pagination' => $pagination->render(),
             'msgId' => Translation::get(key: 'ad_categ_id'),

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/AttachmentController.php

@@ -45,10 +45,7 @@ public function delete(Request $request): JsonResponse
 
         $deleteData = json_decode($request->getContent());
         try {
-            if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
-                'delete-attachment',
-                $deleteData->csrf,
-            )) {
+            if (!Token::getInstance($this->session)->verifyToken('delete-attachment', $deleteData->csrf)) {
                 return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
             }
 
@@ -78,10 +75,7 @@ public function refresh(Request $request): JsonResponse
 
         $dataToCheck = json_decode($request->getContent());
         try {
-            if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
-                'refresh-attachment',
-                $dataToCheck->csrf,
-            )) {
+            if (!Token::getInstance($this->session)->verifyToken('refresh-attachment', $dataToCheck->csrf)) {
                 return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
             }
 

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/CategoryController.php

@@ -47,7 +47,7 @@ public function delete(Request $request): JsonResponse
 
         $data = json_decode($request->getContent());
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken('category', $data->csrfToken)) {
+        if (!Token::getInstance($this->session)->verifyToken('category', $data->csrfToken)) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 
@@ -140,7 +140,7 @@ public function updateOrder(Request $request): JsonResponse
 
         $data = json_decode($request->getContent());
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken('category', $data->csrfToken)) {
+        if (!Token::getInstance($this->session)->verifyToken('category', $data->csrfToken)) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/CommentController.php

@@ -40,10 +40,7 @@ public function delete(Request $request): JsonResponse
 
         $data = json_decode($request->getContent());
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
-            'delete-comment',
-            $data->data->{'pmf-csrf-token'},
-        )) {
+        if (!Token::getInstance($this->session)->verifyToken('delete-comment', $data->data->{'pmf-csrf-token'})) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/ConfigurationController.php

@@ -46,7 +46,7 @@ public function sendTestMail(Request $request): JsonResponse
 
         $data = json_decode($request->getContent());
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken('configuration', $data->csrf)) {
+        if (!Token::getInstance($this->session)->verifyToken('configuration', $data->csrf)) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 
@@ -76,11 +76,9 @@ public function activateMaintenanceMode(Request $request): JsonResponse
     {
         $this->userHasPermission(PermissionType::CONFIGURATION_EDIT);
 
-        $session = $this->container->get(id: 'session');
-
         $data = json_decode($request->getContent());
 
-        if (!Token::getInstance($session)->verifyToken('activate-maintenance-mode', $data->csrf)) {
+        if (!Token::getInstance($this->session)->verifyToken('activate-maintenance-mode', $data->csrf)) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/ConfigurationTabController.php

@@ -94,10 +94,7 @@ public function save(Request $request): JsonResponse
 
         $oldConfigurationData = $this->configuration->getAll();
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
-            page: 'configuration',
-            requestToken: $csrfToken,
-        )) {
+        if (!Token::getInstance($this->session)->verifyToken(page: 'configuration', requestToken: $csrfToken)) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/ExportController.php

@@ -80,10 +80,7 @@ public function exportReport(Request $request): Response
         $this->userHasPermission(PermissionType::REPORTS);
 
         $data = json_decode($request->getContent())->data;
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
-            'create-report',
-            $data->{'pmf-csrf-token'},
-        )) {
+        if (!Token::getInstance($this->session)->verifyToken('create-report', $data->{'pmf-csrf-token'})) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/FaqController.php

@@ -82,7 +82,7 @@ public function create(Request $request): JsonResponse
 
         $data = json_decode($request->getContent())->data;
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
+        if (!Token::getInstance($this->session)->verifyToken(
             page: 'pmf-csrf-token',
             requestToken: $data->{'pmf-csrf-token'},
         )) {
@@ -289,7 +289,7 @@ public function update(Request $request): JsonResponse
 
         $data = json_decode($request->getContent())->data;
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
+        if (!Token::getInstance($this->session)->verifyToken(
             page: 'pmf-csrf-token',
             requestToken: $data->{'pmf-csrf-token'},
         )) {
@@ -538,10 +538,7 @@ public function activate(Request $request): JsonResponse
         $faqLanguage = Filter::filterVar($data->faqLanguage, FILTER_SANITIZE_SPECIAL_CHARS);
         $checked = Filter::filterVar($data->checked, FILTER_VALIDATE_BOOLEAN);
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
-            page: 'pmf-csrf-token',
-            requestToken: $data->csrf,
-        )) {
+        if (!Token::getInstance($this->session)->verifyToken(page: 'pmf-csrf-token', requestToken: $data->csrf)) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 
@@ -581,10 +578,7 @@ public function sticky(Request $request): JsonResponse
         $faqLanguage = Filter::filterVar($data->faqLanguage, FILTER_SANITIZE_SPECIAL_CHARS);
         $checked = Filter::filterVar($data->checked, FILTER_VALIDATE_BOOLEAN);
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
-            page: 'pmf-csrf-token',
-            requestToken: $data->csrf,
-        )) {
+        if (!Token::getInstance($this->session)->verifyToken(page: 'pmf-csrf-token', requestToken: $data->csrf)) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 
@@ -625,10 +619,7 @@ public function delete(Request $request): JsonResponse
         $faqId = Filter::filterVar($data->faqId, FILTER_VALIDATE_INT);
         $faqLanguage = Filter::filterVar($data->faqLanguage, FILTER_SANITIZE_SPECIAL_CHARS);
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
-            page: 'pmf-csrf-token',
-            requestToken: $data->csrf,
-        )) {
+        if (!Token::getInstance($this->session)->verifyToken(page: 'pmf-csrf-token', requestToken: $data->csrf)) {
             return $this->json([
                 'error' => 'CSRF Token - ' . Translation::get(key: 'msgNoPermission'),
             ], Response::HTTP_UNAUTHORIZED);
@@ -656,10 +647,7 @@ public function search(Request $request): JsonResponse
 
         $data = json_decode($request->getContent());
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
-            page: 'pmf-csrf-token',
-            requestToken: $data->csrf,
-        )) {
+        if (!Token::getInstance($this->session)->verifyToken(page: 'pmf-csrf-token', requestToken: $data->csrf)) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 
@@ -695,10 +683,7 @@ public function saveOrderOfStickyFaqs(Request $request): JsonResponse
 
         $data = json_decode($request->getContent());
 
-        if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
-            page: 'order-stickyfaqs',
-            requestToken: $data->csrf,
-        )) {
+        if (!Token::getInstance($this->session)->verifyToken(page: 'order-stickyfaqs', requestToken: $data->csrf)) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 
@@ -716,14 +701,12 @@ public function import(Request $request): JsonResponse
     {
         $this->userHasPermission(PermissionType::FAQ_ADD);
 
-        $session = $this->container->get(id: 'session');
-
         $file = $request->files->get(key: 'file');
         if (!isset($file)) {
             return $this->json(['error' => 'Bad request: There is no file submitted.'], Response::HTTP_BAD_REQUEST);
         }
 
-        if (!Token::getInstance($session)->verifyToken(
+        if (!Token::getInstance($this->session)->verifyToken(
             page: 'importfaqs',
             requestToken: $request->attributes->get(key: 'csrf'),
         )) {