refactor: moved session to abstract controller (#3834)

Author: thorsten

phpmyfaq/src/phpMyFAQ/Controller/AbstractController.php

@@ -35,6 +35,8 @@
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\Session\Session;
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
 use Twig\Error\LoaderError;
 use Twig\Extension\ExtensionInterface;
@@ -57,6 +59,8 @@ abstract class AbstractController
 
     protected ?CurrentUser $currentUser = null;
 
+    protected ?SessionInterface $session = null;
+
     /** @var ExtensionInterface[] */
     private array $twigExtensions = [];
 
@@ -66,14 +70,14 @@ abstract class AbstractController
     /**
      * Check if the FAQ should be secured.
      *
-     * @throws Exception
      * @throws \Exception
      */
     public function __construct()
     {
         $this->container = $this->createContainer();
         $this->configuration = $this->container->get(id: 'phpmyfaq.configuration');
         $this->currentUser = $this->container->get(id: 'phpmyfaq.user.current_user');
+        $this->session = $this->container->get(id: 'session');
         TwigWrapper::setTemplateSetName($this->configuration->getTemplateSet());
         $this->isSecured();
     }

phpmyfaq/src/phpMyFAQ/Controller/Administration/AbstractAdministrationController.php

@@ -45,8 +45,6 @@ protected function getHeader(Request $request): array
         $adminHelper = $this->container->get(id: 'phpmyfaq.admin.helper');
         $adminHelper->setUser($this->currentUser);
 
-        $session = $this->container->get(id: 'session');
-
         $secLevelEntries = $this->getSecondLevelEntries($adminHelper);
         $pageFlags = $this->getPageFlags($request);
         $gravatarImage = $this->getGravatarImage();
@@ -71,7 +69,7 @@ protected function getHeader(Request $request): array
             'hasGravatarSupport' => $this->configuration->get(item: 'main.enableGravatarSupport'),
             'gravatarImage' => $gravatarImage,
             'msgChangePassword' => Translation::get(key: 'ad_menu_passwd'),
-            'csrfTokenLogout' => Token::getInstance($session)->getTokenString('admin-logout'),
+            'csrfTokenLogout' => Token::getInstance($this->session)->getTokenString('admin-logout'),
             'msgLogout' => Translation::get(key: 'admin_mainmenu_logout'),
             'secondLevelEntries' => $secLevelEntries,
             'menuUsers' => Translation::get(key: 'admin_mainmenu_users'),

phpmyfaq/src/phpMyFAQ/Controller/Administration/AdminLogController.php

@@ -46,7 +46,6 @@ public function index(Request $request): Response
         $this->userHasPermission(PermissionType::STATISTICS_ADMINLOG);
 
         $adminLog = $this->container->get(id: 'phpmyfaq.admin.admin-log');
-        $session = $this->container->get(id: 'session');
 
         $itemsPerPage = 15;
         $page = Filter::filterVar($request->attributes->get('page'), FILTER_VALIDATE_INT, 1);
@@ -72,7 +71,7 @@ public function index(Request $request): Response
             ...$this->getFooter(),
             'headerAdminLog' => Translation::get(key: 'ad_menu_adminlog'),
             'buttonDeleteAdminLog' => Translation::get(key: 'ad_adminlog_del_older_30d'),
-            'csrfDeleteAdminLogToken' => Token::getInstance($session)->getTokenString('delete-adminlog'),
+            'csrfDeleteAdminLogToken' => Token::getInstance($this->session)->getTokenString('delete-adminlog'),
             'currentLocale' => $this->configuration->getLanguage()->getLanguage(),
             'pagination' => $pagination->render(),
             'msgId' => Translation::get(key: 'ad_categ_id'),

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/ConfigurationController.php

@@ -76,11 +76,9 @@ public function activateMaintenanceMode(Request $request): JsonResponse
     {
         $this->userHasPermission(PermissionType::CONFIGURATION_EDIT);
 
-        $session = $this->container->get(id: 'session');
-
         $data = json_decode($request->getContent());
 
-        if (!Token::getInstance($session)->verifyToken('activate-maintenance-mode', $data->csrf)) {
+        if (!Token::getInstance($this->session)->verifyToken('activate-maintenance-mode', $data->csrf)) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/FaqController.php

@@ -51,7 +51,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
-use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Routing\Attribute\Route;
 
 final class FaqController extends AbstractController
 {
@@ -716,14 +716,12 @@ public function import(Request $request): JsonResponse
     {
         $this->userHasPermission(PermissionType::FAQ_ADD);
 
-        $session = $this->container->get(id: 'session');
-
         $file = $request->files->get(key: 'file');
         if (!isset($file)) {
             return $this->json(['error' => 'Bad request: There is no file submitted.'], Response::HTTP_BAD_REQUEST);
         }
 
-        if (!Token::getInstance($session)->verifyToken(
+        if (!Token::getInstance($this->session)->verifyToken(
             page: 'importfaqs',
             requestToken: $request->attributes->get(key: 'csrf'),
         )) {

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/ImageController.php

@@ -40,13 +40,11 @@ public function upload(Request $request): JsonResponse
     {
         $this->userHasPermission(PermissionType::FAQ_EDIT);
 
-        $session = $this->container->get(id: 'session');
-
         $uploadDir = PMF_CONTENT_DIR . '/user/images/';
         $validFileExtensions = ['gif', 'jpg', 'jpeg', 'png', 'webp', 'svg', 'mov', 'mp4', 'webm'];
         $timestamp = time();
 
-        if (!Token::getInstance($session)->verifyToken('pmf-csrf-token', $request->query->get('csrf'))) {
+        if (!Token::getInstance($this->session)->verifyToken('pmf-csrf-token', $request->query->get('csrf'))) {
             return $this->json([
                 'success' => false,
                 'data' => ['code' => Response::HTTP_UNAUTHORIZED],

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/QuestionController.php

@@ -72,12 +72,11 @@ public function toggle(Request $request): JsonResponse
     {
         $this->userHasPermission(PermissionType::QUESTION_ADD);
 
-        $session = $this->container->get(id: 'session');
         $question = $this->container->get(id: 'phpmyfaq.question');
 
         $data = json_decode($request->getContent());
 
-        if (!Token::getInstance($session)->verifyToken('toggle-question-visibility', $data->csrfToken)) {
+        if (!Token::getInstance($this->session)->verifyToken('toggle-question-visibility', $data->csrfToken)) {
             return $this->json(['error' => Translation::get(key: 'msgNoPermission')], Response::HTTP_UNAUTHORIZED);
         }
 

phpmyfaq/src/phpMyFAQ/Controller/Administration/AttachmentsController.php

@@ -47,7 +47,6 @@ public function index(Request $request): Response
         $page = Filter::filterVar($request->query->get('page'), FILTER_VALIDATE_INT);
         $page = max(1, $page);
 
-        $session = $this->container->get(id: 'session');
         $collection = $this->container->get(id: 'phpmyfaq.attachment-collection');
 
         $itemsPerPage = 24;
@@ -72,8 +71,8 @@ public function index(Request $request): Response
             'adminMsgTransToolLanguage' => Translation::get(key: 'msgTransToolLanguage'),
             'adminMsgAttachmentsFilesize' => Translation::get(key: 'msgAttachmentsFilesize'),
             'adminMsgAttachmentsMimeType' => Translation::get(key: 'msgAttachmentsMimeType'),
-            'csrfTokenDeletion' => Token::getInstance($session)->getTokenString('delete-attachment'),
-            'csrfTokenRefresh' => Token::getInstance($session)->getTokenString('refresh-attachment'),
+            'csrfTokenDeletion' => Token::getInstance($this->session)->getTokenString('delete-attachment'),
+            'csrfTokenRefresh' => Token::getInstance($this->session)->getTokenString('refresh-attachment'),
             'attachments' => $crumbs,
             'adminMsgButtonDelete' => Translation::get(key: 'ad_gen_delete'),
             'adminMsgFaqTitle' => Translation::get(key: 'ad_entry_faq_record'),

phpmyfaq/src/phpMyFAQ/Controller/Administration/CategoryController.php

@@ -60,7 +60,6 @@ public function index(Request $request): Response
 
         $categoryInfo = $category->getAllCategories();
 
-        $session = $this->container->get(id: 'session');
         $categoryOrder = $this->container->get(id: 'phpmyfaq.category.order');
         $orderedCategories = $categoryOrder->getAllCategories();
         $categoryTree = $categoryOrder->getCategoryTree($orderedCategories);
@@ -73,7 +72,7 @@ public function index(Request $request): Response
         return $this->render(file: '@admin/content/category.overview.twig', context: [
             ...$this->getHeader($request),
             ...$this->getFooter(),
-            'csrfTokenInput' => Token::getInstance($session)->getTokenInput(page: 'category'),
+            'csrfTokenInput' => Token::getInstance($this->session)->getTokenInput(page: 'category'),
             'categoryTree' => $categoryTree,
             'categoryInfo' => $categoryInfo,
         ]);
@@ -97,13 +96,11 @@ public function add(Request $request): Response
         $category->setLanguage($this->configuration->getLanguage()->getLanguage());
         $category->loadCategories();
 
-        $session = $this->container->get(id: 'session');
-
         return $this->render(file: '@admin/content/category.add.twig', context: [
             ...$this->getHeader($request),
             ...$this->getFooter(),
             ...$this->getBaseTemplateVars(),
-            'csrfTokenInput' => Token::getInstance($session)->getTokenInput(page: 'save-category'),
+            'csrfTokenInput' => Token::getInstance($this->session)->getTokenInput(page: 'save-category'),
             'faqLangCode' => $this->configuration->getLanguage()->getLanguage(),
             'parentId' => 0,
         ]);
@@ -325,7 +322,6 @@ public function edit(Request $request): Response
             default: 0,
         );
 
-        $session = $this->container->get(id: 'session');
         $userHelper = $this->container->get(id: 'phpmyfaq.helper.user-helper');
         $categoryPermission = $this->container->get(id: 'phpmyfaq.category.permission');
 
@@ -390,7 +386,7 @@ public function edit(Request $request): Response
             'categoryId' => $categoryId,
             'categoryLanguage' => $categoryEntity->getLang(),
             'parentId' => $categoryEntity->getParentId(),
-            'csrfInputToken' => Token::getInstance($session)->getTokenInput(page: 'update-category'),
+            'csrfInputToken' => Token::getInstance($this->session)->getTokenInput(page: 'update-category'),
             'categoryImage' => $categoryEntity->getImage(),
             'categoryName' => $categoryEntity->getName(),
             'categoryDescription' => $categoryEntity->getDescription(),
@@ -490,8 +486,6 @@ public function translate(Request $request): Response
 
         [$currentAdminUser, $currentAdminGroups] = CurrentUser::getCurrentUserGroupId($this->currentUser);
 
-        $session = $this->container->get(id: 'session');
-
         $categoryPermission = new CategoryPermission($this->configuration);
         $userHelper = new UserHelper($this->currentUser);
 
@@ -529,7 +523,7 @@ public function translate(Request $request): Response
             'permLevel' => $this->configuration->get(item: 'security.permLevel'),
             'groupPermission' => $groupPermission[0] ?? -1,
             'userPermission' => $userPermission[0] ?? -1,
-            'csrfInputToken' => Token::getInstance($session)->getTokenInput(page: 'update-category'),
+            'csrfInputToken' => Token::getInstance($this->session)->getTokenInput(page: 'update-category'),
             'categoryNameLabel' => Translation::get(key: 'categoryNameLabel'),
             'ad_categ_lang' => Translation::get(key: 'ad_categ_lang'),
             'langToTranslate' => $langOptions, // deprecated in the future; generated from data service now
@@ -766,11 +760,10 @@ public function update(Request $request): Response
      */
     private function getBaseTemplateVars(): array
     {
-        $session = $this->container->get(id: 'session');
         $userHelper = $this->container->get(id: 'phpmyfaq.helper.user-helper');
 
         return [
-            'csrfTokenInput' => Token::getInstance($session)->getTokenInput(page: 'save-category'),
+            'csrfTokenInput' => Token::getInstance($this->session)->getTokenInput(page: 'save-category'),
             'userSelection' => $userHelper->getAllUsersForTemplate(),
             'permLevel' => $this->configuration->get(item: 'security.permLevel'),
             'msgAccessAllUsers' => Translation::get(key: 'msgAccessAllUsers'),

phpmyfaq/src/phpMyFAQ/Controller/Administration/FaqController.php

@@ -71,13 +71,12 @@ public function index(Request $request): Response
         $categoryRelation->setGroups($currentAdminGroups);
 
         $comments = $this->container->get(id: 'phpmyfaq.comments');
-        $sessions = $this->container->get(id: 'session');
 
         return $this->render('@admin/content/faq.overview.twig', [
             ...$this->getHeader($request),
             ...$this->getFooter(),
-            'csrfTokenSearch' => Token::getInstance($sessions)->getTokenInput('pmf-csrf-token'),
-            'csrfTokenOverview' => Token::getInstance($sessions)->getTokenString('pmf-csrf-token'),
+            'csrfTokenSearch' => Token::getInstance($this->session)->getTokenInput('pmf-csrf-token'),
+            'csrfTokenOverview' => Token::getInstance($this->session)->getTokenString('pmf-csrf-token'),
             'categories' => $category->getCategoryTree(),
             'numberOfRecords' => $categoryRelation->getNumberOfFaqsPerCategory(),
             'numberOfComments' => $comments->getNumberOfCommentsByCategory(),
@@ -602,8 +601,7 @@ public function answer(Request $request): Response
      */
     private function getBaseTemplateVars(): array
     {
-        $session = $this->container->get(id: 'session');
-        $token = Token::getInstance($session);
+        $token = Token::getInstance($this->session);
 
         $canAddAttachments = $this->currentUser->perm->hasPermission(
             $this->currentUser->getUserId(),