All settings are now stored in config.php

Isolate functions related to config in Config.php + add unit tests + code_sniffer.

options.php is not supported anymore, but its content will be automatically saved into config.php

Fixes #shaarli/Shaarli#41

*TODO*: update [documentation](https://github.com/shaarli/Shaarli/wiki#configuration).
This commit is contained in:
ArthurHoaro 2015-06-29 12:23:00 +02:00
parent eee711c0a8
commit dd484b90b1
3 changed files with 362 additions and 38 deletions

129
application/Config.php Executable file
View file

@ -0,0 +1,129 @@
<?php
/**
* Functions related to configuration management.
*/
/**
* Re-write configuration file according to given array.
* Requires mandatory fields listed in $MANDATORY_FIELDS.
*
* @param array $config contains all configuration fields.
* @param bool $isLoggedIn true if user is logged in.
*
* @return void
*
* @throws MissingFieldConfigException: a mandatory field has not been provided in $config.
* @throws UnauthorizedConfigException: user is not authorize to change configuration.
* @throws Exception: an error occured while writing the new config file.
*/
function writeConfig($config, $isLoggedIn)
{
// These fields are required in configuration.
$MANDATORY_FIELDS = [
'login', 'hash', 'salt', 'timezone', 'title', 'titleLink',
'redirector', 'disablesessionprotection', 'privateLinkByDefault'
];
if (!isset($config['config']['CONFIG_FILE'])) {
throw new MissingFieldConfigException('CONFIG_FILE');
}
// Only logged in user can alter config.
if (is_file($config['config']['CONFIG_FILE']) && !$isLoggedIn) {
throw new UnauthorizedConfigException();
}
// Check that all mandatory fields are provided in $config.
foreach ($MANDATORY_FIELDS as $field) {
if (!isset($config[$field])) {
throw new MissingFieldConfigException($field);
}
}
$configStr = '<?php '. PHP_EOL;
$configStr .= '$GLOBALS[\'login\'] = '.var_export($config['login'], true).';'. PHP_EOL;
$configStr .= '$GLOBALS[\'hash\'] = '.var_export($config['hash'], true).';'. PHP_EOL;
$configStr .= '$GLOBALS[\'salt\'] = '.var_export($config['salt'], true).'; '. PHP_EOL;
$configStr .= '$GLOBALS[\'timezone\'] = '.var_export($config['timezone'], true).';'. PHP_EOL;
$configStr .= 'date_default_timezone_set('.var_export($config['timezone'], true).');'. PHP_EOL;
$configStr .= '$GLOBALS[\'title\'] = '.var_export($config['title'], true).';'. PHP_EOL;
$configStr .= '$GLOBALS[\'titleLink\'] = '.var_export($config['titleLink'], true).'; '. PHP_EOL;
$configStr .= '$GLOBALS[\'redirector\'] = '.var_export($config['redirector'], true).'; '. PHP_EOL;
$configStr .= '$GLOBALS[\'disablesessionprotection\'] = '.var_export($config['disablesessionprotection'], true).'; '. PHP_EOL;
$configStr .= '$GLOBALS[\'privateLinkByDefault\'] = '.var_export($config['privateLinkByDefault'], true).'; '. PHP_EOL;
// Store all $config['config']
foreach ($config['config'] as $key => $value) {
$configStr .= '$GLOBALS[\'config\'][\''. $key .'\'] = '.var_export($config['config'][$key], true).';'. PHP_EOL;
}
$configStr .= '?>';
if (!file_put_contents($config['config']['CONFIG_FILE'], $configStr)
|| strcmp(file_get_contents($config['config']['CONFIG_FILE']), $configStr) != 0
) {
throw new Exception(
'Shaarli could not create the config file.
Please make sure Shaarli has the right to write in the folder is it installed in.'
);
}
}
/**
* Milestone 0.9 - shaarli/Shaarli#41: options.php is not supported anymore.
* ==> if user is loggedIn, merge its content with config.php, then delete options.php.
*
* @param array $config contains all configuration fields.
* @param bool $isLoggedIn true if user is logged in.
*
* @return void
*/
function mergeDeprecatedConfig($config, $isLoggedIn)
{
$config_file = $config['config']['CONFIG_FILE'];
if (is_file($config['config']['DATADIR'].'/options.php') && $isLoggedIn) {
include $config['config']['DATADIR'].'/options.php';
// Load GLOBALS into config
foreach ($GLOBALS as $key => $value) {
$config[$key] = $value;
}
$config['config']['CONFIG_FILE'] = $config_file;
writeConfig($config, $isLoggedIn);
unlink($config['config']['DATADIR'].'/options.php');
}
}
/**
* Exception used if a mandatory field is missing in given configuration.
*/
class MissingFieldConfigException extends Exception
{
public $field;
/**
* Construct exception.
*
* @param string $field field name missing.
*/
public function __construct($field)
{
$this->field = $field;
$this->message = 'Configuration value is required for '. $this->field;
}
}
/**
* Exception used if an unauthorized attempt to edit configuration has been made.
*/
class UnauthorizedConfigException extends Exception
{
/**
* Construct exception.
*/
public function __construct()
{
$this->message = 'You are not authorized to alter config.';
}
}

View file

@ -11,7 +11,8 @@
date_default_timezone_set('UTC'); date_default_timezone_set('UTC');
// ----------------------------------------------------------------------------------------------- // -----------------------------------------------------------------------------------------------
// Hardcoded parameter (These parameters can be overwritten by creating the file /data/options.php) // Hardcoded parameter (These parameters can be overwritten by editing the file /data/config.php)
// You should not touch any code below (or at your own risks!)
$GLOBALS['config']['DATADIR'] = 'data'; // Data subdirectory $GLOBALS['config']['DATADIR'] = 'data'; // Data subdirectory
$GLOBALS['config']['CONFIG_FILE'] = $GLOBALS['config']['DATADIR'].'/config.php'; // Configuration file (user login/password) $GLOBALS['config']['CONFIG_FILE'] = $GLOBALS['config']['DATADIR'].'/config.php'; // Configuration file (user login/password)
$GLOBALS['config']['DATASTORE'] = $GLOBALS['config']['DATADIR'].'/datastore.php'; // Data storage file. $GLOBALS['config']['DATASTORE'] = $GLOBALS['config']['DATADIR'].'/datastore.php'; // Data storage file.
@ -36,10 +37,6 @@
$GLOBALS['config']['ENABLE_RSS_PERMALINKS'] = true; // Enable RSS permalinks by default. This corresponds to the default behavior of shaarli before this was added as an option. $GLOBALS['config']['ENABLE_RSS_PERMALINKS'] = true; // Enable RSS permalinks by default. This corresponds to the default behavior of shaarli before this was added as an option.
$GLOBALS['config']['HIDE_PUBLIC_LINKS'] = false; $GLOBALS['config']['HIDE_PUBLIC_LINKS'] = false;
// ----------------------------------------------------------------------------------------------- // -----------------------------------------------------------------------------------------------
// You should not touch below (or at your own risks!)
// Optional config file.
if (is_file($GLOBALS['config']['DATADIR'].'/options.php')) require($GLOBALS['config']['DATADIR'].'/options.php');
define('shaarli_version','0.0.45beta'); define('shaarli_version','0.0.45beta');
// http://server.com/x/shaarli --> /shaarli/ // http://server.com/x/shaarli --> /shaarli/
define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0))); define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
@ -69,6 +66,7 @@
// Shaarli library // Shaarli library
require_once 'application/LinkDB.php'; require_once 'application/LinkDB.php';
require_once 'application/Utils.php'; require_once 'application/Utils.php';
require_once 'application/Config.php';
include "inc/rain.tpl.class.php"; //include Rain TPL include "inc/rain.tpl.class.php"; //include Rain TPL
raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory
@ -100,7 +98,6 @@ function stripslashes_deep($value) { $value = is_array($value) ? array_map('stri
if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']=''; if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
if (empty($GLOBALS['disablejquery'])) $GLOBALS['disablejquery']=false;
if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false; if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false;
if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?'; if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?';
// I really need to rewrite Shaarli with a proper configuation manager. // I really need to rewrite Shaarli with a proper configuation manager.
@ -1214,7 +1211,19 @@ function renderPage()
// Save new password // Save new password
$GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
$GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
writeConfig(); try {
writeConfig($GLOBALS, isLoggedIn());
}
catch(Exception $e) {
error_log(
'ERROR while writing config file after changing password.' . PHP_EOL .
$e->getMessage()
);
// TODO: do not handle exceptions/errors in JS.
echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>';
exit;
}
echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>';
exit; exit;
} }
@ -1243,12 +1252,23 @@ function renderPage()
$GLOBALS['titleLink']=$_POST['titleLink']; $GLOBALS['titleLink']=$_POST['titleLink'];
$GLOBALS['redirector']=$_POST['redirector']; $GLOBALS['redirector']=$_POST['redirector'];
$GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']); $GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']);
$GLOBALS['disablejquery']=!empty($_POST['disablejquery']);
$GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']); $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']);
$GLOBALS['config']['ENABLE_RSS_PERMALINKS']= !empty($_POST['enableRssPermalinks']); $GLOBALS['config']['ENABLE_RSS_PERMALINKS']= !empty($_POST['enableRssPermalinks']);
$GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
$GLOBALS['config']['HIDE_PUBLIC_LINKS'] = !empty($_POST['hidePublicLinks']); $GLOBALS['config']['HIDE_PUBLIC_LINKS'] = !empty($_POST['hidePublicLinks']);
writeConfig(); try {
writeConfig($GLOBALS, isLoggedIn());
}
catch(Exception $e) {
error_log(
'ERROR while writing config file after configuration update.' . PHP_EOL .
$e->getMessage()
);
// TODO: do not handle exceptions/errors in JS.
echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>';
exit;
}
echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>'; echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
exit; exit;
} }
@ -2007,7 +2027,19 @@ function install()
$GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
$GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(indexUrl()) : $_POST['title'] ); $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(indexUrl()) : $_POST['title'] );
$GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
writeConfig(); try {
writeConfig($GLOBALS, isLoggedIn());
}
catch(Exception $e) {
error_log(
'ERROR while writing config file after installation.' . PHP_EOL .
$e->getMessage()
);
// TODO: do not handle exceptions/errors in JS.
echo '<script>alert("'. $e->getMessage() .'");document.location=\'?\';</script>';
exit;
}
echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>'; echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>';
exit; exit;
} }
@ -2121,30 +2153,7 @@ function json_encode($data) {
} }
} }
// Re-write configuration file according to globals.
// Requires some $GLOBALS to be set (login,hash,salt,title).
// If the config file cannot be saved, an error message is displayed and the user is redirected to "Tools" menu.
// (otherwise, the function simply returns.)
function writeConfig()
{
if (is_file($GLOBALS['config']['CONFIG_FILE']) && !isLoggedIn()) die('You are not authorized to alter config.'); // Only logged in user can alter config.
$config='<?php $GLOBALS[\'login\']='.var_export($GLOBALS['login'],true).'; $GLOBALS[\'hash\']='.var_export($GLOBALS['hash'],true).'; $GLOBALS[\'salt\']='.var_export($GLOBALS['salt'],true).'; ';
$config .='$GLOBALS[\'timezone\']='.var_export($GLOBALS['timezone'],true).'; date_default_timezone_set('.var_export($GLOBALS['timezone'],true).'); $GLOBALS[\'title\']='.var_export($GLOBALS['title'],true).';';
$config .= '$GLOBALS[\'titleLink\']='.var_export($GLOBALS['titleLink'],true).'; ';
$config .= '$GLOBALS[\'redirector\']='.var_export($GLOBALS['redirector'],true).'; ';
$config .= '$GLOBALS[\'disablesessionprotection\']='.var_export($GLOBALS['disablesessionprotection'],true).'; ';
$config .= '$GLOBALS[\'disablejquery\']='.var_export($GLOBALS['disablejquery'],true).'; ';
$config .= '$GLOBALS[\'privateLinkByDefault\']='.var_export($GLOBALS['privateLinkByDefault'],true).'; ';
$config .= '$GLOBALS[\'config\'][\'ENABLE_RSS_PERMALINKS\']='.var_export($GLOBALS['config']['ENABLE_RSS_PERMALINKS'], true).'; ';
$config .= '$GLOBALS[\'config\'][\'ENABLE_UPDATECHECK\']='.var_export($GLOBALS['config']['ENABLE_UPDATECHECK'], true).'; ';
$config .= '$GLOBALS[\'config\'][\'HIDE_PUBLIC_LINKS\']='.var_export($GLOBALS['config']['HIDE_PUBLIC_LINKS'], true).'; ';
$config .= ' ?>';
if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0)
{
echo '<script>alert("Shaarli could not create the config file. Please make sure Shaarli has the right to write in the folder is it installed in.");document.location=\'?\';</script>';
exit;
}
}
/* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL, /* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL,
I have deported the thumbnail URL code generation here, otherwise this would slow down page generation. I have deported the thumbnail URL code generation here, otherwise this would slow down page generation.
@ -2373,6 +2382,15 @@ function invalidateCaches()
pageCache::purgeCache(); // Purge page cache shared by sessions. pageCache::purgeCache(); // Purge page cache shared by sessions.
} }
try {
mergeDeprecatedConfig($GLOBALS, isLoggedIn());
} catch(Exception $e) {
error_log(
'ERROR while merging deprecated options.php file.' . PHP_EOL .
$e->getMessage()
);
}
if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database. if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database.
if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=rss')) { showRSS(); exit; } if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=rss')) { showRSS(); exit; }
if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=atom')) { showATOM(); exit; } if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=atom')) { showATOM(); exit; }

177
tests/ConfigTest.php Executable file
View file

@ -0,0 +1,177 @@
<?php
/**
* Config' tests
*/
require_once 'application/Config.php';
/**
* Unitary tests for Shaarli config related functions
*/
class ConfigTest extends PHPUnit_Framework_TestCase
{
// Configuration input set.
private static $_configFields;
/**
* Executed before each test.
*/
public function setUp()
{
self::$_configFields = [
'login' => 'login',
'hash' => 'hash',
'salt' => 'salt',
'timezone' => 'Europe/Paris',
'title' => 'title',
'titleLink' => 'titleLink',
'redirector' => '',
'disablesessionprotection' => false,
'privateLinkByDefault' => false,
'config' => [
'CONFIG_FILE' => 'tests/config.php',
'DATADIR' => 'tests',
'config1' => 'config1data',
'config2' => 'config2data',
]
];
}
/**
* Executed after each test.
*
* @return void
*/
public function tearDown()
{
if (is_file(self::$_configFields['config']['CONFIG_FILE'])) {
unlink(self::$_configFields['config']['CONFIG_FILE']);
}
}
/**
* Test writeConfig function, valid use case, while being logged in.
*/
public function testWriteConfig()
{
writeConfig(self::$_configFields, true);
include self::$_configFields['config']['CONFIG_FILE'];
$this->assertEquals(self::$_configFields['login'], $GLOBALS['login']);
$this->assertEquals(self::$_configFields['hash'], $GLOBALS['hash']);
$this->assertEquals(self::$_configFields['salt'], $GLOBALS['salt']);
$this->assertEquals(self::$_configFields['timezone'], $GLOBALS['timezone']);
$this->assertEquals(self::$_configFields['title'], $GLOBALS['title']);
$this->assertEquals(self::$_configFields['titleLink'], $GLOBALS['titleLink']);
$this->assertEquals(self::$_configFields['redirector'], $GLOBALS['redirector']);
$this->assertEquals(self::$_configFields['disablesessionprotection'], $GLOBALS['disablesessionprotection']);
$this->assertEquals(self::$_configFields['privateLinkByDefault'], $GLOBALS['privateLinkByDefault']);
$this->assertEquals(self::$_configFields['config']['config1'], $GLOBALS['config']['config1']);
$this->assertEquals(self::$_configFields['config']['config2'], $GLOBALS['config']['config2']);
}
/**
* Test writeConfig option while logged in:
* 1. init fields.
* 2. update fields, add new sub config, add new root config.
* 3. rewrite config.
* 4. check result.
*/
public function testWriteConfigFieldUpdate()
{
writeConfig(self::$_configFields, true);
self::$_configFields['title'] = 'ok';
self::$_configFields['config']['config1'] = 'ok';
self::$_configFields['config']['config_new'] = 'ok';
self::$_configFields['new'] = 'should not be saved';
writeConfig(self::$_configFields, true);
include self::$_configFields['config']['CONFIG_FILE'];
$this->assertEquals('ok', $GLOBALS['title']);
$this->assertEquals('ok', $GLOBALS['config']['config1']);
$this->assertEquals('ok', $GLOBALS['config']['config_new']);
$this->assertFalse(isset($GLOBALS['new']));
}
/**
* Test writeConfig function with an empty array.
*
* @expectedException MissingFieldConfigException
*/
public function testWriteConfigEmpty()
{
writeConfig(array(), true);
}
/**
* Test writeConfig function with a missing mandatory field.
*
* @expectedException MissingFieldConfigException
*/
public function testWriteConfigMissingField()
{
unset(self::$_configFields['login']);
writeConfig(self::$_configFields, true);
}
/**
* Test writeConfig function while being logged out, and there is no config file existing.
*/
public function testWriteConfigLoggedOutNoFile()
{
writeConfig(self::$_configFields, false);
}
/**
* Test writeConfig function while being logged out, and a config file already exists.
*
* @expectedException UnauthorizedConfigException
*/
public function testWriteConfigLoggedOutWithFile()
{
file_put_contents(self::$_configFields['config']['CONFIG_FILE'], '');
writeConfig(self::$_configFields, false);
}
/**
* Test mergeDeprecatedConfig while being logged in:
* 1. init a config file.
* 2. init a options.php file with update value.
* 3. merge.
* 4. check updated value in config file.
*/
public function testMergeDeprecatedConfig()
{
// init
writeConfig(self::$_configFields, true);
$configCopy = self::$_configFields;
$invert = !$configCopy['privateLinkByDefault'];
$configCopy['privateLinkByDefault'] = $invert;
// Use writeConfig to create a options.php
$configCopy['config']['CONFIG_FILE'] = 'tests/options.php';
writeConfig($configCopy, true);
$this->assertTrue(is_file($configCopy['config']['CONFIG_FILE']));
// merge configs
mergeDeprecatedConfig(self::$_configFields, true);
// make sure updated field is changed
include self::$_configFields['config']['CONFIG_FILE'];
$this->assertEquals($invert, $GLOBALS['privateLinkByDefault']);
$this->assertFalse(is_file($configCopy['config']['CONFIG_FILE']));
}
/**
* Test mergeDeprecatedConfig while being logged in without options file.
*/
public function testMergeDeprecatedConfigNoFile()
{
writeConfig(self::$_configFields, true);
mergeDeprecatedConfig(self::$_configFields, true);
include self::$_configFields['config']['CONFIG_FILE'];
$this->assertEquals(self::$_configFields['login'], $GLOBALS['login']);
}
}