Nexcessnet_Turpentine_Helper_Varnish::getSecretHandshake() - Code Metrics - nexcess/magento-turpentine - Measure and Improve Code Quality continuously with Scrutinizer

getSecretHandshake() A
last analyzed 2018-10-30 17:49 UTC

↳ Parent: Nexcessnet_Turpentine_Helper_Varnish

Complexity

Conditions	1
Paths	1

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	16
rs	9.7333
c	0
b	0
f	0
cc	1
nc	1
nop	0

<?php

/**
 * Nexcess.net Turpentine Extension for Magento
 * Copyright (C) 2012  Nexcess.net L.L.C.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

class Nexcessnet_Turpentine_Helper_Varnish extends Mage_Core_Helper_Abstract {

    const MAGE_CACHE_NAME = 'turpentine_pages';

    /**
     * Get whether Varnish caching is enabled or not
     *
     * @return bool
     */
    public function getVarnishEnabled() {
        return Mage::app()->useCache($this->getMageCacheName());
    }

    /**
     * Get whether Varnish debugging is enabled or not
     *
     * @return bool
     */
    public function getVarnishDebugEnabled() {
        return (bool) Mage::getStoreConfig(
            'turpentine_varnish/general/varnish_debug' );
    }

    /**
     * Check if the request passed through Varnish (has the correct secret
     * handshake header)
     *
     * @return boolean
     */
    public function isRequestFromVarnish() {
        return $this->getSecretHandshake() ==
            Mage::app()->getRequest()->getHeader('X-Turpentine-Secret-Handshake');
    }

    /**
     * Check if Varnish should be used for this request
     *
     * @return bool
     */
    public function shouldResponseUseVarnish() {
        return $this->getVarnishEnabled() && $this->isRequestFromVarnish();
    }

    /**
     * Get the secret handshake value
     *
     * @return string
     */
    public function getSecretHandshake() {
        return '1';
        /**
         * If we use the below code for the secret handshake, it will make the
         * secret handshake not-forgable but will break multistore setups that
         * don't share the same encryption key, which it turns out is a common
         * use case, even though it is kind of a hack and really shouldn't be
         * done. Fortunately forging the secret handshake shouldn't really be
         * a security vulnerability since it won't show any information that
         * wouldn't be available anyways (like debug headers), it would just
         * cause ESI injection despite the request not passing through Varnish
         * for ESI parsing/handling.
         */
        // return Mage::helper( 'turpentine/data' )->secureHash(
        //     Mage::getStoreConfig( 'turpentine_varnish/servers/auth_key' ) );
    }

    /**
     * Get a Varnish management socket
     *
     * @param  string $host           [description]
     * @param  string|int $port           [description]
     * @param  string $secretKey [description]
     * @param  string $version   [description]
     * @return Nexcessnet_Turpentine_Model_Varnish_Admin_Socket
     */
    public function getSocket($host, $port, $secretKey = null, $version = null) {
        $socket = Mage::getModel('turpentine/varnish_admin_socket',
            array('host' => $host, 'port' => $port));
        if ($secretKey) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $socket->setAuthSecret($secretKey);
        }
        if ($version) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $socket->setVersion($version);
        }
        return $socket;
    }

    /**
     * Get management sockets for all the configured Varnish servers
     *
     * @return array
     */
    public function getSockets() {
        $sockets = array();
        $servers = Mage::helper('turpentine/data')->cleanExplode(PHP_EOL,
            Mage::getStoreConfig('turpentine_varnish/servers/server_list'));
        $key = str_replace('\n', PHP_EOL,
            Mage::getStoreConfig('turpentine_varnish/servers/auth_key'));
        $version = Mage::getStoreConfig('turpentine_varnish/servers/version');
        if ($version == 'auto') {
            $version = null;
        }
        foreach ($servers as $server) {
            $parts = explode(':', $server);
            $sockets[] = $this->getSocket($parts[0], $parts[1], $key, $version);
        }
        return $sockets;
    }

    /**
     * Get the cache type Magento uses
     *
     * @return string
     */
    public function getMageCacheName() {
        return self::MAGE_CACHE_NAME;
    }

    /**
     * Get the configured default object TTL
     *
     * @return string
     */
    public function getDefaultTtl() {
        return Mage::getStoreConfig('turpentine_vcl/ttls/default_ttl');
    }

    /**
     * Check if the product list toolbar fix is enabled and we're not in the
     * admin section
     *
     * @return bool
     */
    public function shouldFixProductListToolbar() {
        return Mage::helper('turpentine/data')->useProductListToolbarFix() &&
            Mage::app()->getStore()->getCode() !== 'admin';
    }

    /**
     * Check if the Varnish bypass is enabled
     *
     * @return boolean
     */
    public function isBypassEnabled() {
        $cookieName = Mage::helper('turpentine/data')->getBypassCookieName();
        $cookieValue = Mage::getModel('core/cookie')->get($cookieName);

        return $cookieValue === $this->getSecretHandshake();
    }

    /**
     * Check if the notification about the Varnish bypass must be displayed
     *
     * @return boolean
     */
    public function shouldDisplayNotice() {
        return $this->getVarnishEnabled() && $this->isBypassEnabled();
    }

    public function getFormKeyFixupActionsList() {
        $data = Mage::getStoreConfig(
            'turpentine_varnish/miscellaneous/formkey_fixup_actions' );
        $actions = array_filter(explode(PHP_EOL, trim($data)));
        return $actions;
    }

    /**
     * Check if this is a version of Magento that needs the form_key fix.
     * Relevant versions are:
     *
     *     CE 1.8+
     *     EE 1.13+
     *
     * @return bool
     */
    public function csrfFixupNeeded() {
        $result = false;
        $isEnterprise = false; // ce
        if (method_exists('Mage', 'getEdition')) {
            if (Mage::getEdition() === Mage::EDITION_ENTERPRISE) {
                $isEnterprise = true;
            }
        } else {
            if (Mage::getConfig()->getModuleConfig('Enterprise_Enterprise')) {
                $isEnterprise = true;
            }
        }
        if ($isEnterprise) {
            if (version_compare(Mage::getVersion(), '1.13', '>=')) {
                $result = true;
            }
        } else {
            if (version_compare(Mage::getVersion(), '1.8', '>=')) {
                $result = true;
            }
        }
        return $result;
    }
}


1			<?php
2
3			/**
4			* Nexcess.net Turpentine Extension for Magento
5			* Copyright (C) 2012 Nexcess.net L.L.C.
6			*
7			* This program is free software; you can redistribute it and/or modify
8			* it under the terms of the GNU General Public License as published by
9			* the Free Software Foundation; either version 2 of the License, or
10			* (at your option) any later version.
11			*
12			* This program is distributed in the hope that it will be useful,
13			* but WITHOUT ANY WARRANTY; without even the implied warranty of
14			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			* GNU General Public License for more details.
16			*
17			* You should have received a copy of the GNU General Public License along
18			* with this program; if not, write to the Free Software Foundation, Inc.,
19			* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20			*/
21
22			class Nexcessnet_Turpentine_Helper_Varnish extends Mage_Core_Helper_Abstract {
23
24			const MAGE_CACHE_NAME = 'turpentine_pages';
25
26			/**
27			* Get whether Varnish caching is enabled or not
28			*
29			* @return bool
30			*/
31			public function getVarnishEnabled() {
32			return Mage::app()->useCache($this->getMageCacheName());
33			}
34
35			/**
36			* Get whether Varnish debugging is enabled or not
37			*
38			* @return bool
39			*/
40			public function getVarnishDebugEnabled() {
41			return (bool) Mage::getStoreConfig(
42			'turpentine_varnish/general/varnish_debug' );
43			}
44
45			/**
46			* Check if the request passed through Varnish (has the correct secret
47			* handshake header)
48			*
49			* @return boolean
50			*/
51			public function isRequestFromVarnish() {
52			return $this->getSecretHandshake() ==
53			Mage::app()->getRequest()->getHeader('X-Turpentine-Secret-Handshake');
54			}
55
56			/**
57			* Check if Varnish should be used for this request
58			*
59			* @return bool
60			*/
61			public function shouldResponseUseVarnish() {
62			return $this->getVarnishEnabled() && $this->isRequestFromVarnish();
63			}
64
65			/**
66			* Get the secret handshake value
67			*
68			* @return string
69			*/
70			public function getSecretHandshake() {
71			return '1';
72			/**
73			* If we use the below code for the secret handshake, it will make the
74			* secret handshake not-forgable but will break multistore setups that
75			* don't share the same encryption key, which it turns out is a common
76			* use case, even though it is kind of a hack and really shouldn't be
77			* done. Fortunately forging the secret handshake shouldn't really be
78			* a security vulnerability since it won't show any information that
79			* wouldn't be available anyways (like debug headers), it would just
80			* cause ESI injection despite the request not passing through Varnish
81			* for ESI parsing/handling.
82			*/
83			// return Mage::helper( 'turpentine/data' )->secureHash(
84			// Mage::getStoreConfig( 'turpentine_varnish/servers/auth_key' ) );
85			}
86
87			/**
88			* Get a Varnish management socket
89			*
90			* @param string $host [description]
91			* @param string\|int $port [description]
92			* @param string $secretKey [description]
93			* @param string $version [description]
94			* @return Nexcessnet_Turpentine_Model_Varnish_Admin_Socket
95			*/
96			public function getSocket($host, $port, $secretKey = null, $version = null) {
97			$socket = Mage::getModel('turpentine/varnish_admin_socket',
98			array('host' => $host, 'port' => $port));
99			if ($secretKey) {
			0 ignored issues – show Bug Best Practice introduced 2015-11-25 14:59 UTC by Report Bug Copy Issue Report The expression `$secretKey` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
100			$socket->setAuthSecret($secretKey);
101			}
102			if ($version) {
			0 ignored issues – show Bug Best Practice introduced 2015-11-25 14:59 UTC by Report Bug Copy Issue Report The expression `$version` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
103			$socket->setVersion($version);
104			}
105			return $socket;
106			}
107
108			/**
109			* Get management sockets for all the configured Varnish servers
110			*
111			* @return array
112			*/
113			public function getSockets() {
114			$sockets = array();
115			$servers = Mage::helper('turpentine/data')->cleanExplode(PHP_EOL,
116			Mage::getStoreConfig('turpentine_varnish/servers/server_list'));
117			$key = str_replace('\n', PHP_EOL,
118			Mage::getStoreConfig('turpentine_varnish/servers/auth_key'));
119			$version = Mage::getStoreConfig('turpentine_varnish/servers/version');
120			if ($version == 'auto') {
121			$version = null;
122			}
123			foreach ($servers as $server) {
124			$parts = explode(':', $server);
125			$sockets[] = $this->getSocket($parts[0], $parts[1], $key, $version);
126			}
127			return $sockets;
128			}
129
130			/**
131			* Get the cache type Magento uses
132			*
133			* @return string
134			*/
135			public function getMageCacheName() {
136			return self::MAGE_CACHE_NAME;
137			}
138
139			/**
140			* Get the configured default object TTL
141			*
142			* @return string
143			*/
144			public function getDefaultTtl() {
145			return Mage::getStoreConfig('turpentine_vcl/ttls/default_ttl');
146			}
147
148			/**
149			* Check if the product list toolbar fix is enabled and we're not in the
150			* admin section
151			*
152			* @return bool
153			*/
154			public function shouldFixProductListToolbar() {
155			return Mage::helper('turpentine/data')->useProductListToolbarFix() &&
156			Mage::app()->getStore()->getCode() !== 'admin';
157			}
158
159			/**
160			* Check if the Varnish bypass is enabled
161			*
162			* @return boolean
163			*/
164			public function isBypassEnabled() {
165			$cookieName = Mage::helper('turpentine/data')->getBypassCookieName();
166			$cookieValue = Mage::getModel('core/cookie')->get($cookieName);
167
168			return $cookieValue === $this->getSecretHandshake();
169			}
170
171			/**
172			* Check if the notification about the Varnish bypass must be displayed
173			*
174			* @return boolean
175			*/
176			public function shouldDisplayNotice() {
177			return $this->getVarnishEnabled() && $this->isBypassEnabled();
178			}
179
180			public function getFormKeyFixupActionsList() {
181			$data = Mage::getStoreConfig(
182			'turpentine_varnish/miscellaneous/formkey_fixup_actions' );
183			$actions = array_filter(explode(PHP_EOL, trim($data)));
184			return $actions;
185			}
186
187			/**
188			* Check if this is a version of Magento that needs the form_key fix.
189			* Relevant versions are:
190			*
191			* CE 1.8+
192			* EE 1.13+
193			*
194			* @return bool
195			*/
196			public function csrfFixupNeeded() {
197			$result = false;
198			$isEnterprise = false; // ce
199			if (method_exists('Mage', 'getEdition')) {
200			if (Mage::getEdition() === Mage::EDITION_ENTERPRISE) {
201			$isEnterprise = true;
202			}
203			} else {
204			if (Mage::getConfig()->getModuleConfig('Enterprise_Enterprise')) {
205			$isEnterprise = true;
206			}
207			}
208			if ($isEnterprise) {
209			if (version_compare(Mage::getVersion(), '1.13', '>=')) {
210			$result = true;
211			}
212			} else {
213			if (version_compare(Mage::getVersion(), '1.8', '>=')) {
214			$result = true;
215			}
216			}
217			return $result;
218			}
219			}
220

nexcess / magento-turpentine

getSecretHandshake() A last analyzed 2018-10-30 17:49 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

getSecretHandshake() A
last analyzed 2018-10-30 17:49 UTC