Fix #41929: Prevent HTML warnings in Joomla API response

Pull Request for Issue #41929.

Summary of Changes

This pull request addresses a critical issue in the CMSApplication::login method where the $authorisations variable is assumed to always be an array. If this assumption is violated (e.g., due to a plugin returning invalid data), it can cause runtime errors during iteration. Additionally, invalid authorisation objects were not being handled gracefully, leading to potential application crashes.

The following changes have been implemented:

1. Validation of $authorisations: Added a check to ensure $authorisations is an array before iterating over it. If it is not, a warning is logged, and $authorisations is set to an empty array to prevent further issues.
2. Validation of authorisation objects: Added a check to ensure each authorisation object has the required status property. If the object is invalid, a warning is logged.
3. Improved Logging: Added detailed log messages to help developers debug issues related to invalid data structures.
4. Stability Improvements: Ensured the application remains stable even when unexpected data structures are encountered.

These changes improve the robustness of the login process and prevent runtime errors caused by invalid data.

Testing Instructions

1. Setup a Test Environment:

   • Use a local Joomla CMS installation or a staging environment.
   • Ensure the CMSApplication class is being used in the application.

2. Simulate Login Scenarios:

   • Test with valid credentials to ensure the login process works as expected.
   • Test with invalid credentials to verify that the error handling works.
   • Simulate scenarios where $authorisations is not an array (e.g., by mocking the Authentication::authorise method to return invalid data).

3. Check Logs:

   • Verify that warnings are logged in the Joomla log files (logs/joomla.log.php) when $authorisations is invalid or when an invalid authorisation object is encountered.

Actual result BEFORE applying this Pull Request

• Runtime errors occur if $authorisations is not an array.
• Invalid authorisation objects are not handled gracefully, leading to potential application crashes.
• Debugging such issues is difficult due to the lack of detailed log messages.

Expected result AFTER applying this Pull Request

• The login process handles invalid $authorisations gracefully by logging warnings and defaulting to an empty array.
• Invalid authorisation objects are skipped, and warnings are logged for debugging purposes.
• The application remains stable even when unexpected data structures are encountered.

Link to documentations

Please select:

• No documentation changes for docs.joomla.org needed
• No documentation changes for manual.joomla.org needed

Pull Request Link: #41929: Prevent HTML warnings in Joomla API response