Refresh the token after the login
This commit is contained in:
Sergio Brighenti
parent
12063d4542
commit
f82841259d
4 changed files with 43 additions and 34 deletions
|
|
@ -38,10 +38,10 @@ abstract class Controller
|
|||
/**
|
||||
* @param $name
|
||||
*
|
||||
* @throws DependencyException
|
||||
* @return mixed|null
|
||||
* @throws NotFoundException
|
||||
*
|
||||
* @return mixed|null
|
||||
* @throws DependencyException
|
||||
*/
|
||||
public function __get($name)
|
||||
{
|
||||
|
|
@ -74,14 +74,14 @@ abstract class Controller
|
|||
}
|
||||
|
||||
/**
|
||||
* @param Request $request
|
||||
* @param Request $request
|
||||
* @param $id
|
||||
* @param bool $authorize
|
||||
*
|
||||
* @throws HttpNotFoundException
|
||||
* @throws HttpUnauthorizedException
|
||||
* @param bool $authorize
|
||||
*
|
||||
* @return mixed
|
||||
* @throws HttpUnauthorizedException
|
||||
*
|
||||
* @throws HttpNotFoundException
|
||||
*/
|
||||
protected function getUser(Request $request, $id, $authorize = false)
|
||||
{
|
||||
|
|
@ -97,4 +97,33 @@ abstract class Controller
|
|||
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $userId
|
||||
* @throws \Exception
|
||||
*/
|
||||
protected function refreshRememberCookie($userId)
|
||||
{
|
||||
$selector = bin2hex(random_bytes(8));
|
||||
$token = bin2hex(random_bytes(32));
|
||||
$expire = time() + 604800; // a week
|
||||
|
||||
$this->database->query('UPDATE `users` SET `remember_selector`=?, `remember_token`=?, `remember_expire`=? WHERE `id`=?', [
|
||||
$selector,
|
||||
password_hash($token, PASSWORD_DEFAULT),
|
||||
date('Y-m-d\TH:i:s', $expire),
|
||||
$userId,
|
||||
]);
|
||||
|
||||
// Workaround for php <= 7.3
|
||||
if (PHP_VERSION_ID < 70300) {
|
||||
setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Lax', '', false, true);
|
||||
} else {
|
||||
setcookie('remember', "{$selector}:{$token}", [
|
||||
'expires' => $expire,
|
||||
'httponly' => true,
|
||||
'samesite' => 'Lax',
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,19 +40,16 @@ class LoginController extends Controller
|
|||
|
||||
if (!$result || !password_verify(param($request, 'password'), $result->password)) {
|
||||
$this->session->alert(lang('bad_login'), 'danger');
|
||||
|
||||
return redirect($response, route('login'));
|
||||
}
|
||||
|
||||
if (isset($this->config['maintenance']) && $this->config['maintenance'] && !$result->is_admin) {
|
||||
$this->session->alert(lang('maintenance_in_progress'), 'info');
|
||||
|
||||
return redirect($response, route('login'));
|
||||
}
|
||||
|
||||
if (!$result->active) {
|
||||
$this->session->alert(lang('account_disabled'), 'danger');
|
||||
|
||||
return redirect($response, route('login'));
|
||||
}
|
||||
|
||||
|
|
@ -66,27 +63,7 @@ class LoginController extends Controller
|
|||
$this->logger->info("User $result->username logged in.");
|
||||
|
||||
if (param($request, 'remember') === 'on') {
|
||||
$selector = bin2hex(random_bytes(8));
|
||||
$token = bin2hex(random_bytes(32));
|
||||
$expire = time() + 604800; // a week
|
||||
|
||||
$this->database->query('UPDATE `users` SET `remember_selector`=?, `remember_token`=?, `remember_expire`=? WHERE `id`=?', [
|
||||
$selector,
|
||||
password_hash($token, PASSWORD_DEFAULT),
|
||||
date('Y-m-d\TH:i:s', $expire),
|
||||
$result->id,
|
||||
]);
|
||||
|
||||
// Workaround for php <= 7.3
|
||||
if (PHP_VERSION_ID < 70300) {
|
||||
setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Lax', '', false, true);
|
||||
} else {
|
||||
setcookie('remember', "{$selector}:{$token}", [
|
||||
'expires' => $expire,
|
||||
'httponly' => true,
|
||||
'samesite' => 'Lax',
|
||||
]);
|
||||
}
|
||||
$this->refreshRememberCookie($result->id);
|
||||
}
|
||||
|
||||
if ($this->session->has('redirectTo')) {
|
||||
|
|
|
|||
|
|
@ -9,10 +9,11 @@ use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
|
|||
class RememberMiddleware extends Middleware
|
||||
{
|
||||
/**
|
||||
* @param Request $request
|
||||
* @param RequestHandler $handler
|
||||
* @param Request $request
|
||||
* @param RequestHandler $handler
|
||||
*
|
||||
* @return Response
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function __invoke(Request $request, RequestHandler $handler)
|
||||
{
|
||||
|
|
@ -30,6 +31,8 @@ class RememberMiddleware extends Middleware
|
|||
$this->session->set('admin', $result->is_admin);
|
||||
$this->session->set('used_space', humanFileSize($this->getUsedSpaceByUser($result->id)));
|
||||
}
|
||||
|
||||
$this->refreshRememberCookie($result->id);
|
||||
}
|
||||
|
||||
return $handler->handle($request);
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ class Session
|
|||
]);
|
||||
|
||||
if (!$started) {
|
||||
throw new Exception("Cannot start the HTTP session. That the session path '{$path}' is writable and your PHP settings.");
|
||||
throw new Exception("Cannot start the HTTP session. The session path '{$path}' is not writable.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue