X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2Fsecurity%2FLoginManager.php;h=0f3154835d734d74c035f169035d9d684b50dcfb;hb=f211e417bf637b8a83988175c29ee072c69f7642;hp=27247f3f1fd9ac97581e220be54091400dfe91fb;hpb=51f0128cdba52099c40693379e72f094b42a6f80;p=github%2Fshaarli%2FShaarli.git

diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index 27247f3f..0f315483 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -8,6 +8,9 @@ use Shaarli\Config\ConfigManager;
  */
 class LoginManager
 {
+    /** @var string Name of the cookie set after logging in **/
+    public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn';
+
     /** @var array A reference to the $_GLOBALS array */
     protected $globals = [];
 
@@ -26,6 +29,9 @@ class LoginManager
     /** @var bool Whether the Shaarli instance is open to public edition **/
     protected $openShaarli = false;
 
+    /** @var string User sign-in token depending on remote IP and credentials */
+    protected $staySignedInToken = '';
+
     /**
      * Constructor
      *
@@ -40,21 +46,42 @@ class LoginManager
         $this->sessionManager = $sessionManager;
         $this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php');
         $this->readBanFile();
-        if ($this->configManager->get('security.open_shaarli')) {
+        if ($this->configManager->get('security.open_shaarli') === true) {
             $this->openShaarli = true;
         }
     }
 
+    /**
+     * Generate a token depending on deployment salt, user password and client IP
+     *
+     * @param string $clientIpAddress The remote client IP address
+     */
+    public function generateStaySignedInToken($clientIpAddress)
+    {
+        $this->staySignedInToken = sha1(
+            $this->configManager->get('credentials.hash')
+            . $clientIpAddress
+            . $this->configManager->get('credentials.salt')
+        );
+    }
+
+    /**
+     * Return the user's client stay-signed-in token
+     *
+     * @return string User's client stay-signed-in token
+     */
+    public function getStaySignedInToken()
+    {
+        return $this->staySignedInToken;
+    }
+
     /**
      * Check user session state and validity (expiration)
      *
      * @param array  $cookie     The $_COOKIE array
      * @param string $clientIpId Client IP address identifier
-     * @param string $token      Session token
-     *
-     * @return bool true if the user session is valid, false otherwise
      */
-    public function checkLoginState($cookie, $clientIpId, $token)
+    public function checkLoginState($cookie, $clientIpId)
     {
         if (! $this->configManager->exists('credentials.login')) {
             // Shaarli is not configured yet
@@ -62,14 +89,13 @@ class LoginManager
             return;
         }
 
-        if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
-            && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
+        if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE])
+            && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken
         ) {
+            // The user client has a valid stay-signed-in cookie
+            // Session information is updated with the current client information
             $this->sessionManager->storeLoginInfo($clientIpId);
-            $this->isLoggedIn = true;
-        }
-
-        if ($this->sessionManager->hasSessionExpired()
+        } elseif ($this->sessionManager->hasSessionExpired()
             || $this->sessionManager->hasClientIpChanged($clientIpId)
         ) {
             $this->sessionManager->logout();
@@ -77,6 +103,7 @@ class LoginManager
             return;
         }
 
+        $this->isLoggedIn = true;
         $this->sessionManager->extendSession();
     }