diff options
author | VirtualTam <virtualtam@flibidi.net> | 2018-05-06 17:06:36 +0200 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2018-06-02 16:46:06 +0200 |
commit | c689e108639a4f6aa9e15928422e14db7cbe30ca (patch) | |
tree | 4c118404cc33f2542c01787b638581ba02bbb8bb /application/security/LoginManager.php | |
parent | 51f0128cdba52099c40693379e72f094b42a6f80 (diff) | |
download | Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.tar.gz Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.tar.zst Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.zip |
Refactor LoginManager stay-signed-in token management
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application/security/LoginManager.php')
-rw-r--r-- | application/security/LoginManager.php | 37 |
1 files changed, 33 insertions, 4 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 27247f3f..41fa9a20 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
@@ -8,6 +8,9 @@ use Shaarli\Config\ConfigManager; | |||
8 | */ | 8 | */ |
9 | class LoginManager | 9 | class LoginManager |
10 | { | 10 | { |
11 | /** @var string Name of the cookie set after logging in **/ | ||
12 | public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn'; | ||
13 | |||
11 | /** @var array A reference to the $_GLOBALS array */ | 14 | /** @var array A reference to the $_GLOBALS array */ |
12 | protected $globals = []; | 15 | protected $globals = []; |
13 | 16 | ||
@@ -26,6 +29,9 @@ class LoginManager | |||
26 | /** @var bool Whether the Shaarli instance is open to public edition **/ | 29 | /** @var bool Whether the Shaarli instance is open to public edition **/ |
27 | protected $openShaarli = false; | 30 | protected $openShaarli = false; |
28 | 31 | ||
32 | /** @var string User sign-in token depending on remote IP and credentials */ | ||
33 | protected $staySignedInToken = ''; | ||
34 | |||
29 | /** | 35 | /** |
30 | * Constructor | 36 | * Constructor |
31 | * | 37 | * |
@@ -46,15 +52,38 @@ class LoginManager | |||
46 | } | 52 | } |
47 | 53 | ||
48 | /** | 54 | /** |
55 | * Generate a token depending on deployment salt, user password and client IP | ||
56 | * | ||
57 | * @param string $clientIpAddress The remote client IP address | ||
58 | */ | ||
59 | public function generateStaySignedInToken($clientIpAddress) | ||
60 | { | ||
61 | $this->staySignedInToken = sha1( | ||
62 | $this->configManager->get('credentials.hash') | ||
63 | . $clientIpAddress | ||
64 | . $this->configManager->get('credentials.salt') | ||
65 | ); | ||
66 | } | ||
67 | |||
68 | /** | ||
69 | * Return the user's client stay-signed-in token | ||
70 | * | ||
71 | * @return string User's client stay-signed-in token | ||
72 | */ | ||
73 | public function getStaySignedInToken() | ||
74 | { | ||
75 | return $this->staySignedInToken; | ||
76 | } | ||
77 | |||
78 | /** | ||
49 | * Check user session state and validity (expiration) | 79 | * Check user session state and validity (expiration) |
50 | * | 80 | * |
51 | * @param array $cookie The $_COOKIE array | 81 | * @param array $cookie The $_COOKIE array |
52 | * @param string $clientIpId Client IP address identifier | 82 | * @param string $clientIpId Client IP address identifier |
53 | * @param string $token Session token | ||
54 | * | 83 | * |
55 | * @return bool true if the user session is valid, false otherwise | 84 | * @return bool true if the user session is valid, false otherwise |
56 | */ | 85 | */ |
57 | public function checkLoginState($cookie, $clientIpId, $token) | 86 | public function checkLoginState($cookie, $clientIpId) |
58 | { | 87 | { |
59 | if (! $this->configManager->exists('credentials.login')) { | 88 | if (! $this->configManager->exists('credentials.login')) { |
60 | // Shaarli is not configured yet | 89 | // Shaarli is not configured yet |
@@ -62,8 +91,8 @@ class LoginManager | |||
62 | return; | 91 | return; |
63 | } | 92 | } |
64 | 93 | ||
65 | if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE]) | 94 | if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE]) |
66 | && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token | 95 | && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken |
67 | ) { | 96 | ) { |
68 | $this->sessionManager->storeLoginInfo($clientIpId); | 97 | $this->sessionManager->storeLoginInfo($clientIpId); |
69 | $this->isLoggedIn = true; | 98 | $this->isLoggedIn = true; |