aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/security/LoginManager.php
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-05-06 17:06:36 +0200
committerVirtualTam <virtualtam@flibidi.net>2018-06-02 16:46:06 +0200
commitc689e108639a4f6aa9e15928422e14db7cbe30ca (patch)
tree4c118404cc33f2542c01787b638581ba02bbb8bb /application/security/LoginManager.php
parent51f0128cdba52099c40693379e72f094b42a6f80 (diff)
downloadShaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.tar.gz
Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.tar.zst
Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.zip
Refactor LoginManager stay-signed-in token management
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application/security/LoginManager.php')
-rw-r--r--application/security/LoginManager.php37
1 files changed, 33 insertions, 4 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index 27247f3f..41fa9a20 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -8,6 +8,9 @@ use Shaarli\Config\ConfigManager;
8 */ 8 */
9class LoginManager 9class LoginManager
10{ 10{
11 /** @var string Name of the cookie set after logging in **/
12 public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn';
13
11 /** @var array A reference to the $_GLOBALS array */ 14 /** @var array A reference to the $_GLOBALS array */
12 protected $globals = []; 15 protected $globals = [];
13 16
@@ -26,6 +29,9 @@ class LoginManager
26 /** @var bool Whether the Shaarli instance is open to public edition **/ 29 /** @var bool Whether the Shaarli instance is open to public edition **/
27 protected $openShaarli = false; 30 protected $openShaarli = false;
28 31
32 /** @var string User sign-in token depending on remote IP and credentials */
33 protected $staySignedInToken = '';
34
29 /** 35 /**
30 * Constructor 36 * Constructor
31 * 37 *
@@ -46,15 +52,38 @@ class LoginManager
46 } 52 }
47 53
48 /** 54 /**
55 * Generate a token depending on deployment salt, user password and client IP
56 *
57 * @param string $clientIpAddress The remote client IP address
58 */
59 public function generateStaySignedInToken($clientIpAddress)
60 {
61 $this->staySignedInToken = sha1(
62 $this->configManager->get('credentials.hash')
63 . $clientIpAddress
64 . $this->configManager->get('credentials.salt')
65 );
66 }
67
68 /**
69 * Return the user's client stay-signed-in token
70 *
71 * @return string User's client stay-signed-in token
72 */
73 public function getStaySignedInToken()
74 {
75 return $this->staySignedInToken;
76 }
77
78 /**
49 * Check user session state and validity (expiration) 79 * Check user session state and validity (expiration)
50 * 80 *
51 * @param array $cookie The $_COOKIE array 81 * @param array $cookie The $_COOKIE array
52 * @param string $clientIpId Client IP address identifier 82 * @param string $clientIpId Client IP address identifier
53 * @param string $token Session token
54 * 83 *
55 * @return bool true if the user session is valid, false otherwise 84 * @return bool true if the user session is valid, false otherwise
56 */ 85 */
57 public function checkLoginState($cookie, $clientIpId, $token) 86 public function checkLoginState($cookie, $clientIpId)
58 { 87 {
59 if (! $this->configManager->exists('credentials.login')) { 88 if (! $this->configManager->exists('credentials.login')) {
60 // Shaarli is not configured yet 89 // Shaarli is not configured yet
@@ -62,8 +91,8 @@ class LoginManager
62 return; 91 return;
63 } 92 }
64 93
65 if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE]) 94 if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE])
66 && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token 95 && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken
67 ) { 96 ) {
68 $this->sessionManager->storeLoginInfo($clientIpId); 97 $this->sessionManager->storeLoginInfo($clientIpId);
69 $this->isLoggedIn = true; 98 $this->isLoggedIn = true;