diff options
| author | VirtualTam <virtualtam@flibidi.net> | 2018-05-06 17:06:36 +0200 |
|---|---|---|
| committer | VirtualTam <virtualtam@flibidi.net> | 2018-06-02 16:46:06 +0200 |
| commit | c689e108639a4f6aa9e15928422e14db7cbe30ca (patch) | |
| tree | 4c118404cc33f2542c01787b638581ba02bbb8bb /application/security | |
| parent | 51f0128cdba52099c40693379e72f094b42a6f80 (diff) | |
| download | Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.tar.gz Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.tar.zst Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.zip | |
Refactor LoginManager stay-signed-in token management
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application/security')
| -rw-r--r-- | application/security/LoginManager.php | 37 | ||||
| -rw-r--r-- | application/security/SessionManager.php | 3 |
2 files changed, 33 insertions, 7 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 27247f3f..41fa9a20 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
| @@ -8,6 +8,9 @@ use Shaarli\Config\ConfigManager; | |||
| 8 | */ | 8 | */ |
| 9 | class LoginManager | 9 | class LoginManager |
| 10 | { | 10 | { |
| 11 | /** @var string Name of the cookie set after logging in **/ | ||
| 12 | public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn'; | ||
| 13 | |||
| 11 | /** @var array A reference to the $_GLOBALS array */ | 14 | /** @var array A reference to the $_GLOBALS array */ |
| 12 | protected $globals = []; | 15 | protected $globals = []; |
| 13 | 16 | ||
| @@ -26,6 +29,9 @@ class LoginManager | |||
| 26 | /** @var bool Whether the Shaarli instance is open to public edition **/ | 29 | /** @var bool Whether the Shaarli instance is open to public edition **/ |
| 27 | protected $openShaarli = false; | 30 | protected $openShaarli = false; |
| 28 | 31 | ||
| 32 | /** @var string User sign-in token depending on remote IP and credentials */ | ||
| 33 | protected $staySignedInToken = ''; | ||
| 34 | |||
| 29 | /** | 35 | /** |
| 30 | * Constructor | 36 | * Constructor |
| 31 | * | 37 | * |
| @@ -46,15 +52,38 @@ class LoginManager | |||
| 46 | } | 52 | } |
| 47 | 53 | ||
| 48 | /** | 54 | /** |
| 55 | * Generate a token depending on deployment salt, user password and client IP | ||
| 56 | * | ||
| 57 | * @param string $clientIpAddress The remote client IP address | ||
| 58 | */ | ||
| 59 | public function generateStaySignedInToken($clientIpAddress) | ||
| 60 | { | ||
| 61 | $this->staySignedInToken = sha1( | ||
| 62 | $this->configManager->get('credentials.hash') | ||
| 63 | . $clientIpAddress | ||
| 64 | . $this->configManager->get('credentials.salt') | ||
| 65 | ); | ||
| 66 | } | ||
| 67 | |||
| 68 | /** | ||
| 69 | * Return the user's client stay-signed-in token | ||
| 70 | * | ||
| 71 | * @return string User's client stay-signed-in token | ||
| 72 | */ | ||
| 73 | public function getStaySignedInToken() | ||
| 74 | { | ||
| 75 | return $this->staySignedInToken; | ||
| 76 | } | ||
| 77 | |||
| 78 | /** | ||
| 49 | * Check user session state and validity (expiration) | 79 | * Check user session state and validity (expiration) |
| 50 | * | 80 | * |
| 51 | * @param array $cookie The $_COOKIE array | 81 | * @param array $cookie The $_COOKIE array |
| 52 | * @param string $clientIpId Client IP address identifier | 82 | * @param string $clientIpId Client IP address identifier |
| 53 | * @param string $token Session token | ||
| 54 | * | 83 | * |
| 55 | * @return bool true if the user session is valid, false otherwise | 84 | * @return bool true if the user session is valid, false otherwise |
| 56 | */ | 85 | */ |
| 57 | public function checkLoginState($cookie, $clientIpId, $token) | 86 | public function checkLoginState($cookie, $clientIpId) |
| 58 | { | 87 | { |
| 59 | if (! $this->configManager->exists('credentials.login')) { | 88 | if (! $this->configManager->exists('credentials.login')) { |
| 60 | // Shaarli is not configured yet | 89 | // Shaarli is not configured yet |
| @@ -62,8 +91,8 @@ class LoginManager | |||
| 62 | return; | 91 | return; |
| 63 | } | 92 | } |
| 64 | 93 | ||
| 65 | if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE]) | 94 | if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE]) |
| 66 | && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token | 95 | && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken |
| 67 | ) { | 96 | ) { |
| 68 | $this->sessionManager->storeLoginInfo($clientIpId); | 97 | $this->sessionManager->storeLoginInfo($clientIpId); |
| 69 | $this->isLoggedIn = true; | 98 | $this->isLoggedIn = true; |
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 0dcd7f90..58973130 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php | |||
| @@ -14,9 +14,6 @@ class SessionManager | |||
| 14 | /** @var int Session expiration timeout, in seconds */ | 14 | /** @var int Session expiration timeout, in seconds */ |
| 15 | public static $LONG_TIMEOUT = 31536000; // 1 year | 15 | public static $LONG_TIMEOUT = 31536000; // 1 year |
| 16 | 16 | ||
| 17 | /** @var string Name of the cookie set after logging in **/ | ||
| 18 | public static $LOGGED_IN_COOKIE = 'shaarli_staySignedIn'; | ||
| 19 | |||
| 20 | /** @var array Local reference to the global $_SESSION array */ | 17 | /** @var array Local reference to the global $_SESSION array */ |
| 21 | protected $session = []; | 18 | protected $session = []; |
| 22 | 19 | ||