diff options
author | VirtualTam <virtualtam@flibidi.net> | 2018-04-27 23:17:38 +0200 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2018-06-02 16:46:06 +0200 |
commit | 51f0128cdba52099c40693379e72f094b42a6f80 (patch) | |
tree | 57f71dc7d38611aaf91e77703acfd7ffbd0ac7c1 /application | |
parent | fab87c2696b9d6a26310f1bfc024b018ca5184fe (diff) | |
download | Shaarli-51f0128cdba52099c40693379e72f094b42a6f80.tar.gz Shaarli-51f0128cdba52099c40693379e72f094b42a6f80.tar.zst Shaarli-51f0128cdba52099c40693379e72f094b42a6f80.zip |
Refactor session and cookie timeout control
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application')
-rw-r--r-- | application/security/LoginManager.php | 5 | ||||
-rw-r--r-- | application/security/SessionManager.php | 48 |
2 files changed, 39 insertions, 14 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index e7b9b21e..27247f3f 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
@@ -49,13 +49,12 @@ class LoginManager | |||
49 | * Check user session state and validity (expiration) | 49 | * Check user session state and validity (expiration) |
50 | * | 50 | * |
51 | * @param array $cookie The $_COOKIE array | 51 | * @param array $cookie The $_COOKIE array |
52 | * @param string $webPath Path on the server in which the cookie will be available on | ||
53 | * @param string $clientIpId Client IP address identifier | 52 | * @param string $clientIpId Client IP address identifier |
54 | * @param string $token Session token | 53 | * @param string $token Session token |
55 | * | 54 | * |
56 | * @return bool true if the user session is valid, false otherwise | 55 | * @return bool true if the user session is valid, false otherwise |
57 | */ | 56 | */ |
58 | public function checkLoginState($cookie, $webPath, $clientIpId, $token) | 57 | public function checkLoginState($cookie, $clientIpId, $token) |
59 | { | 58 | { |
60 | if (! $this->configManager->exists('credentials.login')) { | 59 | if (! $this->configManager->exists('credentials.login')) { |
61 | // Shaarli is not configured yet | 60 | // Shaarli is not configured yet |
@@ -73,7 +72,7 @@ class LoginManager | |||
73 | if ($this->sessionManager->hasSessionExpired() | 72 | if ($this->sessionManager->hasSessionExpired() |
74 | || $this->sessionManager->hasClientIpChanged($clientIpId) | 73 | || $this->sessionManager->hasClientIpChanged($clientIpId) |
75 | ) { | 74 | ) { |
76 | $this->sessionManager->logout($webPath); | 75 | $this->sessionManager->logout(); |
77 | $this->isLoggedIn = false; | 76 | $this->isLoggedIn = false; |
78 | return; | 77 | return; |
79 | } | 78 | } |
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 6f004b24..0dcd7f90 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php | |||
@@ -9,7 +9,10 @@ use Shaarli\Config\ConfigManager; | |||
9 | class SessionManager | 9 | class SessionManager |
10 | { | 10 | { |
11 | /** @var int Session expiration timeout, in seconds */ | 11 | /** @var int Session expiration timeout, in seconds */ |
12 | public static $INACTIVITY_TIMEOUT = 3600; | 12 | public static $SHORT_TIMEOUT = 3600; // 1 hour |
13 | |||
14 | /** @var int Session expiration timeout, in seconds */ | ||
15 | public static $LONG_TIMEOUT = 31536000; // 1 year | ||
13 | 16 | ||
14 | /** @var string Name of the cookie set after logging in **/ | 17 | /** @var string Name of the cookie set after logging in **/ |
15 | public static $LOGGED_IN_COOKIE = 'shaarli_staySignedIn'; | 18 | public static $LOGGED_IN_COOKIE = 'shaarli_staySignedIn'; |
@@ -20,6 +23,9 @@ class SessionManager | |||
20 | /** @var ConfigManager Configuration Manager instance **/ | 23 | /** @var ConfigManager Configuration Manager instance **/ |
21 | protected $conf = null; | 24 | protected $conf = null; |
22 | 25 | ||
26 | /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ | ||
27 | protected $staySignedIn = false; | ||
28 | |||
23 | /** | 29 | /** |
24 | * Constructor | 30 | * Constructor |
25 | * | 31 | * |
@@ -33,6 +39,16 @@ class SessionManager | |||
33 | } | 39 | } |
34 | 40 | ||
35 | /** | 41 | /** |
42 | * Define whether the user should stay signed in across browser sessions | ||
43 | * | ||
44 | * @param bool $staySignedIn Keep the user signed in | ||
45 | */ | ||
46 | public function setStaySignedIn($staySignedIn) | ||
47 | { | ||
48 | $this->staySignedIn = $staySignedIn; | ||
49 | } | ||
50 | |||
51 | /** | ||
36 | * Generates a session token | 52 | * Generates a session token |
37 | * | 53 | * |
38 | * @return string token | 54 | * @return string token |
@@ -104,7 +120,7 @@ class SessionManager | |||
104 | $this->session['uid'] = sha1(uniqid('', true) . '_' . mt_rand()); | 120 | $this->session['uid'] = sha1(uniqid('', true) . '_' . mt_rand()); |
105 | $this->session['ip'] = $clientIpId; | 121 | $this->session['ip'] = $clientIpId; |
106 | $this->session['username'] = $this->conf->get('credentials.login'); | 122 | $this->session['username'] = $this->conf->get('credentials.login'); |
107 | $this->session['expires_on'] = time() + self::$INACTIVITY_TIMEOUT; | 123 | $this->extendTimeValidityBy(self::$SHORT_TIMEOUT); |
108 | } | 124 | } |
109 | 125 | ||
110 | /** | 126 | /** |
@@ -112,12 +128,24 @@ class SessionManager | |||
112 | */ | 128 | */ |
113 | public function extendSession() | 129 | public function extendSession() |
114 | { | 130 | { |
115 | if (! empty($this->session['longlastingsession'])) { | 131 | if ($this->staySignedIn) { |
116 | // "Stay signed in" is enabled | 132 | return $this->extendTimeValidityBy(self::$LONG_TIMEOUT); |
117 | $this->session['expires_on'] = time() + $this->session['longlastingsession']; | ||
118 | return; | ||
119 | } | 133 | } |
120 | $this->session['expires_on'] = time() + self::$INACTIVITY_TIMEOUT; | 134 | return $this->extendTimeValidityBy(self::$SHORT_TIMEOUT); |
135 | } | ||
136 | |||
137 | /** | ||
138 | * Extend expiration time | ||
139 | * | ||
140 | * @param int $duration Expiration time extension (seconds) | ||
141 | * | ||
142 | * @return int New session expiration time | ||
143 | */ | ||
144 | protected function extendTimeValidityBy($duration) | ||
145 | { | ||
146 | $expirationTime = time() + $duration; | ||
147 | $this->session['expires_on'] = $expirationTime; | ||
148 | return $expirationTime; | ||
121 | } | 149 | } |
122 | 150 | ||
123 | /** | 151 | /** |
@@ -125,19 +153,17 @@ class SessionManager | |||
125 | * | 153 | * |
126 | * See: | 154 | * See: |
127 | * - https://secure.php.net/manual/en/function.setcookie.php | 155 | * - https://secure.php.net/manual/en/function.setcookie.php |
128 | * | ||
129 | * @param string $webPath path on the server in which the cookie will be available on | ||
130 | */ | 156 | */ |
131 | public function logout($webPath) | 157 | public function logout() |
132 | { | 158 | { |
133 | if (isset($this->session)) { | 159 | if (isset($this->session)) { |
134 | unset($this->session['uid']); | 160 | unset($this->session['uid']); |
135 | unset($this->session['ip']); | 161 | unset($this->session['ip']); |
162 | unset($this->session['expires_on']); | ||
136 | unset($this->session['username']); | 163 | unset($this->session['username']); |
137 | unset($this->session['visibility']); | 164 | unset($this->session['visibility']); |
138 | unset($this->session['untaggedonly']); | 165 | unset($this->session['untaggedonly']); |
139 | } | 166 | } |
140 | setcookie(self::$LOGGED_IN_COOKIE, 'false', 0, $webPath); | ||
141 | } | 167 | } |
142 | 168 | ||
143 | /** | 169 | /** |