diff options
Diffstat (limited to 'application/security')
-rw-r--r-- | application/security/CookieManager.php | 33 | ||||
-rw-r--r-- | application/security/LoginManager.php | 16 | ||||
-rw-r--r-- | application/security/SessionManager.php | 16 |
3 files changed, 53 insertions, 12 deletions
diff --git a/application/security/CookieManager.php b/application/security/CookieManager.php new file mode 100644 index 00000000..cde4746e --- /dev/null +++ b/application/security/CookieManager.php | |||
@@ -0,0 +1,33 @@ | |||
1 | <?php | ||
2 | |||
3 | declare(strict_types=1); | ||
4 | |||
5 | namespace Shaarli\Security; | ||
6 | |||
7 | class CookieManager | ||
8 | { | ||
9 | /** @var string Name of the cookie set after logging in **/ | ||
10 | public const STAY_SIGNED_IN = 'shaarli_staySignedIn'; | ||
11 | |||
12 | /** @var mixed $_COOKIE set by reference */ | ||
13 | protected $cookies; | ||
14 | |||
15 | public function __construct(array &$cookies) | ||
16 | { | ||
17 | $this->cookies = $cookies; | ||
18 | } | ||
19 | |||
20 | public function setCookieParameter(string $key, string $value, int $expires, string $path): self | ||
21 | { | ||
22 | $this->cookies[$key] = $value; | ||
23 | |||
24 | setcookie($key, $value, $expires, $path); | ||
25 | |||
26 | return $this; | ||
27 | } | ||
28 | |||
29 | public function getCookieParameter(string $key, string $default = null): ?string | ||
30 | { | ||
31 | return $this->cookies[$key] ?? $default; | ||
32 | } | ||
33 | } | ||
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 39ec9b2e..d74c3118 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
@@ -9,9 +9,6 @@ use Shaarli\Config\ConfigManager; | |||
9 | */ | 9 | */ |
10 | class LoginManager | 10 | class LoginManager |
11 | { | 11 | { |
12 | /** @var string Name of the cookie set after logging in **/ | ||
13 | public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn'; | ||
14 | |||
15 | /** @var array A reference to the $_GLOBALS array */ | 12 | /** @var array A reference to the $_GLOBALS array */ |
16 | protected $globals = []; | 13 | protected $globals = []; |
17 | 14 | ||
@@ -32,17 +29,21 @@ class LoginManager | |||
32 | 29 | ||
33 | /** @var string User sign-in token depending on remote IP and credentials */ | 30 | /** @var string User sign-in token depending on remote IP and credentials */ |
34 | protected $staySignedInToken = ''; | 31 | protected $staySignedInToken = ''; |
32 | /** @var CookieManager */ | ||
33 | protected $cookieManager; | ||
35 | 34 | ||
36 | /** | 35 | /** |
37 | * Constructor | 36 | * Constructor |
38 | * | 37 | * |
39 | * @param ConfigManager $configManager Configuration Manager instance | 38 | * @param ConfigManager $configManager Configuration Manager instance |
40 | * @param SessionManager $sessionManager SessionManager instance | 39 | * @param SessionManager $sessionManager SessionManager instance |
40 | * @param CookieManager $cookieManager CookieManager instance | ||
41 | */ | 41 | */ |
42 | public function __construct($configManager, $sessionManager) | 42 | public function __construct($configManager, $sessionManager, $cookieManager) |
43 | { | 43 | { |
44 | $this->configManager = $configManager; | 44 | $this->configManager = $configManager; |
45 | $this->sessionManager = $sessionManager; | 45 | $this->sessionManager = $sessionManager; |
46 | $this->cookieManager = $cookieManager; | ||
46 | $this->banManager = new BanManager( | 47 | $this->banManager = new BanManager( |
47 | $this->configManager->get('security.trusted_proxies', []), | 48 | $this->configManager->get('security.trusted_proxies', []), |
48 | $this->configManager->get('security.ban_after'), | 49 | $this->configManager->get('security.ban_after'), |
@@ -86,10 +87,9 @@ class LoginManager | |||
86 | /** | 87 | /** |
87 | * Check user session state and validity (expiration) | 88 | * Check user session state and validity (expiration) |
88 | * | 89 | * |
89 | * @param array $cookie The $_COOKIE array | ||
90 | * @param string $clientIpId Client IP address identifier | 90 | * @param string $clientIpId Client IP address identifier |
91 | */ | 91 | */ |
92 | public function checkLoginState($cookie, $clientIpId) | 92 | public function checkLoginState($clientIpId) |
93 | { | 93 | { |
94 | if (! $this->configManager->exists('credentials.login')) { | 94 | if (! $this->configManager->exists('credentials.login')) { |
95 | // Shaarli is not configured yet | 95 | // Shaarli is not configured yet |
@@ -97,9 +97,7 @@ class LoginManager | |||
97 | return; | 97 | return; |
98 | } | 98 | } |
99 | 99 | ||
100 | if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE]) | 100 | if ($this->staySignedInToken === $this->cookieManager->getCookieParameter(CookieManager::STAY_SIGNED_IN)) { |
101 | && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken | ||
102 | ) { | ||
103 | // The user client has a valid stay-signed-in cookie | 101 | // The user client has a valid stay-signed-in cookie |
104 | // Session information is updated with the current client information | 102 | // Session information is updated with the current client information |
105 | $this->sessionManager->storeLoginInfo($clientIpId); | 103 | $this->sessionManager->storeLoginInfo($clientIpId); |
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 0ac17d9a..82771c24 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php | |||
@@ -31,16 +31,21 @@ class SessionManager | |||
31 | /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ | 31 | /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ |
32 | protected $staySignedIn = false; | 32 | protected $staySignedIn = false; |
33 | 33 | ||
34 | /** @var string */ | ||
35 | protected $savePath; | ||
36 | |||
34 | /** | 37 | /** |
35 | * Constructor | 38 | * Constructor |
36 | * | 39 | * |
37 | * @param array $session The $_SESSION array (reference) | 40 | * @param array $session The $_SESSION array (reference) |
38 | * @param ConfigManager $conf ConfigManager instance | 41 | * @param ConfigManager $conf ConfigManager instance |
42 | * @param string $savePath Session save path returned by builtin function session_save_path() | ||
39 | */ | 43 | */ |
40 | public function __construct(& $session, $conf) | 44 | public function __construct(&$session, $conf, string $savePath) |
41 | { | 45 | { |
42 | $this->session = &$session; | 46 | $this->session = &$session; |
43 | $this->conf = $conf; | 47 | $this->conf = $conf; |
48 | $this->savePath = $savePath; | ||
44 | } | 49 | } |
45 | 50 | ||
46 | /** | 51 | /** |
@@ -249,4 +254,9 @@ class SessionManager | |||
249 | 254 | ||
250 | return $this; | 255 | return $this; |
251 | } | 256 | } |
257 | |||
258 | public function getSavePath(): string | ||
259 | { | ||
260 | return $this->savePath; | ||
261 | } | ||
252 | } | 262 | } |