Updated authentication token format.
This commit is contained in:
parent
8bfa2def78
commit
24e4ab980c
12 changed files with 337 additions and 64 deletions
42
misuzu.php
42
misuzu.php
|
|
@ -161,24 +161,27 @@ Template::set('globals', [
|
|||
|
||||
Template::addPath(MSZ_TEMPLATES);
|
||||
|
||||
AuthToken::setSecretKey($cfg->getValue('auth.secret', IConfig::T_STR, 'meow'));
|
||||
|
||||
if(isset($_COOKIE['msz_uid']) && isset($_COOKIE['msz_sid'])) {
|
||||
$authToken = (new AuthToken)
|
||||
->setUserId(filter_input(INPUT_COOKIE, 'msz_uid', FILTER_SANITIZE_NUMBER_INT) ?? 0)
|
||||
->setSessionToken(filter_input(INPUT_COOKIE, 'msz_sid') ?? '');
|
||||
$authToken = new AuthToken;
|
||||
$authToken->setUserId(filter_input(INPUT_COOKIE, 'msz_uid', FILTER_SANITIZE_NUMBER_INT) ?? 0);
|
||||
$authToken->setSessionToken(filter_input(INPUT_COOKIE, 'msz_sid') ?? '');
|
||||
|
||||
if($authToken->isValid())
|
||||
setcookie('msz_auth', $authToken->pack(), strtotime('1 year'), '/', msz_cookie_domain(), !empty($_SERVER['HTTPS']), true);
|
||||
$authToken->applyCookie(strtotime('1 year'));
|
||||
|
||||
setcookie('msz_uid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
|
||||
setcookie('msz_sid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
|
||||
AuthToken::nukeCookieLegacy();
|
||||
}
|
||||
|
||||
if(!isset($authToken))
|
||||
$authToken = AuthToken::unpack(filter_input(INPUT_COOKIE, 'msz_auth') ?? '');
|
||||
|
||||
if($authToken->isValid()) {
|
||||
$authToken->setCurrent();
|
||||
|
||||
try {
|
||||
$sessionInfo = $authToken->getSession();
|
||||
$sessionInfo = UserSession::byToken($authToken->getSessionToken());
|
||||
if($sessionInfo->hasExpired()) {
|
||||
$sessionInfo->delete();
|
||||
} elseif($sessionInfo->getUserId() === $authToken->getUserId()) {
|
||||
|
|
@ -189,7 +192,22 @@ if($authToken->isValid()) {
|
|||
$sessionInfo->bump($_SERVER['REMOTE_ADDR']);
|
||||
|
||||
if($sessionInfo->shouldBumpExpire())
|
||||
setcookie('msz_auth', $authToken->pack(), $sessionInfo->getExpiresTime(), '/', msz_cookie_domain(), !empty($_SERVER['HTTPS']), true);
|
||||
$authToken->applyCookie($sessionInfo->getExpiresTime());
|
||||
|
||||
// only allow impersonation when super user
|
||||
if($authToken->hasImpersonatedUserId() && $userInfo->isSuper()) {
|
||||
$userInfoReal = $userInfo;
|
||||
|
||||
try {
|
||||
$userInfo = User::byId($authToken->getImpersonatedUserId());
|
||||
} catch(UserNotFoundException $ex) {
|
||||
$userInfo = $userInfoReal;
|
||||
$authToken->removeImpersonatedUserId();
|
||||
$authToken->applyCookie();
|
||||
}
|
||||
|
||||
$userInfo->setCurrent();
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch(UserNotFoundException $ex) {
|
||||
|
|
@ -202,10 +220,8 @@ if($authToken->isValid()) {
|
|||
|
||||
if(UserSession::hasCurrent()) {
|
||||
$userInfo->bumpActivity($_SERVER['REMOTE_ADDR']);
|
||||
} else {
|
||||
setcookie('msz_auth', '', -9001, '/', msz_cookie_domain(), !empty($_SERVER['HTTPS']), true);
|
||||
setcookie('msz_auth', '', -9001, '/', '', !empty($_SERVER['HTTPS']), true);
|
||||
}
|
||||
} else
|
||||
AuthToken::nukeCookie();
|
||||
}
|
||||
|
||||
CSRF::setGlobalSecretKey($cfg->getValue('csrf.secret', IConfig::T_STR, 'soup'));
|
||||
|
|
@ -248,6 +264,8 @@ if(parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH) !== '/index.php')
|
|||
|
||||
if(!empty($userInfo))
|
||||
Template::set('current_user', $userInfo);
|
||||
if(!empty($userInfoReal))
|
||||
Template::set('current_user_real', $userInfoReal);
|
||||
|
||||
$inManageMode = str_starts_with($_SERVER['REQUEST_URI'], '/manage');
|
||||
$hasManageAccess = User::hasCurrent()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue