Merged auth cookies into one.
This commit is contained in:
parent
6181dd25ef
commit
dea897456a
4 changed files with 67 additions and 39 deletions
54
misuzu.php
54
misuzu.php
|
|
@ -325,36 +325,46 @@ MIG;
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_COOKIE['msz_uid'], $_COOKIE['msz_sid'])
|
if (!empty($_COOKIE['msz_uid']) && !empty($_COOKIE['msz_sid'])
|
||||||
&& user_session_start((int)$_COOKIE['msz_uid'], $_COOKIE['msz_sid'])) {
|
&& ctype_digit($_COOKIE['msz_uid']) && ctype_xdigit($_COOKIE['msz_sid'])
|
||||||
$mszUserId = (int)$_COOKIE['msz_uid'];
|
&& strlen($_COOKIE['msz_sid']) === 64) {
|
||||||
|
$_COOKIE['msz_auth'] = base64url_encode(user_session_cookie_pack($_COOKIE['msz_uid'], $_COOKIE['msz_sid']));
|
||||||
|
setcookie('msz_auth', $_COOKIE['msz_auth'], strtotime('1 year'), '/', '', true, true);
|
||||||
|
setcookie('msz_uid', '', -3600, '/', '', true, true);
|
||||||
|
setcookie('msz_sid', '', -3600, '/', '', true, true);
|
||||||
|
}
|
||||||
|
|
||||||
user_bump_last_active($mszUserId);
|
if (!empty($_COOKIE['msz_auth']) && is_string($_COOKIE['msz_auth'])) {
|
||||||
user_session_bump_active(user_session_current('session_id'));
|
$cookieData = user_session_cookie_unpack(base64url_decode($_COOKIE['msz_auth']));
|
||||||
|
|
||||||
$getUserDisplayInfo = db_prepare('
|
if (!empty($cookieData) && user_session_start($cookieData['user_id'], $cookieData['session_token'])) {
|
||||||
SELECT
|
user_bump_last_active($cookieData['user_id']);
|
||||||
u.`user_id`, u.`username`, u.`user_background_settings`,
|
user_session_bump_active(user_session_current('session_id'));
|
||||||
COALESCE(u.`user_colour`, r.`role_colour`) AS `user_colour`
|
|
||||||
FROM `msz_users` AS u
|
|
||||||
LEFT JOIN `msz_roles` AS r
|
|
||||||
ON u.`display_role` = r.`role_id`
|
|
||||||
WHERE `user_id` = :user_id
|
|
||||||
');
|
|
||||||
$getUserDisplayInfo->bindValue('user_id', $mszUserId);
|
|
||||||
$userDisplayInfo = db_fetch($getUserDisplayInfo);
|
|
||||||
|
|
||||||
if ($userDisplayInfo) {
|
$getUserDisplayInfo = db_prepare('
|
||||||
$userDisplayInfo['general_perms'] = perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id']);
|
SELECT
|
||||||
$userDisplayInfo['comments_perms'] = perms_get_user(MSZ_PERMS_COMMENTS, $userDisplayInfo['user_id']);
|
u.`user_id`, u.`username`, u.`user_background_settings`,
|
||||||
$userDisplayInfo['ban_expiration'] = user_warning_check_expiration($userDisplayInfo['user_id'], MSZ_WARN_BAN);
|
COALESCE(u.`user_colour`, r.`role_colour`) AS `user_colour`
|
||||||
$userDisplayInfo['silence_expiration'] = $userDisplayInfo['ban_expiration'] > 0 ? 0 : user_warning_check_expiration($userDisplayInfo['user_id'], MSZ_WARN_SILENCE);
|
FROM `msz_users` AS u
|
||||||
|
LEFT JOIN `msz_roles` AS r
|
||||||
|
ON u.`display_role` = r.`role_id`
|
||||||
|
WHERE `user_id` = :user_id
|
||||||
|
');
|
||||||
|
$getUserDisplayInfo->bindValue('user_id', $cookieData['user_id']);
|
||||||
|
$userDisplayInfo = db_fetch($getUserDisplayInfo);
|
||||||
|
|
||||||
|
if ($userDisplayInfo) {
|
||||||
|
$userDisplayInfo['general_perms'] = perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id']);
|
||||||
|
$userDisplayInfo['comments_perms'] = perms_get_user(MSZ_PERMS_COMMENTS, $userDisplayInfo['user_id']);
|
||||||
|
$userDisplayInfo['ban_expiration'] = user_warning_check_expiration($userDisplayInfo['user_id'], MSZ_WARN_BAN);
|
||||||
|
$userDisplayInfo['silence_expiration'] = $userDisplayInfo['ban_expiration'] > 0 ? 0 : user_warning_check_expiration($userDisplayInfo['user_id'], MSZ_WARN_SILENCE);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
csrf_init(
|
csrf_init(
|
||||||
config_get_default('insecure', 'CSRF', 'secret_key'),
|
config_get_default('insecure', 'CSRF', 'secret_key'),
|
||||||
empty($userDisplayInfo) ? ip_remote_address() : $_COOKIE['msz_sid']
|
empty($userDisplayInfo) ? ip_remote_address() : $cookieData['session_token']
|
||||||
);
|
);
|
||||||
|
|
||||||
if (!$misuzuBypassLockdown && boolval(config_get_default(false, 'Private', 'enabled'))) {
|
if (!$misuzuBypassLockdown && boolval(config_get_default(false, 'Private', 'enabled'))) {
|
||||||
|
|
|
||||||
|
|
@ -45,8 +45,7 @@ switch ($authMode) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (csrf_verify('logout', $_GET['s'] ?? '')) {
|
if (csrf_verify('logout', $_GET['s'] ?? '')) {
|
||||||
set_cookie_m('uid', '', -3600);
|
setcookie('msz_auth', '', -3600, '/', '', true, true);
|
||||||
set_cookie_m('sid', '', -3600);
|
|
||||||
user_session_stop(true);
|
user_session_stop(true);
|
||||||
header(sprintf('Location: %s', url('index')));
|
header(sprintf('Location: %s', url('index')));
|
||||||
return;
|
return;
|
||||||
|
|
@ -260,8 +259,8 @@ MSG;
|
||||||
|
|
||||||
user_session_start($userData['user_id'], $sessionKey);
|
user_session_start($userData['user_id'], $sessionKey);
|
||||||
$cookieLife = strtotime(user_session_current('session_expires'));
|
$cookieLife = strtotime(user_session_current('session_expires'));
|
||||||
set_cookie_m('uid', $userData['user_id'], $cookieLife);
|
$cookieValue = base64_encode(user_session_cookie_pack($userData['user_id'], $sessionKey));
|
||||||
set_cookie_m('sid', $sessionKey, $cookieLife);
|
setcookie('msz_auth', $cookieValue, $cookieLife, '/', '', true, true);
|
||||||
|
|
||||||
if (!is_local_url($authRedirect)) {
|
if (!is_local_url($authRedirect)) {
|
||||||
$authRedirect = url('index');
|
$authRedirect = url('index');
|
||||||
|
|
|
||||||
|
|
@ -174,3 +174,35 @@ function user_session_active(): bool
|
||||||
return !empty($GLOBALS[MSZ_SESSION_DATA_STORE])
|
return !empty($GLOBALS[MSZ_SESSION_DATA_STORE])
|
||||||
&& time() < strtotime($GLOBALS[MSZ_SESSION_DATA_STORE]['session_expires']);
|
&& time() < strtotime($GLOBALS[MSZ_SESSION_DATA_STORE]['session_expires']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
define('MSZ_SESSION_COOKIE_VERSION', 1);
|
||||||
|
// make sure to match this to the final fixed size of the cookie string
|
||||||
|
// it'll pad older tokens out for backwards compatibility
|
||||||
|
define('MSZ_SESSION_COOKIE_SIZE', 37);
|
||||||
|
|
||||||
|
function user_session_cookie_pack(int $userId, string $sessionToken): ?string
|
||||||
|
{
|
||||||
|
if (strlen($sessionToken) !== MSZ_SESSION_KEY_SIZE) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return pack('CNH64', MSZ_SESSION_COOKIE_VERSION, $userId, $sessionToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
function user_session_cookie_unpack(string $packed): array
|
||||||
|
{
|
||||||
|
$packed = str_pad($packed, MSZ_SESSION_COOKIE_SIZE, "\x00");
|
||||||
|
$unpacked = unpack('Cversion/Nuser/H64token', $packed);
|
||||||
|
|
||||||
|
if ($unpacked['version'] < 1 || $unpacked['version'] > MSZ_SESSION_COOKIE_VERSION) {
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
|
||||||
|
// Make sure this contains all fields with a default for version > 1 exclusive stuff
|
||||||
|
$data = [
|
||||||
|
'user_id' => $unpacked['user'],
|
||||||
|
'session_token' => $unpacked['token'],
|
||||||
|
];
|
||||||
|
|
||||||
|
return $data;
|
||||||
|
}
|
||||||
|
|
|
||||||
13
utility.php
13
utility.php
|
|
@ -1,17 +1,4 @@
|
||||||
<?php
|
<?php
|
||||||
function set_cookie_m(string $name, string $value, int $expires): void
|
|
||||||
{
|
|
||||||
setcookie(
|
|
||||||
"msz_{$name}",
|
|
||||||
$value,
|
|
||||||
$expires,
|
|
||||||
'/',
|
|
||||||
'',
|
|
||||||
!empty($_SERVER['HTTPS']),
|
|
||||||
true
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
function password_entropy(string $password): int
|
function password_entropy(string $password): int
|
||||||
{
|
{
|
||||||
return count(count_chars(utf8_decode($password), 1)) * 8;
|
return count(count_chars(utf8_decode($password), 1)) * 8;
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue