Merge pull request #3221 from strk/remember-openid
Fix "remember me" cookie for OpenID logins
This commit is contained in:
commit
a7e8e86800
3 changed files with 59 additions and 45 deletions
|
@ -125,6 +125,7 @@ if (isset($_SESSION) && x($_SESSION,'authenticated') && (!x($_POST,'auth-params'
|
|||
$openid = new LightOpenID;
|
||||
$openid->identity = $openid_url;
|
||||
$_SESSION['openid'] = $openid_url;
|
||||
$_SESSION['remember'] = $_POST['remember'];
|
||||
$openid->returnUrl = App::get_baseurl(true).'/openid';
|
||||
goaway($openid->authUrl());
|
||||
} catch (Exception $e) {
|
||||
|
@ -178,17 +179,12 @@ if (isset($_SESSION) && x($_SESSION,'authenticated') && (!x($_POST,'auth-params'
|
|||
goaway(z_root());
|
||||
}
|
||||
|
||||
// If the user specified to remember the authentication, then set a cookie
|
||||
// that expires after one week (the default is when the browser is closed).
|
||||
// The cookie will be renewed automatically.
|
||||
// The week ensures that sessions will expire after some inactivity.
|
||||
if ($_POST['remember'])
|
||||
new_cookie(604800, $r[0]);
|
||||
else
|
||||
if (! $_POST['remember']) {
|
||||
new_cookie(0); // 0 means delete on browser exit
|
||||
}
|
||||
|
||||
// if we haven't failed up this point, log them in.
|
||||
|
||||
$_SESSION['remember'] = $_POST['remember'];
|
||||
$_SESSION['last_login_date'] = datetime_convert('UTC','UTC');
|
||||
authenticate_success($record, true, true);
|
||||
}
|
||||
|
@ -203,39 +199,3 @@ function nuke_session() {
|
|||
session_unset();
|
||||
session_destroy();
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Calculate the hash that is needed for the "Friendica" cookie
|
||||
*
|
||||
* @param array $user Record from "user" table
|
||||
*
|
||||
* @return string Hashed data
|
||||
*/
|
||||
function cookie_hash($user) {
|
||||
return(hash("sha256", get_config("system", "site_prvkey").
|
||||
$user["uprvkey"].
|
||||
$user["password"]));
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Set the "Friendica" cookie
|
||||
*
|
||||
* @param int $time
|
||||
* @param array $user Record from "user" table
|
||||
*/
|
||||
function new_cookie($time, $user = array()) {
|
||||
|
||||
if ($time != 0)
|
||||
$time = $time + time();
|
||||
|
||||
if ($user)
|
||||
$value = json_encode(array("uid" => $user["uid"],
|
||||
"hash" => cookie_hash($user),
|
||||
"ip" => $_SERVER['REMOTE_ADDR']));
|
||||
else
|
||||
$value = "";
|
||||
|
||||
setcookie("Friendica", $value, $time, "/", "",
|
||||
(get_config('system', 'ssl_policy') == SSL_POLICY_FULL), true);
|
||||
|
||||
}
|
||||
|
|
|
@ -1,5 +1,44 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @brief Calculate the hash that is needed for the "Friendica" cookie
|
||||
*
|
||||
* @param array $user Record from "user" table
|
||||
*
|
||||
* @return string Hashed data
|
||||
*/
|
||||
function cookie_hash($user) {
|
||||
return(hash("sha256", get_config("system", "site_prvkey").
|
||||
$user["uprvkey"].
|
||||
$user["password"]));
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Set the "Friendica" cookie
|
||||
*
|
||||
* @param int $time
|
||||
* @param array $user Record from "user" table
|
||||
*/
|
||||
function new_cookie($time, $user = array()) {
|
||||
|
||||
if ($time != 0) {
|
||||
$time = $time + time();
|
||||
}
|
||||
|
||||
if ($user) {
|
||||
$value = json_encode(array("uid" => $user["uid"],
|
||||
"hash" => cookie_hash($user),
|
||||
"ip" => $_SERVER['REMOTE_ADDR']));
|
||||
}
|
||||
else {
|
||||
$value = "";
|
||||
}
|
||||
|
||||
setcookie("Friendica", $value, $time, "/", "",
|
||||
(get_config('system', 'ssl_policy') == SSL_POLICY_FULL), true);
|
||||
|
||||
}
|
||||
|
||||
function authenticate_success($user_record, $login_initial = false, $interactive = false, $login_refresh = false) {
|
||||
|
||||
$a = get_app();
|
||||
|
@ -94,6 +133,21 @@ function authenticate_success($user_record, $login_initial = false, $interactive
|
|||
|
||||
|
||||
}
|
||||
|
||||
if ($login_initial) {
|
||||
// If the user specified to remember the authentication, then set a cookie
|
||||
// that expires after one week (the default is when the browser is closed).
|
||||
// The cookie will be renewed automatically.
|
||||
// The week ensures that sessions will expire after some inactivity.
|
||||
if ($_SESSION['remember']) {
|
||||
logger('Injecting cookie for remembered user '. $_SESSION['remember_user']['nickname']);
|
||||
new_cookie(604800, $user_record);
|
||||
unset($_SESSION['remember']);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
if ($login_initial) {
|
||||
call_hooks('logged_in', $a->user);
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ function openid_content(App $a) {
|
|||
// mod/settings.php in 8367cad so it might have left mixed
|
||||
// records in the user table
|
||||
//
|
||||
$r = q("SELECT * FROM `user`
|
||||
$r = q("SELECT *, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` FROM `user`
|
||||
WHERE ( `openid` = '%s' OR `openid` = '%s' )
|
||||
AND `blocked` = 0 AND `account_expired` = 0
|
||||
AND `account_removed` = 0 AND `verified` = 1
|
||||
|
|
Loading…
Reference in a new issue