Merge pull request #3221 from strk/remember-openid
Fix "remember me" cookie for OpenID logins
This commit is contained in:
commit
a7e8e86800
3 changed files with 59 additions and 45 deletions
|
@ -125,6 +125,7 @@ if (isset($_SESSION) && x($_SESSION,'authenticated') && (!x($_POST,'auth-params'
|
||||||
$openid = new LightOpenID;
|
$openid = new LightOpenID;
|
||||||
$openid->identity = $openid_url;
|
$openid->identity = $openid_url;
|
||||||
$_SESSION['openid'] = $openid_url;
|
$_SESSION['openid'] = $openid_url;
|
||||||
|
$_SESSION['remember'] = $_POST['remember'];
|
||||||
$openid->returnUrl = App::get_baseurl(true).'/openid';
|
$openid->returnUrl = App::get_baseurl(true).'/openid';
|
||||||
goaway($openid->authUrl());
|
goaway($openid->authUrl());
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
|
@ -178,17 +179,12 @@ if (isset($_SESSION) && x($_SESSION,'authenticated') && (!x($_POST,'auth-params'
|
||||||
goaway(z_root());
|
goaway(z_root());
|
||||||
}
|
}
|
||||||
|
|
||||||
// If the user specified to remember the authentication, then set a cookie
|
if (! $_POST['remember']) {
|
||||||
// that expires after one week (the default is when the browser is closed).
|
|
||||||
// The cookie will be renewed automatically.
|
|
||||||
// The week ensures that sessions will expire after some inactivity.
|
|
||||||
if ($_POST['remember'])
|
|
||||||
new_cookie(604800, $r[0]);
|
|
||||||
else
|
|
||||||
new_cookie(0); // 0 means delete on browser exit
|
new_cookie(0); // 0 means delete on browser exit
|
||||||
|
}
|
||||||
|
|
||||||
// if we haven't failed up this point, log them in.
|
// if we haven't failed up this point, log them in.
|
||||||
|
$_SESSION['remember'] = $_POST['remember'];
|
||||||
$_SESSION['last_login_date'] = datetime_convert('UTC','UTC');
|
$_SESSION['last_login_date'] = datetime_convert('UTC','UTC');
|
||||||
authenticate_success($record, true, true);
|
authenticate_success($record, true, true);
|
||||||
}
|
}
|
||||||
|
@ -203,39 +199,3 @@ function nuke_session() {
|
||||||
session_unset();
|
session_unset();
|
||||||
session_destroy();
|
session_destroy();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Calculate the hash that is needed for the "Friendica" cookie
|
|
||||||
*
|
|
||||||
* @param array $user Record from "user" table
|
|
||||||
*
|
|
||||||
* @return string Hashed data
|
|
||||||
*/
|
|
||||||
function cookie_hash($user) {
|
|
||||||
return(hash("sha256", get_config("system", "site_prvkey").
|
|
||||||
$user["uprvkey"].
|
|
||||||
$user["password"]));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Set the "Friendica" cookie
|
|
||||||
*
|
|
||||||
* @param int $time
|
|
||||||
* @param array $user Record from "user" table
|
|
||||||
*/
|
|
||||||
function new_cookie($time, $user = array()) {
|
|
||||||
|
|
||||||
if ($time != 0)
|
|
||||||
$time = $time + time();
|
|
||||||
|
|
||||||
if ($user)
|
|
||||||
$value = json_encode(array("uid" => $user["uid"],
|
|
||||||
"hash" => cookie_hash($user),
|
|
||||||
"ip" => $_SERVER['REMOTE_ADDR']));
|
|
||||||
else
|
|
||||||
$value = "";
|
|
||||||
|
|
||||||
setcookie("Friendica", $value, $time, "/", "",
|
|
||||||
(get_config('system', 'ssl_policy') == SSL_POLICY_FULL), true);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,5 +1,44 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Calculate the hash that is needed for the "Friendica" cookie
|
||||||
|
*
|
||||||
|
* @param array $user Record from "user" table
|
||||||
|
*
|
||||||
|
* @return string Hashed data
|
||||||
|
*/
|
||||||
|
function cookie_hash($user) {
|
||||||
|
return(hash("sha256", get_config("system", "site_prvkey").
|
||||||
|
$user["uprvkey"].
|
||||||
|
$user["password"]));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Set the "Friendica" cookie
|
||||||
|
*
|
||||||
|
* @param int $time
|
||||||
|
* @param array $user Record from "user" table
|
||||||
|
*/
|
||||||
|
function new_cookie($time, $user = array()) {
|
||||||
|
|
||||||
|
if ($time != 0) {
|
||||||
|
$time = $time + time();
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($user) {
|
||||||
|
$value = json_encode(array("uid" => $user["uid"],
|
||||||
|
"hash" => cookie_hash($user),
|
||||||
|
"ip" => $_SERVER['REMOTE_ADDR']));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$value = "";
|
||||||
|
}
|
||||||
|
|
||||||
|
setcookie("Friendica", $value, $time, "/", "",
|
||||||
|
(get_config('system', 'ssl_policy') == SSL_POLICY_FULL), true);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
function authenticate_success($user_record, $login_initial = false, $interactive = false, $login_refresh = false) {
|
function authenticate_success($user_record, $login_initial = false, $interactive = false, $login_refresh = false) {
|
||||||
|
|
||||||
$a = get_app();
|
$a = get_app();
|
||||||
|
@ -94,6 +133,21 @@ function authenticate_success($user_record, $login_initial = false, $interactive
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($login_initial) {
|
||||||
|
// If the user specified to remember the authentication, then set a cookie
|
||||||
|
// that expires after one week (the default is when the browser is closed).
|
||||||
|
// The cookie will be renewed automatically.
|
||||||
|
// The week ensures that sessions will expire after some inactivity.
|
||||||
|
if ($_SESSION['remember']) {
|
||||||
|
logger('Injecting cookie for remembered user '. $_SESSION['remember_user']['nickname']);
|
||||||
|
new_cookie(604800, $user_record);
|
||||||
|
unset($_SESSION['remember']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if ($login_initial) {
|
if ($login_initial) {
|
||||||
call_hooks('logged_in', $a->user);
|
call_hooks('logged_in', $a->user);
|
||||||
|
|
||||||
|
|
|
@ -30,7 +30,7 @@ function openid_content(App $a) {
|
||||||
// mod/settings.php in 8367cad so it might have left mixed
|
// mod/settings.php in 8367cad so it might have left mixed
|
||||||
// records in the user table
|
// records in the user table
|
||||||
//
|
//
|
||||||
$r = q("SELECT * FROM `user`
|
$r = q("SELECT *, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` FROM `user`
|
||||||
WHERE ( `openid` = '%s' OR `openid` = '%s' )
|
WHERE ( `openid` = '%s' OR `openid` = '%s' )
|
||||||
AND `blocked` = 0 AND `account_expired` = 0
|
AND `blocked` = 0 AND `account_expired` = 0
|
||||||
AND `account_removed` = 0 AND `verified` = 1
|
AND `account_removed` = 0 AND `verified` = 1
|
||||||
|
|
Loading…
Reference in a new issue