diff options
| author | vincent-peugnet <v.peugnet@free.fr> | 2020-05-15 20:05:26 +0200 |
|---|---|---|
| committer | vincent-peugnet <v.peugnet@free.fr> | 2020-05-15 20:05:26 +0200 |
| commit | ded1b2a19ee238543d561b6f26312458d2a43974 (patch) | |
| tree | b5569c95266ad7482298a7feffb6a3be24a19844 /app | |
| parent | 3f69df3b93510f2704f3af9d54b9bf3b34d0e6bb (diff) | |
| download | wcms-ded1b2a19ee238543d561b6f26312458d2a43974.tar.gz wcms-ded1b2a19ee238543d561b6f26312458d2a43974.zip | |
new cookie session system
composer require JWT
user stores sessions
Diffstat (limited to 'app')
| -rw-r--r-- | app/class/Controller.php | 27 | ||||
| -rw-r--r-- | app/class/Controllerconnect.php | 49 | ||||
| -rw-r--r-- | app/class/Modelconnect.php | 45 | ||||
| -rw-r--r-- | app/class/Session.php | 6 | ||||
| -rw-r--r-- | app/class/User.php | 50 |
5 files changed, 155 insertions, 22 deletions
diff --git a/app/class/Controller.php b/app/class/Controller.php index 11a2c12..c631726 100644 --- a/app/class/Controller.php +++ b/app/class/Controller.php @@ -45,17 +45,30 @@ class Controller public function setuser() { - if (empty($this->session->user)) { - $this->user = new User(); - } else { - if (!$this->user = $this->usermanager->get($this->session->user)) { - if (!$this->user = $this->usermanager->readcookie()) { - $this->user = new User(); + // check session, then cookies + if (!empty($this->session->user)) { + $user = $this->usermanager->get($this->session->user); + } elseif (!empty($_COOKIE['authtoken'])) { + try { + $modelconnect = new Modelconnect(); + $datas = $modelconnect->checkcookie(); + $user = $this->usermanager->get($datas['userid']); + if ($user !== false && $user->checksession($datas['wsession'])) { + $this->session->addtosession("wsession", $datas['wsession']); + $this->session->addtosession("user", $datas['userid']); } else { - $this->session->addtosession('user', $this->user->id()); + $user = false; } + } catch (Exception $e) { + Model::sendflashmessage("Invalid Autentification cookie exist : $e", "warning"); } } + // create visitor + if (empty($user)) { + $this->user = new User(); + } else { + $this->user = $user; + } } public function initplates() diff --git a/app/class/Controllerconnect.php b/app/class/Controllerconnect.php index 8347a8f..4790c63 100644 --- a/app/class/Controllerconnect.php +++ b/app/class/Controllerconnect.php @@ -2,8 +2,12 @@ namespace Wcms; +use RuntimeException; + class Controllerconnect extends Controller { + /** @var Modelconnect */ + protected $modelconnect; public function log() { @@ -38,21 +42,36 @@ class Controllerconnect extends Controller { if (!empty($_POST['pass']) && !empty($_POST['user'])) { $this->user = $this->usermanager->passwordcheck($_POST['user'], $_POST['pass']); - if ($this->user != false) { - if ( + if ( + $this->user != false + && ( $this->user->expiredate() === false || $this->user->level() === 10 || $this->user->expiredate('date') > $this->now - ) { - $this->user->connectcounter(); - $this->usermanager->add($this->user); - $this->session->addtosession('user', $this->user->id()); - - if ($_POST['rememberme'] && $this->user->cookie() > 0) { - $token = $this->createauthtoken(); - if ($token) { - $_SESSION['user' . Config::basepath()]['authtoken'] = $token; + ) + ) { + $this->user->connectcounter(); + $this->usermanager->add($this->user); + $this->session->addtosession('user', $this->user->id()); + + if ($_POST['rememberme']) { + if ($this->user->cookie() > 0) { + try { + $this->modelconnect = new Modelconnect(); + $wsession = $this->user->newsession(); + $this->modelconnect->createauthcookie( + $this->user->id(), + $wsession, + $this->user->cookie() + ); + $this->usermanager->add($this->user); + $this->session->addtosession('wsession', $wsession); + } catch (RuntimeException $e) { + Model::sendflashmessage("Can't create authentification cookie : $e", "warning"); } + } else { + $message = "Can't remember you beccause user cookie conservation time is set to 0 days"; + Model::sendflashmessage($message, "warning"); } } } @@ -66,11 +85,11 @@ class Controllerconnect extends Controller public function logout($route, $id = null) { - $this->user = $this->usermanager->logout(); $this->session->addtosession('user', ''); - if (!empty($_SESSION['user' . Config::basepath()]['authtoken'])) { - $this->destroyauthtoken($_SESSION['user' . Config::basepath()]['authtoken']); - } + $this->user->destroysession($this->session->wsession); + $this->session->addtosession('wsession', ''); + $this->usermanager->add($this->user); + if ($id !== null && $route !== 'home') { $this->routedirect($route, ['page' => $id]); } else { diff --git a/app/class/Modelconnect.php b/app/class/Modelconnect.php new file mode 100644 index 0000000..1201d36 --- /dev/null +++ b/app/class/Modelconnect.php @@ -0,0 +1,45 @@ +<?php + +namespace Wcms; + +use Firebase\JWT\JWT; +use RuntimeException; +use Exception; + +class Modelconnect extends Model +{ + + /** + * @param string $userid + * @param string $wsession + * @param int $conservation + * @throws RuntimeException if secret key is not set or cant send cookie + */ + public function createauthcookie(string $userid, string $wsession, int $conservation) + { + $datas = [ + "userid" => $userid, + "wsession" => $wsession + ]; + if (empty(Config::secretkey())) { + throw new RuntimeException("Secret Key not set"); + } + $jwt = JWT::encode($datas, Config::secretkey()); + $cookie = setcookie('authtoken', $jwt, time() + $conservation * 24 * 3600, "", "", false, true); + if (!$cookie) { + throw new RuntimeException("Cant be send"); + } + } + + /** + * Check cookie using JWT + * @throws Exception + */ + public function checkcookie() + { + if (!empty($_COOKIE['authtoken'])) { + $datas = JWT::decode($_COOKIE['authtoken'], Config::secretkey(), ['HS256']); + return get_object_vars($datas); + } + } +} diff --git a/app/class/Session.php b/app/class/Session.php index 64b6b26..5228237 100644 --- a/app/class/Session.php +++ b/app/class/Session.php @@ -12,6 +12,7 @@ class Session extends Item public $showrightpanel = false; public $homedisplay = 'list'; public $mediadisplay = 'list'; + public $wsession = ''; public function __construct($datas = []) { @@ -78,4 +79,9 @@ class Session extends Item $this->mediadisplay = $mediadisplay; } } + + public function setwsession($wsession) + { + $this->wsession = $wsession; + } } diff --git a/app/class/User.php b/app/class/User.php index e78c10c..d9339c8 100644 --- a/app/class/User.php +++ b/app/class/User.php @@ -19,6 +19,8 @@ class User extends Item protected $expiredate = false; /** @var Bookmark[] Associative array as `id => Bookmark`*/ protected $bookmark = []; + /** @var array sessions */ + protected $sessions = []; protected $display = ['bookmark' => false]; public function __construct($datas = []) @@ -103,6 +105,11 @@ class User extends Item return $this->bookmark; } + public function sessions() + { + return $this->sessions; + } + public function display() { return $this->display; @@ -218,6 +225,13 @@ class User extends Item } } + public function setsessions($sessions) + { + if (is_array($sessions)) { + $this->sessions = $sessions; + } + } + public function setdisplay($display) { if (is_array($display)) { @@ -268,6 +282,42 @@ class User extends Item return false; } + /** + * Generate new unique session ID + * @param string $info session info to store + * @return string session key + */ + public function newsession(string $info = "no_info"): string + { + $exist = true; + while ($exist === true) { + $session = bin2hex(random_bytes(10)); + $exist = key_exists($session, $this->sessions()); + } + $this->sessions[$session] = $info; + return $session; + } + + /** + * Remove Session from user + * @param string $session session ID to remove + * @return bool true if session exist and was destroyed, false if key does not exist + */ + public function destroysession(string $session): bool + { + if (key_exists($session, $this->sessions)) { + unset($this->sessions[$session]); + return true; + } else { + return false; + } + } + + public function checksession(string $session): bool + { + return key_exists($session, $this->sessions); + } + public function isvisitor() |