mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
164 lines
4.6 KiB
PHP
164 lines
4.6 KiB
PHP
|
<?php
|
||
|
/**
|
||
|
* Persists a token associated with a device for users who opted for the "Remember Me"
|
||
|
* feature when logging in.
|
||
|
* By default, logging out will discard all existing tokens for this user
|
||
|
* The device ID is a temporary ID associated with the device when the user logged in
|
||
|
* and chose to get the login state remembered on this device. When logging out, the ID
|
||
|
* is discarded as well.
|
||
|
*
|
||
|
* @package framework
|
||
|
* @subpackage security
|
||
|
*
|
||
|
* @property string $DeviceID
|
||
|
* @property string $RememberLoginHash
|
||
|
*/
|
||
|
|
||
|
class RememberLoginHash extends DataObject {
|
||
|
|
||
|
private static $db = array (
|
||
|
'DeviceID' => 'Varchar(40)',
|
||
|
'Hash' => 'Varchar(160)',
|
||
|
'ExpiryDate' => 'SS_Datetime'
|
||
|
);
|
||
|
|
||
|
private static $has_one = array (
|
||
|
'Member' => 'Member',
|
||
|
);
|
||
|
|
||
|
private static $indexes = array(
|
||
|
'DeviceID' => true,
|
||
|
'Hash' => true
|
||
|
);
|
||
|
|
||
|
/**
|
||
|
* Determines if logging out on one device also clears existing login tokens
|
||
|
* on all other devices owned by the member.
|
||
|
* If set to false, there is no way for users to revoke a login, unless additional
|
||
|
* code (custom or with a module) is provided by the developer
|
||
|
*
|
||
|
* @config
|
||
|
* @var bool
|
||
|
*/
|
||
|
private static $logout_across_devices = true;
|
||
|
|
||
|
/**
|
||
|
* Number of days the token will be valid for
|
||
|
*
|
||
|
* @config
|
||
|
* @var int
|
||
|
*/
|
||
|
private static $token_expiry_days = 90;
|
||
|
|
||
|
/**
|
||
|
* Number of days the device ID will be valid for
|
||
|
*
|
||
|
* @config
|
||
|
* @var int
|
||
|
*/
|
||
|
private static $device_expiry_days = 365;
|
||
|
|
||
|
/**
|
||
|
* If true, user can only use auto login on one device. A user can still login from multiple
|
||
|
* devices, but previous tokens from other devices will become invalid.
|
||
|
*
|
||
|
* @config
|
||
|
* @var bool
|
||
|
*/
|
||
|
private static $force_single_token = false;
|
||
|
|
||
|
/**
|
||
|
* The token used for the hash
|
||
|
*/
|
||
|
private $token = null;
|
||
|
|
||
|
public function getToken() {
|
||
|
return $this->token;
|
||
|
}
|
||
|
|
||
|
public function setToken($token) {
|
||
|
$this->token = $token;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Randomly generates a new ID used for the device
|
||
|
* @return string A device ID
|
||
|
*/
|
||
|
protected function getNewDeviceID(){
|
||
|
$generator = new RandomGenerator();
|
||
|
return $generator->randomToken('sha1');
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Creates a new random token and hashes it using the
|
||
|
* member information
|
||
|
* @param Member The logged in user
|
||
|
* @return string The hash to be stored in the database
|
||
|
*/
|
||
|
public function getNewHash(Member $member){
|
||
|
$generator = new RandomGenerator();
|
||
|
$this->setToken($generator->randomToken('sha1'));
|
||
|
return $member->encryptWithUserSettings($this->token);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Generates a new login hash associated with a device
|
||
|
* The device is assigned a globally unique device ID
|
||
|
* The returned login hash stores the hashed token in the
|
||
|
* database, for this device and this member
|
||
|
* @param Member The logged in user
|
||
|
* @return RememberLoginHash The generated login hash
|
||
|
*/
|
||
|
public static function generate(Member $member) {
|
||
|
if(!$member->exists()) { return; }
|
||
|
if (Config::inst()->get('RememberLoginHash', 'force_single_token') == true) {
|
||
|
$rememberLoginHash = RememberLoginHash::get()->filter('MemberID', $member->ID)->removeAll();
|
||
|
}
|
||
|
$rememberLoginHash = RememberLoginHash::create();
|
||
|
do {
|
||
|
$deviceID = $rememberLoginHash->getNewDeviceID();
|
||
|
} while (RememberLoginHash::get()->filter('DeviceID', $deviceID)->Count());
|
||
|
|
||
|
$rememberLoginHash->DeviceID = $deviceID;
|
||
|
$rememberLoginHash->Hash = $rememberLoginHash->getNewHash($member);
|
||
|
$rememberLoginHash->MemberID = $member->ID;
|
||
|
$now = SS_Datetime::now();
|
||
|
$expiryDate = new DateTime($now->Rfc2822());
|
||
|
$tokenExpiryDays = Config::inst()->get('RememberLoginHash', 'token_expiry_days');
|
||
|
$expiryDate->add(new DateInterval('P'.$tokenExpiryDays.'D'));
|
||
|
$rememberLoginHash->ExpiryDate = $expiryDate->format('Y-m-d H:i:s');
|
||
|
$rememberLoginHash->extend('onAfterGenerateToken');
|
||
|
$rememberLoginHash->write();
|
||
|
return $rememberLoginHash;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Generates a new hash for this member but keeps the device ID intact
|
||
|
* @param Member the logged in user
|
||
|
* @return RememberLoginHash
|
||
|
*/
|
||
|
public function renew() {
|
||
|
$hash = $this->getNewHash($this->Member());
|
||
|
$this->Hash = $hash;
|
||
|
$this->extend('onAfterRenewToken');
|
||
|
$this->write();
|
||
|
return $this;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Deletes existing tokens for this member
|
||
|
* if logout_across_devices is true, all tokens are deleted, otherwise
|
||
|
* only the token for the provided device ID will be removed
|
||
|
*/
|
||
|
public static function clear(Member $member, $alcDevice = null) {
|
||
|
if(!$member->exists()) { return; }
|
||
|
$filter = array('MemberID'=>$member->ID);
|
||
|
if ((Config::inst()->get('RememberLoginHash', 'logout_across_devices') == false) && $alcDevice) {
|
||
|
$filter['DeviceID'] = $alcDevice;
|
||
|
}
|
||
|
RememberLoginHash::get()
|
||
|
->filter($filter)
|
||
|
->removeAll();
|
||
|
}
|
||
|
|
||
|
}
|