tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

API Remove ALC renewal, tweak extension point

Browse Source 
The ALC token is no longer rotated during an active login. Also removed related
`replace_token_during_session_renewal` config. The extension point that was
previously provided in the `renew()` method has been renamed and is now triggered
externally in the `CookieAuthenticationHandler::authenticateRequest()` method.
This commit is contained in:
Garion Herman 2024-08-30 10:00:31 +09:00
parent aa2b8c380e
commit 4b6c248296
2 changed files with 2 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/Security/MemberAuthenticator/CookieAuthenticationHandler.php
View File

@ -175,22 +175,8 @@ class CookieAuthenticationHandler implements AuthenticationHandler
$this->cascadeInTo->logIn($member, false, $request); $this->cascadeInTo->logIn($member, false, $request);
} }
// Renew the token // Session renewal hook
Deprecation::withSuppressedNotice(fn() => $rememberLoginHash->renew()); $rememberLoginHash->extend('onAfterRenewSession');
// Send the new token to the client if it was changed
if ($rememberLoginHash->getToken()) {
$tokenExpiryDays = RememberLoginHash::config()->uninherited('token_expiry_days');
Cookie::set(
$this->getTokenCookieName(),
$member->ID . ':' . $rememberLoginHash->getToken(),
$tokenExpiryDays,
null,
null,
false,
true
);
}
// Audit logging hook // Audit logging hook
$member->extend('memberAutoLoggedIn'); $member->extend('memberAutoLoggedIn');

31
src/Security/RememberLoginHash.php
View File

@ -80,15 +80,6 @@ class RememberLoginHash extends DataObject
*/ */
private static $force_single_token = false; private static $force_single_token = false;
/**
* If true, the token will be replaced during session renewal. This can cause unexpected
* logouts if the new token does not reach the client (e.g. due to a network error).
*
* This can be disabled as of CMS 5.3, and renewal will be removed entirely in CMS 6.
* @deprecated 5.3.0 Will be removed without equivalent functionality
*/
private static bool $replace_token_during_session_renewal = true;
/** /**
* The token used for the hash. Only present during the lifetime of the request * The token used for the hash. Only present during the lifetime of the request
* that generates it, as the hash representation is stored in the database and * that generates it, as the hash representation is stored in the database and
@ -199,28 +190,6 @@ class RememberLoginHash extends DataObject
return $rememberLoginHash; return $rememberLoginHash;
} }
/**
* Generates a new hash for this member but keeps the device ID intact
*
* @deprecated 5.3.0 Will be removed without equivalent functionality
* @return RememberLoginHash
*/
public function renew()
{
// Only regenerate token if configured to do so
Deprecation::notice('5.3.0', 'Will be removed without equivalent functionality');
$replaceToken = RememberLoginHash::config()->get('replace_token_during_session_renewal');
if ($replaceToken) {
$hash = $this->getNewHash($this->Member());
$this->Hash = $hash;
}
$this->extend('onAfterRenewToken', $replaceToken);
$this->write();
return $this;
}
/** /**
* Deletes existing tokens for this member * Deletes existing tokens for this member
* if logout_across_devices is true, all tokens are deleted, otherwise * if logout_across_devices is true, all tokens are deleted, otherwise