tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Make auto login token expiry configurable (closes #7278)

Browse Source
This commit is contained in:
Loz Calver 2017-09-08 16:53:44 +01:00 committed by Daniel Hensby
parent 0aabcac747
commit 7431122b58
No known key found for this signature in database
GPG Key ID: 5DE415D786BBB2FD
1 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/Security/Member.php
View File

@ -241,6 +241,19 @@ class Member extends DataObject
*/ */
private static $temp_id_lifetime = 259200; private static $temp_id_lifetime = 259200;
/**
* Default lifetime of auto login token.
*
* This is the maximum allowed period between a user requesting a password reset link and using it to reset
* their password.
*
* Defaults to 2 days.
*
* @config
* @var int Lifetime in seconds
*/
private static $auto_login_token_lifetime = 172800;
/** /**
* Ensure the locale is set to something sensible by default. * Ensure the locale is set to something sensible by default.
*/ */
@ -558,14 +571,24 @@ class Member extends DataObject
* Generate an auto login token which can be used to reset the password, * Generate an auto login token which can be used to reset the password,
* at the same time hashing it and storing in the database. * at the same time hashing it and storing in the database.
* *
* @param int $lifetime The lifetime of the auto login hash in days (by default 2 days) * @param int|null $lifetime DEPRECATED: The lifetime of the auto login hash in days. Overrides
* * the Member.auto_login_token_lifetime config value
* @returns string Token that should be passed to the client (but NOT persisted). * @return string Token that should be passed to the client (but NOT persisted).
*
* @todo Make it possible to handle database errors such as a "duplicate key" error
*/ */
public function generateAutologinTokenAndStoreHash($lifetime = 2) public function generateAutologinTokenAndStoreHash($lifetime = null)
{ {
if ($lifetime !== null) {
Deprecation::notice(
'5.0',
'Passing a $lifetime to Member::generateAutologinTokenAndStoreHash() is deprecated,
use the Member.auto_login_token_lifetime config setting instead',
Deprecation::SCOPE_GLOBAL
);
$lifetime = (86400 * $lifetime); // Method argument is days, convert to seconds
} else {
$lifetime = $this->config()->auto_login_token_lifetime;
}
do { do {
$generator = new RandomGenerator(); $generator = new RandomGenerator();
$token = $generator->randomToken(); $token = $generator->randomToken();
@ -575,7 +598,7 @@ class Member extends DataObject
))); )));
$this->AutoLoginHash = $hash; $this->AutoLoginHash = $hash;
$this->AutoLoginExpired = date('Y-m-d H:i:s', time() + (86400 * $lifetime)); $this->AutoLoginExpired = date('Y-m-d H:i:s', time() + $lifetime);
$this->write(); $this->write();