Compare commits

...

2 Commits

Author SHA1 Message Date
Garion Herman
4cbeee0882
Merge 4b6c248296 into 666b4094b4 2024-10-18 05:30:36 +13:00
Garion Herman
4b6c248296 API Remove ALC renewal, tweak extension point
The ALC token is no longer rotated during an active login. Also removed related
`replace_token_during_session_renewal` config. The extension point that was
previously provided in the `renew()` method has been renamed and is now triggered
externally in the `CookieAuthenticationHandler::authenticateRequest()` method.
2024-10-01 12:55:44 +09:00
2 changed files with 2 additions and 47 deletions

View File

@ -175,22 +175,8 @@ class CookieAuthenticationHandler implements AuthenticationHandler
$this->cascadeInTo->logIn($member, false, $request); $this->cascadeInTo->logIn($member, false, $request);
} }
// Renew the token // Session renewal hook
Deprecation::withSuppressedNotice(fn() => $rememberLoginHash->renew()); $rememberLoginHash->extend('onAfterRenewSession');
// Send the new token to the client if it was changed
if ($rememberLoginHash->getToken()) {
$tokenExpiryDays = RememberLoginHash::config()->uninherited('token_expiry_days');
Cookie::set(
$this->getTokenCookieName(),
$member->ID . ':' . $rememberLoginHash->getToken(),
$tokenExpiryDays,
null,
null,
false,
true
);
}
// Audit logging hook // Audit logging hook
$member->extend('memberAutoLoggedIn'); $member->extend('memberAutoLoggedIn');

View File

@ -82,15 +82,6 @@ class RememberLoginHash extends DataObject
*/ */
private static $force_single_token = false; private static $force_single_token = false;
/**
* If true, the token will be replaced during session renewal. This can cause unexpected
* logouts if the new token does not reach the client (e.g. due to a network error).
*
* This can be disabled as of CMS 5.3, and renewal will be removed entirely in CMS 6.
* @deprecated 5.3.0 Will be removed without equivalent functionality
*/
private static bool $replace_token_during_session_renewal = true;
/** /**
* The token used for the hash. Only present during the lifetime of the request * The token used for the hash. Only present during the lifetime of the request
* that generates it, as the hash representation is stored in the database and * that generates it, as the hash representation is stored in the database and
@ -201,28 +192,6 @@ class RememberLoginHash extends DataObject
return $rememberLoginHash; return $rememberLoginHash;
} }
/**
* Generates a new hash for this member but keeps the device ID intact
*
* @deprecated 5.3.0 Will be removed without equivalent functionality
* @return RememberLoginHash
*/
public function renew()
{
// Only regenerate token if configured to do so
Deprecation::notice('5.3.0', 'Will be removed without equivalent functionality');
$replaceToken = RememberLoginHash::config()->get('replace_token_during_session_renewal');
if ($replaceToken) {
$hash = $this->getNewHash($this->Member());
$this->Hash = $hash;
}
$this->extend('onAfterRenewToken', $replaceToken);
$this->write();
return $this;
}
/** /**
* Deletes existing tokens for this member * Deletes existing tokens for this member
* if logout_across_devices is true, all tokens are deleted, otherwise * if logout_across_devices is true, all tokens are deleted, otherwise