hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-18 07:23:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add tests to persistent cookie

Browse Source
This commit is contained in:
Romain Neutron
2012-10-04 16:29:38 +02:00
parent ebac1d1e39
commit e844de6a72
3 changed files with 97 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/Alchemy/Phrasea/Application/Root.php
View File

@@ -56,6 +56,7 @@ use Alchemy\Phrasea\Controller\Prod\WorkZone;
use Alchemy\Phrasea\Controller\Utils\ConnectionTest;
use Alchemy\Phrasea\Controller\Utils\PathFileTest;
use Silex\Application as SilexApp;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
@@ -68,6 +69,17 @@ return call_user_func(function($environment = null) {
$app['firewall']->requireSetup($app);
});
$app->before(function(Request $request) use ($app) {
if (!$app->isAuthenticated() && $request->cookies->has('persistent')) {
try {
$auth = new \Session_Authentication_PersistentCookie($app, $request->cookies->get('persistent'));
$app->openAccount($auth, $auth->getSessionId());
} catch (\Exception $e) {
}
}
});
$app->get('/', function(SilexApp $app) {
if ($app['browser']->isMobile()) {
return $app->redirect("/login/?redirect=lightbox");

25
lib/classes/Session/Authentication/PersistentCookie.class.php
View File

@@ -42,25 +42,26 @@ class Session_Authentication_PersistentCookie implements Session_Authentication_
$this->app= $app;
$this->persistent_cookie = $persistent_cookie;
$conn = $this->app['phraseanet.appbox']->get_connection();
$sql = 'SELECT usr_id, session_id, nonce, token FROM cache WHERE token = :token';
$stmt = $conn->prepare($sql);
$stmt->execute(array(':token' => $this->persistent_cookie));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if ( ! $row || count($row) == 0) {
throw new Exception_Session_WrongToken();
$dql = 'SELECT s FROM Entities\Session s
WHERE s.token = :token';
$query = $app['EM']->createQuery($dql);
$query->setParameters(array('token' => $persistent_cookie));
$session = $query->getOneOrNullResult();
if ( ! $session) {
throw new \Exception_Session_WrongToken('Persistent cookie value does not have any valid session');
}
$string = $app['browser']->getBrowser() . '_' . $app['browser']->getPlatform();
if (User_Adapter::salt_password($this->app, $string, $row['nonce']) !== $row['token']) {
throw new Exception_Session_WrongToken();
if (\User_Adapter::salt_password($this->app, $string, $session->getNonce()) !== $session->getToken()) {
throw new \Exception_Session_WrongToken('Persistent cookie value is corrupted');
}
$this->user = User_Adapter::getInstance($row['usr_id'], $this->app);
$this->ses_id = (int) $row['session_id'];
$this->user = $session->getUser($app);
$this->ses_id = $session->getId();
return $this;
}