mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-10-12 07:24:27 +02:00
Code Issues Releases Wiki Activity

Refactor Access Tokens (#2651)

Browse Source 
- Make session token-based instead of user-based
- Clear current session access tokens on logout
- Introduce increment ID so we can show tokens to moderators in the future without exposing secrets
- Switch to type classes to manage the different token types. New implementation fixes #2075
- Drop ability to customize lifetime per-token
- Add developer access keys that don't expire. These must be created from the database for now
- Add title in preparation for the developer token UI
- Add IP and user agent logging
- Delete all non-remember tokens in migration
This commit is contained in:
Clark Winkelmann
2021-03-04 22:50:38 +01:00
committed by GitHub
parent 8eef7230e9
commit 08ba2599d7
28 changed files with 772 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Forum/Controller/RegisterController.php
View File

@@ -11,6 +11,7 @@ namespace Flarum\Forum\Controller;
use Flarum\Api\Client;
use Flarum\Api\Controller\CreateUserController;
use Flarum\Http\RememberAccessToken;
use Flarum\Http\Rememberer;
use Flarum\Http\SessionAuthenticator;
use Psr\Http\Message\ResponseInterface;
@@ -62,10 +63,12 @@ class RegisterController implements RequestHandlerInterface
if (isset($body->data)) {
$userId = $body->data->id;
$session = $request->getAttribute('session');
$this->authenticator->logIn($session, $userId);
$token = RememberAccessToken::generate($userId);
$response = $this->rememberer->rememberUser($response, $userId);
$session = $request->getAttribute('session');
$this->authenticator->logIn($session, $token);
$response = $this->rememberer->remember($response, $token);
}
return $response;