Rework sessions, remember cookies, and auth again

- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again. - Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes. - Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class. - Fix forgot password process.
2025-10-11 23:14:29 +02:00 · 2015-12-05 15:11:25 +10:30
parent 1d9e7b0262
commit 387109002e
34 changed files with 596 additions and 502 deletions
--- a/src/Forum/Controller/RegisterController.php
+++ b/src/Forum/Controller/RegisterController.php
@@ -11,42 +11,47 @@
 namespace Flarum\Forum\Controller;

 use Flarum\Api\Client;
-use Flarum\Core\User;
+use Flarum\Http\AccessToken;
 use Flarum\Http\Controller\ControllerInterface;
+use Flarum\Http\Rememberer;
+use Flarum\Http\SessionAuthenticator;
 use Psr\Http\Message\ServerRequestInterface as Request;
-use Zend\Diactoros\Response\EmptyResponse;
 use Zend\Diactoros\Response\JsonResponse;
-use Illuminate\Contracts\Bus\Dispatcher;

 class RegisterController implements ControllerInterface
 {
-    /**
-     * @var Dispatcher
-     */
-    protected $bus;
-
    /**
     * @var Client
     */
    protected $api;

    /**
-     * @param Dispatcher $bus
-     * @param Client $api
+     * @var SessionAuthenticator
     */
-    public function __construct(Dispatcher $bus, Client $api)
+    protected $authenticator;
+
+    /**
+     * @var Rememberer
+     */
+    protected $rememberer;
+
+    /**
+     * @param Client $api
+     * @param SessionAuthenticator $authenticator
+     * @param Rememberer $rememberer
+     */
+    public function __construct(Client $api, SessionAuthenticator $authenticator, Rememberer $rememberer)
    {
-        $this->bus = $bus;
        $this->api = $api;
+        $this->authenticator = $authenticator;
+        $this->rememberer = $rememberer;
    }

    /**
     * @param Request $request
-     * @param array $routeParams
-     *
     * @return JsonResponse
     */
-    public function handle(Request $request, array $routeParams = [])
+    public function handle(Request $request)
    {
        $controller = 'Flarum\Api\Controller\CreateUserController';
        $actor = $request->getAttribute('actor');
@@ -55,15 +60,16 @@ class RegisterController implements ControllerInterface
        $response = $this->api->send($controller, $actor, [], $body);

        $body = json_decode($response->getBody());
-        $statusCode = $response->getStatusCode();

        if (isset($body->data)) {
-            $user = User::find($body->data->id);
+            $userId = $body->data->id;

            $session = $request->getAttribute('session');
-            $session->assign($user)->regenerateId()->renew()->setDuration(60 * 24 * 14)->save();
+            $this->authenticator->logIn($session, $userId);
+
+            $response = $this->rememberer->rememberUser($response, $userId);
        }

-        return new JsonResponse($body, $statusCode);
+        return $response;
    }
 }