Rework sessions, remember cookies, and auth again

- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again. - Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes. - Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class. - Fix forgot password process.
2025-07-23 01:31:40 +02:00 · 2015-12-05 15:11:25 +10:30
parent 1d9e7b0262
commit 387109002e
34 changed files with 596 additions and 502 deletions
--- a/src/Http/SessionAuthenticator.php
+++ b/src/Http/SessionAuthenticator.php
@@ -0,0 +1,36 @@
+<?php
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Http;
+
+use DateTime;
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
+
+class SessionAuthenticator
+{
+    /**
+     * @param SessionInterface $session
+     * @param int $userId
+     */
+    public function logIn(SessionInterface $session, $userId)
+    {
+        $session->migrate();
+        $session->set('user_id', $userId);
+        $session->set('sudo_expiry', new DateTime('+30 minutes'));
+    }
+
+    /**
+     * @param SessionInterface $session
+     */
+    public function logOut(SessionInterface $session)
+    {
+        $session->invalidate();
+    }
+}