invalidate sessions when the password is changed - json auth adapter

2025-08-05 07:27:27 +02:00 · 2021-07-05 14:49:12 +02:00
parent f237bd4aa8
commit 0de9e6c895
3 changed files with 24 additions and 1 deletions
--- a/backend/Services/Auth/Adapters/JsonFile.php
+++ b/backend/Services/Auth/Adapters/JsonFile.php
@@ -22,6 +22,7 @@ class JsonFile implements Service, AuthInterface
    use PasswordHash;

    const SESSION_KEY = 'json_auth';
+    const SESSION_HASH = 'json_auth_hash';

    const GUEST_USERNAME = 'guest';

@@ -45,7 +46,20 @@ class JsonFile implements Service, AuthInterface

    public function user(): ?User
    {
-        return $this->session ? $this->session->get(self::SESSION_KEY, null) : null;
+        if (! $this->session) return null;
+
+        $user = $this->session->get(self::SESSION_KEY, null);
+        $hash = $this->session->get(self::SESSION_HASH, null);
+
+        if ($user) {
+            foreach ($this->getUsers() as $u) {
+                if ($u['username'] == $user->getUsername() && $hash == $u['password']) {
+                    return $user;
+                }
+            }
+        }
+
+        return null;
    }

    public function authenticate($username, $password): bool
@@ -56,6 +70,7 @@ class JsonFile implements Service, AuthInterface
            if ($u['username'] == $username && $this->verifyPassword($password, $u['password'])) {
                $user = $this->mapToUserObject($u);
                $this->store($user);
+                $this->session->set(self::SESSION_HASH, $u['password']);

                return true;
            }
--- a/frontend/views/partials/Profile.vue
+++ b/frontend/views/partials/Profile.vue
@@ -52,6 +52,7 @@ export default {
            type: 'is-success',
          })
          this.$parent.close()
+          this.$router.go()
        })
        .catch(errors => {
          if (typeof errors.response.data.data != 'object') {
--- a/tests/backend/MockUsers.php
+++ b/tests/backend/MockUsers.php
@@ -34,6 +34,12 @@ class MockUsers extends JsonFile implements Service, AuthInterface
        return $this->users_array = $users;
    }

+    public function user(): ?User
+    {
+        return $this->session ? $this->session->get(self::SESSION_KEY, null) : null;
+    }
+
+
    private function addMockUsers()
    {
        $guest = new User();
@@ -69,4 +75,5 @@ class MockUsers extends JsonFile implements Service, AuthInterface
        $this->add($john, 'john123');
        $this->add($jane, 'jane123');
    }
+
 }