mirror_html/filegator
1
0
Fork 0
mirror of https://github.com/filegator/filegator.git synced 2025-08-05 07:57:47 +02:00
Code Issues Projects Releases Wiki Activity

invalidate sessions when the password is changed - database auth adapter

Browse Source
This commit is contained in:
Milos Stojanovic
2021-07-05 15:12:58 +02:00
parent 0de9e6c895
commit a66cba349b
1 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
backend/Services/Auth/Adapters/Database.php
View File

@@ -24,6 +24,7 @@ class Database implements Service, AuthInterface
use PasswordHash; use PasswordHash;
const SESSION_KEY = 'database_auth'; const SESSION_KEY = 'database_auth';
const SESSION_HASH = 'database_auth_hash';
const GUEST_USERNAME = 'guest'; const GUEST_USERNAME = 'guest';
@@ -48,7 +49,22 @@ class Database implements Service, AuthInterface
public function user(): ?User public function user(): ?User
{ {
return $this->session ? $this->session->get(self::SESSION_KEY, null) : null; if (! $this->session) return null;
$user = $this->session->get(self::SESSION_KEY, null);
$hash = $this->session->get(self::SESSION_HASH, null);
if (! $user) return null;
$ret = $this->getConnection()
->fetch('SELECT * FROM users WHERE username = ?', $user->getUsername())
;
if ($ret && $hash == $ret->password) {
return $user;
}
return null;
} }
public function authenticate($username, $password): bool public function authenticate($username, $password): bool
@@ -60,6 +76,7 @@ class Database implements Service, AuthInterface
if ($ret && $this->verifyPassword($password, $ret->password)) { if ($ret && $this->verifyPassword($password, $ret->password)) {
$user = $this->mapToUserObject($ret); $user = $this->mapToUserObject($ret);
$this->store($user); $this->store($user);
$this->session->set(self::SESSION_HASH, $ret->password);
return true; return true;
} }