Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
syncEnrollments
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Yeray Santana Hualde
syncEnrollments
Commits
17385697
Commit
17385697
authored
Oct 10, 2011
by
Taylor Otwell
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
continuing to work on the remember me authentication.
parent
6178a968
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
69 additions
and
34 deletions
+69
-34
session.php
application/config/session.php
+11
-0
cookie.php
laravel/cookie.php
+2
-2
auth.php
laravel/security/auth.php
+55
-31
cookie.php
laravel/session/transporters/cookie.php
+1
-1
No files found.
application/config/session.php
View file @
17385697
...
@@ -91,4 +91,15 @@ return array(
...
@@ -91,4 +91,15 @@ return array(
'domain'
=>
null
,
'domain'
=>
null
,
/*
|--------------------------------------------------------------------------
| HTTPS Only Session Cookie
|--------------------------------------------------------------------------
|
| Determines if the cookie should only be sent over HTTPS.
|
*/
'secure'
=>
false
,
);
);
\ No newline at end of file
laravel/cookie.php
View file @
17385697
...
@@ -26,7 +26,7 @@ class Cookie {
...
@@ -26,7 +26,7 @@ class Cookie {
}
}
/**
/**
* Set a "permanent" cookie. The cookie will last
5 years
.
* Set a "permanent" cookie. The cookie will last
for one year
.
*
*
* @param string $name
* @param string $name
* @param string $value
* @param string $value
...
@@ -38,7 +38,7 @@ class Cookie {
...
@@ -38,7 +38,7 @@ class Cookie {
*/
*/
public
static
function
forever
(
$name
,
$value
,
$path
=
'/'
,
$domain
=
null
,
$secure
=
false
,
$http_only
=
false
)
public
static
function
forever
(
$name
,
$value
,
$path
=
'/'
,
$domain
=
null
,
$secure
=
false
,
$http_only
=
false
)
{
{
return
static
::
put
(
$name
,
$value
,
26280
00
,
$path
,
$domain
,
$secure
,
$http_only
);
return
static
::
put
(
$name
,
$value
,
5256
00
,
$path
,
$domain
,
$secure
,
$http_only
);
}
}
/**
/**
...
...
laravel/security/auth.php
View file @
17385697
...
@@ -2,6 +2,7 @@
...
@@ -2,6 +2,7 @@
use
Laravel\IoC
;
use
Laravel\IoC
;
use
Laravel\Config
;
use
Laravel\Config
;
use
Laravel\Cookie
;
use
Laravel\Session\Payload
;
use
Laravel\Session\Payload
;
class
Auth
{
class
Auth
{
...
@@ -20,6 +21,13 @@ class Auth {
...
@@ -20,6 +21,13 @@ class Auth {
*/
*/
const
user_key
=
'laravel_user_id'
;
const
user_key
=
'laravel_user_id'
;
/**
* The key used when setting the "remember me" cookie.
*
* @var string
*/
const
remember_key
=
'laravel_remember'
;
/**
/**
* Determine if the current user of the application is authenticated.
* Determine if the current user of the application is authenticated.
*
*
...
@@ -50,18 +58,20 @@ class Auth {
...
@@ -50,18 +58,20 @@ class Auth {
{
{
if
(
!
is_null
(
static
::
$user
))
return
static
::
$user
;
if
(
!
is_null
(
static
::
$user
))
return
static
::
$user
;
$id
=
IoC
::
container
()
->
core
(
'session'
)
->
get
(
Auth
::
user_key
);
static
::
$user
=
call_user_func
(
Config
::
get
(
'auth.user'
),
IoC
::
container
()
->
core
(
'session'
)
->
get
(
Auth
::
user_key
));
static
::
$user
=
call_user_func
(
Config
::
get
(
'auth.user'
),
$id
);
if
(
is_null
(
static
::
$user
)
AND
!
is_null
(
$cookie
=
Crypter
::
decrypt
(
\Cookie
::
get
(
'remember'
))))
// If no user was returned by the closure, and a "remember me" cookie exists,
// we will attempt to login the user using the ID that is encrypted into the
// cookie value by the "remember" method.
if
(
is_null
(
static
::
$user
)
and
!
is_null
(
$cookie
=
Cookie
::
get
(
Auth
::
remember_key
)))
{
{
$cookie
=
explode
(
'|'
,
$cookie
);
// The decrypted value of the remember cookie should look like {id}|{random}.
if
(
$cookie
[
2
]
==
md5
(
\Request
::
server
(
'HTTP_USER_AGENT'
))
// We will extract out the ID and pass it to the "user" closure to attempt
AND
!
is_null
(
static
::
$user
=
call_user_func
(
Config
::
get
(
'auth.user'
),
$cookie
[
0
])))
// to login the user. If a user is returned, their ID will be stored in
{
// the session like normal and they will be considered logged in.
static
::
login
(
static
::
$user
);
$id
=
substr
(
Crypter
::
decrypt
(
$cookie
),
0
,
strpos
(
$cookie
,
'|'
));
}
if
(
!
is_null
(
$user
=
call_user_func
(
Config
::
get
(
'auth.user'
),
$id
)))
static
::
login
(
$user
);
}
}
return
static
::
$user
;
return
static
::
$user
;
...
@@ -70,22 +80,24 @@ class Auth {
...
@@ -70,22 +80,24 @@ class Auth {
/**
/**
* Attempt to log a user into the application.
* Attempt to log a user into the application.
*
*
* If the given credentials are valid, the user will be considered logged into
* If the given credentials are valid, the user will be logged into the application
* the application and their user ID will be stored in the session data.
* and their user ID will be stored in the session data.
*
* The user may also be "remembered". When this option is set, the user will be
* automatically logged into the application for one year via an encrypted cookie
* containing their ID. Of course, if the user logs out of the application,
* they will no longer be remembered.
*
*
* @param string $username
* @param string $username
* @param string $password
* @param string $password
* @param bool $remember
* @param bool $remember
* @param int $ttl - Default is one week.
* @return bool
* @return bool
*/
*/
public
static
function
attempt
(
$username
,
$password
=
null
,
$remember
=
false
,
$ttl
=
10080
)
public
static
function
attempt
(
$username
,
$password
=
null
,
$remember
=
false
)
{
{
if
(
!
is_null
(
$user
=
call_user_func
(
Config
::
get
(
'auth.attempt'
),
$username
,
$password
)))
if
(
!
is_null
(
$user
=
call_user_func
(
Config
::
get
(
'auth.attempt'
),
$username
,
$password
)))
{
{
static
::
login
(
$user
);
static
::
login
(
$user
,
$remember
);
if
(
$remember
)
static
::
remember
(
$user
);
return
true
;
return
true
;
}
}
...
@@ -99,15 +111,36 @@ class Auth {
...
@@ -99,15 +111,36 @@ class Auth {
* The user ID will be stored in the session so it is available on subsequent requests.
* The user ID will be stored in the session so it is available on subsequent requests.
*
*
* @param object $user
* @param object $user
* @param bool $remember
* @return void
* @return void
*/
*/
public
static
function
login
(
$user
)
public
static
function
login
(
$user
,
$remember
=
false
)
{
{
static
::
$user
=
$user
;
static
::
$user
=
$user
;
if
(
$remember
)
static
::
remember
(
$user
->
id
);
IoC
::
container
()
->
core
(
'session'
)
->
put
(
Auth
::
user_key
,
$user
->
id
);
IoC
::
container
()
->
core
(
'session'
)
->
put
(
Auth
::
user_key
,
$user
->
id
);
}
}
/**
* Set a cookie so that users are "remembered" and don't need to login.
*
* @param string $id
* @return void
*/
protected
static
function
remember
(
$id
)
{
$cookie
=
Crypter
::
encrypt
(
$id
.
'|'
.
Str
::
random
(
40
));
// This method assumes the "remember me" cookie should have the same configuration
// as the session cookie. Since this cookie, like the session cookie, should be
// kept very secure, it's probably safe to assume the settings are the same.
$config
=
Config
::
get
(
'session'
);
Cookie
::
forever
(
Auth
::
remember_key
,
$cookie
,
$config
[
'path'
],
$config
[
'domain'
],
$config
[
'secure'
]);
}
/**
/**
* Log the current user out of the application.
* Log the current user out of the application.
*
*
...
@@ -121,20 +154,11 @@ class Auth {
...
@@ -121,20 +154,11 @@ class Auth {
static
::
$user
=
null
;
static
::
$user
=
null
;
Cookie
::
forget
(
Auth
::
user_key
);
Cookie
::
forget
(
Auth
::
remember_key
);
IoC
::
container
()
->
core
(
'session'
)
->
forget
(
Auth
::
user_key
);
IoC
::
container
()
->
core
(
'session'
)
->
forget
(
Auth
::
user_key
);
}
}
/**
* Set a cookie so that users are remembered.
*
* @param object $user
* @param int $ttl - Default is one week.
* @return bool
*/
public
static
function
remember
(
$user
,
$ttl
=
10080
)
{
static
::
$user
=
$user
;
$cookie
=
Crypter
::
encrypt
(
implode
(
'|'
,
array
(
$user
->
id
,
\Request
::
ip
(),
md5
(
\Request
::
server
(
'HTTP_USER_AGENT'
)),
time
())));
\Cookie
::
put
(
'remember'
,
$cookie
,
$ttl
);
}
}
}
\ No newline at end of file
laravel/session/transporters/cookie.php
View file @
17385697
...
@@ -34,7 +34,7 @@ class Cookie implements Transporter {
...
@@ -34,7 +34,7 @@ class Cookie implements Transporter {
// deleted until the user closes their browser.
// deleted until the user closes their browser.
$minutes
=
(
!
$config
[
'expire_on_close'
])
?
$config
[
'lifetime'
]
:
0
;
$minutes
=
(
!
$config
[
'expire_on_close'
])
?
$config
[
'lifetime'
]
:
0
;
\Laravel\Cookie
::
put
(
Cookie
::
key
,
$id
,
$minutes
,
$config
[
'path'
],
$config
[
'domain'
]);
\Laravel\Cookie
::
put
(
Cookie
::
key
,
$id
,
$minutes
,
$config
[
'path'
],
$config
[
'domain'
]
,
$config
[
'secure'
]
);
}
}
}
}
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment