diff --git a/Engine/Modules/AdminBackend/Core/Controller/Backend/LoginController.php b/Engine/Modules/AdminBackend/Core/Controller/Backend/LoginController.php index 343465c9f..077939894 100644 --- a/Engine/Modules/AdminBackend/Core/Controller/Backend/LoginController.php +++ b/Engine/Modules/AdminBackend/Core/Controller/Backend/LoginController.php @@ -10,7 +10,7 @@ use Oforge\Engine\Modules\Core\Annotation\Endpoint\EndpointClass; use Oforge\Engine\Modules\Core\Exceptions\ServiceNotFoundException; use Oforge\Engine\Modules\Core\Helper\RouteHelper; -use Oforge\Engine\Modules\Core\Services\Session\SessionManagementService; +use Oforge\Engine\Modules\Core\Manager\SessionManager; use Oforge\Engine\Modules\Core\Services\TokenService; use Oforge\Engine\Modules\I18n\Helper\I18N; use Slim\Http\Request; @@ -112,9 +112,7 @@ public function processAction(Request $request, Response $response) { return RouteHelper::redirect($response, 'backend_login'); } - /** @var SessionManagementService $sessionManagement */ - $sessionManagement = Oforge()->Services()->get('session.management'); - $sessionManagement->regenerateSession(); + SessionManager::regenerate(); $_SESSION['auth'] = $jwt; diff --git a/Engine/Modules/AdminBackend/Core/Controller/Backend/LogoutController.php b/Engine/Modules/AdminBackend/Core/Controller/Backend/LogoutController.php index 249879ff8..8d0a7f512 100644 --- a/Engine/Modules/AdminBackend/Core/Controller/Backend/LogoutController.php +++ b/Engine/Modules/AdminBackend/Core/Controller/Backend/LogoutController.php @@ -8,7 +8,7 @@ use Oforge\Engine\Modules\Core\Annotation\Endpoint\EndpointAction; use Oforge\Engine\Modules\Core\Annotation\Endpoint\EndpointClass; use Oforge\Engine\Modules\Core\Helper\RouteHelper; -use Oforge\Engine\Modules\Core\Services\Session\SessionManagementService; +use Oforge\Engine\Modules\Core\Manager\SessionManager; use Slim\Http\Request; use Slim\Http\Response; @@ -33,9 +33,7 @@ public function initPermissions() { * @EndpointAction() */ public function indexAction(Request $request, Response $response) { - /** @var SessionManagementService $sessionManager */ - $sessionManager = Oforge()->Services()->get('session.management'); - $sessionManager->sessionDestroy(); + SessionManager::destroy(); return RouteHelper::redirect($response, 'backend_login'); } diff --git a/Engine/Modules/Core/.meta/.phpstorm.meta.php b/Engine/Modules/Core/.meta/.phpstorm.meta.php index 8a7608e04..54fecd673 100644 --- a/Engine/Modules/Core/.meta/.phpstorm.meta.php +++ b/Engine/Modules/Core/.meta/.phpstorm.meta.php @@ -12,7 +12,6 @@ 'plugin.access' => \Oforge\Engine\Modules\Core\Services\PluginAccessService::class, 'plugin.state' => \Oforge\Engine\Modules\Core\Services\PluginStateService::class, 'redirect' => \Oforge\Engine\Modules\Core\Services\RedirectService::class, - 'session.management' => \Oforge\Engine\Modules\Core\Services\Session\SessionManagementService::class, 'store.keyvalue' => \Oforge\Engine\Modules\Core\Services\KeyValueStoreService::class, 'token' => \Oforge\Engine\Modules\Core\Services\TokenService::class, ])); diff --git a/Engine/Modules/Core/BlackSmith.php b/Engine/Modules/Core/BlackSmith.php index 5a1f637ae..e379c55a5 100644 --- a/Engine/Modules/Core/BlackSmith.php +++ b/Engine/Modules/Core/BlackSmith.php @@ -14,6 +14,7 @@ use Oforge\Engine\Modules\Core\Manager\Modules\ModuleManager; use Oforge\Engine\Modules\Core\Manager\Plugins\PluginManager; use Oforge\Engine\Modules\Core\Manager\Services\ServiceManager; +use Oforge\Engine\Modules\Core\Manager\SessionManager; use Oforge\Engine\Modules\Core\Manager\Slim\SlimRouteManager; use Slim\Container; use Slim\Exception\MethodNotAllowedException; @@ -296,8 +297,7 @@ public function forge($start = true, $test = false) { $this->forgeSlimApp = ForgeSlimApp::getInstance(); $this->container = $this->App()->getContainer(); if ($start) { - - $this->forgeSlimApp->sessionStart(); + SessionManager::start(); if ($this->forgeSlimApp->returnCachedResult()) { return; diff --git a/Engine/Modules/Core/Bootstrap.php b/Engine/Modules/Core/Bootstrap.php index b1d0aedb2..295924991 100644 --- a/Engine/Modules/Core/Bootstrap.php +++ b/Engine/Modules/Core/Bootstrap.php @@ -25,7 +25,7 @@ use Oforge\Engine\Modules\Core\Services\PluginAccessService; use Oforge\Engine\Modules\Core\Services\PluginStateService; use Oforge\Engine\Modules\Core\Services\RedirectService; -use Oforge\Engine\Modules\Core\Services\Session\SessionManagementService; +use Oforge\Engine\Modules\Core\Services\Session\SessionManager; use Oforge\Engine\Modules\Core\Services\TokenService; /** @@ -61,7 +61,6 @@ public function __construct() { 'plugin.access' => PluginAccessService::class, 'plugin.state' => PluginStateService::class, 'redirect' => RedirectService::class, - 'session.management' => SessionManagementService::class, 'store.keyvalue' => KeyValueStoreService::class, 'token' => TokenService::class, ]; diff --git a/Engine/Modules/Core/Forge/ForgeSlimApp.php b/Engine/Modules/Core/Forge/ForgeSlimApp.php index 750480a5b..82fde1e05 100644 --- a/Engine/Modules/Core/Forge/ForgeSlimApp.php +++ b/Engine/Modules/Core/Forge/ForgeSlimApp.php @@ -95,45 +95,10 @@ public static function getInstance() : ForgeSlimApp { return self::$instance; } - /** - * Start the session - * - * @param int $lifetimeSeconds - * @param string $path - * @param null $domain - * @param null $secure - */ - public function sessionStart($lifetimeSeconds = 0, $path = '/', $domain = null, $secure = null) { - $sessionStatus = session_status(); - - if ($sessionStatus != PHP_SESSION_ACTIVE) { - session_name("oforge_session"); - if (!empty($_SESSION['deleted_time']) - && $_SESSION['deleted_time'] < time() - 180) { - session_destroy(); - } - // Set the domain to default to the current domain. - $domain = isset($domain) ? $domain : $_SERVER['SERVER_NAME']; - - // Set the default secure value to whether the site is being accessed with SSL - $secure = isset($secure) ? $secure : isset($_SERVER['HTTPS']) ? true : false; - - // Set the cookie settings and start the session - session_set_cookie_params($lifetimeSeconds, $path, $domain, $secure, true); - session_start(); - $_SESSION['created_time'] = time(); - } - } - public function returnCachedResult($silent = false) : bool { - /** - * @var $response ResponseInterface - */ + /** @var ResponseInterface $response */ $response = $this->getContainer()->get('response'); - - /** - * @var $request ServerRequestInterface - */ + /** @var ServerRequestInterface $request */ $request = $this->getContainer()->get('request'); $mode = Oforge()->Settings()->get("mode"); @@ -201,14 +166,10 @@ public function returnCachedResult($silent = false) : bool { } public function run($silent = false) { - /** - * @var $response ResponseInterface - */ + /** @var ResponseInterface $response */ $response = $this->getContainer()->get('response'); - /** - * @var $request ServerRequestInterface - */ + /** @var ServerRequestInterface $request */ $request = $this->getContainer()->get('request'); $mode = Oforge()->Settings()->get("mode"); diff --git a/Engine/Modules/Core/Manager/SessionManager.php b/Engine/Modules/Core/Manager/SessionManager.php new file mode 100644 index 000000000..311764202 --- /dev/null +++ b/Engine/Modules/Core/Manager/SessionManager.php @@ -0,0 +1,110 @@ + $lifetimeSeconds, + 'path' => $path, + 'domain' => $domain, + 'secure' => $secure, + 'httponly' => $httponly, + ]; + if ( !empty($samesite)) { + $params['samesite'] = $samesite; + } + session_set_cookie_params($params); + } + session_start(); + $_SESSION['created_time'] = time(); + } + + /** + * Regenerate the session + */ + public static function regenerate() : void + { + if (session_status() != PHP_SESSION_ACTIVE) { + session_start(); + } + + $oldSessionData = $_SESSION; + self::destroy(); + self::start(self::$lifetimeSeconds, self::$path, self::$domain, self::$secure, self::$samesite); + $_SESSION = array_merge($_SESSION, $oldSessionData); + $_SESSION['created_time'] = time(); + } + + /** + * Destroy the session an the corresponding cookie + */ + public static function destroy() : void + { + $_SESSION = []; + unset($_COOKIE[self::SESSION_COOKIE_NAME]); + session_destroy(); + session_id(session_create_id()); + } + +} diff --git a/Engine/Modules/Core/Middleware/SessionMiddleware.php b/Engine/Modules/Core/Middleware/SessionMiddleware.php index f355663ca..2a9d44d9f 100644 --- a/Engine/Modules/Core/Middleware/SessionMiddleware.php +++ b/Engine/Modules/Core/Middleware/SessionMiddleware.php @@ -4,8 +4,8 @@ use Oforge\Engine\Modules\Core\Exceptions\ConfigElementNotFoundException; use Oforge\Engine\Modules\Core\Exceptions\ServiceNotFoundException; +use Oforge\Engine\Modules\Core\Manager\SessionManager; use Oforge\Engine\Modules\Core\Services\ConfigService; -use Oforge\Engine\Modules\Core\Services\Session\SessionManagementService; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; @@ -26,9 +26,7 @@ class SessionMiddleware { * @throws ServiceNotFoundException */ public function __invoke($request, $response, $next) { - /** @var SessionManagementService $sessionManager */ - $sessionManager = Oforge()->Services()->get('session.management'); - $sessionManager->sessionStart(); + SessionManager::start(); /** @var ConfigService $configService */ $configService = Oforge()->Services()->get('config'); $debugMode = $configService->get('debug_mode'); diff --git a/Engine/Modules/Core/Services/Session/SessionManagementService.php b/Engine/Modules/Core/Services/Session/SessionManagementService.php deleted file mode 100644 index ec1b3dde3..000000000 --- a/Engine/Modules/Core/Services/Session/SessionManagementService.php +++ /dev/null @@ -1,71 +0,0 @@ -sessionDestroy(); - $this->sessionStart(0); - $_SESSION = array_merge($_SESSION, $oldSessionData); - $_SESSION['created_time'] = time(); - } - - /** - * Destroy the session an the corresponding cookie - */ - public function sessionDestroy() { - $_SESSION = []; - session_destroy(); - session_id(session_create_id()); - } -} diff --git a/Engine/Modules/UserManagement/Controller/Backend/ProfileController.php b/Engine/Modules/UserManagement/Controller/Backend/ProfileController.php index cb3b16605..48c33f1f9 100644 --- a/Engine/Modules/UserManagement/Controller/Backend/ProfileController.php +++ b/Engine/Modules/UserManagement/Controller/Backend/ProfileController.php @@ -19,7 +19,7 @@ use Oforge\Engine\Modules\Core\Exceptions\NotFoundException; use Oforge\Engine\Modules\Core\Exceptions\ServiceNotFoundException; use Oforge\Engine\Modules\Core\Helper\RouteHelper; -use Oforge\Engine\Modules\Core\Services\Session\SessionManagementService; +use Oforge\Engine\Modules\Core\Manager\SessionManager; use Oforge\Engine\Modules\I18n\Helper\I18N; use Oforge\Engine\Modules\UserManagement\Services\BackendUsersCrudService; use Slim\Http\Request; @@ -94,9 +94,7 @@ public function loginDataAction(Request $request, Response $response) { $user['type'] = $oldUser['type']; $user['role'] = $oldUser['role']; $backendUserService->update($user); - /** @var SessionManagementService $sessionManagement */ - $sessionManagement = Oforge()->Services()->get('session.management'); - $sessionManagement->regenerateSession(); + SessionManager::regenerate(); $_SESSION['auth'] = $authService->createJWT($user); Oforge()->View()->Flash()->addMessage('success', I18N::translate('profile_login_data_update_success', [ 'en' => 'Login data successfully updated', diff --git a/Plugins/FrontendUserManagement/Controller/Frontend/LogoutController.php b/Plugins/FrontendUserManagement/Controller/Frontend/LogoutController.php index c9da7dba5..bf3941b83 100644 --- a/Plugins/FrontendUserManagement/Controller/Frontend/LogoutController.php +++ b/Plugins/FrontendUserManagement/Controller/Frontend/LogoutController.php @@ -5,11 +5,11 @@ use Exception; use Oforge\Engine\Modules\Core\Annotation\Endpoint\EndpointAction; use Oforge\Engine\Modules\Core\Annotation\Endpoint\EndpointClass; -use Oforge\Engine\Modules\Core\Services\Session\SessionManagementService; +use Oforge\Engine\Modules\Core\Helper\RouteHelper; +use Oforge\Engine\Modules\Core\Manager\SessionManager; use Oforge\Engine\Modules\I18n\Helper\I18N; use Slim\Http\Request; use Slim\Http\Response; -use Slim\Router; /** * Class LogoutController @@ -17,7 +17,8 @@ * @package FrontendUserManagement\Controller\Frontend * @EndpointClass(path="/logout", name="frontend_logout", assetScope="Frontend") */ -class LogoutController { +class LogoutController +{ /** * @param Request $request @@ -27,16 +28,13 @@ class LogoutController { * @throws Exception * @EndpointAction() */ - public function indexAction(Request $request, Response $response) { - /** @var SessionManagementService $sessionManager */ - /** @var Router $router */ - $sessionManager = Oforge()->Services()->get('session.management'); - $router = Oforge()->App()->getContainer()->get('router'); - $sessionManager->sessionDestroy(); - $sessionManager->sessionStart(); + public function indexAction(Request $request, Response $response) + { + SessionManager::destroy(); + SessionManager::start(); Oforge()->View()->Flash()->addMessage('success', I18N::translate('logout_success', 'You have been logged out.')); - return $response->withRedirect($router->pathFor('frontend_login'), 302); + return RouteHelper::redirect($response, 'frontend_login'); } }