Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API Remove ALC renewal, tweak extension point #11355

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 2 additions & 16 deletions src/Security/MemberAuthenticator/CookieAuthenticationHandler.php
Original file line number Diff line number Diff line change
Expand Up @@ -175,22 +175,8 @@ public function authenticateRequest(HTTPRequest $request)
$this->cascadeInTo->logIn($member, false, $request);
}

// Renew the token
Deprecation::withSuppressedNotice(fn() => $rememberLoginHash->renew());

// Send the new token to the client if it was changed
if ($rememberLoginHash->getToken()) {
$tokenExpiryDays = RememberLoginHash::config()->uninherited('token_expiry_days');
Cookie::set(
$this->getTokenCookieName(),
$member->ID . ':' . $rememberLoginHash->getToken(),
$tokenExpiryDays,
null,
null,
false,
true
);
}
// Session renewal hook
$rememberLoginHash->extend('onAfterRenewSession');

// Audit logging hook
$member->extend('memberAutoLoggedIn');
Expand Down
31 changes: 0 additions & 31 deletions src/Security/RememberLoginHash.php
Original file line number Diff line number Diff line change
Expand Up @@ -82,15 +82,6 @@ class RememberLoginHash extends DataObject
*/
private static $force_single_token = false;

/**
* If true, the token will be replaced during session renewal. This can cause unexpected
* logouts if the new token does not reach the client (e.g. due to a network error).
*
* This can be disabled as of CMS 5.3, and renewal will be removed entirely in CMS 6.
* @deprecated 5.3.0 Will be removed without equivalent functionality
*/
private static bool $replace_token_during_session_renewal = true;

/**
* The token used for the hash. Only present during the lifetime of the request
* that generates it, as the hash representation is stored in the database and
Expand Down Expand Up @@ -201,28 +192,6 @@ public static function generate(Member $member)
return $rememberLoginHash;
}

/**
* Generates a new hash for this member but keeps the device ID intact
*
* @deprecated 5.3.0 Will be removed without equivalent functionality
* @return RememberLoginHash
*/
public function renew()
{
// Only regenerate token if configured to do so
Deprecation::notice('5.3.0', 'Will be removed without equivalent functionality');
$replaceToken = RememberLoginHash::config()->get('replace_token_during_session_renewal');
if ($replaceToken) {
$hash = $this->getNewHash($this->Member());
$this->Hash = $hash;
}

$this->extend('onAfterRenewToken', $replaceToken);
$this->write();

return $this;
}

/**
* Deletes existing tokens for this member
* if logout_across_devices is true, all tokens are deleted, otherwise
Expand Down
Loading