AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Write RememberMe cookie only after 2FA has been validated

Browse Source
This commit is contained in:
Frédéric Guillot
2021-04-04 17:30:33 -07:00
committed by fguillot
parent b08760c5fc
commit 31ce583743
4 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Subscriber/AuthSubscriber.php
View File

@@ -55,10 +55,10 @@ class AuthSubscriber extends BaseSubscriber implements EventSubscriberInterface
);
if ($event->getAuthType() === 'RememberMe') {
$this->userSession->validatePostAuthentication();
$this->userSession->setPostAuthenticationAsValidated();
}
if (session_is_true('hasRememberMe')) {
if (session_is_true('hasRememberMe') && ! $this->userSession->hasPostAuthentication()) {
$session = $this->rememberMeSessionModel->create($this->userSession->getId(), $ipAddress, $userAgent);
$this->rememberMeCookie->write($session['token'], $session['sequence'], $session['expiration']);
}