CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-14 16:54:52 +12:00
Code Issues Projects Releases Wiki Activity

Remove 'expire' from sessions

Browse source
This commit is contained in:
Bradley Schofield 2022-11-03 15:03:39 +00:00
parent cddacfbb78
commit 4b8287c097
2 changed files with 11 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
app/config/collections.php
View file

@ -1625,17 +1625,6 @@ $collections = [
'array' => false,
'filters' => ['encrypt'],
],
[
'$id' => ID::custom('expire'),
'type' => Database::VAR_DATETIME,
'format' => '',
'size' => 0,
'signed' => false,
'required' => false,
'default' => null,
'array' => false,
'filters' => ['datetime'],
],
[
'$id' => ID::custom('userAgent'),
'type' => Database::VAR_STRING,

18
app/controllers/api/account.php
View file

@ -200,7 +200,6 @@ App::post('/v1/account/sessions/email')
'provider' => Auth::SESSION_PROVIDER_EMAIL,
'providerUid' => $email,
'secret' => Auth::hash($secret), // One way hash encryption to protect DB leak
'expire' => $expire,
'userAgent' => $request->getUserAgent('UNKNOWN'),
'ip' => $request->getIP(),
'countryCode' => ($record) ? \strtolower($record['country']['iso_code']) : '--',
@ -247,6 +246,7 @@ App::post('/v1/account/sessions/email')
$session
->setAttribute('current', true)
->setAttribute('countryName', $countryName)
->setAttribute('expire', $expire)
;
$events
@ -544,7 +544,6 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
'providerRefreshToken' => $refreshToken,
'providerAccessTokenExpiry' => DateTime::addSeconds(new \DateTime(), (int)$accessTokenExpiry),
'secret' => Auth::hash($secret), // One way hash encryption to protect DB leak
'expire' => $expire,
'userAgent' => $request->getUserAgent('UNKNOWN'),
'ip' => $request->getIP(),
'countryCode' => ($record) ? \strtolower($record['country']['iso_code']) : '--',
@ -575,6 +574,8 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
$dbForProject->deleteCachedDocument('users', $user->getId());
$session->setAttribute('expire', $expire);
$events
->setParam('userId', $user->getId())
->setParam('sessionId', $session->getId())
@ -691,7 +692,6 @@ App::post('/v1/account/sessions/magic-url')
'userInternalId' => $user->getInternalId(),
'type' => Auth::TOKEN_TYPE_MAGIC_URL,
'secret' => Auth::hash($loginSecret), // One way hash encryption to protect DB leak
'expire' => $expire,
'userAgent' => $request->getUserAgent('UNKNOWN'),
'ip' => $request->getIP(),
]);
@ -796,7 +796,6 @@ App::put('/v1/account/sessions/magic-url')
'userInternalId' => $user->getInternalId(),
'provider' => Auth::SESSION_PROVIDER_MAGIC_URL,
'secret' => Auth::hash($secret), // One way hash encryption to protect DB leak
'expire' => $expire,
'userAgent' => $request->getUserAgent('UNKNOWN'),
'ip' => $request->getIP(),
'countryCode' => ($record) ? \strtolower($record['country']['iso_code']) : '--',
@ -856,6 +855,7 @@ App::put('/v1/account/sessions/magic-url')
$session
->setAttribute('current', true)
->setAttribute('countryName', $countryName)
->setAttribute('expire', $expire)
;
$response->dynamic($session, Response::MODEL_SESSION);
@ -1033,7 +1033,6 @@ App::put('/v1/account/sessions/phone')
'userInternalId' => $user->getInternalId(),
'provider' => Auth::SESSION_PROVIDER_PHONE,
'secret' => Auth::hash($secret), // One way hash encryption to protect DB leak
'expire' => $expire,
'userAgent' => $request->getUserAgent('UNKNOWN'),
'ip' => $request->getIP(),
'countryCode' => ($record) ? \strtolower($record['country']['iso_code']) : '--',
@ -1091,6 +1090,7 @@ App::put('/v1/account/sessions/phone')
$session
->setAttribute('current', true)
->setAttribute('countryName', $countryName)
->setAttribute('expire', $expire)
;
$response->dynamic($session, Response::MODEL_SESSION);
@ -1185,7 +1185,6 @@ App::post('/v1/account/sessions/anonymous')
'userInternalId' => $user->getInternalId(),
'provider' => Auth::SESSION_PROVIDER_ANONYMOUS,
'secret' => Auth::hash($secret), // One way hash encryption to protect DB leak
'expire' => $expire,
'userAgent' => $request->getUserAgent('UNKNOWN'),
'ip' => $request->getIP(),
'countryCode' => ($record) ? \strtolower($record['country']['iso_code']) : '--',
@ -1225,6 +1224,7 @@ App::post('/v1/account/sessions/anonymous')
$session
->setAttribute('current', true)
->setAttribute('countryName', $countryName)
->setAttribute('expire', $expire)
;
$response->dynamic($session, Response::MODEL_SESSION);
@ -1430,7 +1430,8 @@ App::get('/v1/account/sessions/:sessionId')
->inject('user')
->inject('locale')
->inject('dbForProject')
->action(function (?string $sessionId, Response $response, Document $user, Locale $locale, Database $dbForProject) {
->inject('project')
->action(function (?string $sessionId, Response $response, Document $user, Locale $locale, Database $dbForProject, Document $project) {
$sessions = $user->getAttribute('sessions', []);
$sessionId = ($sessionId === 'current')
@ -1444,6 +1445,7 @@ App::get('/v1/account/sessions/:sessionId')
$session
->setAttribute('current', ($session->getAttribute('secret') == Auth::hash(Auth::$secret)))
->setAttribute('countryName', $countryName)
->setAttribute('expire', $session->getAttribute('$createdAt', 0) + $project->getAttribute('authDuration', 0))
;
return $response->dynamic($session, Response::MODEL_SESSION);
@ -1828,6 +1830,8 @@ App::patch('/v1/account/sessions/:sessionId')
$dbForProject->deleteCachedDocument('users', $user->getId());
$session->setAttribute('expire', $session->getAttribute('$createdAt', 0) + $project->getAttribute('authDuration', 0));
$events
->setParam('userId', $user->getId())
->setParam('sessionId', $session->getId())