Update authDuration fallback value

2024-06-14 16:54:52 +12:00 · 2022-11-04 10:12:02 +00:00 · 2022-11-04 10:12:02 +00:00 · 4cfc3b3a7f
parent 94676a6c16
commit 4cfc3b3a7f
4 changed files with 15 additions and 15 deletions
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@ -186,7 +186,7 @@ App::post('/v1/account/sessions/email')
            throw new Exception(Exception::USER_BLOCKED); // User is in status blocked
        }

-        $duration = ($project->getAttribute('authDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $duration = ($project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;

        $detector = new Detector($request->getUserAgent('UNKNOWN'));
        $record = $geodb->get($request->getIP());
@ -453,7 +453,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
        }

        $sessions = $user->getAttribute('sessions', []);
-        $current = Auth::sessionVerify($sessions, Auth::$secret, $project->getAttribute('authDuration', 0));
+        $current = Auth::sessionVerify($sessions, Auth::$secret, $project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG));

        if ($current) { // Delete current session of new one.
            $currentDocument = $dbForProject->getDocument('sessions', $current);
@ -528,7 +528,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
        }

        // Create session token, verify user account and update OAuth2 ID and Access Token
-        $duration = ($project->getAttribute('authDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $duration = ($project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
        $detector = new Detector($request->getUserAgent('UNKNOWN'));
        $record = $geodb->get($request->getIP());
        $secret = Auth::tokenGenerator();
@ -783,7 +783,7 @@ App::put('/v1/account/sessions/magic-url')
            throw new Exception(Exception::USER_INVALID_TOKEN);
        }

-        $duration = ($project->getAttribute('authDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $duration = ($project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
        $detector = new Detector($request->getUserAgent('UNKNOWN'));
        $record = $geodb->get($request->getIP());
        $secret = Auth::tokenGenerator();
@ -1020,7 +1020,7 @@ App::put('/v1/account/sessions/phone')
            throw new Exception(Exception::USER_INVALID_TOKEN);
        }

-        $duration = ($project->getAttribute('authDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $duration = ($project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
        $detector = new Detector($request->getUserAgent('UNKNOWN'));
        $record = $geodb->get($request->getIP());
        $secret = Auth::tokenGenerator();
@ -1172,7 +1172,7 @@ App::post('/v1/account/sessions/anonymous')
        ])));

        // Create session token
-        $duration = ($project->getAttribute('authDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $duration = ($project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
        $detector = new Detector($request->getUserAgent('UNKNOWN'));
        $record = $geodb->get($request->getIP());
        $secret = Auth::tokenGenerator();
@ -1336,7 +1336,7 @@ App::get('/v1/account/sessions')
    ->action(function (Response $response, Document $user, Locale $locale, Document $project) {

        $sessions = $user->getAttribute('sessions', []);
-        $current = Auth::sessionVerify($sessions, Auth::$secret, $project->getAttribute('authDuration', 0));
+        $current = Auth::sessionVerify($sessions, Auth::$secret, $project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG));

        foreach ($sessions as $key => $session) {/** @var Document $session */
            $countryName = $locale->getText('countries.' . strtolower($session->getAttribute('countryCode')), $locale->getText('locale.country.unknown'));
@ -1436,7 +1436,7 @@ App::get('/v1/account/sessions/:sessionId')

        $sessions = $user->getAttribute('sessions', []);
        $sessionId = ($sessionId === 'current')
-            ? Auth::sessionVerify($user->getAttribute('sessions'), Auth::$secret, $project->getAttribute('authDuration', 0))
+            ? Auth::sessionVerify($user->getAttribute('sessions'), Auth::$secret, $project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG))
            : $sessionId;

        foreach ($sessions as $session) {/** @var Document $session */
@ -1446,7 +1446,7 @@ App::get('/v1/account/sessions/:sessionId')
                $session
                    ->setAttribute('current', ($session->getAttribute('secret') == Auth::hash(Auth::$secret)))
                    ->setAttribute('countryName', $countryName)
-                    ->setAttribute('expire', DateTime::addSeconds(new \DateTime($session->getCreatedAt()), $project->getAttribute('authDuration', 0)))
+                    ->setAttribute('expire', DateTime::addSeconds(new \DateTime($session->getCreatedAt()), $project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG)))
                ;

                return $response->dynamic($session, Response::MODEL_SESSION);
@ -1718,7 +1718,7 @@ App::delete('/v1/account/sessions/:sessionId')

        $protocol = $request->getProtocol();
        $sessionId = ($sessionId === 'current')
-            ? Auth::sessionVerify($user->getAttribute('sessions'), Auth::$secret, $project->getAttribute('authDuration', 0))
+            ? Auth::sessionVerify($user->getAttribute('sessions'), Auth::$secret, $project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG))
            : $sessionId;

        $sessions = $user->getAttribute('sessions', []);
@ -1791,7 +1791,7 @@ App::patch('/v1/account/sessions/:sessionId')
    ->action(function (?string $sessionId, Request $request, Response $response, Document $user, Database $dbForProject, Document $project, Locale $locale, Event $events) {

        $sessionId = ($sessionId === 'current')
-            ? Auth::sessionVerify($user->getAttribute('sessions'), Auth::$secret, $project->getAttribute('authDuration', 0))
+            ? Auth::sessionVerify($user->getAttribute('sessions'), Auth::$secret, $project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG))
            : $sessionId;

        $sessions = $user->getAttribute('sessions', []);
@ -1832,7 +1832,7 @@ App::patch('/v1/account/sessions/:sessionId')

                $dbForProject->deleteCachedDocument('users', $user->getId());

-                $session->setAttribute('expire', $session->getCreatedAt() + $project->getAttribute('authDuration', 0));
+                $session->setAttribute('expire', $session->getCreatedAt() + $project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG));

                $events
                    ->setParam('userId', $user->getId())
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@ -732,7 +732,7 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')

        $detector = new Detector($request->getUserAgent('UNKNOWN'));
        $record = $geodb->get($request->getIP());
-        $authDuration = ($project->getAttribute('authDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $authDuration = ($project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
        $expire = DateTime::addSeconds(new \DateTime(), $authDuration);
        $secret = Auth::tokenGenerator();
        $session = new Document(array_merge([
--- a/app/init.php
+++ b/app/init.php
@ -837,7 +837,7 @@ App::setResource('user', function ($mode, $project, $console, $request, $respons

    if (
        $user->isEmpty() // Check a document has been found in the DB
-        || !Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $project->getAttribute('authDuration', 0))
+        || !Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG))
    ) { // Validate user has valid login token
        $user = new Document(['$id' => ID::custom(''), '$collection' => 'users']);
    }
--- a/app/realtime.php
+++ b/app/realtime.php
@ -539,7 +539,7 @@ $server->onMessage(function (int $connection, string $message) use ($server, $re

                if (
                    empty($user->getId()) // Check a document has been found in the DB
-                    || !Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $project->getAttribute('authDuration', 0)) // Validate user has valid login token
+                    || !Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $project->getAttribute('authDuration', Auth::TOKEN_EXPIRATION_LOGIN_LONG)) // Validate user has valid login token
                ) {
                    // cookie not valid
                    throw new Exception('Session is not valid.', 1003);