PMCORE-3467
This commit is contained in:
Julio Cesar Laura Avendaño
@@ -2788,4 +2788,15 @@ class Bootstrap
|
||||
];
|
||||
self::registerMonolog($channel, $level, $message, $context);
|
||||
}
|
||||
|
||||
/**
|
||||
* Build the options for a cookie, according to the system configuration and values optionally sent to this method
|
||||
*
|
||||
* @param array $options
|
||||
* @return array
|
||||
*/
|
||||
public static function buildCookieOptions(array $options = [])
|
||||
{
|
||||
return System::buildCookieOptions($options);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,8 +15,9 @@ try {
|
||||
$urlLogin = (substr(SYS_SKIN, 0, 2) !== 'ux')? 'login' : '../main/login';
|
||||
}
|
||||
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]);
|
||||
if (!$RBAC->singleSignOn) {
|
||||
setcookie("singleSignOn", '0', time() + (24 * 60 * 60), '/', '', G::is_https());
|
||||
setcookie('singleSignOn', '0', $cookieOptions);
|
||||
if (!isset($_POST['form']) ) {
|
||||
G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error');
|
||||
G::header('Location: login');
|
||||
@@ -181,7 +182,7 @@ try {
|
||||
EnterpriseClass::enterpriseSystemUpdate($loginInfo);
|
||||
initUserSession($uid, $usr);
|
||||
} else {
|
||||
setcookie("singleSignOn", '1', time() + (24 * 60 * 60), '/', '', G::is_https());
|
||||
setcookie('singleSignOn', '1', $cookieOptions);
|
||||
$uid = $RBAC->userObj->fields['USR_UID'];
|
||||
$usr = $RBAC->userObj->fields['USR_USERNAME'];
|
||||
initUserSession($uid, $usr);
|
||||
@@ -416,7 +417,7 @@ try {
|
||||
$configS = System::getSystemConfiguration('', '', config("system.workspace"));
|
||||
$activeSession = isset($configS['session_block']) ? !(int)$configS['session_block']:true;
|
||||
if ($activeSession){
|
||||
setcookie("PM-TabPrimary", 101010010, time() + (24 * 60 * 60), '/', '', G::is_https());
|
||||
setcookie('PM-TabPrimary', 101010010, $cookieOptions);
|
||||
}
|
||||
|
||||
// Update the User's last login date
|
||||
|
||||
@@ -81,8 +81,8 @@ try {
|
||||
}
|
||||
}
|
||||
/*----------------------------------********---------------------------------*/
|
||||
|
||||
setcookie('singleSignOn', '1', time() + (24 * 60 * 60), '/', '', G::is_https());
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]);
|
||||
setcookie('singleSignOn', '1', $cookieOptions);
|
||||
|
||||
initUserSession(
|
||||
$_SESSION['__USER_LOGGED_SSO__'],
|
||||
|
||||
@@ -1,27 +1,4 @@
|
||||
<?php
|
||||
/**
|
||||
* login.php
|
||||
*
|
||||
* ProcessMaker Open Source Edition
|
||||
* Copyright (C) 2004 - 2008 Colosa Inc.23
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*
|
||||
*/
|
||||
|
||||
use ProcessMaker\Core\System;
|
||||
use ProcessMaker\Plugins\PluginRegistry;
|
||||
@@ -182,7 +159,11 @@ if (isset($_SESSION['USER_LOGGED'])) {
|
||||
session_start();
|
||||
session_regenerate_id();
|
||||
|
||||
setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . config("system.workspace"), null, G::is_https(), true);
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'httponly' => true]);
|
||||
setcookie(session_name(), session_id(), $cookieOptions);
|
||||
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => '/sys' . config('system.workspace'), 'httponly' => true]);
|
||||
setcookie('workspaceSkin', SYS_SKIN, $cookieOptions);
|
||||
|
||||
if (strlen($msg) > 0) {
|
||||
$_SESSION['G_MESSAGE'] = $msg;
|
||||
@@ -319,14 +300,16 @@ $flagForgotPassword = isset($oConf->aConfig['login_enableForgotPassword'])
|
||||
? $oConf->aConfig['login_enableForgotPassword']
|
||||
: 'off';
|
||||
|
||||
setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), time() + (24 * 60 * 60), SYS_URI, '', G::is_https());
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => SYS_URI]);
|
||||
setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), $cookieOptions);
|
||||
|
||||
$configS = System::getSystemConfiguration('', '', config("system.workspace"));
|
||||
$activeSession = isset($configS['session_block']) ? !(int)$configS['session_block'] : true;
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]);
|
||||
if ($activeSession) {
|
||||
setcookie("PM-TabPrimary", 101010010, time() + (24 * 60 * 60), '/', '', G::is_https());
|
||||
setcookie('PM-TabPrimary', 101010010, $cookieOptions);
|
||||
} else {
|
||||
setcookie("PM-TabPrimary", uniqid(), time() + (24 * 60 * 60), '/', '', G::is_https());
|
||||
setcookie('PM-TabPrimary', uniqid(), $cookieOptions);
|
||||
}
|
||||
|
||||
$oHeadPublisher->addScriptCode("var flagForgotPassword = '$flagForgotPassword';");
|
||||
|
||||
@@ -1,28 +1,5 @@
|
||||
<?php
|
||||
/**
|
||||
* sysLogin.php
|
||||
*
|
||||
* ProcessMaker Open Source Edition
|
||||
* Copyright (C) 2004 - 2008 Colosa Inc.23
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*
|
||||
*/
|
||||
/*----------------------------------********---------------------------------*/
|
||||
|
||||
//Browser Compatibility
|
||||
$browserSupported = G::checkBrowserCompatibility();
|
||||
if ($browserSupported==false) {
|
||||
@@ -50,11 +27,14 @@ if (!empty($_SESSION['G_MESSAGE_TYPE'])) {
|
||||
}
|
||||
|
||||
//Initialize session
|
||||
|
||||
@session_destroy();
|
||||
session_start();
|
||||
session_regenerate_id();
|
||||
|
||||
//Set options for PHP session cookie
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'httponly' => true]);
|
||||
setcookie(session_name(), session_id(), $cookieOptions);
|
||||
|
||||
//Restore session variables
|
||||
$_SESSION = array_merge($_SESSION, $arraySession);
|
||||
|
||||
@@ -169,8 +149,12 @@ switch (WS_IN_LOGIN) {
|
||||
$fileLogin = 'login/sysLogin';
|
||||
break;
|
||||
}
|
||||
setcookie("PM-Warning", trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), time() + (24 * 60 * 60), SYS_CURRENT_URI, '', G::is_https());
|
||||
setcookie("PM-TabPrimary", uniqid(), time() + (24 * 60 * 60), '/', '', G::is_https());
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => SYS_CURRENT_URI]);
|
||||
setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), $cookieOptions);
|
||||
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]);
|
||||
setcookie('PM-TabPrimary', uniqid(), $cookieOptions);
|
||||
|
||||
$oHeadPublisher = headPublisher::getSingleton();
|
||||
$oHeadPublisher->addScriptFile('/jscore/src/PM.js');
|
||||
$oHeadPublisher->addScriptFile('/jscore/src/Sessions.js');
|
||||
|
||||
@@ -874,8 +874,8 @@ class Light
|
||||
session_start();
|
||||
session_regenerate_id();
|
||||
|
||||
setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . config("system.workspace"), null, G::is_https(),
|
||||
true);
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => '/sys' . config('system.workspace'), 'httponly' => true]);
|
||||
setcookie('workspaceSkin', SYS_SKIN, $cookieOptions);
|
||||
|
||||
if (strlen($msg) > 0) {
|
||||
$_SESSION['G_MESSAGE'] = $msg;
|
||||
|
||||
@@ -86,6 +86,21 @@ class System
|
||||
'disable_task_manager_routing_async' => '0',
|
||||
'on_one_server_enable' => 0,
|
||||
'at_risk_delegation_max_time' => '0.2',
|
||||
'samesite_cookie_setting' => ''
|
||||
];
|
||||
|
||||
public static $cookieDefaultOptions = [
|
||||
'expires' => 0,
|
||||
'path' => '/',
|
||||
'domain' => '',
|
||||
'secure' => false,
|
||||
'httponly' => false,
|
||||
'samesite' => ''
|
||||
];
|
||||
|
||||
public static $cookieSameSiteValues = [
|
||||
'Lax',
|
||||
'Strict'
|
||||
];
|
||||
|
||||
/**
|
||||
@@ -1252,6 +1267,13 @@ class System
|
||||
$config['at_risk_delegation_max_time'] = self::$defaultConfig['at_risk_delegation_max_time'];
|
||||
}
|
||||
|
||||
$value = ucfirst(strtolower($config['samesite_cookie_setting']));
|
||||
if (in_array($value, self::$cookieSameSiteValues)) {
|
||||
$config['samesite_cookie_setting'] = $value;
|
||||
} else {
|
||||
$config['samesite_cookie_setting'] = '';
|
||||
}
|
||||
|
||||
return $config;
|
||||
}
|
||||
|
||||
@@ -1778,4 +1800,29 @@ class System
|
||||
$parseDsn["pass"] = urldecode($parseDsn["pass"]);
|
||||
return $parseDsn;
|
||||
}
|
||||
|
||||
/**
|
||||
* Build the options for a cookie, according to the system configuration and values optionally sent to this method
|
||||
*
|
||||
* @param array $options
|
||||
* @return array
|
||||
*/
|
||||
public static function buildCookieOptions(array $options = [])
|
||||
{
|
||||
// Get system values
|
||||
$cookieOptions = self::$cookieDefaultOptions;
|
||||
$systemConfiguration = self::getSystemConfiguration();
|
||||
|
||||
// Always set "secure" option according to the server protocol
|
||||
$cookieOptions['secure'] = G::is_https();
|
||||
|
||||
// Set the "samesite" option according to the system configuration
|
||||
$cookieOptions['samesite'] = $systemConfiguration['samesite_cookie_setting'];
|
||||
|
||||
// Overrides the cookie options with the values sent to the method
|
||||
$cookieOptions = array_merge($cookieOptions, $options);
|
||||
|
||||
// Return the cookie options
|
||||
return $cookieOptions;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
<?php
|
||||
namespace ProcessMaker\Services\OAuth2;
|
||||
|
||||
use Bootstrap;
|
||||
use Luracast\Restler\iAuthenticate;
|
||||
use Luracast\Restler\RestException;
|
||||
use OAuth2\Request;
|
||||
@@ -367,7 +368,8 @@ class Server implements iAuthenticate
|
||||
$lifetime = 1440;
|
||||
}
|
||||
|
||||
setcookie($session->getSessionName(), $_COOKIE[$session->getSessionName()], time() + $lifetime, "/", null, false, true);
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + $lifetime, 'secure' => false, 'httponly' => true]);
|
||||
setcookie($session->getSessionName(), $_COOKIE[$session->getSessionName()], $cookieOptions);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -98,7 +98,8 @@ if (!isset($_SESSION['USER_LOGGED']) || $_SESSION['USER_LOGGED'] != $decodedResp
|
||||
session_start();
|
||||
session_regenerate_id();
|
||||
|
||||
setcookie("workspaceSkin", $enviroment, time() + (24 * 60 * 60), "/sys" . $enviroment, null, G::is_https(), true);
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => '/sys' . $enviroment, 'httponly' => true]);
|
||||
setcookie('workspaceSkin', $enviroment, $cookieOptions);
|
||||
|
||||
$_SESSION = array();
|
||||
$_SESSION['__EE_INSTALLATION__'] = 2;
|
||||
|
||||
@@ -944,11 +944,8 @@ if (!defined('EXECUTE_BY_CRON')) {
|
||||
(!(preg_match("/safari/i", $_SERVER ['HTTP_USER_AGENT']) == 1 && preg_match("/chrome/i",
|
||||
$_SERVER ['HTTP_USER_AGENT']) == 0) ||
|
||||
$config['safari_cookie_lifetime'] == 1)) {
|
||||
if (PHP_VERSION < 5.2) {
|
||||
setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly');
|
||||
} else {
|
||||
setcookie(session_name(), session_id(), time() + $timelife, '/', null, G::is_https(), true);
|
||||
}
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + $timelife, 'httponly' => true]);
|
||||
setcookie(session_name(), session_id(), $cookieOptions);
|
||||
}
|
||||
$RBAC->initRBAC();
|
||||
//using optimization with memcache, the user data will be in memcache 8 hours, or until session id goes invalid
|
||||
@@ -1024,11 +1021,8 @@ if (!defined('EXECUTE_BY_CRON')) {
|
||||
(!(preg_match("/safari/i", $_SERVER ['HTTP_USER_AGENT']) == 1 && preg_match("/chrome/i",
|
||||
$_SERVER ['HTTP_USER_AGENT']) == 0) ||
|
||||
$config['safari_cookie_lifetime'] == 1)) {
|
||||
if (PHP_VERSION < 5.2) {
|
||||
setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly');
|
||||
} else {
|
||||
setcookie(session_name(), session_id(), time() + $timelife, '/', null, G::is_https(), true);
|
||||
}
|
||||
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + $timelife, 'httponly' => true]);
|
||||
setcookie(session_name(), session_id(), $cookieOptions);
|
||||
}
|
||||
$RBAC->initRBAC();
|
||||
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
|
||||
|
||||
Reference in New Issue
Block a user