fernando/luos
1
0
Fork 0
Code Releases Activity

Session handling to prevent session lose in other places like, home, admin, etc

Browse Source 
when user is using the new designer that have not session because it is using only the API
This commit is contained in:
Erik Amaru Ortiz
2014-06-16 18:56:08 -04:00
parent 03288704bc
commit d0e20c4b2e
41 changed files with 427 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php
View File

@@ -163,6 +163,7 @@ class Server implements iAuthenticate
$token = $response->getParameters();
if (array_key_exists('access_token', $token)) {
session_start();
$data = $this->storage->getAccessToken($token['access_token']);
// verify if the client is our local PM Designer client
@@ -175,6 +176,7 @@ class Server implements iAuthenticate
$userToken->setRefreshToken($token['refresh_token']);
$userToken->setUserId($data['user_id']);
$userToken->setSessionId(session_id());
$userToken->setSessionName(session_name());
$userToken->save();
}
@@ -196,16 +198,29 @@ class Server implements iAuthenticate
$allowed = $this->server->verifyResourceRequest($request);
$token = $this->server->getAccessTokenData($request);
self::$userId = $token['user_id'];
// Session handling to prevent session lose in other places like, home, admin, etc
// when user is using the new designer that have not session because it is using only the API
// verify if the client is not our local PM Designer client
if ($token['client_id'] != self::getPmClientId()) {
//return $allowed;
}
if ($allowed && $token['client_id'] == self::getPmClientId()) {
// making a local session verification for PM Web Designer Client
if (! isset($_SESSION) || ! array_key_exists('USER_LOGGED', $_SESSION)) {
//return false;
$pmAccessToken = new \PmoauthUserAccessTokens();
$session = $pmAccessToken->getSessionData($token['ACCESS_TOKEN']);
if ($session !== false) {
// increase the timeout for local php session cookie
$config = \Bootstrap::getSystemConfiguration();
if (isset($config['session.gc_maxlifetime'])) {
$lifetime = $config['session.gc_maxlifetime'];
} else {
$lifetime = ini_get('session.gc_maxlifetime');
}
if (empty($lifetime)) {
$lifetime = 1440;
}
setcookie($session->getSessionName(), $_COOKIE[$session->getSessionId()], time() + $lifetime, "/");
}
}
return $allowed;