fernando/luos
1
0
Fork 0
Code Releases Activity

Merge branch 'master' of bitbucket.org:colosa/processmaker

Browse Source
This commit is contained in:
Victor Saisa Lopez
2014-06-17 09:09:01 -04:00
parent 8bdd1f1e66 d0e20c4b2e
commit f765ff61e4
42 changed files with 450 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php
View File

@@ -163,6 +163,7 @@ class Server implements iAuthenticate
$token = $response->getParameters();
if (array_key_exists('access_token', $token)) {
session_start();
$data = $this->storage->getAccessToken($token['access_token']);
// verify if the client is our local PM Designer client
@@ -175,6 +176,7 @@ class Server implements iAuthenticate
$userToken->setRefreshToken($token['refresh_token']);
$userToken->setUserId($data['user_id']);
$userToken->setSessionId(session_id());
$userToken->setSessionName(session_name());
$userToken->save();
}
@@ -196,16 +198,29 @@ class Server implements iAuthenticate
$allowed = $this->server->verifyResourceRequest($request);
$token = $this->server->getAccessTokenData($request);
self::$userId = $token['user_id'];
// Session handling to prevent session lose in other places like, home, admin, etc
// when user is using the new designer that have not session because it is using only the API
// verify if the client is not our local PM Designer client
if ($token['client_id'] != self::getPmClientId()) {
//return $allowed;
}
if ($allowed && $token['client_id'] == self::getPmClientId()) {
// making a local session verification for PM Web Designer Client
if (! isset($_SESSION) || ! array_key_exists('USER_LOGGED', $_SESSION)) {
//return false;
$pmAccessToken = new \PmoauthUserAccessTokens();
$session = $pmAccessToken->getSessionData($token['ACCESS_TOKEN']);
if ($session !== false) {
// increase the timeout for local php session cookie
$config = \Bootstrap::getSystemConfiguration();
if (isset($config['session.gc_maxlifetime'])) {
$lifetime = $config['session.gc_maxlifetime'];
} else {
$lifetime = ini_get('session.gc_maxlifetime');
}
if (empty($lifetime)) {
$lifetime = 1440;
}
setcookie($session->getSessionName(), $_COOKIE[$session->getSessionId()], time() + $lifetime, "/");
}
}
return $allowed;