diff --git a/README.md b/README.md index ce119d3c..870790e3 100644 --- a/README.md +++ b/README.md @@ -718,6 +718,7 @@ You can tune the middleware behavior using middleware specific configuration par - "dbAuth.loginAfterRegistration": 1 or zero if registered users should be logged in after registration ("") - "dbAuth.passwordLength": Minimum length that the password must have ("12") - "dbAuth.sessionName": The name of the PHP session that is started ("") +- "dbAuth.updateSessionData": Number of minutes after which the session data is updated when calling /me end-point (0) - "wpAuth.mode": Set to "optional" if you want to allow anonymous access ("required") - "wpAuth.wpDirectory": The folder/path where the Wordpress install can be found (".") - "wpAuth.usernameFormField": The name of the form field that holds the username ("username") diff --git a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php index fb6aba9f..35227262 100644 --- a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php +++ b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php @@ -111,6 +111,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface session_regenerate_id(true); } unset($user[$passwordColumnName]); + $user['updatedAt'] = time(); $_SESSION['user'] = $user; return $this->responder->success($user); } else { @@ -128,6 +129,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface session_regenerate_id(true); } unset($user[$passwordColumnName]); + $user['updatedAt'] = time(); $_SESSION['user'] = $user; return $this->responder->success($user); } @@ -176,6 +178,24 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface } if ($method == 'GET' && $path == 'me') { if (isset($_SESSION['user'])) { + $updateAfter = $this->getProperty('updateSessionData',0) * 60; + $passwordColumnName = $this->getProperty('passwordColumn','password'); + if($updateAfter > 0 && (time() > ($_SESSION['user']['updatedAt'] + $updateAfter))){ + $tableName = $this->getProperty('loginTable','users'); + $table = $this->reflection->getTable($tableName); + $pkName = $table->getPk()->getName(); + $returnedColumns = $this->getProperty('returnedColumns',''); + if(!$returnedColumns){ + $columnNames = $table->getColumnNames(); + }else{ + $columnNames = array_map('trim',explode(',',$returnedColumns)); + $columnNames = array_values(array_unique($columnNames)); + } + $user = $this->db->selectSingle($table,$columnNames,$_SESSION['user'][$pkName]); + unset($user[$passwordColumnName]); + $user['updatedAt'] = time(); + $_SESSION['user'] = $user; + } return $this->responder->success($_SESSION['user']); } return $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, '');