From 7236fc146480a04ebe129cceb4f5465959f96f16 Mon Sep 17 00:00:00 2001 From: jaleonardo <32501234+apps-caraga@users.noreply.github.com> Date: Sun, 22 Oct 2023 13:50:50 +0800 Subject: [PATCH 1/3] Update DbAuthMiddleware.php Add new property dbAuth.refreshSession to indicate whether the session data will be updated every x minutes. Also new session key (updatedAt) to record the time of creation/updating of session --- .../Middleware/DbAuthMiddleware.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php index fb6aba9f..16e749f3 100644 --- a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php +++ b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php @@ -128,6 +128,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface session_regenerate_id(true); } unset($user[$passwordColumnName]); + $user['updatedAt'] = time(); $_SESSION['user'] = $user; return $this->responder->success($user); } @@ -176,6 +177,24 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface } if ($method == 'GET' && $path == 'me') { if (isset($_SESSION['user'])) { + $updateAfter = $this->getProperty('updateSessionData',0) * 60; + $passwordColumnName = $this->getProperty('passwordColumn','password'); + if($updateAfter > 0 && (time() > ($_SESSION['user']['updatedAt'] + $updateAfter))){ + $tableName = $this->getProperty('loginTable','users'); + $table = $this->reflection->getTable($tableName); + $pkName = $table->getPk()->getName(); + $returnedColumns = $this->getProperty('returnedColumns',''); + if(!$returnedColumns){ + $columnNames = $table->getColumnNames(); + }else{ + $columnNames = array_map('trim',explode(',',$returnedColumns)); + $columnNames = array_values(array_unique($columnNames)); + } + $user = $this->db->selectSingle($table,$columnNames,$_SESSION['user'][$pkName]); + unset($user[$passwordColumnName]); + $user['updatedAt'] = time(); + $_SESSION['user'] = $user; + } return $this->responder->success($_SESSION['user']); } return $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, ''); From 1f9b1c4ef9db85e20f51f08d03a13622440d4165 Mon Sep 17 00:00:00 2001 From: jaleonardo <32501234+apps-caraga@users.noreply.github.com> Date: Sun, 22 Oct 2023 17:31:06 +0800 Subject: [PATCH 2/3] Readme description for new property (dbAuth.updateSession) dbAuth.updateSessionData - Defaults to zero (session data is not updated). If value is > 0, this will be the number of minutes to check after which the session data is updated when the /me end-point is called --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ce119d3c..870790e3 100644 --- a/README.md +++ b/README.md @@ -718,6 +718,7 @@ You can tune the middleware behavior using middleware specific configuration par - "dbAuth.loginAfterRegistration": 1 or zero if registered users should be logged in after registration ("") - "dbAuth.passwordLength": Minimum length that the password must have ("12") - "dbAuth.sessionName": The name of the PHP session that is started ("") +- "dbAuth.updateSessionData": Number of minutes after which the session data is updated when calling /me end-point (0) - "wpAuth.mode": Set to "optional" if you want to allow anonymous access ("required") - "wpAuth.wpDirectory": The folder/path where the Wordpress install can be found (".") - "wpAuth.usernameFormField": The name of the form field that holds the username ("username") From 15f2482a196f38a120cde07dd4aa73e99fe39c7b Mon Sep 17 00:00:00 2001 From: jaleonardo <32501234+apps-caraga@users.noreply.github.com> Date: Tue, 24 Oct 2023 13:44:58 +0800 Subject: [PATCH 3/3] Update DbAuthMiddleware.php Updated loginAfterRegistration block to include updatedAt key to the session --- src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php index 16e749f3..35227262 100644 --- a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php +++ b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php @@ -111,6 +111,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface session_regenerate_id(true); } unset($user[$passwordColumnName]); + $user['updatedAt'] = time(); $_SESSION['user'] = $user; return $this->responder->success($user); } else {