From 45d4ebcded271d1f000848c5517f1862a113d349 Mon Sep 17 00:00:00 2001 From: Kilian Hofmann Date: Mon, 29 Jul 2024 00:29:35 +0200 Subject: [PATCH] Reauth params in config --- exam/classes/Config/Config.php | 10 ++++++++++ exam/classes/Models/User/User.php | 25 ++++++++++++++----------- exam/config/app.php | 4 +++- 3 files changed, 27 insertions(+), 12 deletions(-) diff --git a/exam/classes/Config/Config.php b/exam/classes/Config/Config.php index a702888..9a436ed 100644 --- a/exam/classes/Config/Config.php +++ b/exam/classes/Config/Config.php @@ -61,4 +61,14 @@ class Config { return Config::getInstance()->database; } + + public static function getTokenExpiry(): string + { + return Config::getInstance()->app["tokenExpiry"]; + } + + public static function getRefreshTokenExpiry(): string + { + return Config::getInstance()->app["refreshTokenExpiry"]; + } } diff --git a/exam/classes/Models/User/User.php b/exam/classes/Models/User/User.php index 6a8824a..92f998f 100644 --- a/exam/classes/Models/User/User.php +++ b/exam/classes/Models/User/User.php @@ -155,16 +155,16 @@ class User implements JsonSerializable $stmt->bindValue(":ID", $user->getID()); $stmt->execute(); } + // Generate tokens only if expired or missing if (empty($data["token"]) || new DateTime($data["tokenExpiry"]) <= new DateTime()) { - // Generate token $stmt = $db->prepare( "UPDATE egb_benutzer SET token = UUID(), - tokenExpiry = DATE_ADD(NOW(), INTERVAL 1 HOUR), + tokenExpiry = DATE_ADD(NOW(), INTERVAL " . Config::getTokenExpiry() . "), refreshToken = UUID(), - refreshExpiry = DATE_ADD(NOW(), INTERVAL 30 DAY) + refreshExpiry = DATE_ADD(NOW(), INTERVAL " . Config::getRefreshTokenExpiry() . ") WHERE id = :ID" ); $stmt->bindValue(":ID", $user->getID()); @@ -278,7 +278,7 @@ class User implements JsonSerializable $db = Database::getInstance(); $stmt = $db->prepare( "SELECT - b.id, b.benutzer, b.status, b.email, b.image, b.isadmin, b.zeitstempel, + b.id, b.benutzer, b.status, b.email, b.image, b.isadmin, b.zeitstempel, b.tokenExpiry, (SELECT COUNT(*) FROM egb_gaestebuch WHERE benutzer_id = b.id) as postCount FROM egb_benutzer AS b @@ -296,18 +296,21 @@ class User implements JsonSerializable $user = new User($data["id"], $data["benutzer"], $data["status"], $data["email"], $data["zeitstempel"], $data["image"], $data["isadmin"] === 1, $data["postCount"]); - $stmt = $db->prepare( - "UPDATE + // Update tokens if expired + if (new DateTime($data["tokenExpiry"]) <= new DateTime()) { + $stmt = $db->prepare( + "UPDATE egb_benutzer SET token = UUID(), - tokenExpiry = DATE_ADD(NOW(), INTERVAL 1 HOUR), + tokenExpiry = DATE_ADD(NOW(), INTERVAL " . Config::getTokenExpiry() . "), refreshToken = UUID(), - refreshExpiry = DATE_ADD(NOW(), INTERVAL 30 DAY) + refreshExpiry = DATE_ADD(NOW(), INTERVAL " . Config::getRefreshTokenExpiry() . ") WHERE id = :ID" - ); - $stmt->bindValue(":ID", $user->getID()); - $stmt->execute(); + ); + $stmt->bindValue(":ID", $user->getID()); + $stmt->execute(); + } // Get token $stmt = $db->prepare("SELECT token, refreshToken FROM egb_benutzer WHERE id = :ID"); diff --git a/exam/config/app.php b/exam/config/app.php index 7beca01..d52ff6e 100644 --- a/exam/config/app.php +++ b/exam/config/app.php @@ -4,5 +4,7 @@ return [ "basePath" => "/phpCourse/exam/", "storagePath" => "/phpCourse/exam/storage/", "baseFSPath" => "/home/k/khofmann/public_html/phpCourse/exam/", - "storageFSPath" => "/home/k/khofmann/public_html/phpCourse/exam/storage/" + "storageFSPath" => "/home/k/khofmann/public_html/phpCourse/exam/storage/", + "tokenExpiry" => "5 MINUTE", + "refreshTokenExpiry" => "30 MINUTE" ];