viscous/espocrm
1
0
Fork 0
mirror of https://github.com/espocrm/espocrm.git synced 2026-06-28 06:56:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix cookies

Browse Source
This commit is contained in:
Yuri Kuznetsov
2020-07-13 10:47:57 +03:00
parent c84abfb542
commit e12bb1320c
2 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
application/Espo/Core/Utils/Auth.php
View File

@@ -442,7 +442,7 @@ class Auth
if ($authToken->get('secret')) {
$sentSecret = $_COOKIE['auth-token-secret'] ?? null;
if ($sentSecret === $authToken->get('secret')) {
setcookie('auth-token-secret', null, -1, '/');
$this->setSecretInCookie(null);
}
}
return true;
@@ -487,15 +487,21 @@ class Auth
$this->getEntityManager()->saveEntity($authLogRecord);
}
protected function setSecretInCookie(string $secret)
protected function setSecretInCookie(?string $secret)
{
if (!$secret) {
$time = -1;
} else {
$time = strtotime('+1000 days');
}
if (version_compare(\PHP_VERSION, '7.3.0') < 0) {
setcookie('auth-token-secret', $secret, strtotime('+1000 days'), '/', '', false, true);
setcookie('auth-token-secret', $secret, $time, '/', '', false, true);
return;
}
setcookie('auth-token-secret', $secret, [
'expires' => strtotime('+1000 days'),
'expires' => $time,
'path' => '/',
'httponly' => true,
'samesite' => 'Lax',

8
client/src/app.js
View File

@@ -551,13 +551,13 @@ define(
setCookieAuth: function (username, token) {
var date = new Date();
date.setTime(date.getTime() + (1000 * 24*60*60*1000));
document.cookie = 'auth-username='+username+'; expires='+date.toGMTString()+'; path=/';
document.cookie = 'auth-token='+token+'; expires='+date.toGMTString()+'; path=/';
document.cookie = 'auth-username='+username+'; SameSite=Lax; expires='+date.toGMTString()+'; path=/';
document.cookie = 'auth-token='+token+'; SameSite=Lax; expires='+date.toGMTString()+'; path=/';
},
unsetCookieAuth: function () {
document.cookie = 'auth-username' + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';
document.cookie = 'auth-token' + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';
document.cookie = 'auth-username' + '=; SameSite=Lax; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';
document.cookie = 'auth-token' + '=; SameSite=Lax; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';
},
initUserData: function (options, callback) {