Resolve #1306 and #1313 due to localStorage failure

This commit is contained in:
the-djmaze 2023-11-17 00:08:32 +01:00
parent c8baabf8d9
commit e918889c3b

View file

@ -317,12 +317,12 @@ trait UserAuth
$sSignMeToken = Cookies::get(self::AUTH_SIGN_ME_TOKEN_KEY); $sSignMeToken = Cookies::get(self::AUTH_SIGN_ME_TOKEN_KEY);
if ($sSignMeToken) { if ($sSignMeToken) {
\SnappyMail\Log::notice(self::AUTH_SIGN_ME_TOKEN_KEY, 'decrypt'); \SnappyMail\Log::notice(self::AUTH_SIGN_ME_TOKEN_KEY, 'decrypt');
$aResult = \SnappyMail\Crypt::DecryptUrlSafe($sSignMeToken); $aResult = \SnappyMail\Crypt::DecryptUrlSafe($sSignMeToken, 'signme');
if (isset($aResult['e'], $aResult['u']) && \SnappyMail\UUID::isValid($aResult['u'])) { if (isset($aResult['e'], $aResult['u']) && \SnappyMail\UUID::isValid($aResult['u'])) {
return $aResult; return $aResult;
} }
\SnappyMail\Log::notice(self::AUTH_SIGN_ME_TOKEN_KEY, 'invalid'); \SnappyMail\Log::notice(self::AUTH_SIGN_ME_TOKEN_KEY, 'invalid');
// Don't clear due to smctoken cookie missing at initialization and login checkbox // Don't clear due to login checkbox
// Cookies::clear(self::AUTH_SIGN_ME_TOKEN_KEY); // Cookies::clear(self::AUTH_SIGN_ME_TOKEN_KEY);
} }
return null; return null;
@ -330,22 +330,16 @@ trait UserAuth
public function SetSignMeToken(MainAccount $oAccount): void public function SetSignMeToken(MainAccount $oAccount): void
{ {
// SetAuthToken token needs to be called first
// because $_COOKIE['smctoken'] is used by Crypt::Passphrase.
// If the $_COOKIE['smctoken'] is not set then SetSignMeToken
// throws an exception
// $this->SetAuthToken($oAccount);
$this->ClearSignMeData(); $this->ClearSignMeData();
$uuid = \SnappyMail\UUID::generate(); $uuid = \SnappyMail\UUID::generate();
$data = \SnappyMail\Crypt::Encrypt($oAccount); $data = \SnappyMail\Crypt::Encrypt($oAccount, 'signme');
Cookies::set( Cookies::set(
self::AUTH_SIGN_ME_TOKEN_KEY, self::AUTH_SIGN_ME_TOKEN_KEY,
\SnappyMail\Crypt::EncryptUrlSafe([ \SnappyMail\Crypt::EncryptUrlSafe([
'e' => $oAccount->Email(), 'e' => $oAccount->Email(),
'u' => $uuid, 'u' => $uuid,
$data[0] => \base64_encode($data[1]) $data[0] => \base64_encode($data[1])
]), ], 'signme'),
\time() + 3600 * 24 * 30 // 30 days \time() + 3600 * 24 * 30 // 30 days
); );
$this->StorageProvider()->Put($oAccount, StorageType::SIGN_ME, $uuid, $data[2]); $this->StorageProvider()->Put($oAccount, StorageType::SIGN_ME, $uuid, $data[2]);
@ -369,7 +363,7 @@ trait UserAuth
\array_key_last($aTokenData), \array_key_last($aTokenData),
\base64_decode(\end($aTokenData)), \base64_decode(\end($aTokenData)),
$sAuthToken $sAuthToken
]); ], 'signme');
if (!\is_array($aAccountHash)) { if (!\is_array($aAccountHash)) {
throw new \RuntimeException('token decrypt failed'); throw new \RuntimeException('token decrypt failed');
} }