Compare commits
2 Commits
2ca1714992
...
f8118315e7
| Author | SHA1 | Date |
|---|---|---|
 Yasen Pramatarov
|
f8118315e7 | |
|
Yasen Pramatarov
|
d28d69d350 |
|
|
@ -12,10 +12,18 @@ function applyCsrfMiddleware() {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Skip CSRF check for initial login, registration, and 2FA verification attempts
|
||||||
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' &&
|
||||||
|
isset($_GET['page']) && isset($_GET['action']) &&
|
||||||
|
$_GET['page'] === 'login' && $_GET['action'] === 'verify' &&
|
||||||
|
isset($_SESSION['2fa_pending_user_id'])) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
// Skip CSRF check for initial login and registration attempts
|
// Skip CSRF check for initial login and registration attempts
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' &&
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' &&
|
||||||
isset($_GET['page']) &&
|
isset($_GET['page']) &&
|
||||||
in_array($_GET['page'], ['login', 'register']) &&
|
in_array($_GET['page'], ['login', 'register']) &&
|
||||||
!isset($_SESSION['username'])) {
|
!isset($_SESSION['username'])) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -60,10 +60,10 @@ function applySessionMiddleware($config, $app_root) {
|
||||||
* Helper function to clean up session data and redirect
|
* Helper function to clean up session data and redirect
|
||||||
*/
|
*/
|
||||||
function cleanupSession($config, $app_root, $isTest) {
|
function cleanupSession($config, $app_root, $isTest) {
|
||||||
if (!$isTest) {
|
// Always clear session data
|
||||||
// Clear session data
|
$_SESSION = array();
|
||||||
$_SESSION = array();
|
|
||||||
|
|
||||||
|
if (!$isTest) {
|
||||||
if (session_status() === PHP_SESSION_ACTIVE) {
|
if (session_status() === PHP_SESSION_ACTIVE) {
|
||||||
session_unset();
|
session_unset();
|
||||||
session_destroy();
|
session_destroy();
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ class SessionMiddlewareTest extends TestCase
|
||||||
{
|
{
|
||||||
protected $config;
|
protected $config;
|
||||||
protected $app_root;
|
protected $app_root;
|
||||||
|
protected const SESSION_TIMEOUT = 7200; // 2 hours in seconds
|
||||||
|
|
||||||
protected function setUp(): void
|
protected function setUp(): void
|
||||||
{
|
{
|
||||||
|
|
@ -52,7 +53,7 @@ class SessionMiddlewareTest extends TestCase
|
||||||
|
|
||||||
public function testSessionTimeout()
|
public function testSessionTimeout()
|
||||||
{
|
{
|
||||||
$_SESSION['LAST_ACTIVITY'] = time() - 1500; // 25 minutes ago
|
$_SESSION['LAST_ACTIVITY'] = time() - (self::SESSION_TIMEOUT + 60); // 2 hours + 1 minute ago
|
||||||
|
|
||||||
$result = applySessionMiddleware($this->config, $this->app_root);
|
$result = applySessionMiddleware($this->config, $this->app_root);
|
||||||
|
|
||||||
|
|
@ -76,7 +77,7 @@ class SessionMiddlewareTest extends TestCase
|
||||||
public function testRememberMe()
|
public function testRememberMe()
|
||||||
{
|
{
|
||||||
$_SESSION['REMEMBER_ME'] = true;
|
$_SESSION['REMEMBER_ME'] = true;
|
||||||
$_SESSION['LAST_ACTIVITY'] = time() - 86500; // More than 24 hours ago
|
$_SESSION['LAST_ACTIVITY'] = time() - (self::SESSION_TIMEOUT + 60); // More than 2 hours ago
|
||||||
|
|
||||||
$result = applySessionMiddleware($this->config, $this->app_root);
|
$result = applySessionMiddleware($this->config, $this->app_root);
|
||||||
|
|
||||||
|
|
@ -95,7 +96,7 @@ class SessionMiddlewareTest extends TestCase
|
||||||
|
|
||||||
public function testSessionHeaders()
|
public function testSessionHeaders()
|
||||||
{
|
{
|
||||||
$_SESSION['LAST_ACTIVITY'] = time() - 1500; // 25 minutes ago
|
$_SESSION['LAST_ACTIVITY'] = time() - (self::SESSION_TIMEOUT + 60); // 2 hours + 1 minute ago
|
||||||
|
|
||||||
$result = applySessionMiddleware($this->config, $this->app_root);
|
$result = applySessionMiddleware($this->config, $this->app_root);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue